feat: add automatic creation of reverse-proxy routing

meta: move inventory structure to be more usable
meta: add own inventory, add vault-unlock with GPG
2021-06-23 19:46:45 +02:00 · 2021-06-23 19:46:45 +02:00 · 2021-06-23 19:46:44 +02:00 · 2021-06-23 11:15:41 +03:00 · 2021-06-23 09:56:31 +03:00 · 2021-06-22 22:39:35 +05:30
17 changed files with 59 additions and 31 deletions
--- a/docs/configuring-playbook-bridge-mx-puppet-discord.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md
@ -13,8 +13,6 @@ playbook configuration:

 ```yaml
 matrix_mx_puppet_discord_enabled: true
-matrix_mx_puppet_discord_client_id: ""
-matrix_mx_puppet_discord_client_secret: ""
 ```


--- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md
@ -11,8 +11,6 @@ playbook configuration:

 ```yaml
 matrix_mx_puppet_groupme_enabled: true
-matrix_mx_puppet_groupme_client_id: ""
-matrix_mx_puppet_groupme_client_secret: ""
 ```


--- a/docs/configuring-playbook-bridge-mx-puppet-slack.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md
@ -13,8 +13,6 @@ playbook configuration:

 ```yaml
 matrix_mx_puppet_slack_enabled: true
-matrix_mx_puppet_slack_client_id: ""
-matrix_mx_puppet_slack_client_secret: ""
 ```


--- a/docs/configuring-playbook-bridge-mx-puppet-steam.md
+++ b/docs/configuring-playbook-bridge-mx-puppet-steam.md
@ -11,8 +11,6 @@ playbook configuration:

 ```yaml
 matrix_mx_puppet_steam_enabled: true
-matrix_mx_puppet_steam_client_id: ""
-matrix_mx_puppet_steam_client_secret: ""
 ```


--- a/roles/matrix-base/defaults/main.yml
+++ b/roles/matrix-base/defaults/main.yml
@ -80,8 +80,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
 matrix_host_command_systemctl: "/usr/bin/env systemctl"
 matrix_host_command_sh: "/usr/bin/env sh"

-matrix_ntpd_package: "ntp"
-matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
+matrix_ntpd_package: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else 'ntp' }}"
+matrix_ntpd_service: "{{ 'systemd-timesyncd' if ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7' else ('ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp') }}"

 matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

--- a/roles/matrix-base/tasks/server_base/setup.yml
+++ b/roles/matrix-base/tasks/server_base/setup.yml
@ -1,7 +1,10 @@
 ---

 - include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml"
-  when: ansible_distribution == 'CentOS'
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8'
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml"
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7'

 - block:
  # ansible_lsb is only available if lsb-release is installed.
--- a/roles/matrix-base/tasks/server_base/setup_centos8.yml
+++ b/roles/matrix-base/tasks/server_base/setup_centos8.yml
@ -0,0 +1,47 @@
+---
+
+- name: Ensure Docker repository is enabled
+  template:
+    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
+    dest: "/etc/yum.repos.d/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items:
+    - docker-ce.repo
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure EPEL is installed
+  yum:
+    name:
+      - epel-release
+    state: latest
+    update_cache: yes
+
+- name: Ensure yum packages are installed
+  yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - python3-pip
+    state: latest
+  when: matrix_docker_installation_enabled|bool
+
+- name: Ensure Docker-Py is installed
+  pip:
+    name: docker-py
+    state: latest
+  when: matrix_docker_installation_enabled|bool
--- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
@ -27,9 +27,6 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'

-matrix_mx_puppet_discord_client_id: ''
-matrix_mx_puppet_discord_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
--- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml
@ -27,9 +27,6 @@ matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_homeserver_container_url
 matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}'

-matrix_mx_puppet_groupme_client_id: ''
-matrix_mx_puppet_groupme_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
--- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
@ -27,8 +27,6 @@ matrix_mx_puppet_slack_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}'

-matrix_mx_puppet_slack_client_id: ''
-matrix_mx_puppet_slack_client_secret: ''
 matrix_mx_puppet_slack_redirect_path: '/slack/oauth'
 matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}'

--- a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
@ -18,10 +18,6 @@ bridge:
 # Slack OAuth settings. Create a slack app at https://api.slack.com/apps
 oauth:
  enabled: true
-  # Slack app credentials.
-  # N.B. This must be quoted so YAML wouldn't parse it as a float.
-  clientId: "{{ matrix_mx_puppet_slack_client_id }}"
-  clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
  # Path where to listen for OAuth redirect callbacks.
  redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
  # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
--- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
@ -27,9 +27,6 @@ matrix_mx_puppet_steam_homeserver_address: "{{ matrix_homeserver_container_url }
 matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
 matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'

-matrix_mx_puppet_steam_client_id: ''
-matrix_mx_puppet_steam_client_secret: ''
-
 # "@user:server.com" to allow specific user
 # "@.*:yourserver.com" to allow users on a specific homeserver
 # "@.*" to allow anyone
--- a/roles/matrix-client-element/defaults/main.yml
+++ b/roles/matrix-client-element/defaults/main.yml
@ -3,7 +3,7 @@ matrix_client_element_enabled: true
 matrix_client_element_container_image_self_build: false
 matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"

-matrix_client_element_version: v1.7.30
+matrix_client_element_version: v1.7.31
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@ -2,10 +2,10 @@ matrix_coturn_enabled: true

 matrix_coturn_container_image_self_build: false
 matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn"
-matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r1"
+matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}-r2"
 matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"

-matrix_coturn_version: 4.5.2
+matrix_coturn_version: 4.5.2-r2
 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
 matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
--- a/roles/matrix-grafana/defaults/main.yml
+++ b/roles/matrix-grafana/defaults/main.yml
@ -3,7 +3,7 @@

 matrix_grafana_enabled: false

-matrix_grafana_version: 8.0.2
+matrix_grafana_version: 8.0.3
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

--- a/roles/matrix-mailer/defaults/main.yml
+++ b/roles/matrix-mailer/defaults/main.yml
@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
 matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
 matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"

-matrix_mailer_version: 4.94.2-r0-1
+matrix_mailer_version: 4.94.2-r0-2
 matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
 matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
@ -12,6 +12,7 @@
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
 	add_header X-Frame-Options SAMEORIGIN;
+	add_header Content-Security-Policy "frame-ancestors 'none'";

 	{% if matrix_nginx_proxy_floc_optout_enabled %}
 		add_header Permissions-Policy interest-cohort=() always;
Author	SHA1	Message	Date
transcaffeine	ecc1141bf9	feat: add automatic creation of reverse-proxy routing	2021-06-23 19:46:45 +02:00
transcaffeine	737776d4e1	meta: move inventory structure to be more usable	2021-06-23 19:46:45 +02:00
jdreichmann	62fec7115c	meta: add own inventory, add vault-unlock with GPG	2021-06-23 19:46:44 +02:00
Slavi Pantaleev	18533b5000	Merge pull request #1135 from sakkiii/patch-1 Coturn update 4.5.2 -> 4.5.2-r2	2021-06-23 11:15:41 +03:00
Slavi Pantaleev	d019e9078a	Remove unused variables from mx-puppet-* bridges Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1131	2021-06-23 09:56:31 +03:00
sakkiii	04805f35a7	Coturn update 4.5.2 -> 4.5.2-r2	2021-06-22 22:39:35 +05:30
Slavi Pantaleev	b19fa3acb2	Upgrade Element (1.7.30 -> 1.7.31)	2021-06-22 10:18:58 +03:00
Slavi Pantaleev	5a1dabe14f	Bump exim-relay Docker image tag The new one is based on Alpine 3.14, instead of Alpine 3.13.	2021-06-21 15:32:34 +03:00
Slavi Pantaleev	282844209a	Merge pull request #1105 from blaztinn/centos-stream-8 Add support for CentOS (Stream) 8	2021-06-21 15:32:11 +03:00
Slavi Pantaleev	10fba32368	Merge pull request #1131 from dreamflasher/patch-3 according to discussion in channel not needed anymore	2021-06-21 13:58:55 +03:00
Marcel Ackermann	a790096adf	matrix_mx_puppet_slack_client_id deprecated	2021-06-21 12:13:20 +02:00
Marcel Ackermann	ed078998b5	deprecated	2021-06-21 12:12:07 +02:00
Marcel Ackermann	ce28e87f4b	according to discussion in channel not needed anymore	2021-06-20 16:38:04 +02:00
Slavi Pantaleev	efa7486b88	Merge pull request #1127 from sakkiii/patch-3 Content-Security-Policy For Element Web	2021-06-20 10:01:43 +03:00
Slavi Pantaleev	c48699f29d	Merge pull request #1128 from sakkiii/patch-4 Update grafana 8.0.2 -> 8.0.3	2021-06-20 09:59:57 +03:00
sakkiii	b826171139	Update grafana 8.0.2 -> 8.0.3	2021-06-18 23:32:30 +05:30
sakkiii	0217644b48	Content-Security-Policy For Element Web https://github.com/vector-im/element-web#configuration-best-practices	2021-06-18 23:27:23 +05:30
Blaž Tomažič	72bc9b5cfc	Add support for CentOS (Stream) 8	2021-06-12 10:49:38 +02:00