Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy

CHANGELOG.md

@@ -1,3 +1,18 @@
+# 2019-08-03
+
+## Synapse logging level has been reduced to WARNING
+
+After [some discussion in our support room](https://matrix.to/#/!PukFFdIcHgtaaHZflT:devture.com/$156476852524179TBeKy:matrix.org?via=devture.com&via=matrix.org&via=librem.one), we've decided to change the default logging level for Synapse from `INFO` to `WARNING`.
+
+This greatly reduces the number of log messages that are being logged, leading to:
+
+- much less disk space dedicated to Synapse and thus, logs kept for longer
+- easier to find some important `WARNING`, `ERROR` and `CRITICAL` messages, as they're not longer buried in thousands of non-important `INFO` messages
+
+If you'd like to track down an issue, you [can always increase the logging level as described here](./docs/maintenance-and-troubleshooting.md#increasing-synapse-logging).
+
+
+
 # 2019-07-08
 
 ## Synapse Maintenance docs and synapse-janitor support are available

docs/configuring-playbook-dimension.md

@@ -29,7 +29,7 @@ You are required to specify an access token for Dimension to work.
 To get an access token, follow these steps:
 
 1. In a private browsing session (incognito window), open Riot.
-2. It's better to you use dedicated user for getting access token, so log in with this user's username and password.
+2. It's preferable to use a dedicated user for the access token, so create and log in with that user's username and password.
 3. Set the display name and avatar, if required.
 4. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: <click to reveal>`.
 5. Copy the highlighted text to your configuration.

docs/maintenance-and-troubleshooting.md

@@ -16,6 +16,24 @@ You can see the logs by using journalctl. Example:
 sudo journalctl -fu matrix-synapse
 ```
 
+
+## Increasing Synapse logging
+
+Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`.
+
+If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO` or even `DEBUG`.
+
+Example configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`):
+
+```yaml
+matrix_synapse_log_level: "DEBUG"
+matrix_synapse_storage_sql_log_level: "DEBUG"
+matrix_synapse_root_log_level: "DEBUG"
+```
+
+Re-run the playbook after making these configuration changes.
+
+
 ## Postgres
 
 See the dedicated [PostgreSQL Maintenance](maintenance-postgres.md) documentation page.

roles/matrix-base/tasks/setup_server_base.yml

@@ -49,7 +49,7 @@
 
 - name: Ensure Docker repository is enabled (Debian)
   apt_repository:
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
+    repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
     state: present
     update_cache: yes
   when: ansible_os_family == 'Debian'

roles/matrix-bridge-appservice-discord/defaults/main.yml

@@ -86,6 +86,8 @@ matrix_appservice_discord_configuration_yaml: |
     #     enable:
     #       - "DiscordBot"
   database:
+    userStorePath: "/data/user-store.db"
+    roomStorePath: "/data/room-store.db"
     # You may either use SQLite or Postgresql for the bridge database, which contains
     # important mappings for events and user puppeting configurations.
     # Use the filename option for SQLite, or connString for Postgresql.

roles/matrix-bridge-appservice-discord/tasks/setup_install.yml

@@ -32,10 +32,12 @@
   failed_when: false
   when: "matrix_appservice_discord_stat_db.stat.exists"
 
-# In addition to this, there used to be some `user-store-db` and `room-store.db` files.
-# They're no longer in use, so we're not relocating them in an effort to point them out as neither `./data`, nor `./config`.
 - name: (Data relocation) Move AppService Discord discord.db file to ./data directory
-  command: "mv {{ matrix_appservice_discord_base_path }}/discord.db {{ matrix_appservice_discord_data_path }}/discord.db"
+  command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}"
+  with_items:
+    - discord.db
+    - user-store.db
+    - room-store.db
   when: "matrix_appservice_discord_stat_db.stat.exists"
 
 - name: Ensure AppService Discord config.yaml installed

roles/matrix-bridge-mautrix-facebook/defaults/main.yml

@@ -3,7 +3,8 @@
 
 matrix_mautrix_facebook_enabled: true
 
-matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
+# See: https://mau.dev/tulir/mautrix-facebook/container_registry
+matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest"
 matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
@@ -12,7 +13,7 @@ matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data
 
 matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008'
 matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
-matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080'
+matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319'
 
 # A list of extra arguments to pass to the container
 matrix_mautrix_facebook_container_extra_arguments: []
@@ -51,7 +52,7 @@ matrix_mautrix_facebook_configuration_yaml: |
 
       # The hostname and port where this appservice should listen.
       hostname: 0.0.0.0
-      port: 8080
+      port: 29319
       # The maximum body size of appservice API requests (from the homeserver) in mebibytes
       # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
       max_body_size: 1

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -3,7 +3,8 @@
 
 matrix_mautrix_telegram_enabled: true
 
-matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.6.0"
+# See: https://mau.dev/tulir/mautrix-telegram/container_registry
+matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.0"
 matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -3,7 +3,8 @@
 
 matrix_mautrix_whatsapp_enabled: true
 
-matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
+# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry
+matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp"
 matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
 
 matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"

roles/matrix-mailer/defaults/main.yml

@@ -2,7 +2,7 @@ matrix_mailer_enabled: true
 
 matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
 
-matrix_mailer_docker_image: "devture/exim-relay:4.92-r0-0"
+matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-1"
 matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
 
 # The user/group that the container runs with.

roles/matrix-nginx-proxy/defaults/main.yml

@@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
 # We use an official nginx image, which we fix-up to run unprivileged.
 # An alternative would be an `nginxinc/nginx-unprivileged` image, but
 # that is frequently out of date.
-matrix_nginx_proxy_docker_image: "nginx:1.17.1-alpine"
+matrix_nginx_proxy_docker_image: "nginx:1.17.2-alpine"
 matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
 
 matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"

roles/matrix-nginx-proxy/tasks/validate_config.yml

@@ -10,3 +10,8 @@
     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}
     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}
 
+- name: Fail on unknown matrix_ssl_retrieval_method
+  fail:
+    msg: >-
+      `matrix_ssl_retrieval_method` needs to be set to a known value.
+  when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"

roles/matrix-riot-web/defaults/main.yml

@@ -1,6 +1,6 @@
 matrix_riot_web_enabled: true
 
-matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.4"
+matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.0"
 matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
 
 matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"

roles/matrix-synapse/defaults/main.yml

@@ -3,7 +3,7 @@
 
 matrix_synapse_enabled: true
 
-matrix_synapse_docker_image: "matrixdotorg/synapse:v1.1.0"
+matrix_synapse_docker_image: "matrixdotorg/synapse:v1.2.1"
 matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -77,9 +77,9 @@ matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50
 # Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels
 # warning: setting log level to DEBUG will make synapse log sensitive information such
 # as access tokens
-matrix_synapse_log_level: "INFO"
-matrix_synapse_storage_sql_log_level: "INFO"
-matrix_synapse_root_log_level: "INFO"
+matrix_synapse_log_level: "WARNING"
+matrix_synapse_storage_sql_log_level: "WARNING"
+matrix_synapse_root_log_level: "WARNING"
 
 # Rate limits
 matrix_synapse_rc_message:

roles/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -797,6 +797,17 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
 #  renew_at: 1w
 #  renew_email_subject: "Renew your %(app)s account"
 
+# Time that a user's session remains valid for, after they log in.
+#
+# Note that this is not currently compatible with guest logins.
+#
+# Note also that this is calculated at login time: changes are not applied
+# retrospectively to users who have already logged in.
+#
+# By default, this is infinite.
+#
+#session_lifetime: 24h
+
 # The user must provide all of the below types of 3PID when registering.
 #
 #registrations_require_3pid:
@@ -1474,3 +1485,27 @@ room_list_publication_rules: {{ matrix_synapse_room_list_publication_rules|to_js
 #  module: "my_custom_project.SuperRulesSet"
 #  config:
 #    example_option: 'things'
+
+
+## Opentracing ##
+
+# These settings enable opentracing, which implements distributed tracing.
+# This allows you to observe the causal chains of events across servers
+# including requests, key lookups etc., across any server running
+# synapse or any other other services which supports opentracing
+# (specifically those implemented with Jaeger).
+#
+opentracing:
+    # tracing is disabled by default. Uncomment the following line to enable it.
+    #
+    #enabled: true
+
+    # The list of homeservers we wish to send and receive span contexts and span baggage.
+    # See docs/opentracing.rst
+    # This is a list of regexes which are matched against the server_name of the
+    # homeserver.
+    #
+    # By defult, it is empty, so no servers are matched.
+    #
+    #homeserver_whitelist:
+    #  - ".*"