Compare commits

...

41 Commits

Author SHA1 Message Date
e539cdc83a
chore(mautrix-whatsapp): update bridge settings 2022-09-27 15:25:22 +02:00
87aefc5216
fix: broken rhel/fedora tasks disabled 2022-09-27 15:25:21 +02:00
06c389e404
feat: add automatic creation of reverse-proxy routing 2022-09-27 15:25:20 +02:00
f2c651833c
meta: move inventory structure to be more usable 2022-09-27 15:25:19 +02:00
171ab8f884
meta: add own inventory, add vault-unlock with GPG 2022-09-27 15:25:18 +02:00
d13ace1f2a
feat(synapse): allow using multiple federation workers 2022-09-27 15:25:17 +02:00
Slavi Pantaleev
de671ad58a Upgrade ddclient (v3.9.1-ls99 -> v3.9.1-ls100) 2022-09-27 15:37:24 +03:00
Slavi Pantaleev
5d5642abc5 Upgrade Synapse (v1.67.0 -> v1.68.0) 2022-09-27 15:35:40 +03:00
Slavi Pantaleev
1ea1597020 Fix some ansible-lint-reported warnings
This mostly fixes `key-order` warnings around
`block` statements.
2022-09-27 11:38:33 +03:00
Slavi Pantaleev
0ab5371ebd Upgrade mautrix-telegram (0.12.0 -> 0.12.1) and lottieconverter (alpine-3.15 -> alpine-3.16) 2022-09-27 08:55:27 +03:00
Slavi Pantaleev
d159408feb
Merge pull request #2134 from etkecc/patch-85
Update Prometheus Node Exporter 1.3.1 -> 1.4.0
2022-09-26 21:53:51 +03:00
Aine
8e448aed0f
Update Prometheus Node Exporter 1.3.1 -> 1.4.0 2022-09-26 18:23:55 +00:00
Slavi Pantaleev
0499692661 Upgrade appservice-irc (0.35.0 -> 0.35.1) 2022-09-26 15:31:20 +03:00
Slavi Pantaleev
f623cf3550 Only download Grafana dashboard URLs for enabled services
If someone is using Dendrite and enabling Grafana, we'll no longer
download Synapse dashboards.

If someone is not using node-exporter, we'll no longer download node
exporter dashboards.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:46:10 +03:00
Slavi Pantaleev
3f4bedb31e Use matrix_grafana_enabled: true in the matrix-grafana role
This is consistent with what all other roles do. If someone includes a
role, the assumption is that they want its functionality enabled.

The playbook distribution then disables components via
`group_vars/matrix_servers`. We've always had `matrix_grafana_enabled: false`
there, so flipping the in-role `_enabled` flag to `true` does not change
anything for playbook users. Users who import the roles individually in
their own other playbooks (and who don't use `group_vars/matrix_servers`)
may observe a change in the defaults with this.
2022-09-26 08:26:30 +03:00
Slavi Pantaleev
6c928d87ca Configure Grafana's default_home_dashboard_path properly
Using `matrix_synapse_*` variables within the `matrix-grafana` role
is not a good practice.

We now have a `matrix_grafana_default_home_dashboard_path` variable
with a good universal default value and we override it via
`group_vars/matrix_servers` based on enabled components, etc.

This is a better fix for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2133
2022-09-26 08:23:54 +03:00
Slavi Pantaleev
14af09e4f3 Define matrix_grafana_dashboard_download_urls_all variable in matrix-grafana role
We shouldn't be using it in the role (`tasks/setup.yml`) without
defining at least some default value in the role itself.

We've always had the override in `group_vars/matrix_servers`,
so the variable was essentially defined (at the playbook level), but
that's not the right way to do things.
2022-09-26 08:08:47 +03:00
Slavi Pantaleev
a69613a2e7
Merge pull request #2132 from mjarr/mjarr-patch-1
synapse: match upstream rate limit defaults
2022-09-24 22:46:32 +03:00
Slavi Pantaleev
590e409a60
Merge pull request #2131 from etkecc/patch-84
Do not restart postmoogle during installation
2022-09-24 22:45:39 +03:00
mjarr
dd8106790e
synapse: match upstream rate limit defaults 2022-09-24 18:53:56 +02:00
Aine
484536b039
Do not restart postmoogle during installation
Reason: during a fresh install, when there is no synapse yet, systemd unit fails to start, thus whole play fails
2022-09-24 16:01:27 +00:00
Slavi Pantaleev
29e3bcea67
Merge pull request #2130 from shalzz/patch-1
whatsapp: do not turn on synapse only options
2022-09-24 07:35:15 +03:00
Shaleen Jain
b77907f2d4
whatsapp: do not turn on synapse only options 2022-09-24 09:45:26 +05:30
Slavi Pantaleev
fa108e087d
Merge pull request #2129 from etkecc/patch-83
Update Postmoogle 0.9.3 -> 0.9.4
2022-09-23 14:07:45 +03:00
Aine
fc56288f5b
Update Postmoogle 0.9.3 -> 0.9.4
* send emails in UTF-8 👋
* fix options descriptions
* add SMTP auth
* allow sending emails from your apps and scripts using postmoogle as email provider
2022-09-23 08:34:58 +00:00
Slavi Pantaleev
ea85cedcb5
Merge pull request #2128 from xyzst/update-dendrite-version
dendrite: update image tag version
2022-09-22 18:30:16 +03:00
Darren Rambaud
59adb8d028 dendrite: update image tag version
- 0.9.9 (https://github.com/matrix-org/dendrite/releases/tag/v0.9.9)
2022-09-22 09:21:23 -05:00
Slavi Pantaleev
8059c0ac54
Merge pull request #2127 from Warrows/master
Improve maubot doc
2022-09-22 15:12:00 +03:00
Warrows
202f54f327
Improve maubot doc
Add two important informations:
- The `mbc` commands must be ran in the docker container
- Not using this method prevent from using encrypted rooms with the bot
2022-09-22 13:48:24 +02:00
Slavi Pantaleev
bcb6679e31
Merge pull request #2124 from etkecc/patch-82
Update Postmoogle 0.9.2 -> 0.9.3
2022-09-21 12:39:05 +03:00
Slavi Pantaleev
7654e64846
Merge pull request #2123 from etkecc/patch-81
Update Honoroit 0.9.14 -> 0.9.15
2022-09-21 12:38:50 +03:00
Aine
6d29048ed9
Update Postmoogle 0.9.2 -> 0.9.3 2022-09-21 08:20:21 +00:00
Aine
8717447dc5
Update Honoroit 0.9.14 -> 0.9.15 2022-09-21 08:08:30 +00:00
Slavi Pantaleev
48eb905c26
Merge pull request #2122 from etkecc/patch-80
Update Grafana 9.1.5 -> 9.1.6
2022-09-20 19:05:47 +03:00
Aine
c6f9a42f40
Update Grafana 9.1.5 -> 9.1.6 2022-09-20 14:58:45 +00:00
Slavi Pantaleev
916df397d9
Merge pull request #2120 from etkecc/patch-78
Update ddclient v3.9.1-ls98 -> v3.9.1-ls99
2022-09-20 12:13:46 +03:00
Slavi Pantaleev
946e079732
Merge pull request #2118 from etkecc/patch-77
Update mautrix-instagram 0.2.0 -> 0.2.1
2022-09-20 12:13:34 +03:00
Aine
63423e614f
Update ddclient v3.9.1-ls98 -> v3.9.1-ls99 2022-09-20 09:09:27 +00:00
Aine
18836e910f
Update mautrix-instagram 0.2.0 -> 0.2.1 2022-09-20 09:03:22 +00:00
Slavi Pantaleev
0811692a09
Merge pull request #2116 from Mecallie/patch-1
Updated the Element settings.
2022-09-20 09:39:12 +03:00
Mecallie
139be48706
Updated the Element settings. 2022-09-19 21:04:02 +02:00
102 changed files with 985 additions and 284 deletions

View File

@ -9,5 +9,8 @@ skip_list:
- schema
- command-instead-of-shell
- role-name
# We frequently load configuration from a template (into a variable), then merge that with another variable (configuration extension)
# before finally dumping it to a file.
- template-instead-of-copy
offline: false

4
.gitignore vendored
View File

@ -1,7 +1,3 @@
/inventory/*
!/inventory/.gitkeep
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad
.DS_Store
.python-version

View File

@ -1,6 +1,11 @@
[defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False
stdout_callback = yaml
inventory = inventory/hosts
[connection]
pipelining = True

View File

@ -54,4 +54,5 @@ Choose a strong password for the bot. You can generate a good password with a co
## Obtaining an admin access token
This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md).
This can be done via `mbc login` then `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). To run these commands you'll need to open the bot docker container with `docker exec -it matrix-bot-maubot sh`
Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md). However these two methods won't allow the bot to work in encrypted rooms.

View File

@ -71,7 +71,8 @@ Steps needed for specific matrix apps:
3. verify `Settings` -> `Notifications` -> `UnifiedPush: Notification targets` as described below in the "Troubleshooting" section.
* Element-android v1.4.26+:
- [not yet documented; should auto-detect and use it?]
1. choose `Settings` -> `Notifications` -> `Notification method` -> `ntfy`
2. verify `Settings` -> `Troubleshoot` -> `Troubleshoot notification settings`
If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".

5
gpg/open_vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

View File

@ -2477,13 +2477,24 @@ matrix_grafana_enabled: false
# Grafana's HTTP port to the local host.
matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}"
matrix_grafana_dashboard_download_urls_all: |
matrix_grafana_dashboard_download_urls: |
{{
matrix_grafana_dashboard_download_urls
(matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else [])
+
(matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else [])
+
(matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else [])
}}
matrix_grafana_default_home_dashboard_path: |-
{{
{
'synapse': ('/etc/grafana/dashboards/synapse.json' if matrix_synapse_metrics_enabled else '/etc/grafana/dashboards/node-exporter-full.json'),
'dendrite': '/etc/grafana/dashboards/node-exporter-full.json',
'conduit': '/etc/grafana/dashboards/node-exporter-full.json',
}[matrix_homeserver_implementation]
}}
matrix_grafana_systemd_wanted_services_list: |
{{
[]

View File

@ -0,0 +1,379 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: "127.0.10.1:8080"
matrix_nginx_proxy_container_federation_host_bind_port: "127.0.10.1:8448"
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
#matrix_nginx_proxy_proxy_synapse_metrics: true
matrix_nginx_proxy_proxy_matrix_metrics_enabled: true
matrix_synapse_metrics_enabled: true
matrix_synapse_metrics_proxying_enabled: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_docker_installation_enabled: false
#matrix_client_element_version: v1.8.4
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
#matrix_mautrix_telegram_version: v0.10.0
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 25
sleep_delay: 500
reject_limit: 50
concurrent: 5
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
## Synapse cache tuning
matrix_synapse_caches_global_factor: 1.5
matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 2
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
# Enable experimental spaces support
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_max: 20
experimental_features:
spaces_enabled: true
caches:
per_cache_factors:
device_id_exists: 3
get_users_in_room: 4
_get_joined_users_from_context: 4
_get_joined_profile_from_event_id: 3
"*stateGroupMembersCache*": 2
_matches_user_in_member_list: 3
get_users_who_share_room_with_user: 3
is_interested_in_room: 2
get_user_by_id: 1.5
room_push_rule_cache: 1.5
expire_caches: true
cache_entry_ttl: 45m
sync_response_cache_duration: 2m
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"gruenhage.xyz": "full"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-skype configuration
#
#matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
# matrix_mx_puppet_skype_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
# matrix_mx_puppet_skype_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
# path: /metrics
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge:
enableGroupSync: true
metrics:
enabled: true
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_roomdir_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
matrix_mailer_enabled: true
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

View File

@ -0,0 +1,100 @@
$ANSIBLE_VAULT;1.1;AES256
39366364363633336238333130353832663162393038633665396333343732353964333363666539
6562346632343235623835643735386434316666393234360a383634616537393134613631383836
61333835363666623033306166376232303930306433343366373463653234623736643633383734
3330333665383539650a383132353032386230393031626361343764323034386230363066306331
34646236336262623435633566363033613737373064616266336237343233663066396163373034
62303765353066653737366539626461636531636438323932333134363136363134646164646531
63656638666233313437663261396665653736373164323433306435323336633938313164646264
33653661633965363833393031616463633761356234633630643562306366653133366637346166
38636433343736343461613731623538633361363934343764326466313261353633646230353065
37366134303164356433333961346663313963626165323966656536313532376162326565383539
65363333633964323838663461373666353665643236623839646664653661613838353239613137
39353061323131306365656261343630313665356165623064616436653566373663343733316237
34393666383465323463313838393465643830373632373938633763666636346539666233303265
38353337633833373331356663633936326334366337393135653030333531613565643666633038
64393862303765366632393137313432376563353335353231323464633637343334346634306534
35613330373336633031376263306466306437656635396133613335386130346163663438386136
61646437343938663431343736363564376238316666373531616231366132643864346538363866
35396433366137356162313963666134383134306462313336613735386639363936326131383939
66623833643433663039623837623133303336666233623935313438366136353332313165333936
31386632336535383533646639636164313331346630633366383739623261366465656632393062
63373332623738303364623437666531396331646666336230353333366261653438363861656466
39333762633037383336393164616563396564383232636533363864636230616664303330323932
66666234633362346132303932643464366466323535303835363430333737666661373534333934
61393362616438626636383564613335363634626231663234616438343464383461303632363033
39336362396339316661323662393665383031643931626333646335643335353661653939363538
38666561313539613566386132336630643237333432656236356132616230663561343665353938
33366663353834356434366335373265373439363430636533303933656264366338623232613435
35356662383232386137313064313363303861326635333435393737643663336534363234623430
32376432353330613666396337303935376366613564353039396164383361616337656535346166
34396635356266326461613135303639643935363261396363636338636564643838313262326266
31663139343336376233303637373864363835313839326433656235616332333134306139623239
37636639356263646437373362333931613262363363313462666534643765313139386461623731
33376635653133353033333733613464396632636634313063326363313030376632643863336237
61636638353237313764313435626463633964643665313536326235343639663137373436303564
30636232626137376339303238653664346538356430306238633037366332316263623666373062
63646533646131303466653637346463613237323161313265613834383634626237323563653733
38656435303264346663663465333966376631666530333833353233376263336436613065366362
36366263343438393132326661623031316663663231663464383732343064383234616636306530
66613634626362316533303034393063666632343262613431613635663866636433623535363238
30643933613731363236346234336662613633323831633437613435326465383530653765616262
63373538396364316563343365303134373466663639386137663564356532353531343636613135
63316463353264316164306566326462333732316431643939626161346530636638636662303037
34346461313961613063336332333934383363373335616636363661396362613661383762663866
64303834636264376461396266663763336665356561376161333136336638646363313133353161
31643061623833623239373432633537663664636334623534326639616633616361333834366131
30376361656238353332656666316637643133623433333861653265636266376639666135383638
37363337326231656530363536393737383565666266306532626361633633353539363866376534
61303737326632303762626666306134343837376566343035386663613336626332383035383035
37633462373066373062313862323766316362393832666466396637363562353865303366323062
39346332383966313437646138623364656234663066663639663138626163656433363038323166
65613862386665643438323061323763306635666162303366323131363436633335356332393366
63373966383132303434633835333438333337303664346335643066623839343835643364306561
34643336346564363462396330643263653931376664386335313433376332653832323437376135
35383231386133363236653334393433306638303131323064343931623538323130343666653061
36353536383632333964343730346265626433303131346531303133663832363036333261386237
30363361356265356139323761623563396565336137333733656431636531333234323061343862
33623935346663333735613661363234646234356331323636386637343661373363363261646231
33643233343235323230393933616664623166666266333862323631653835666135303233653635
63373061656163353762636531613632366638383366303864343132376162643963366564363563
61336338613935613532636165383463633866633036393533313433643562313737383431353163
37623165373933376236393931363939633963666636303136373065376635623761346537643530
35363464313630376233633863306238616138666464316534363332333937343362343233346431
34643032323934353939666364323239653932363735373061633434653062326336353239633261
38306237336266663038656534393664646138343038323335633064616431386666613739326630
34383963666534313530376331366238343836303036306336343533666332386163643033643138
33336333333338353733383165306139623964303035653439623131633566356136386431613135
63616462386639303230343866346631346532353531373132613433363239646330653666633532
65393766333238383531313132633537633833363335303630376239396565373730646331313633
30383861303739343265623934643635633361623262356433323035393062353630346430646262
63303434353038646361353661616339313937323336303566303536366163623362356332383862
37326333393761633732653264646333653439363039323238383361336233323232613336303464
34393635633131313135313665363161306466643364393734346264633030373234306466653862
32336163666435636162343465386633653863363533616339636531306130383331376563393533
65366136626662343065383164646665613035393636373565346235656439303933343563366339
36643838393033353033396535613331303031646162316361613564323163633434633861356135
62343461616335323565636633383962316531316362396165366533346166336163623232366261
39376230376562626135346333326437373733373266393236383435343562653034313133376236
61666138346562613330633630373837653465393233613261353937336666646231366666393335
35393463333936323664323831396639333462626238613164616435363664643438653763623431
32663237363134353061373563396535653565636431366565386337653863316333343738343432
62303132636338303462313439376535363063333833363632613832303436353834376561333330
66633632383135646263626333643230343630326539663762633934316261633062663732373932
30306438386263626335373838343236643562326135663366353638353163346365396261313133
36333634306133353235316237343738623263333732343063356238333162323931346664346539
66323733643061386334306130633537353630663336313966663538373963313435666564316539
63613030366332363432303036396232306537663765653938353736376135316539613135623632
66356639623635663365323635646635383638346539323438336261393332373935383536333831
61306639343061333639336162366536366438356166396266666132303932333037613632623666
63616662343830303664353931306632323630316162643432653835313962633735626163366332
34373637633066333432383533316363613031393963373963386161663430623533383165653561
38343439633066366663643138326264653539336530393932386236366533663935353664343966
39323161646231353234633961633732613065323039663062313661386565366534623430356632
64343732336238393262363338363734643639353830646163343361653761633134303163616562
35633436393832393137383534613031303963613339333566343065336530623964636662353065
32366630353538383339346465376661323666333234373665613164633866363364613066643034
37616630366232353166366535633936366536626462353831643335306337353564316461653564
66663133373466333431336366346435623436656230376232613665633466333463636263373464
30386434336538303061666566383033616563303564666362346432663130306531613063363537
646635613236636563666161666630653836

22
inventory/hosts Normal file
View File

@ -0,0 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
31336566376336626265653165306635633033376662656164383037383834653239656136333734
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
30393637613164356564393337633361653432333232383664303739363736633435363764343530
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
39396638366262313531653635326361616537396338363533303961623165343931373939306239
31336632643166633662653765333231393461643933306464303165633037343061323636313034
34376631656563646665373566633431366638383863666130323264316337663237343135306236
66323536346164663239343139623430303230333466633437643337343930363530653964626163
38336363633730393136333637383631636266396636646533356262376630646139303636666538
32366437353163663865623234643061313639646162643965393535353938313133326237313265
66646163333535396539646461356334633532313530653834623263386265383765356130333466
30373531306137393935363030313739666536363138363962646565306439393239303030643162
33333166663430393866666439653532623034396130313066383035396535646633366237303264
36356665366461323664373038366364623937386233313039323837666333653764616462333365
31326264633236373937313537633961633164323138356135633765663639323537656263633766
38653836323263386333376131333330326237393666363064326463663961633839393039323835
61306265333232623037356465393133323733363634646364336261326333366239346565366338
61646132333033373866623739343830336164316461646366666237313565626639323537623732
38323830656136323137323530343764666433633432366136643538323832653130376363653135
64376261386635636533353961613335663962306337353866616464613636303735336230623962
3336

View File

@ -1,6 +1,7 @@
---
- block:
- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
block:
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
@ -20,7 +21,6 @@
- name: Set the correct borg backup version to use
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ matrix_postgres_detected_version }}"
when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
- name: Ensure borg paths exist
ansible.builtin.file:

View File

@ -9,7 +9,8 @@
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int > 30
- block:
- when: ansible_os_family == 'Debian'
block:
# ansible_lsb is only available if lsb-release is installed.
- name: Ensure lsb-release installed
ansible.builtin.apt:
@ -28,7 +29,6 @@
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
when: ansible_os_family == 'Debian'
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
when: ansible_distribution == 'Archlinux'
@ -39,7 +39,7 @@
state: started
enabled: true
- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
- name: "Ensure ntpd is started and autoruns"
ansible.builtin.service:
name: "{{ matrix_ntpd_service }}"
state: started

View File

@ -18,6 +18,7 @@
when: matrix_docker_installation_enabled | bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
when: false
ansible.builtin.yum:
name:
- "{{ matrix_ntpd_package }}"

View File

@ -28,4 +28,5 @@
- "{{ matrix_docker_package_name }}"
- docker-python
state: present
when: matrix_docker_installation_enabled | bool
when: matrix_docker_installation_enabled | bool and false

View File

@ -2,13 +2,15 @@
- ansible.builtin.set_fact:
matrix_bot_buscarron_requires_restart: false
- block:
- when: "matrix_bot_buscarron_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
register: matrix_bot_buscarron_sqlite_database_path_local_stat_result
- block:
- when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
@ -24,8 +26,6 @@
- ansible.builtin.set_fact:
matrix_bot_buscarron_requires_restart: true
when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_buscarron_database_engine == 'postgres'"
- name: Ensure buscarron paths exist
ansible.builtin.file:

View File

@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.14
matrix_bot_honoroit_version: v0.9.15
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

View File

@ -2,13 +2,15 @@
- ansible.builtin.set_fact:
matrix_bot_honoroit_requires_restart: false
- block:
- when: "matrix_bot_honoroit_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
- block:
- when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
@ -24,8 +26,6 @@
- ansible.builtin.set_fact:
matrix_bot_honoroit_requires_restart: true
when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_honoroit_database_engine == 'postgres'"
- name: Ensure honoroit paths exist
ansible.builtin.file:

View File

@ -3,13 +3,15 @@
- ansible.builtin.set_fact:
matrix_bot_matrix_reminder_bot_requires_restart: false
- block:
- when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
register: matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result
- block:
- when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
@ -25,8 +27,6 @@
- ansible.builtin.set_fact:
matrix_bot_matrix_reminder_bot_requires_restart: true
when: "matrix_bot_matrix_reminder_bot_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_matrix_reminder_bot_database_engine == 'postgres'"
- name: Ensure matrix-reminder-bot paths exist
ansible.builtin.file:

View File

@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.2
matrix_bot_postmoogle_version: v0.9.4
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

View File

@ -1,11 +1,13 @@
---
- block:
- when: "matrix_bot_postmoogle_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
register: matrix_bot_postmoogle_sqlite_database_path_local_stat_result
- block:
- when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
@ -21,8 +23,6 @@
- ansible.builtin.set_fact:
matrix_bot_postmoogle_requires_restart: true
when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_postmoogle_database_engine == 'postgres'"
- name: Ensure postmoogle paths exist
ansible.builtin.file:
@ -91,9 +91,3 @@
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-postmoogle.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-postmoogle.service"
state: restarted
when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"

View File

@ -3,13 +3,15 @@
- ansible.builtin.set_fact:
matrix_appservice_discord_requires_restart: false
- block:
- when: "matrix_appservice_discord_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
register: matrix_appservice_discord_sqlite_database_path_local_stat_result
- block:
- when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
@ -25,8 +27,6 @@
- ansible.builtin.set_fact:
matrix_appservice_discord_requires_restart: true
when: "matrix_appservice_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_appservice_discord_database_engine == 'postgres'"
- name: Ensure Appservice Discord image is pulled
docker_image:

View File

@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser
# matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`).
# It's a bare version number now. We try to somewhat retain compatibility below.
matrix_appservice_irc_version: 0.35.0
matrix_appservice_irc_version: 0.35.1
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}"
matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

View File

@ -21,7 +21,8 @@
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
register: matrix_appservice_irc_stat_passkey
- block:
- when: "matrix_appservice_irc_stat_passkey.stat.exists"
block:
- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
ansible.builtin.service:
name: matrix-appservice-irc
@ -44,24 +45,23 @@
- rooms.db
- users.db
failed_when: false
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- ansible.builtin.set_fact:
matrix_appservice_irc_requires_restart: false
- block:
- when: "matrix_appservice_irc_database_engine == 'postgres'"
block:
- name: Check if a nedb database already exists
ansible.builtin.stat:
path: "{{ matrix_appservice_irc_data_path }}/users.db"
register: matrix_appservice_irc_nedb_database_path_local_stat_result
- block:
- when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.set_fact:
matrix_appservice_irc_requires_restart: true
when: "matrix_appservice_irc_nedb_database_path_local_stat_result.stat.exists | bool"
when: "matrix_appservice_irc_database_engine == 'postgres'"
- name: Ensure Appservice IRC image is pulled
docker_image:

View File

@ -43,7 +43,10 @@
The matrix-bridge-appservice-slack role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- block:
- when: matrix_appservice_slack_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -76,9 +79,6 @@
+
[matrix_appservice_slack_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_appservice_slack_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -17,19 +17,19 @@
- ansible.builtin.set_fact:
matrix_appservice_slack_requires_restart: false
- block:
- when: "matrix_appservice_slack_database_engine == 'postgres'"
block:
- name: Check if a nedb database already exists
ansible.builtin.stat:
path: "{{ matrix_appservice_slack_data_path }}/teams.db"
register: matrix_appservice_slack_nedb_database_path_local_stat_result
- block:
- when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/migrate_nedb_to_postgres.yml"
- ansible.builtin.set_fact:
matrix_appservice_slack_requires_restart: true
when: "matrix_appservice_slack_nedb_database_path_local_stat_result.stat.exists | bool"
when: "matrix_appservice_slack_database_engine == 'postgres'"
- name: Ensure Appservice Slack image is pulled
docker_image:

View File

@ -36,7 +36,10 @@
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- block:
- when: matrix_appservice_webhooks_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -71,9 +74,6 @@
+
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_appservice_webhooks_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -26,7 +26,8 @@
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- block:
- when: "matrix_appservice_webhooks_container_image_self_build | bool"
block:
- name: Ensure Appservice webhooks repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_appservice_webhooks_container_image_self_build_repo }}"
@ -47,7 +48,6 @@
dockerfile: "{{ matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path }}"
path: "{{ matrix_appservice_webhooks_docker_src_files_path }}"
pull: true
when: "matrix_appservice_webhooks_container_image_self_build | bool"
- name: Ensure Matrix Appservice webhooks config is installed
ansible.builtin.copy:

View File

@ -34,7 +34,8 @@
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- block:
- when: "matrix_beeper_linkedin_container_image_self_build | bool"
block:
- name: Ensure Beeper LinkedIn repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
@ -72,7 +73,6 @@
pull: true
args:
TARGETARCH: "{{ matrix_architecture }}"
when: "matrix_beeper_linkedin_container_image_self_build | bool"
- name: Ensure beeper-linkedin config.yaml installed
ansible.builtin.copy:

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_go_skype_bridge_requires_restart: false
- block:
- when: "matrix_go_skype_bridge_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result
- block:
- when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
@ -34,9 +36,6 @@
- ansible.builtin.set_fact:
matrix_go_skype_bridge_requires_restart: true
when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_go_skype_bridge_database_engine == 'postgres'"
- name: Ensure Go Skype Bridge paths exists
ansible.builtin.file:

View File

@ -28,7 +28,8 @@
}}
when: matrix_hookshot_enabled | bool
- block:
- when: matrix_hookshot_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -128,7 +129,6 @@
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
when: matrix_hookshot_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: false
- block:
- when: "matrix_mautrix_discord_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
register: matrix_mautrix_discord_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
@ -34,9 +36,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: true
when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_discord_database_engine == 'postgres'"
- name: Ensure Mautrix Discord paths exists
ansible.builtin.file:

View File

@ -27,7 +27,10 @@
}}
when: matrix_mautrix_facebook_enabled | bool
- block:
- when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -70,7 +73,3 @@
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
tags:
- always
when: matrix_mautrix_facebook_enabled | bool and matrix_mautrix_facebook_appservice_public_enabled | bool

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_facebook_requires_restart: false
- block:
- when: "matrix_mautrix_facebook_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
register: matrix_mautrix_facebook_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
@ -33,8 +35,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_facebook_requires_restart: true
when: "matrix_mautrix_facebook_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_facebook_database_engine == 'postgres'"
- name: Ensure Mautrix Facebook image is pulled
docker_image:

View File

@ -10,7 +10,8 @@
- "matrix_mautrix_facebook_appservice_token"
- "matrix_mautrix_facebook_homeserver_token"
- block:
- when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
block:
- name: Inject warning if on an old SQLite-supporting version
ansible.builtin.set_fact:
matrix_playbook_runtime_results: |
@ -21,4 +22,3 @@
"NOTE: Your mautrix-facebook bridge is still on SQLite and on the last version that supported it, before support was dropped. Support has been subsequently re-added in v0.3.2, so we advise you to upgrade (by removing your `matrix_mautrix_facebook_docker_image` definition from vars.yml)"
]
}}
when: "matrix_mautrix_facebook_database_engine == 'sqlite' and matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"

View File

@ -27,7 +27,10 @@
}}
when: matrix_mautrix_googlechat_enabled | bool
- block:
- when: matrix_mautrix_googlechat_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -59,9 +62,6 @@
+
[matrix_mautrix_googlechat_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mautrix_googlechat_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_googlechat_requires_restart: false
- block:
- when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
register: matrix_mautrix_googlechat_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
@ -33,8 +35,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_googlechat_requires_restart: true
when: "matrix_mautrix_googlechat_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_googlechat_database_engine == 'postgres'"
- name: Ensure Mautrix googlechat image is pulled
docker_image:

View File

@ -27,7 +27,10 @@
}}
when: matrix_mautrix_hangouts_enabled | bool
- block:
- when: matrix_mautrix_hangouts_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -59,9 +62,6 @@
+
[matrix_mautrix_hangouts_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mautrix_hangouts_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_hangouts_requires_restart: false
- block:
- when: "matrix_mautrix_hangouts_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
register: matrix_mautrix_hangouts_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
@ -33,8 +35,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_hangouts_requires_restart: true
when: "matrix_mautrix_hangouts_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_hangouts_database_engine == 'postgres'"
- name: Ensure Mautrix Hangouts image is pulled
docker_image:

View File

@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_version: v0.2.0
matrix_mautrix_instagram_version: v0.2.1
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

View File

@ -9,14 +9,14 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_telegram_lottieconverter_docker_repo_version: "master"
matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_mautrix_telegram_container_image_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.12.0
matrix_mautrix_telegram_version: v0.12.1
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@ -131,6 +131,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
matrix_mautrix_telegram_sender_localpart: "telegrambot"
matrix_mautrix_telegram_registration_yaml: |
id: telegram
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@ -149,6 +151,7 @@ matrix_mautrix_telegram_registration_yaml: |
url: {{ matrix_mautrix_telegram_appservice_address }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"

View File

@ -27,7 +27,10 @@
}}
when: matrix_mautrix_telegram_enabled | bool
- block:
- when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -69,7 +72,3 @@
URL endpoint to the matrix-mautrix-telegram container.
You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
tags:
- always
when: matrix_mautrix_telegram_enabled | bool and matrix_mautrix_telegram_appservice_public_enabled | bool

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_telegram_requires_restart: false
- block:
- when: "matrix_mautrix_telegram_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
register: matrix_mautrix_telegram_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
@ -33,8 +35,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_telegram_requires_restart: true
when: "matrix_mautrix_telegram_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_telegram_database_engine == 'postgres'"
- name: Ensure Mautrix Telegram paths exist
ansible.builtin.file:

View File

@ -11,13 +11,15 @@
- ansible.builtin.set_fact:
matrix_mautrix_whatsapp_requires_restart: false
- block:
- when: "matrix_mautrix_whatsapp_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
register: matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
@ -34,9 +36,6 @@
- ansible.builtin.set_fact:
matrix_mautrix_whatsapp_requires_restart: true
when: "matrix_mautrix_whatsapp_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_whatsapp_database_engine == 'postgres'"
- name: Ensure Mautrix Whatsapp paths exists
ansible.builtin.file:

View File

@ -55,7 +55,7 @@ appservice:
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
@ -191,7 +191,7 @@ bridge:
# Should Matrix users leaving groups be bridged to WhatsApp?
bridge_matrix_leave: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
sync_with_custom_puppets: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.

View File

@ -27,7 +27,8 @@
path: "{{ matrix_mx_puppet_discord_base_path }}/database.db"
register: matrix_mx_puppet_discord_stat_database
- block:
- when: "matrix_mx_puppet_discord_stat_database.stat.exists"
block:
- name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped
ansible.builtin.service:
name: matrix-mx-puppet-discord
@ -40,18 +41,19 @@
cmd: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db"
register: matrix_mx_puppet_discord_relocate_database_result
changed_when: matrix_mx_puppet_discord_relocate_database_result.rc == 0
when: "matrix_mx_puppet_discord_stat_database.stat.exists"
- ansible.builtin.set_fact:
matrix_mx_puppet_discord_requires_restart: false
- block:
- when: "matrix_mx_puppet_discord_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
register: matrix_mx_puppet_discord_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
@ -67,8 +69,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_discord_requires_restart: true
when: "matrix_mx_puppet_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_discord_database_engine == 'postgres'"
- name: Ensure MX Puppet Discord image is pulled
docker_image:

View File

@ -70,7 +70,7 @@ namePatterns:
#
# name: username of the user
# discriminator: hashtag of the user (ex. #1234)
user: :name
user: ":name (#:discriminator) (via Discord)"
# A user's guild-specific displayname - if they've set a custom nick in
# a guild
@ -82,7 +82,7 @@ namePatterns:
# displayname: the user's custom group-specific nick
# channel: the name of the channel
# guild: the name of the guild
userOverride: :name
userOverride: ":displayname (:name#:discriminator) (via Discord)"
# Room names for bridged Discord channels
#
@ -90,7 +90,7 @@ namePatterns:
#
# name: name of the channel
# guild: name of the guild
room: :name
room: "#:name (:guild on Discord)"
# Group names for bridged Discord servers
#

View File

@ -43,13 +43,15 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_groupme_requires_restart: false
- block:
- when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
@ -65,8 +67,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_groupme_requires_restart: true
when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
- name: Ensure MX Puppet Groupme image is pulled
docker_image:

View File

@ -12,13 +12,15 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_instagram_requires_restart: false
- block:
- when: "matrix_mx_puppet_instagram_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
register: matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
@ -34,8 +36,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_instagram_requires_restart: true
when: "matrix_mx_puppet_instagram_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_instagram_database_engine == 'postgres'"
- name: Ensure mx-puppet-instagram image is pulled
docker_image:

View File

@ -27,7 +27,10 @@
}}
when: matrix_mx_puppet_slack_enabled | bool
- block:
- when: matrix_mx_puppet_slack_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -60,9 +63,6 @@
+
[matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mx_puppet_slack_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -39,13 +39,15 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_slack_requires_restart: false
- block:
- when: "matrix_mx_puppet_slack_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
register: matrix_mx_puppet_slack_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
@ -61,8 +63,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_slack_requires_restart: true
when: "matrix_mx_puppet_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_slack_database_engine == 'postgres'"
- name: Ensure MX Puppet Slack image is pulled
docker_image:

View File

@ -43,13 +43,15 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_steam_requires_restart: false
- block:
- when: "matrix_mx_puppet_steam_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
register: matrix_mx_puppet_steam_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
@ -65,8 +67,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_steam_requires_restart: true
when: "matrix_mx_puppet_steam_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_steam_database_engine == 'postgres'"
- name: Ensure MX Puppet Steam image is pulled
docker_image:

View File

@ -27,7 +27,10 @@
}}
when: matrix_mx_puppet_twitter_enabled | bool
- block:
- when: matrix_mx_puppet_twitter_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -60,9 +63,6 @@
+
[matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mx_puppet_twitter_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -43,13 +43,15 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_twitter_requires_restart: false
- block:
- when: "matrix_mx_puppet_twitter_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
register: matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result
- block:
- when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
@ -65,8 +67,6 @@
- ansible.builtin.set_fact:
matrix_mx_puppet_twitter_requires_restart: true
when: "matrix_mx_puppet_twitter_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mx_puppet_twitter_database_engine == 'postgres'"
- name: Ensure MX Puppet Twitter image is pulled
docker_image:

View File

@ -21,7 +21,10 @@
}}
when: matrix_cactus_comments_enabled | bool
- block:
- when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -63,7 +66,3 @@
reverse proxy.
Please make sure that you're proxying client files in {{ matrix_cactus_comments_client_path }} correctly
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
tags:
- always
when: matrix_cactus_comments_enabled | bool and matrix_cactus_comments_serve_client_enabled | bool

View File

@ -65,7 +65,8 @@
pull: true
when: "matrix_cactus_comments_container_image_self_build | bool"
- block:
- when: matrix_cactus_comments_client_local_dir | length == 0
block:
- name: Download client binary to local folder
ansible.builtin.get_url:
url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz"
@ -101,9 +102,9 @@
mode: "{{ matrix_cactus_comments_client_file_permissions }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_cactus_comments_client_local_dir | length == 0
- block:
- when: matrix_cactus_comments_client_local_dir | length > 0
block:
- name: Propagate locally distributed client javascreipt
ansible.builtin.copy:
src: "{{ matrix_cactus_comments_client_local_dir }}/src/cactus.js"
@ -118,7 +119,6 @@
mode: "{{ matrix_cactus_comments_client_file_permissions }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_cactus_comments_client_local_dir | length > 0
- name: Ensure matrix-cactus-comments.service installed
ansible.builtin.template:

Binary file not shown.

After

Width:  |  Height:  |  Size: 188 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.1 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 747 KiB

View File

@ -4,7 +4,11 @@
# Tasks related to setting up Element themes
#
- block:
- when: matrix_client_element_themes_enabled | bool
run_once: true
delegate_to: 127.0.0.1
become: false
block:
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
@ -29,12 +33,6 @@
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
run_once: true
delegate_to: 127.0.0.1
become: false
when: matrix_client_element_themes_enabled | bool
#
# Tasks related to getting rid of Element themes (if it was previously enabled)
#

View File

@ -82,6 +82,18 @@
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is not none"
- name: Copy Element costum files
copy:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element config files removed
ansible.builtin.file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

View File

@ -33,7 +33,7 @@ h1::after {
}
.mx_Logo {
height: 54px;
height: 92px;
margin-top: 2px;
}

View File

@ -34,7 +34,8 @@
delegate_to: 127.0.0.1
become: false
- block:
- when: "ansible_distribution != 'Archlinux'"
block:
- name: Populate service facts
ansible.builtin.service_facts:
@ -50,9 +51,9 @@
with_items: "{{ matrix_systemd_services_list }}"
when:
- "item.endswith('.service') and (ansible_facts.services[item] | default(none) is none or ansible_facts.services[item].state != 'running')"
when: "ansible_distribution != 'Archlinux'"
- block:
- when: "ansible_distribution == 'Archlinux'"
block:
# Currently there is a bug in ansible that renders is incompatible with systemd.
# service_facts is not collecting the data successfully.
# Therefore iterating here manually
@ -70,4 +71,3 @@
Try running `systemctl status {{ item.item }}` and `journalctl -fu {{ item.item }}` on the server to investigate.
with_items: "{{ systemdstatus.results }}"
when: "item.status['ActiveState'] != 'active'"
when: "ansible_distribution == 'Archlinux'"

View File

@ -29,7 +29,8 @@
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- block:
- when: "matrix_coturn_container_image_self_build | bool"
block:
- name: Ensure Coturn repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
@ -50,7 +51,6 @@
dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}"
path: "{{ matrix_coturn_docker_src_files_path }}"
pull: true
when: "matrix_coturn_container_image_self_build | bool"
- name: Ensure Coturn configuration path exists
ansible.builtin.file:

View File

@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.9.8"
matrix_dendrite_docker_image_tag: "v0.9.9"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

View File

@ -3,13 +3,15 @@
- ansible.builtin.set_fact:
matrix_dimension_requires_restart: false
- block:
- when: "matrix_dimension_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_dimension_sqlite_database_path_local }}"
register: matrix_dimension_sqlite_database_path_local_stat_result
- block:
- when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
# pgloader makes a few columns `smallint`, instead of `boolean`.
# We need to fix them up.
- ansible.builtin.set_fact:
@ -67,8 +69,6 @@
- ansible.builtin.set_fact:
matrix_dimension_requires_restart: true
when: "matrix_dimension_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_dimension_database_engine == 'postgres'"
- name: Ensure Dimension base path exists
ansible.builtin.file:

View File

@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
# The dynamic dns daemon interval
matrix_dynamic_dns_daemon_interval: '300'
matrix_dynamic_dns_version: v3.9.1-ls98
matrix_dynamic_dns_version: v3.9.1-ls100
# The docker container to use when in mode
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

View File

@ -4,7 +4,10 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-etherpad.service'] }}"
when: matrix_etherpad_enabled | bool
- block:
- when: matrix_etherpad_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -49,9 +52,6 @@
+
[matrix_etherpad_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_etherpad_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -3,18 +3,14 @@
# See: https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
# Project source code URL: https://github.com/grafana/grafana
matrix_grafana_enabled: false
matrix_grafana_enabled: true
matrix_grafana_version: 9.1.5
matrix_grafana_version: 9.1.6
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
# Not conditional, because when someone disables metrics
# they might still want to look at the old existing data.
# So it would be silly to delete the dashboard in such case.
matrix_grafana_dashboard_download_urls:
- "https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json"
- "https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json"
# matrix_grafana_dashboard_download_urls holds a list of URLs of dashboards to download
matrix_grafana_dashboard_download_urls: []
matrix_grafana_base_path: "{{ matrix_base_data_path }}/grafana"
matrix_grafana_config_path: "{{ matrix_grafana_base_path }}/config"
@ -50,6 +46,10 @@ matrix_grafana_content_security_policy: true
matrix_grafana_content_security_policy_customized: false
matrix_grafana_content_security_policy_template: "script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"
# matrix_grafana_default_home_dashboard_path influences the `default_home_dashboard_path` grafana.ini setting,
# which is an in-container path for the default dashboard.
matrix_grafana_default_home_dashboard_path: /etc/grafana/dashboards/node-exporter-full.json
# A list of extra arguments to pass to the container
matrix_grafana_container_extra_arguments: []

View File

@ -68,7 +68,7 @@
mode: 0440
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items: "{{ matrix_grafana_dashboard_download_urls_all }}"
with_items: "{{ matrix_grafana_dashboard_download_urls }}"
when: matrix_grafana_enabled | bool
register: result
retries: "{{ matrix_geturl_retries_count }}"

View File

@ -5,3 +5,12 @@
msg: >
You need to enable `matrix_prometheus_enabled` to use Prometheus as data source for Grafana.
when: "not matrix_prometheus_enabled"
- name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_grafana_dashboard_download_urls_all', 'new': 'matrix_grafana_dashboard_download_urls'}

View File

@ -26,8 +26,4 @@ enabled = {{ matrix_grafana_anonymous_access }}
org_name = "{{ matrix_grafana_anonymous_access_org_name }}"
[dashboards]
{% if matrix_synapse_metrics_enabled %}
default_home_dashboard_path = /etc/grafana/dashboards/synapse.json
{% else %}
default_home_dashboard_path = /etc/grafana/dashboards/node-exporter-full.json
{% endif %}
default_home_dashboard_path = {{ matrix_grafana_default_home_dashboard_path }}

View File

@ -42,7 +42,8 @@
# We use shell commands for the migration, because the Ansible copy module cannot
# recursively copy remote directories (like `/matrix/mxisd/data/sign.key`) in older versions of Ansible.
- block:
- when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
block:
- name: Copy mxisd data files to ma1sd folder
ansible.builtin.command:
cmd: "cp -ar {{ matrix_base_data_path }}/mxisd/data {{ matrix_ma1sd_base_path }}"
@ -66,7 +67,6 @@
cmd: "mv {{ matrix_base_data_path }}/mxisd {{ matrix_base_data_path }}/mxisd.migrated"
register: matrix_ma1sd_migrate_mxisd_move_directory_result
changed_when: matrix_ma1sd_migrate_mxisd_move_directory_result.rc == 0
when: "ma1sd_migrate_mxisd_data_dir_stat.stat.exists"
- name: Ensure outdated matrix-mxisd.service doesn't exist
ansible.builtin.file:

View File

@ -21,13 +21,15 @@
- ansible.builtin.set_fact:
matrix_ma1sd_requires_restart: false
- block:
- when: "matrix_ma1sd_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_ma1sd_sqlite_database_path_local }}"
register: matrix_ma1sd_sqlite_database_path_local_stat_result
- block:
- when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_ma1sd_sqlite_database_path_local }}"
@ -44,8 +46,6 @@
- ansible.builtin.set_fact:
matrix_ma1sd_requires_restart: true
when: "matrix_ma1sd_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_ma1sd_database_engine == 'postgres'"
- name: Ensure ma1sd image is pulled
docker_image:
@ -59,7 +59,8 @@
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- block:
- when: "matrix_ma1sd_container_image_self_build | bool"
block:
- name: Ensure gradle is installed for self-building (Debian)
ansible.builtin.apt:
name:
@ -111,7 +112,6 @@
repository: "{{ matrix_ma1sd_docker_image }}"
force_tag: true
source: local
when: "matrix_ma1sd_container_image_self_build | bool"
- name: Ensure ma1sd config installed
ansible.builtin.copy:

View File

@ -15,7 +15,8 @@
# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module
# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle.
# As a workaround, we run `htpasswd` from an Apache container image.
- block:
- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''
block:
- name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs)
docker_image:
name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}"
@ -57,4 +58,3 @@
ansible.builtin.file:
path: /tmp/matrix-nginx-proxy-metrics-password
state: absent
when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != ''

View File

@ -9,7 +9,8 @@
follow_redirects: "{{ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects }}"
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
- block:
- when: matrix_well_known_matrix_server_enabled | bool
block:
- ansible.builtin.set_fact:
well_known_file_check_matrix_server:
path: /.well-known/matrix/server
@ -21,7 +22,6 @@
- name: Determine domains that we require certificates for (ma1sd)
ansible.builtin.set_fact:
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
when: matrix_well_known_matrix_server_enabled | bool
- name: Perform well-known checks
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"

View File

@ -16,7 +16,8 @@
# Tasks related to setting up Let's Encrypt's management of certificates
#
- block:
- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
block:
- name: Ensure certbot Docker image is pulled
docker_image:
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
@ -43,13 +44,13 @@
mode: 0644
when: "item.applicable | bool"
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
#
# Tasks related to getting rid of Let's Encrypt's management of certificates
#
- block:
- when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
block:
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/{{ item.name }}"
@ -61,4 +62,3 @@
ansible.builtin.file:
path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
state: absent
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"

View File

@ -13,7 +13,8 @@
- ansible.builtin.set_fact:
domain_name_needs_cert: "{{ not domain_name_certificate_path_stat.stat.exists }}"
- block:
- when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
block:
- name: Ensure required service for obtaining is started
ansible.builtin.service:
name: "{{ matrix_ssl_pre_obtaining_required_service_name }}"
@ -24,7 +25,6 @@
ansible.builtin.wait_for:
timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}"
when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool"
when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
# This will fail if there is something running on port 80 (like matrix-nginx-proxy).
# We suppress the error, as we'll try another method below.

View File

@ -35,7 +35,8 @@
- or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`)
when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"
- block:
- when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
block:
- name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
@ -57,7 +58,6 @@
- "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"
- "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"
when: "vars[item] == '' or vars[item] is none"
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
- name: (Deprecation) Catch and report old metrics usage
ansible.builtin.fail:

View File

@ -78,7 +78,7 @@ matrix_postgres_import_roles_to_ignore: [matrix_postgres_connection_username]
# which is unsupported by default by newer Postgres versions (v14+).
# When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+.
# If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default.
matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # noqa var-spacing
matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_postgres_import_roles_to_ignore | join('|') }})(;| WITH)" # noqa jinja[spacing]
# A list of databases to avoid creating when importing (or upgrading) the database.
# If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`),
@ -86,7 +86,7 @@ matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE ({{ matrix_post
# We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump.
matrix_postgres_import_databases_to_ignore: [matrix_postgres_db_name]
matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # noqa var-spacing
matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE ({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\s" # noqa jinja[spacing]
# The number of seconds to wait after starting `matrix-postgres.service`
# and before trying to run queries for creating additional databases/users against it.

View File

@ -25,7 +25,8 @@
# We either expect `postgres_db_connection_string` specifying a full Postgres database connection string,
# or `postgres_connection_string_variable_name`, specifying a name of a variable, which contains a valid connection string.
- block:
- when: 'postgres_connection_string_variable_name is defined'
block:
- name: Fail if postgres_connection_string_variable_name points to an undefined variable
ansible.builtin.fail: msg="postgres_connection_string_variable_name is defined, but there is no variable with the name `{{ postgres_connection_string_variable_name }}`"
when: "postgres_connection_string_variable_name not in vars"
@ -33,7 +34,6 @@
- name: Get Postgres connection string from variable
ansible.builtin.set_fact:
postgres_db_connection_string: "{{ lookup('vars', postgres_connection_string_variable_name) }}"
when: 'postgres_connection_string_variable_name is defined'
- name: Fail if playbook called incorrectly
ansible.builtin.fail:

View File

@ -31,7 +31,8 @@
msg: "File cannot be found on the server at {{ matrix_postgres_db_migration_request.src }}"
when: "not matrix_postgres_db_migration_request_src_stat_result.stat.exists"
- block:
- when: "matrix_postgres_pgloader_container_image_self_build | bool"
block:
- name: Ensure pgloader repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_postgres_pgloader_container_image_self_build_repo }}"
@ -69,7 +70,6 @@
dockerfile: Dockerfile
path: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}"
pull: true
when: "matrix_postgres_pgloader_container_image_self_build | bool"
- name: Ensure pgloader Docker image is pulled
docker_image:
@ -134,7 +134,8 @@
register: matrix_postgres_migrate_db_to_postgres_import_result
changed_when: matrix_postgres_migrate_db_to_postgres_import_result.rc == 0
- block:
- when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0"
block:
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: detect_existing_postgres_version
@ -157,8 +158,6 @@
register: matrix_postgres_migrate_db_to_postgres_additional_queries_result
changed_when: matrix_postgres_migrate_db_to_postgres_additional_queries_result.rc == 0
when: "matrix_postgres_db_migration_request.additional_psql_statements_list | default([]) | length > 0"
- name: Archive {{ matrix_postgres_db_migration_request.engine_old }} database ({{ matrix_postgres_db_migration_request.src }} -> {{ matrix_postgres_db_migration_request.src }}.backup)
ansible.builtin.command:
cmd: "mv {{ matrix_postgres_db_migration_request.src }} {{ matrix_postgres_db_migration_request.src }}.backup"

View File

@ -52,14 +52,14 @@
group: "{{ matrix_user_groupname }}"
when: "result_pg_old_data_dir_stat.stat.exists"
- block:
- when: "result_pg_old_data_dir_stat.stat.exists"
block:
- name: Relocate Postgres data files from old directory to new
ansible.builtin.command:
cmd: "mv {{ item.path }} {{ matrix_postgres_data_path }}/{{ item.path | basename }}"
with_items: "{{ result_pg_old_data_dir_find.files }}"
register: matrix_postgres_migrate_postgres_data_directory_move_result
changed_when: matrix_postgres_migrate_postgres_data_directory_move_result.rc == 0
when: "result_pg_old_data_dir_stat.stat.exists"
# Intentionally not starting matrix-postgres here.
# It likely needs to be updated to point to the new directory.

View File

@ -5,7 +5,7 @@
matrix_prometheus_node_exporter_enabled: false
matrix_prometheus_node_exporter_version: v1.3.1
matrix_prometheus_node_exporter_version: v1.4.0
matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
@ -60,3 +60,8 @@ matrix_prometheus_node_exporter_container_http_host_bind_port: ''
# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_prometheus_node_exporter_dashboard_urls:
- https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json

View File

@ -4,7 +4,8 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-node-exporter.service'] }}"
when: matrix_prometheus_node_exporter_enabled | bool
- block:
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -38,4 +39,3 @@
+
[matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
}}
when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool

View File

@ -58,5 +58,7 @@ matrix_prometheus_postgres_exporter_container_http_host_bind_port: ''
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_prometheus_postgres_exporter_dashboard_urls:
- "https://grafana.com/api/dashboards/9628/revisions/7/download"

View File

@ -4,7 +4,8 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-prometheus-postgres-exporter.service'] }}"
when: matrix_prometheus_postgres_exporter_enabled | bool
- block:
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -38,4 +39,3 @@
+
[matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
}}
when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool

View File

@ -10,7 +10,10 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration.service'] }}"
when: matrix_registration_enabled | bool
- block:
- when: matrix_registration_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -54,9 +57,6 @@
+
[matrix_registration_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_registration_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -3,13 +3,15 @@
- ansible.builtin.set_fact:
matrix_registration_requires_restart: false
- block:
- when: "matrix_registration_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_registration_sqlite_database_path_local }}"
register: matrix_registration_sqlite_database_path_local_stat_result
- block:
- when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_registration_sqlite_database_path_local }}"
@ -30,8 +32,6 @@
- ansible.builtin.set_fact:
matrix_registration_requires_restart: true
when: "matrix_registration_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_registration_database_engine == 'postgres'"
- name: Ensure matrix-registration paths exist
ansible.builtin.file:

Binary file not shown.

After

Width:  |  Height:  |  Size: 188 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.1 MiB

View File

@ -10,7 +10,10 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-admin.service'] }}"
when: matrix_synapse_admin_enabled | bool
- block:
- when: matrix_synapse_admin_enabled | bool
tags:
- always
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -45,9 +48,6 @@
+
[matrix_synapse_admin_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_synapse_admin_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:

View File

@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.67.0
matrix_synapse_version: v1.68.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -148,22 +148,22 @@ matrix_synapse_rc_admin_redaction:
matrix_synapse_rc_joins:
local:
per_second: 0.1
burst_count: 3
burst_count: 10
remote:
per_second: 0.01
burst_count: 3
burst_count: 10
matrix_synapse_rc_invites:
per_room:
per_second: 0.5
burst_count: 5
per_second: 0.3
burst_count: 10
per_user:
per_second: 0.004
burst_count: 3
per_issuer:
per_second: 0.5
per_second: 0.003
burst_count: 5
per_issuer:
per_second: 0.3
burst_count: 10
matrix_synapse_rc_federation:
@ -365,6 +365,11 @@ matrix_url_preview_accept_language: ['en-US', 'en']
matrix_synapse_metrics_enabled: false
matrix_synapse_metrics_port: 9100
# matrix_synapse_grafana_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_synapse_grafana_dashboard_urls:
- https://raw.githubusercontent.com/matrix-org/synapse/master/contrib/grafana/synapse.json
# Controls whether Synapse metrics should be proxied (exposed) on:
# - `matrix.DOMAIN/metrics/synapse/main-process` for the main process
# - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process

View File

@ -26,7 +26,8 @@
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}"
when: matrix_s3_media_store_enabled | bool
- block:
- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
@ -84,4 +85,3 @@
[matrix_synapse_worker_nginx_metrics_configuration_block]
}}
when: matrix_synapse_workers_enabled_list | length > 0
when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool

View File

@ -85,16 +85,17 @@
#
# Row 3 contains a space when there's no result.
- block:
- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4"
block:
- ansible.builtin.debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result"
- name: Fail if room find result is not what we expect
ansible.builtin.fail:
msg: >-
Expecting 4 lines in the "find rooms" result.
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines | length != 4"
- block:
- when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
block:
# matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list
# of dictionaries like this: {'room_id': '!some-id', 'count': 2461329}
- ansible.builtin.set_fact:
@ -113,7 +114,6 @@
with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}"
loop_control:
loop_var: room_details
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
- name: Show notice about lack of rooms to compress
ansible.builtin.debug:

View File

@ -18,7 +18,8 @@
group: "{{ matrix_user_groupname }}"
when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
- block:
- when: "matrix_synapse_container_image_self_build | bool"
block:
- name: Ensure Synapse repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
@ -48,7 +49,6 @@
environment:
DOCKER_BUILDKIT: 1
when: "matrix_synapse_git_pull_results.changed | bool or matrix_synapse_docker_image_check_result.stdout == ''"
when: "matrix_synapse_container_image_self_build | bool"
- name: Ensure Synapse Docker image is pulled
docker_image:

View File

@ -37,7 +37,8 @@
msg: "Unrecognized Synapse worker `app`: `{{ matrix_synapse_worker_details.app }}`. Supported types are: {{ matrix_synapse_workers_avail_list | join(', ') }}"
when: "matrix_synapse_worker_details.app not in matrix_synapse_workers_avail_list"
- block:
- when: "matrix_synapse_worker_details.type == 'stream_writer'"
block:
- name: Fail if stream_writer_stream not defined for stream_writer worker
ansible.builtin.fail:
msg: >-
@ -50,7 +51,6 @@
ansible.builtin.fail:
msg: "Synapse background workers of type stream_writer (such as {{ item }}) need to define a valid `replication_port` property"
when: "'replication_port' not in matrix_synapse_worker_details"
when: "matrix_synapse_worker_details.type == 'stream_writer'"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"

View File

@ -2849,16 +2849,16 @@ send_federation: {{ matrix_synapse_send_federation | to_json }}
# started, to ensure that all instances are running with the same config (otherwise
# events may be dropped).
#
#federation_sender_instances:
# - federation_sender1
{% if matrix_synapse_federation_sender_instances | length > 0 %}
federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_json }}
{% endif %}
{% if matrix_synapse_federation_pusher_instances | length > 0 %}
pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }}
{% endif %}
start_pushers: {{ matrix_synapse_start_pushers | to_json }}
{% if matrix_synapse_workers_federation_sender_workers_count != 0%}
federation_sender_instances:
{% for i in range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list %}
- federation_sender:{{ i | int }}
{% endfor %}
{% endif %}
# When using workers this should be a map from `worker_name` to the
# HTTP replication listener of the worker, if configured.

View File

@ -34,7 +34,7 @@ matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synaps
matrix_synapse_workers_generic_worker_federation_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', matrix_synapse_workers_generic_worker_federation_endpoints_regex) | list | difference([none]) }}"
# matrix_synapse_workers_generic_worker_federation_endpoints_regex contains the regex used in matrix_synapse_workers_generic_worker_federation_endpoints.
# It's intentionally put in a separate variable, to avoid tripping ansible-lint's var-spacing rule.
# It's intentionally put in a separate variable, to avoid tripping ansible-lint's jinja[spacing] rule.
matrix_synapse_workers_generic_worker_federation_endpoints_regex: '.*(/_matrix/federation|/_matrix/key).*'
# matrix_synapse_workers_stream_writer_typing_stream_worker_client_server_endpoints contains the endpoints serviced by the `typing` stream writer.

View File

@ -7,9 +7,10 @@
- roles/matrix-synapse/vars/workers.yml
roles:
# - matrix-awx
- matrix-base
- matrix-dynamic-dns
- matrix-mailer
# - matrix-dynamic-dns
# - matrix-mailer
- matrix-postgres
- matrix-redis
- matrix-corporal
@ -72,3 +73,33 @@
- matrix-postgres-backup
- matrix-backup-borg
- matrix-common-after
tasks:
- name: Ensure web-user is present
user:
name: "{{ web_user }}"
state: present
system: yes
register: web_user_res
tags: [ setup-caddy, setup-all, start ]
- name: Ensure directory for revproxy config is present
file:
path: "{{ revproxy_autoload_dir }}/matrix"
state: directory
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0750
tags: [ setup-caddy, setup-all, start ]
- name: Template reverse proxy configuration
template:
src: Caddyfile.j2
dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0640
tags: [ setup-caddy, setup-all, start ]
- name: Restart reverse proxy
docker_container:
name: web
state: started
restart: yes

Some files were not shown because too many files have changed in this diff Show More