Compare commits

..

13 Commits

Author SHA1 Message Date
1f31491f49
feat: add automatic creation of reverse-proxy routing 2021-06-15 20:30:26 +02:00
2b16d4de8c
meta: move inventory structure to be more usable 2021-06-15 20:30:25 +02:00
4660d2f567
meta: add own inventory, add vault-unlock with GPG 2021-06-15 20:30:24 +02:00
Slavi Pantaleev
3dd32d2512 Update worker endpoints
Should have been part of 9daeb39710
2021-06-15 19:28:21 +03:00
Slavi Pantaleev
9daeb39710 Upgrade Synapse (1.35.1 -> 1.36.0) 2021-06-15 19:25:41 +03:00
Slavi Pantaleev
1e46785a0d
Merge pull request #1124 from N07070/patch-1
Update configuring-playbook-synapse.md
2021-06-15 15:58:58 +03:00
N07070
1da3531a3d
Update configuring-playbook-synapse.md
Added an example for configuring the variables for the OpenID, that might fails because the variables are not defined for the playbook parsing, but Synapse's own config file parsing.
2021-06-15 14:56:23 +02:00
Slavi Pantaleev
e545869454
Merge pull request #1123 from GoMatrixHosting/master
GoMatrixHosting v0.5.0
2021-06-14 18:19:31 +03:00
Michael-GMH
4fb1134ad1 GoMatrixHosting v0.5.0 2021-06-14 22:36:49 +08:00
Slavi Pantaleev
a7fcb7c04d
Merge pull request #1122 from sakkiii/patch-2
update hydrogen v0.1.56 -> v0.1.57
2021-06-14 17:26:30 +03:00
Slavi Pantaleev
68f91660d3
Merge pull request #1121 from sakkiii/patch-1
Update grafana 8.0.0 -> 8.0.2
2021-06-14 17:26:05 +03:00
sakkiii
4cd5835e11
update hydrogen v0.1.56 -> v0.1.57
https://github.com/vector-im/hydrogen-web/releases/tag/v0.1.57
2021-06-14 19:46:08 +05:30
sakkiii
08d1a5c2e7
Update grafana 8.0.0 -> 8.0.2 2021-06-14 19:41:23 +05:30
10 changed files with 90 additions and 36 deletions

View File

@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
## Synapse + OpenID Connect for Single-Sign-On ## Synapse + OpenID Connect for Single-Sign-On
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
```
- idp_id: keycloak
idp_name: "Keycloak"
issuer: "https://url.ix/auth/realms/x"
client_id: "matrix"
client_secret: "{{ vault_synapse_keycloak }}"
scopes: ["openid", "profile"]
authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
user_mapping_provider:
config:
display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
email_template: "{%raw}{{ user.email }}{% endraw %}"
```

View File

@ -54,10 +54,6 @@
validate_certs: yes validate_certs: yes
tags: use-survey tags: use-survey
- name: Run export.sh if this job template is run by the client
command: /bin/sh /root/export.sh
tags: use-survey
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@ -70,8 +66,28 @@
mode: '0660' mode: '0660'
tags: use-survey tags: use-survey
- name: Perform the borg backup - name: Run initial backup of /matrix/ and snapshot the database simultaneously
command: borgmatic command: "{{ item }}"
with_items:
- borgmatic -c /root/.config/borgmatic/config_1.yaml
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
when: matrix_awx_backup_enabled|bool
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
when: matrix_awx_backup_enabled|bool
- name: Perform borg backup of postgres dump
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
when: matrix_awx_backup_enabled|bool when: matrix_awx_backup_enabled|bool
- name: Set boolean value to exit playbook - name: Set boolean value to exit playbook

View File

@ -0,0 +1,33 @@
- name: Run export of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
- name: Schedule deletion of the export in 24 hours
at:
command: rm /chroot/export/matrix*
count: 1
units: days
unique: yes
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

View File

@ -1,15 +1,4 @@
- name: Ensure /matrix/awx is empty
shell: rm -r /matrix/awx/*
ignore_errors: yes
- name: Ensure /matrix/synapse is empty
shell: rm -r /matrix/synapse/*
ignore_errors: yes
- name: Extract from /chroot/export
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
- name: Ensure correct ownership of /matrix/awx - name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx shell: chown -R matrix:matrix /matrix/awx

View File

@ -26,6 +26,15 @@
tags: tags:
- backup-server - backup-server
# Perform a export of the server
- include_tasks:
file: "export_server.yml"
apply:
tags: export-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- export-server
# Create a user account if called # Create a user account if called
- include_tasks: - include_tasks:
file: "create_user.yml" file: "create_user.yml"

View File

@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.1.56 matrix_client_hydrogen_version: v0.1.57
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

View File

@ -3,7 +3,7 @@
matrix_grafana_enabled: false matrix_grafana_enabled: false
matrix_grafana_version: 8.0.0 matrix_grafana_version: 8.0.2
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first. # amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately. # arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available. # arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.35.1 matrix_synapse_version: v1.36.0
matrix_synapse_version_arm64: v1.35.1 matrix_synapse_version_arm64: v1.36.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View File

@ -2977,19 +2977,4 @@ redis:
password: {{ matrix_synapse_redis_password }} password: {{ matrix_synapse_redis_password }}
# Enable experimental features in Synapse.
#
# Experimental features might break or be removed without a deprecation
# period.
#
experimental_features:
# Support for Spaces (MSC1772), it enables the following:
#
# * The Spaces Summary API (MSC2946).
# * Restricting room membership based on space membership (MSC3083).
#
# Uncomment to disable support for Spaces.
#spaces_enabled: false
# vim:ft=yaml # vim:ft=yaml

View File

@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ - ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
- ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
- ^/_matrix/client/(api/v1|r0|unstable)/search$
# Registration/login requests # Registration/login requests
- ^/_matrix/client/(api/v1|r0|unstable)/login$ - ^/_matrix/client/(api/v1|r0|unstable)/login$