mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-10 12:47:39 +01:00
Merge remote-tracking branch 'master' into feature/add-worker-support
This commit is contained in:
commit
93a8ea7e4a
2
.gitignore
vendored
2
.gitignore
vendored
@ -3,3 +3,5 @@
|
||||
!/inventory/host_vars/.gitkeep
|
||||
!/inventory/scripts
|
||||
/roles/*/files/scratchpad
|
||||
.DS_Store
|
||||
.python-version
|
||||
|
19
CHANGELOG.md
19
CHANGELOG.md
@ -1,3 +1,22 @@
|
||||
# 2020-10-02
|
||||
|
||||
## Minimum Ansible version raised to v2.7.0
|
||||
|
||||
We were claiming to support [Ansible](https://www.ansible.com/) v2.5.2 and higher, but issues like [#662](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/662) demonstrate that we need at least v2.7.0.
|
||||
|
||||
If you've been using the playbook without getting any errors until now, you're probably on a version higher than that already (or you're not using the `matrix-ma1sd` and `matrix-client-element` roles).
|
||||
|
||||
Our [Ansible docs page](docs/ansible.md) contains information on how to run a more up-to-date version of Ansible.
|
||||
|
||||
|
||||
# 2020-10-01
|
||||
|
||||
## Postgres 13 support
|
||||
|
||||
The playbook now installs [Postgres 13](https://www.postgresql.org/about/news/postgresql-13-released-2077/) by default.
|
||||
|
||||
If you have have an existing setup, it's likely running on an older Postgres version (9.x, 10.x, 11.x or 12.x). You can easily upgrade by following the [upgrading PostgreSQL guide](docs/maintenance-postgres.md#upgrading-postgresql).
|
||||
|
||||
# 2020-09-01
|
||||
|
||||
## matrix-registration support
|
||||
|
@ -56,7 +56,7 @@ Using this playbook, you can get the following services configured on your serve
|
||||
|
||||
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
|
||||
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
|
||||
|
||||
|
@ -9,7 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
|
||||
|
||||
## Supported Ansible versions
|
||||
|
||||
Ansible 2.5.2 or newer is required.
|
||||
Ansible 2.7.0 or newer is required.
|
||||
|
||||
|
||||
## Checking your Ansible version
|
||||
@ -49,7 +49,7 @@ docker run -it --rm \
|
||||
-v `pwd`:/work \
|
||||
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
||||
--entrypoint=/bin/sh \
|
||||
devture/ansible:2.9.9-r0
|
||||
devture/ansible:2.9.13-r0
|
||||
```
|
||||
|
||||
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
||||
|
@ -38,6 +38,7 @@ Follow our [Registering users](registering-users.md) guide to learn how to regis
|
||||
|
||||
You are required to specify an access token (belonging to this new user) for Dimension to work.
|
||||
To get an access token for the Dimension user, you can follow one of two options:
|
||||
|
||||
*Through an interactive login*:
|
||||
|
||||
1. In a private browsing session (incognito window), open Element.
|
||||
|
@ -56,11 +56,19 @@ The default authentication mode of Jitsi is `internal`, however LDAP is also sup
|
||||
```yaml
|
||||
matrix_jitsi_enable_auth: true
|
||||
matrix_jitsi_auth_type: ldap
|
||||
matrix_jitsi_ldap_url: ldap://ldap.DOMAIN # or ldaps:// if using tls
|
||||
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN"
|
||||
matrix_jitsi_ldap_filter: "(&(uid=%u)(employeeType=active))"
|
||||
matrix_jitsi_ldap_use_tls: false
|
||||
matrix_jitsi_ldap_start_tls: true
|
||||
matrix_jitsi_ldap_url: "ldap://ldap.DOMAIN"
|
||||
matrix_jitsi_ldap_base: "OU=People,DC=DOMAIN
|
||||
#matrix_jitsi_ldap_binddn: ""
|
||||
#matrix_jitsi_ldap_bindpw: ""
|
||||
matrix_jitsi_ldap_filter: "uid=%u"
|
||||
matrix_jitsi_ldap_auth_method: "bind"
|
||||
matrix_jitsi_ldap_version: "3"
|
||||
matrix_jitsi_ldap_use_tls: true
|
||||
matrix_jitsi_ldap_tls_ciphers: ""
|
||||
matrix_jitsi_ldap_tls_check_peer: true
|
||||
matrix_jitsi_ldap_tls_cacert_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||
matrix_jitsi_ldap_tls_cacert_dir: "/etc/ssl/certs"
|
||||
matrix_jitsi_ldap_start_tls: false
|
||||
```
|
||||
|
||||
For more information refer to the [docker-jitsi-meet](https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap) and the [saslauthd `LDAP_SASLAUTHD`](https://github.com/winlibs/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD) documentation.
|
||||
|
@ -3,7 +3,7 @@
|
||||
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt](https://letsencrypt.org/) for the domains it needs (`matrix.<your-domain>` and possibly `element.<your-domain>`)
|
||||
|
||||
Those certificates are used when configuring the nginx reverse proxy installed by this playbook.
|
||||
They can also be used for configuring [your own webserver](docs/configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
||||
They can also be used for configuring [your own webserver](configuring-playbook-own-webserver.md), in case you're not using the integrated nginx server provided by the playbook.
|
||||
|
||||
If you need to retrieve certificates for other domains (e.g. your base domain) or more control over certificate retrieval, read below.
|
||||
|
||||
@ -13,7 +13,7 @@ Things discussed in this document:
|
||||
|
||||
- [Using your own SSL certificates](#using-your-own-ssl-certificates), if you don't want to or can't use Let's Encrypt certificates, but are still interested in using the integrated nginx reverse proxy server
|
||||
|
||||
- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](docs/configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you
|
||||
- [Not bothering with SSL certificates](#not-bothering-with-ssl-certificates), if you're using [your own webserver](configuring-playbook-own-webserver.md) and would rather this playbook leaves SSL certificate management to you
|
||||
|
||||
- [Obtaining SSL certificates for additional domains](#obtaining-ssl-certificates-for-additional-domains), if you'd like to host additional domains on the Matrix server and would like the playbook to help you obtain and renew certificates for those domains automatically
|
||||
|
||||
|
@ -20,4 +20,7 @@ Run this command (make sure to replace `<server-path-to-homeserver.db>` with a f
|
||||
|
||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_homeserver_db=<server-path-to-homeserver.db>' --tags=import-sqlite-db
|
||||
|
||||
**Note**: `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` file on the server (not on your local machine!).
|
||||
**Notes**:
|
||||
|
||||
- `<server-path-to-homeserver.db>` must be a file path to a `homeserver.db` **file on the server** (not on your local machine!).
|
||||
- if the SQLite database is from an older version of Synapse, the **importing procedure may run migrations on it to bring it up to date**. That is, your SQLite database file may get modified and become unusable with your older Synapse version. Keeping a copy of the original is probably wise.
|
||||
|
@ -45,7 +45,7 @@ docker run \
|
||||
--log-driver=none \
|
||||
--network=matrix \
|
||||
--env-file=/matrix/postgres/env-postgres-psql \
|
||||
postgres:12.4-alpine \
|
||||
postgres:13.0-alpine \
|
||||
pg_dumpall -h matrix-postgres \
|
||||
| gzip -c \
|
||||
> /postgres.sql.gz
|
||||
|
147
examples/caddy2/Caddyfile
Normal file
147
examples/caddy2/Caddyfile
Normal file
@ -0,0 +1,147 @@
|
||||
matrix.DOMAIN.tld {
|
||||
@identity {
|
||||
path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@noidentity {
|
||||
not path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@search {
|
||||
path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@nosearch {
|
||||
not path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@static {
|
||||
path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@nostatic {
|
||||
not path /matrix/static-files/*
|
||||
}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
167,9 79%
|
||||
}
|
||||
|
||||
# Cache
|
||||
header @static {
|
||||
# Cache
|
||||
Cache-Control "public, max-age=31536000"
|
||||
defer
|
||||
}
|
||||
|
||||
# identity
|
||||
handle @identity {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
# search
|
||||
handle @search {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8008 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
matrix.DOMAIN.tld:8448 {
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy 127.0.0.1:8048 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dimension.DOMAIN.tld {
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8184 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
element.DOMAIN.tld {
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8765 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
@ -4,6 +4,9 @@
|
||||
# Note: this playbook does not touch the server referenced here.
|
||||
# Installation happens on another server ("matrix.<matrix-domain>").
|
||||
#
|
||||
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
|
||||
# because you can't change the Domain after deployment.
|
||||
#
|
||||
# Example value: example.com
|
||||
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
|
||||
|
||||
|
@ -18,8 +18,6 @@
|
||||
|
||||
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
|
||||
|
||||
matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_enabled else '' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-base
|
||||
@ -1045,6 +1043,8 @@ matrix_synapse_admin_enabled: false
|
||||
# Synapse Admin's HTTP port to the local host.
|
||||
matrix_synapse_admin_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8766' }}"
|
||||
|
||||
matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-synapse-admin
|
||||
|
@ -59,13 +59,13 @@ matrix_integration_manager_ui_url: ~
|
||||
|
||||
# The domain name where a Jitsi server is self-hosted.
|
||||
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
|
||||
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
|
||||
matrix_riot_jitsi_preferredDomain: ''
|
||||
# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
|
||||
matrix_client_element_jitsi_preferredDomain: ''
|
||||
|
||||
# Controls whether Element should use End-to-End Encryption by default.
|
||||
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
|
||||
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
|
||||
matrix_riot_e2ee_default: true
|
||||
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
|
||||
matrix_client_element_e2ee_default: true
|
||||
|
||||
# The Docker network that all services would be put into
|
||||
matrix_docker_network: "matrix"
|
||||
|
@ -1,19 +1,10 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_ansible_outdated_fail_msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
|
||||
- name: Fail if running on Ansible < 2.5
|
||||
# We generally support Ansible 2.7.0 and above.
|
||||
- name: Fail if running on Ansible < 2.7
|
||||
fail:
|
||||
msg: "{{ matrix_ansible_outdated_fail_msg }}"
|
||||
when: "ansible_version.major <= 2 and ansible_version.minor < 5"
|
||||
|
||||
# Ansible 2.5.0 and 2.5.1 are known to have a bug with `include_tasks` + `with_items`.
|
||||
# The bug has been fixed in Ansible 2.5.2.
|
||||
- name: Fail if running on Ansible 2.5.x (lower than 2.5.2)
|
||||
fail:
|
||||
msg: "{{ matrix_ansible_outdated_fail_msg }}"
|
||||
when: "ansible_version.major == 2 and ansible_version.minor == 5 and ansible_version.revision < 2"
|
||||
msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
|
||||
when: "(ansible_version.major < 2) or (ansible_version.major <= 2 and ansible_version.minor < 7)"
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
fail:
|
||||
|
@ -17,6 +17,9 @@
|
||||
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
|
||||
state: present
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
home: "{{ matrix_base_data_path }}"
|
||||
create_home: no
|
||||
system: yes
|
||||
register: matrix_user
|
||||
|
||||
- name: Set Matrix Group UID Variable
|
||||
|
@ -18,12 +18,18 @@
|
||||
]
|
||||
}
|
||||
{% endif %}
|
||||
{% if matrix_riot_jitsi_preferredDomain %},
|
||||
{% if matrix_client_element_jitsi_preferredDomain %},
|
||||
"io.element.jitsi": {
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
|
||||
},
|
||||
"im.vector.riot.jitsi": {
|
||||
"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
|
||||
"preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }}
|
||||
}
|
||||
{% endif %}
|
||||
{% if not matrix_riot_e2ee_default %},
|
||||
{% if not matrix_client_element_e2ee_default %},
|
||||
"io.element.e2ee": {
|
||||
"default": false
|
||||
},
|
||||
"im.vector.riot.e2ee": {
|
||||
"default": false
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
matrix_bot_matrix_reminder_bot_enabled: true
|
||||
|
||||
matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-0.1.0"
|
||||
matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0"
|
||||
matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
matrix_appservice_slack_enabled: true
|
||||
|
||||
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair"
|
||||
matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0"
|
||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
|
||||
|
@ -1,6 +1,6 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix mx-puppet-instagram bridge
|
||||
Description=Matrix Mx Puppet Instagram server
|
||||
{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
|
@ -2,7 +2,7 @@ matrix_client_element_enabled: true
|
||||
|
||||
matrix_client_element_container_image_self_build: false
|
||||
|
||||
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.5"
|
||||
matrix_client_element_docker_image: "vectorim/riot-web:v1.7.8"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"
|
||||
@ -30,9 +30,11 @@ matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api"
|
||||
matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"]
|
||||
matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html"
|
||||
matrix_client_element_permalinkPrefix: "https://matrix.to"
|
||||
matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit"
|
||||
matrix_client_element_showLabsSettings: true
|
||||
# Element public room directory server(s)
|
||||
matrix_client_element_roomdir_servers: ['matrix.org']
|
||||
matrix_client_element_welcome_user_id: "@riot-bot:matrix.org"
|
||||
matrix_client_element_welcome_user_id: ~
|
||||
# Branding of Element
|
||||
matrix_client_element_brand: "Element"
|
||||
|
||||
|
@ -20,8 +20,8 @@
|
||||
"integrations_rest_url": {{ matrix_client_element_integrations_rest_url|string|to_json }},
|
||||
"integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls|to_json }},
|
||||
"integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url|string|to_json }},
|
||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||
"enableLabs": true,
|
||||
"bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url|to_json }},
|
||||
"showLabsSettings": {{ matrix_client_element_showLabsSettings|to_json }},
|
||||
"roomDirectory": {
|
||||
"servers": {{ matrix_client_element_roomdir_servers|to_json }}
|
||||
},
|
||||
|
@ -97,19 +97,10 @@ h1::after {
|
||||
color: #2e2f32 !important;
|
||||
}
|
||||
|
||||
.mx_ButtonHeadline {
|
||||
margin-bottom: 14px;
|
||||
}
|
||||
|
||||
.mx_ButtonLabel {
|
||||
margin-left: 20px;
|
||||
}
|
||||
|
||||
.mx_ButtonWrapperText {
|
||||
font-size: 13px;
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
||||
.mx_Header_title {
|
||||
font-size: 24px;
|
||||
font-weight: 600;
|
||||
@ -128,7 +119,7 @@ h1::after {
|
||||
}
|
||||
|
||||
.mx_ButtonCreateAccount {
|
||||
background-color: #03B381;
|
||||
background-color: #0DBD8B;
|
||||
color: white !important;
|
||||
}
|
||||
|
||||
@ -150,6 +141,32 @@ h1::after {
|
||||
background-image: url('welcome/images/icon-room-directory.svg');
|
||||
}
|
||||
|
||||
/*
|
||||
.mx_WelcomePage_loggedIn is applied by EmbeddedPage from the Welcome component
|
||||
If it is set on the page, we should show the buttons. Otherwise, we have to assume
|
||||
we don't have an account and should hide them. No account == no guest account either.
|
||||
*/
|
||||
.mx_WelcomePage:not(.mx_WelcomePage_loggedIn) .mx_WelcomePage_guestFunctions {
|
||||
display: none;
|
||||
}
|
||||
|
||||
.mx_ButtonRow.mx_WelcomePage_guestFunctions {
|
||||
margin-top: 20px;
|
||||
}
|
||||
.mx_ButtonRow.mx_WelcomePage_guestFunctions > div {
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
@media only screen and (max-width: 480px) {
|
||||
.mx_ButtonRow {
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
.mx_ButtonRow > * {
|
||||
margin: 0 0 10px 0;
|
||||
}
|
||||
}
|
||||
|
||||
</style>
|
||||
|
||||
<div class="mx_Parent">
|
||||
@ -175,17 +192,10 @@ h1::after {
|
||||
See https://github.com/vector-im/riot-web/issues/8622.
|
||||
TODO: Convert to config option if possible. -->
|
||||
<!-- BEGIN Ansible: Remove these lines when guest access is disabled -->
|
||||
<div class="mx_ButtonRow">
|
||||
<div class="mx_ButtonRow mx_WelcomePage_guestFunctions">
|
||||
<div>
|
||||
<div class="mx_ButtonWrapperText">_t("Need help?")</div>
|
||||
<a href="#/user/@riot-bot:matrix.org?action=chat" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconHelp">
|
||||
<div class="mx_ButtonLabel">_t("Chat with Riot Bot")</div>
|
||||
</a>
|
||||
</div>
|
||||
<div>
|
||||
<div class="mx_ButtonWrapperText">_t("Explore rooms")</div>
|
||||
<a href="#/directory" class="mx_ButtonParent mx_SecondaryButton mx_Button_iconRoomDirectory">
|
||||
<div class="mx_ButtonLabel">_t("Room Directory")</div>
|
||||
<div class="mx_ButtonLabel">_t("Explore rooms")</div>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
|
||||
# List of systemd services that matrix-corporal.service depends on
|
||||
matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
|
||||
matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0"
|
||||
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
||||
|
@ -27,7 +27,7 @@ matrix_dimension_container_http_host_bind_port: ''
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_dimension_container_extra_arguments: []
|
||||
|
||||
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot"
|
||||
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
|
||||
matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
||||
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
|
||||
matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
||||
|
@ -12,7 +12,8 @@ matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine"
|
||||
matrix_postgres_docker_image_v10: "postgres:10.14-alpine"
|
||||
matrix_postgres_docker_image_v11: "postgres:11.9-alpine"
|
||||
matrix_postgres_docker_image_v12: "postgres:12.4-alpine"
|
||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
|
||||
matrix_postgres_docker_image_v13: "postgres:13.0-alpine"
|
||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
|
||||
|
||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||
matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
|
||||
|
@ -81,6 +81,6 @@
|
||||
--entrypoint=python
|
||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
|
||||
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
||||
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}
|
||||
{{ matrix_synapse_docker_image }}
|
||||
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
||||
|
@ -49,3 +49,8 @@
|
||||
set_fact:
|
||||
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v11 }}"
|
||||
when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')"
|
||||
|
||||
- name: Determine corresponding Docker image to detected version (use 12.x, if detected)
|
||||
set_fact:
|
||||
matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v12 }}"
|
||||
when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')"
|
||||
|
@ -7,7 +7,7 @@ matrix_synapse_admin_container_self_build: false
|
||||
matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
|
||||
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
|
||||
|
||||
matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.4.1"
|
||||
matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0"
|
||||
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
|
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
|
||||
|
||||
matrix_synapse_container_image_self_build: false
|
||||
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.19.1"
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.20.1"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||
|
@ -399,11 +399,10 @@ retention:
|
||||
# min_lifetime: 1d
|
||||
# max_lifetime: 1y
|
||||
|
||||
# Retention policy limits. If set, a user won't be able to send a
|
||||
# 'm.room.retention' event which features a 'min_lifetime' or a 'max_lifetime'
|
||||
# that's not within this range. This is especially useful in closed federations,
|
||||
# in which server admins can make sure every federating server applies the same
|
||||
# rules.
|
||||
# Retention policy limits. If set, and the state of a room contains a
|
||||
# 'm.room.retention' event in its state which contains a 'min_lifetime' or a
|
||||
# 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy
|
||||
# to these limits when running purge jobs.
|
||||
#
|
||||
#allowed_lifetime_min: 1d
|
||||
#allowed_lifetime_max: 1y
|
||||
@ -423,18 +422,19 @@ retention:
|
||||
# 'longest_max_lifetime' of '3d' will handle every room with a retention policy
|
||||
# which 'max_lifetime' is lower than or equal to three days.
|
||||
#
|
||||
# The rationale for this per-job configuration is that some rooms might have a
|
||||
# retention policy with a low 'max_lifetime', where history needs to be purged
|
||||
# of outdated messages on a more frequent basis than for the rest of the rooms
|
||||
# (e.g. every 12h), but not want that purge to be performed by a job that's
|
||||
# iterating over every room it knows, which could be heavy on the server.
|
||||
# If any purge job is configured, it is strongly recommended to have at least
|
||||
# a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime'
|
||||
# set, or one job without 'shortest_max_lifetime' and one job without
|
||||
# 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if
|
||||
# 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a
|
||||
# room's policy to these values is done after the policies are retrieved from
|
||||
# Synapse's database (which is done using the range specified in a purge job's
|
||||
# configuration).
|
||||
#
|
||||
#purge_jobs:
|
||||
# - shortest_max_lifetime: 1d
|
||||
# longest_max_lifetime: 3d
|
||||
# - longest_max_lifetime: 3d
|
||||
# interval: 12h
|
||||
# - shortest_max_lifetime: 3d
|
||||
# longest_max_lifetime: 1y
|
||||
# interval: 1d
|
||||
|
||||
# Inhibits the /requestToken endpoints from returning an error that might leak
|
||||
@ -1957,9 +1957,7 @@ email:
|
||||
# Directory in which Synapse will try to find the template files below.
|
||||
# If not set, default templates from within the Synapse package will be used.
|
||||
#
|
||||
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||
# below are in the directory.
|
||||
# Do not uncomment this setting unless you want to customise the templates.
|
||||
#
|
||||
# Synapse will look for the following templates in this directory:
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user