feat: add automatic creation of reverse-proxy routing

Should have been part of 9daeb39710

docs/configuring-playbook-synapse.md

@@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
 ## Synapse + OpenID Connect for Single-Sign-On
 
 If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
+
+In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
+
+```
+ - idp_id: keycloak
+        idp_name: "Keycloak"
+        issuer: "https://url.ix/auth/realms/x"
+        client_id: "matrix"
+        client_secret: "{{ vault_synapse_keycloak }}"
+        scopes: ["openid", "profile"]
+        authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
+        token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
+        userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
+        user_mapping_provider:
+          config:
+            display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
+            email_template: "{%raw}{{ user.email }}{% endraw %}"
+```
+

roles/matrix-awx/tasks/backup_server.yml

@@ -54,10 +54,6 @@
     validate_certs: yes
   tags: use-survey
 
-- name: Run export.sh if this job template is run by the client
-  command: /bin/sh /root/export.sh
-  tags: use-survey
-
 - name: Include vars in matrix_vars.yml
   include_vars:
     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@@ -70,8 +66,28 @@
     mode: '0660'
   tags: use-survey
 
-- name: Perform the borg backup
-  command: borgmatic
+- name: Run initial backup of /matrix/ and snapshot the database simultaneously 
+  command: "{{ item }}" 
+  with_items:
+    - borgmatic -c /root/.config/borgmatic/config_1.yaml
+    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
+  register: _create_instances
+  async: 3600  # Maximum runtime in seconds.
+  poll: 0  # Fire and continue (never poll)
+  when: matrix_awx_backup_enabled|bool
+
+- name: Wait for both of these jobs to finish
+  async_status:
+    jid: "{{ item.ansible_job_id }}"
+  register: _jobs
+  until: _jobs.finished
+  delay: 5  # Check every 5 seconds.
+  retries: 720  # Retry for a full hour.
+  with_items: "{{ _create_instances.results }}"
+  when: matrix_awx_backup_enabled|bool
+
+- name: Perform borg backup of postgres dump
+  command: borgmatic -c /root/.config/borgmatic/config_2.yaml
   when: matrix_awx_backup_enabled|bool
 
 - name: Set boolean value to exit playbook

roles/matrix-awx/tasks/export_server.yml

@@ -0,0 +1,33 @@
+
+- name: Run export of /matrix/ and snapshot the database simultaneously 
+  command: "{{ item }}" 
+  with_items:
+    - /bin/sh /usr/local/bin/awx-export-service.sh 1 0
+    - /bin/sh /usr/local/bin/awx-export-service.sh 0 1
+  register: _create_instances
+  async: 3600  # Maximum runtime in seconds.
+  poll: 0  # Fire and continue (never poll)
+
+- name: Wait for both of these jobs to finish
+  async_status:
+    jid: "{{ item.ansible_job_id }}"
+  register: _jobs
+  until: _jobs.finished
+  delay: 5  # Check every 5 seconds.
+  retries: 720  # Retry for a full hour.
+  with_items: "{{ _create_instances.results }}"
+
+- name: Schedule deletion of the export in 24 hours
+  at:
+    command: rm /chroot/export/matrix*
+    count: 1
+    units: days
+    unique: yes
+
+- name: Set boolean value to exit playbook
+  set_fact:
+    end_playbook: true
+
+- name: End playbook if this task list is called.
+  meta: end_play
+  when: end_playbook is defined and end_playbook|bool

roles/matrix-awx/tasks/import_awx.yml

@@ -1,15 +1,4 @@
 
-- name: Ensure /matrix/awx is empty
-  shell: rm -r /matrix/awx/*
-  ignore_errors: yes
-
-- name: Ensure /matrix/synapse is empty
-  shell: rm -r /matrix/synapse/*
-  ignore_errors: yes
-
-- name: Extract from /chroot/export
-  shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
-
 - name: Ensure correct ownership of /matrix/awx
   shell: chown -R matrix:matrix /matrix/awx
 

roles/matrix-awx/tasks/main.yml

@@ -25,6 +25,15 @@
   when: run_setup|bool and matrix_awx_enabled|bool
   tags:
     - backup-server
+    
+# Perform a export of the server
+- include_tasks: 
+    file: "export_server.yml"
+    apply:
+      tags: export-server
+  when: run_setup|bool and matrix_awx_enabled|bool
+  tags:
+    - export-server
 
 # Create a user account if called
 - include_tasks: 

roles/matrix-client-hydrogen/defaults/main.yml

@@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
 matrix_client_hydrogen_container_image_self_build: true
 matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
 
-matrix_client_hydrogen_version: v0.1.56
+matrix_client_hydrogen_version: v0.1.57
 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
 matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
 matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

roles/matrix-grafana/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_grafana_enabled: false
 
-matrix_grafana_version: 8.0.0
+matrix_grafana_version: 8.0.2
 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
 matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/defaults/main.yml

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
 # amd64 gets released first.
 # arm32 relies on self-building, so the same version can be built immediately.
 # arm64 users need to wait for a prebuilt image to become available.
-matrix_synapse_version: v1.35.1
-matrix_synapse_version_arm64: v1.35.1
+matrix_synapse_version: v1.36.0
+matrix_synapse_version_arm64: v1.36.0
 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2977,19 +2977,4 @@ redis:
   password: {{ matrix_synapse_redis_password }}
 
 
-# Enable experimental features in Synapse.
-#
-# Experimental features might break or be removed without a deprecation
-# period.
-#
-experimental_features:
-  # Support for Spaces (MSC1772), it enables the following:
-  #
-  # * The Spaces Summary API (MSC2946).
-  # * Restricting room membership based on space membership (MSC3083).
-  #
-  # Uncomment to disable support for Spaces.
-  #spaces_enabled: false
-
-
 # vim:ft=yaml

roles/matrix-synapse/vars/workers.yml

@@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints:
   - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
   - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
+  - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
+  - ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
+  - ^/_matrix/client/(api/v1|r0|unstable)/search$
 
   # Registration/login requests
   - ^/_matrix/client/(api/v1|r0|unstable)/login$