Commit Graph

741 Commits

Author SHA1 Message Date
Slavi Pantaleev
3e19c8b102 Define matrix_media_repo_homeservers_auto in group vars
This is mostly so as to avoid referring to variables from other roles,
like `matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container`.
2024-01-09 16:07:23 +02:00
Slavi Pantaleev
c7a637bfde Merge branch 'master' into bye-bye-nginx-proxy 2024-01-09 16:03:01 +02:00
Slavi Pantaleev
883afa11dc Do not hardcode devture_postgres_identifier in matrix-media-repo role
This should come (and already does) from group_vars/matrix_servers
2024-01-09 16:02:31 +02:00
Slavi Pantaleev
aea66442a1 Move matrix-ma1sd to its own container network and add native Traefik support 2024-01-09 15:27:13 +02:00
Slavi Pantaleev
61216d51cc Move matrix-ldap-registration-proxy to its own container network and add native Traefik support
This also makes it handle the `/_matrix/client/v3/register` endpoint,
not just `/_matrix/client/r0/register`
2024-01-09 11:28:20 +02:00
Slavi Pantaleev
998e9ce655 Revert "Auto-generate matrix_bot_matrix_registration_bot_bot_password via group vars"
This reverts commit bf95ad2235.

This was a bad idea.
It's better to have people manually define the password.

Otherwise, `matrix_homeserver_generic_secret_key` changing some day in
the future would break the bot and one would have to figure out how to
reset its password manually.

Using an explicit password is more stable.
2024-01-09 10:22:20 +02:00
Slavi Pantaleev
bf95ad2235 Auto-generate matrix_bot_matrix_registration_bot_bot_password via group vars 2024-01-09 10:19:57 +02:00
Slavi Pantaleev
fce84a2b3c Rename variable for consistency (matrix_homeserver_proxy_ident -> matrix_homeserver_proxy_identifier) 2024-01-09 09:54:42 +02:00
Slavi Pantaleev
2f27a57d00 Rename variable for consistency (matrix_static_files_ident -> matrix_static_files_identifier) 2024-01-09 09:54:00 +02:00
Slavi Pantaleev
ea992496a3 Add matrix-cactus-comments-client role
This is split out from matrix-cactus-comments (see 241779b583),
but also heavily inspired by `matrix-static-files`.
2024-01-09 09:53:01 +02:00
Slavi Pantaleev
14b252c5f0 Merge branch 'master' into bye-bye-nginx-proxy 2024-01-08 20:00:10 +02:00
Slavi Pantaleev
7c5cbecd78 Enable self-building for cactus-comments on non-amd64 architectures
The container image has only ever been available for amd64,
so not enabling self-building for the other architectures was a mistake
that orignally landed in:
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089
2024-01-08 19:58:41 +02:00
Slavi Pantaleev
241779b583 Initial work on moving matrix-cactus-comments to its own container network and splitting cactus-client out of it 2024-01-08 19:57:18 +02:00
Slavi Pantaleev
30d82cc651 Merge branch 'master' into bye-bye-nginx-proxy 2024-01-08 18:18:34 +02:00
Slavi Pantaleev
b6916d3adc Add public_address to mautrix-discord
Related to https://github.com/mautrix/discord/issues/95
2024-01-08 18:16:02 +02:00
Slavi Pantaleev
594e6d9679 Move matrix-sms-bridge to its own container network and add support for non-Synapse homeservers 2024-01-08 18:10:38 +02:00
Slavi Pantaleev
8e8c9cc03b Move matrix-bridge-mx-puppet-twitter to its own container network and add native Traefik support 2024-01-08 17:56:37 +02:00
Slavi Pantaleev
1e19fee772 Move matrix-bridge-mx-puppet-steam to its own container network 2024-01-08 17:56:12 +02:00
Slavi Pantaleev
3c099541a7 Move matrix-bridge-mx-puppet-slack to its own container network and add native Traefik support 2024-01-08 17:56:12 +02:00
Slavi Pantaleev
150a40ec26 Move matrix-bridge-mx-puppet-instagram to its own container network 2024-01-08 17:16:50 +02:00
Slavi Pantaleev
f94f2b9823 Move matrix-bridge-mx-puppet-groupme to its own container network 2024-01-08 17:16:50 +02:00
Slavi Pantaleev
82de4581e3 Add support for disabling presence on matrix-bridge-mx-puppet-discord 2024-01-08 17:06:38 +02:00
Slavi Pantaleev
6d0ecb0269 Move matrix-bridge-mx-puppet-discord to its own container network 2024-01-08 17:03:48 +02:00
Slavi Pantaleev
8b28f8e122 Move matrix-bridge-mautrix-twitter to its own container network and add native Traefik support 2024-01-07 17:54:46 +02:00
Slavi Pantaleev
f9b4ae8241 Move matrix-bridge-mautrix-telegram to its own container network and add native Traefik support 2024-01-07 17:35:10 +02:00
Slavi Pantaleev
0f89156e94 Move matrix-bridge-mautrix-slack to its own container network 2024-01-07 17:22:43 +02:00
Slavi Pantaleev
d6911503a0 Move matrix-bridge-mautrix-signal to its own container network and add native Traefik support 2024-01-07 17:16:38 +02:00
Slavi Pantaleev
7ec6fd3dfe Make bridges/bots use matrix_addons_homeserver_client_api_url (instead of matrix_homeserver_container_url) 2024-01-07 17:04:23 +02:00
Slavi Pantaleev
142de83b41 Move matrix-bridge-mautrix-hangouts to its own container network 2024-01-07 15:37:39 +02:00
Slavi Pantaleev
f8f3318bb2 Move matrix-bridge-mautrix-googlechat to its own container network 2024-01-07 15:24:11 +02:00
Slavi Pantaleev
c6c88c2503 Move matrix-bridge-mautrix-gmessages to its own container network 2024-01-07 15:24:11 +02:00
Slavi Pantaleev
5e7b882ce9 Adjust homeserver URL for Buscarron 2024-01-07 15:24:11 +02:00
Slavi Pantaleev
39e45b0298 Move matrix-bridge-heisenbridge to its own container network 2024-01-07 15:24:10 +02:00
Slavi Pantaleev
493a9abafa Move matrix-bridge-go-skype-bridge to its own container network 2024-01-07 14:48:21 +02:00
Slavi Pantaleev
205663a4be Move matrix-bridge-beeper-linkedin to its own container network 2024-01-07 13:56:40 +02:00
Slavi Pantaleev
a5618a893b Move matrix-bridge-appservice-webhooks to its own container network 2024-01-07 12:48:30 +02:00
Slavi Pantaleev
5f329f72ab Fix variable name typo in Honoroit group vars 2024-01-07 12:27:24 +02:00
Slavi Pantaleev
db53a17a38 Move matrix-bridge-appservice-slack to its own container network 2024-01-07 12:22:51 +02:00
Slavi Pantaleev
3fe3d5a78c Move matrix-bridge-appservice-kakaotalk to its own container network 2024-01-07 12:04:27 +02:00
Slavi Pantaleev
dcdc43b6aa Move matrix-bridge-appservice-irc to its own container network 2024-01-07 12:00:46 +02:00
Slavi Pantaleev
bf11a3c2ca Tie up some loose ends for matrix-appservice-discord 2024-01-07 11:56:05 +02:00
Slavi Pantaleev
0994730f4d Minor improvements to mautrix-facebook group vars wiring 2024-01-07 10:24:06 +02:00
Slavi Pantaleev
7d625011a1 Move matrix-bridge-appservice-discord to its own container network 2024-01-07 10:23:01 +02:00
Slavi Pantaleev
c5006c3ac2 Move matrix-bot-maubot to its own container network and add native Traefik support 2024-01-07 10:16:42 +02:00
Slavi Pantaleev
a794db4c38 Reorder matrix-bot-matrix-reminder-bot group vars for consistency 2024-01-07 09:35:18 +02:00
Slavi Pantaleev
87c8c29c47 Move matrix-bot-matrix-registration-bot to its own container network 2024-01-07 09:33:37 +02:00
Slavi Pantaleev
628496d022 Move matrix-bot-honoroit to its own container network 2024-01-07 09:30:08 +02:00
Slavi Pantaleev
835f623bb8 Move matrix-bot-go-neb to its own container network 2024-01-07 09:23:24 +02:00
Slavi Pantaleev
867af6385a Move matrix-bot-mjolnir to its own container network 2024-01-07 09:20:24 +02:00
Slavi Pantaleev
88ad58fccb Move matrix-bot-draupnir to its own container network 2024-01-07 09:04:38 +02:00
Slavi Pantaleev
d8b867b6fb Move matrix-bot-buscarron to its own container network 2024-01-07 09:04:35 +02:00
Slavi Pantaleev
14d57bb7a6 Reorganize mautrix-facebook group vars for consistency 2024-01-07 08:58:06 +02:00
Slavi Pantaleev
b122c7092a Merge branch 'master' into bye-bye-nginx-proxy 2024-01-05 18:12:44 +02:00
Slavi Pantaleev
d116d863e6 Move exim-relay service to its own network and connect Synapse & ma1sd to it automatically 2024-01-05 18:10:24 +02:00
Slavi Pantaleev
0bb40d1337 Fix integration between ma1sd and exim-relay
Regression since ba0a4e864a
2024-01-05 17:59:27 +02:00
Slavi Pantaleev
377fce5855 Merge branch 'master' into bye-bye-nginx-proxy 2024-01-05 17:55:49 +02:00
Slavi Pantaleev
ba0a4e864a Replace matrix-mailer with an external role 2024-01-05 17:54:50 +02:00
Slavi Pantaleev
9488e3857a Put all homeservers in the matrix-homeserver container network 2024-01-05 16:49:48 +02:00
Slavi Pantaleev
1be90cf87d Move Postgres to its own network for better isolation
A lot of services are yet to be updated to start connecting to
`devture_postgres_container_network` as an additional network.
Many are already done, but I'll go through all the others later.
2024-01-05 16:38:32 +02:00
Slavi Pantaleev
b37a02720f Move all Matrix client apps into the matrix-addons container network
Putting each client into its own network was good for isolation,
but it's quite wasteful in terms of the container network pool.
2024-01-05 07:17:11 +02:00
Slavi Pantaleev
d262ca0fe6 Only enable matrix-synapse-reverse-proxy-companion when Synapse workers are enabled
This allows us to eliminate the companion and decrease overhead for
simple servers which do not use workers.
2024-01-05 07:00:50 +02:00
Slavi Pantaleev
499e4887f7 Connect sliding-sync directly to the homeserver
This saves up 1 container network and avoids going through extra proxies
unnecessarily.
2024-01-05 06:28:42 +02:00
Slavi Pantaleev
7a6a6270d1 Fix API endpoints for Synapse when companion is disabled (removing leading http://) 2024-01-05 06:26:56 +02:00
Slavi Pantaleev
3fb016cd6b Put bots and bridges in the same network and remove a few variables
Downsides: decreasing security slightly due to less networking isolation

Benefits:

- decreased complexity
- having a generically-named `matrix-addons` network we may use for other things now (client apps, etc.)
- not exhausting the container networks pool with 2 (or more) networks and using just 1
2024-01-05 06:13:12 +02:00
Slavi Pantaleev
170f321a01 Minor sliding-sync improvements 2024-01-05 06:04:44 +02:00
Slavi Pantaleev
015acb6d08 Add native Traefik support to matrix-synapse 2024-01-04 19:00:23 +02:00
Slavi Pantaleev
abde681b56 Clean up some matrix_nginx_proxy_proxy_matrix_metrics_* references 2024-01-04 12:49:00 +02:00
Slavi Pantaleev
54fb153acf Expose /_synapse/* APIs via matrix-synapse-reverse-proxy-companion
This also updates validation tasks and documentation, pointing to
variables in the matrix-synapse role which don't currently exist yet
(e.g. `matrix_synapse_container_labels_client_synapse_admin_api_enabled`).

These variables will be added soon, as Traefik labels are added to the
`matrix-synapse` role. At that point, the `matrix-synapse-reverse-proxy-companion` role
will be updated to also use them.
2024-01-04 11:37:17 +02:00
Slavi Pantaleev
0ea3fa0e85 Add matrix_synapse_reverse_proxy_companion_container_labels_traefik_hostname to simplify wiring 2024-01-04 10:53:43 +02:00
Slavi Pantaleev
4752e7f9a0 Get rid of matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain 2024-01-04 10:27:32 +02:00
Slavi Pantaleev
e678adfeda Add root path (/) handling to matrix-synapse-reverse-proxy-companion (redirect or /_matrix/static/ serving) 2024-01-04 10:24:33 +02:00
Slavi Pantaleev
bbd9493b8f Handle /_matrix Client-Server and Federation APIs directly at matrix-synapse-reverse-proxy-companion 2024-01-03 17:05:59 +02:00
Slavi Pantaleev
e81a395a98 Drop some matrix_nginx_proxy_proxy_riot_compat_* variables
matrix-nginx-proxy is going away and this is one of the features it
offered.

This feature will have no equivalent in our new Traefik-only
setup, although it's possible to implement it manually by using
`matrix_client_element_container_labels_additional_labels`
2024-01-03 14:43:45 +02:00
Slavi Pantaleev
cc75be9c65 Add support for serving the base domain via matrix-static-files 2024-01-03 14:39:17 +02:00
Slavi Pantaleev
da48a605bb More progress on matrix-static-files role and cleaning up of matrix-base and matrix-nginx-proxy 2024-01-03 13:46:25 +02:00
Slavi Pantaleev
065b70203d [WIP] Initial work on matrix-static-files role 2024-01-03 13:05:59 +02:00
Slavi Pantaleev
128a7b82d5 Switch mautrix-instagram from matrix-nginx-proxy to matrix-homeserver-proxy
This is completely untested.
2024-01-03 09:25:05 +02:00
Slavi Pantaleev
feaf1ee7e7 Switch mautrix-whatsapp from matrix-nginx-proxy to matrix-homeserver-proxy 2024-01-02 17:41:36 +02:00
Slavi Pantaleev
20c7cabfe4 Switch mautrix-discord from matrix-nginx-proxy to matrix-homeserver-proxy 2024-01-02 17:22:23 +02:00
Slavi Pantaleev
77b0ef4799 Add Traefik support to Hookshot 2024-01-02 17:10:26 +02:00
Slavi Pantaleev
4a6287c528 Initial work on matrix-homeserver-proxy role and eliminating matrix-nginx-proxy
This is still very far from usable.

Various bridges and bots are still talking to
`matrix-nginx-proxy` instead of the new `matrix-homeserver-proxy` role.
These services need to be reworked. While reworking them,
various cleanups are being done as well as adding Traefik-labels to
those that need them.
2024-01-02 16:07:40 +02:00
Pierre 'McFly' Marty
811c6b1af5
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-26 09:39:46 +01:00
Aine
87a74335f9
add automatic registration of chatgpt bot's user (if password is provided) 2023-12-23 13:30:39 +02:00
Slavi Pantaleev
11ee949e9e Add native Traefik support to matrix-corporal (HTTP API) 2023-12-23 10:36:20 +02:00
Pierre 'McFly' Marty
055406b255
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-22 16:48:06 +01:00
Slavi Pantaleev
e7a911a7fa Add note about matrix_nginx_proxy_proxy_media_repo_enabled 2023-12-22 09:18:44 +02:00
Slavi Pantaleev
ce013a325c Remove duplicate matrix_media_repo_identifier definition from group_vars/matrix_servers
`matrix_media_repo_identifier` is already defined in the role defaults,
which is a better role to have it anyway.
2023-12-22 08:43:30 +02:00
Michael Hollister
0908c6b662 Added Traefik support to MMR 2023-12-20 13:38:46 -06:00
Pierre 'McFly' Marty
c93b642f90
doc: check typo 2023-12-18 16:51:35 +01:00
Pierre 'McFly' Marty
2f6525ccb3
refactor: remove signalgo and update signal to 'after merge' 2023-12-18 16:38:52 +01:00
Pierre 'McFly' Marty
0e4c878ee3
Merge branch 'spantaleev:master' into 3031-feat-add-signalgo-bridge 2023-12-16 12:34:56 +01:00
Slavi Pantaleev
dbf1a685bf Do not connect Hookshot to Redis unless encryption is enabled
It seems like connectivity is problematic, even though the networks
appear to be configured correctly:

> [ioredis] Unhandled error event: Error: connect ECONNREFUSED 172.22.0.2:6739
> at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1595:16)

For now, I disable pointing the queue host to Redis to avoid it.
It should be investigated.

People who enable Hookshot's new experimental encryption may encounter
this also.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042
2023-12-16 09:54:09 +02:00
Slavi Pantaleev
94c1503a60 Add support for experimental encryption in Hookshot
Squashed based on the work done in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3042

commit 49932b8f3c
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:21:31 2023 +0200

    Fix syntax in matrix-bridge-hookshot/tasks/reset_encryption.yml

    Also, this task always does work and side-effects, so it should always report changes
    (`changed_when: true`).

commit 6bdf7a9dcb
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:12:41 2023 +0200

    Add Hookshot validation task to ensure queue settings are set when encryption is enabled

commit 8c531b7971
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:10:17 2023 +0200

    Add missing variables rewiring in group_vars/matrix_servers for Hookshot

commit 7d26dabc2f
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:08:19 2023 +0200

    Add defaults for matrix_hookshot_queue_host and matrix_hookshot_queue_port

commit 74f91138c9
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:06:17 2023 +0200

    Fix syntax for connecting to additional networks for Hookshot

commit ca7b41f3f2
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:05:28 2023 +0200

    Fix indentation and remove unnecessary if-statements

commit ac4a918d58
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:04:44 2023 +0200

    Add missing --network for Hookshot

    This seems to have been removed by accident.

commit 6a81fa208f
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:02:47 2023 +0200

    Make automatic Redis enabling safer, when Hookshot encryption enabled

    If we ever default encryption to enabled for Hookshot, we only wish to force-enable Redis if Hookshot is actually enabled.

commit 75a8e0f2a6
Author: Slavi Pantaleev <slavi@devture.com>
Date:   Sat Dec 16 09:01:10 2023 +0200

    Fix typo

commit 98ad182eac
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:37:40 2023 +0100

    Add defaults for Hookshot's encryption

commit 29fa9fab15
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:35:11 2023 +0100

    Improve wording of Hookshot's encryption section

commit 4f835e0560
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:28:52 2023 +0100

    use safer mount options for the container's files

commit 8c93327e25
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:26:01 2023 +0100

    fix filename

commit 03a7bb6e77
Merge: e55d7694 06047763
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:23:44 2023 +0100

    Merge branch 'HarHarLinks/hookshot-encryption' of https://github.com/real-joshua/matrix-docker-ansible-deploy into HarHarLinks/hookshot-encryption

commit 06047763bb
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:15:54 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    change the if statement to not require a variable with a length > 0 and add a filter to json for the redis host

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit e55d769465
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:13:50 2023 +0100

    clarify that Redis is required, standardadise on Hookshot with an upper-case first letter for consistency

commit 66706e4535
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 22:08:20 2023 +0100

    Update roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

    fix for a typo

    Co-authored-by: Slavi Pantaleev <slavi@devture.com>

commit f6aaeb9a16
Merge: e5d34002 869dd33f
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:22:34 2023 +0100

    Merge branch 'master' into HarHarLinks/hookshot-encryption

commit e5d34002fd
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Fri Dec 15 00:09:27 2023 +0100

    Add Jinja loop to allow adding multiple networks

commit 69f947782d
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:52:41 2023 +0100

    split if statements for the message queue and experimental encryption support into seperate statements

commit 4c13be1c89
Author: Joshua Hoffmann <joshua.hoffmann@b1-systems.de>
Date:   Thu Dec 14 23:31:19 2023 +0100

    change variable name per spantaleev's suggestion (https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2979#discussion_r1379015551)

commit 9905309aa9
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:14:04 2023 +0100

    amend docs

commit 94abf2d5bd
Author: HarHarLinks <kim.brose@rwth-aachen.de>
Date:   Wed Nov 1 16:05:22 2023 +0100

    draft encryption support for hookshot
2023-12-16 09:23:35 +02:00
Slavi Pantaleev
f4806aadcb Make "just install-service nginx-proxy" properly restart it 2023-12-16 08:39:23 +02:00
Pierre 'McFly' Marty
c028d75f9e
fix: sqlite backend is sqlite3-fk-wal 2023-12-15 23:08:25 +01:00
Pierre 'McFly' Marty
173286470c
fix: signalgo starts properly 2023-12-14 22:30:25 +01:00
Pierre 'McFly' Marty
a42aacb41c
fix: remove unsued signalgo-daemon.service 2023-12-14 21:44:14 +01:00
Pierre 'McFly' Marty
0f7b89523f
feat: enroll signalgo to nginx proxy 2023-12-14 18:23:55 +01:00
Slavi Pantaleev
7cf713f591 Switch from devture_traefik_container_additional_networks to devture_traefik_container_additional_networks_auto
Related to e3375d56f3
2023-12-05 09:17:20 +02:00
Aine
5bc8903422
fix included postgres role name in matrix_servers 2023-11-19 16:00:34 +02:00