Commit Graph

1116 Commits

Author SHA1 Message Date
Björn Marten
268e1d0c80 Remove appearance section in matrix_appservice_webhooks_configuration_yaml due to not being used 2020-01-13 17:30:01 +01:00
Björn Marten
208d5d0fda Adjust log level choices to verbose and info 2020-01-13 17:29:46 +01:00
Björn Marten
a8476c1b8e Mention that the bridge itself expects its own domain and not '/appservice-webhooks' 2020-01-13 17:29:19 +01:00
Björn Marten
654d45a2bf Adjust message when webhook bridge is activated but nginx-proxy is not 2020-01-13 17:20:50 +01:00
Björn Marten
6b2bf2c38b Get rid of rewrite terminology 2020-01-13 17:20:50 +01:00
Björn Marten
3a80616185 Change logging behaviour to only stdout with configurable verbosity (default: info) 2020-01-13 17:20:49 +01:00
Björn Marten
9892eac789 Adjust API secret to be a configurable and required variable 2020-01-13 17:20:49 +01:00
Björn Marten
50bf8c8dd7 Add matrix-appservice-webhooks role. 2020-01-13 17:20:49 +01:00
Lyubomir Popov
800dc61335
Upgrade riot-web (1.5.6 -> 1.5.7) 2020-01-13 14:34:15 +00:00
Gergely Horváth
1c314fcf29 first version of raspbian docker setup 2020-01-13 13:38:21 +01:00
Gergely Horváth
05966c8cff make sure Raspbian is not handled the same as Debian 2020-01-13 12:52:28 +01:00
Slavi Pantaleev
675aaa1215 Fix escaping issues affecting the Whatsapp bridge
Regression introduced in 53186ffa1c
2020-01-13 10:56:48 +02:00
Slavi Pantaleev
61e93744ec Upgrade Slack bridge to 1.0.2
NeDB is deprecated, so we should transition away from it in the future.
Still, most of the functionality should work on this new version.
2020-01-12 21:35:03 +02:00
Slavi Pantaleev
bd38861179 Add support for automatic Double Puppeting for all Mautrix bridges 2020-01-12 20:28:36 +02:00
Slavi Pantaleev
53186ffa1c Sync configuration with upstream for all Mautrix bridges 2020-01-12 19:10:05 +02:00
Slavi Pantaleev
a84a24d9f5 Upgrade nginx (1.17.6 -> 1.17.7) 2020-01-11 17:32:02 +02:00
Slavi Pantaleev
fddd3f922f Upgrade Synapse to 1.8.0 2020-01-09 15:33:35 +02:00
Marcel Partap
7ead77fdb7 Remove spurious 'mxisd' string from mautrix bridge templates comment 2020-01-08 22:39:21 +01:00
Dan Arnfield
4f3f263420 Update synapse (1.7.2 -> 1.7.3) 2019-12-31 06:28:58 -06:00
Slavi Pantaleev
8b5b075fda Fix typo 2019-12-31 11:25:09 +02:00
Slavi Pantaleev
0e3e3cdf86 Upgrade Synapse (1.7.1 -> 1.7.2) 2019-12-20 13:20:54 +02:00
Slavi Pantaleev
9a33e5c7ad Make it possible to control Coturn ports and listen interfaces
Related to #330 (Github Issue).
2019-12-20 12:21:43 +02:00
Slavi Pantaleev
89dbe5cfc5 Add the ability to control the certbot HTTP bind port
Fixes #330 (Github Issue).
2019-12-19 09:07:24 +02:00
Slavi Pantaleev
b09f5a783b Upgrade Synapse (1.7.0 -> 1.7.1) 2019-12-18 12:15:52 +02:00
Slavi Pantaleev
a78002f12b Upgrade certbot (0.40.1 -> 1.0.0) 2019-12-13 14:52:29 +02:00
Slavi Pantaleev
d69ddcfdac Upgrade Synapse (1.6.1 -> 1.7.0) 2019-12-13 14:52:29 +02:00
Daniel Løvbrøtte Olsen
3f7af3ef3f
Expose self service bridging in matrix_appservice_discord
This allows for users to bridge already existing matrix rooms to discord
2019-12-11 14:47:44 +01:00
Slavi Pantaleev
8cd51ad1ab
Merge pull request #322 from aaronraimist/integrations-manager-well-known
Implement MSC1957: Integration manager discovery
2019-12-10 11:00:29 +02:00
Aaron Raimist
2ea507e2ea
Don't make it Dimension specific 2019-12-09 22:23:56 -06:00
Slavi Pantaleev
783ed766f0 Upgrade riot-web (1.5.5 -> 1.5.6) 2019-12-09 14:05:04 +02:00
Yuri Moens
0866f98957 Render vhost directives in https server block 2019-12-08 00:58:32 +01:00
Slavi Pantaleev
ca3b158d94 Add support to matrix-nginx-proxy to work in HTTP-only mode 2019-12-06 11:53:15 +02:00
Aaron Raimist
fe932273aa
Implement MSC1957: Integration manager discovery
https://github.com/matrix-org/matrix-doc/pull/1957

Yay Riot iOS now supports integration manager discovery!
2019-12-05 17:32:51 -06:00
Aaron Raimist
79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev
1ec7cd898d Upgrade matrix-corporal (1.7.0 -> 1.7.1) 2019-12-04 14:52:11 +02:00
Slavi Pantaleev
163a1b4294
Merge pull request #318 from benkuly/master
Add telegram relay bot feature to playbook
2019-12-03 12:02:46 +02:00
Slavi Pantaleev
ce1ce03b3d Upgrade matrix-corporal (1.6.0 -> 1.7.0) 2019-12-03 11:51:01 +02:00
benkuly
e23be75f6d
added vars for bot token in telegram bridge 2019-11-30 08:33:32 +01:00
Slavi Pantaleev
25dc53c34a Switch riot-web image (bubuntux/riot-web -> vectorim/riot-web)
Switching to the official image (vectorim/riot-web) should ensure:
- there's less breakage, as it's maintained by the same team as riot-web
- there's fewer actors we need to trust
- we can upgrade riot-web faster, as newer versions should be released
on Docker hub at the same time riot-web releases are made
2019-11-29 10:11:48 +02:00
Slavi Pantaleev
b55198836a Upgrade riot-web (1.5.4 -> 1.5.5) 2019-11-28 14:18:49 +02:00
Slavi Pantaleev
b8baf1356e Upgrade Synapse (1.6.0 -> 1.6.1) 2019-11-28 13:59:42 +02:00
Dan Arnfield
fda16c17f5 Update riot-web (1.5.3 -> 1.5.4) 2019-11-26 08:44:00 -06:00
Slavi Pantaleev
0c51440426 Update Synapse to v1.6.0 2019-11-26 16:28:17 +02:00
Dan Arnfield
24646dc506 Update nginx (1.17.5 -> 1.17.6) 2019-11-21 09:38:59 -06:00
Dan Arnfield
4a60f385d1 Update postgres versions (12.0 -> 12.1, etc) 2019-11-21 09:38:37 -06:00
Slavi Pantaleev
4cc6cdf6f3
Merge pull request #314 from aaronraimist/well-known-client-no-identity
Remove identity server section from .well-known/matrix/client if there is no identity server
2019-11-21 11:59:46 +02:00
Aaron Raimist
9ab68a3cb4
Remove identity server section from .well-known/matrix/client if there is no identity server
Riot used to be fine with it being blank but now it complains. This creates an ugly looking comma when there is an identity server configured but I guess that's fine.
2019-11-20 16:05:16 -06:00
Slavi Pantaleev
f348370f15
Remove unnecessary update_cache directive / Debian
We've just updated it in the task above, so it's unnecessary
2019-11-19 09:22:41 +02:00
Slavi Pantaleev
c88c0e7e87
Remove unnecessary update_cache directive / CentOS
We've just updated it in the task above, so it's unnecessary
2019-11-19 09:22:14 +02:00
Dan Arnfield
960088752c Add matrix_docker_package_name 2019-11-18 11:29:14 -06:00
Dan Arnfield
80cfb2a93e Add matrix_docker_installation_enabled 2019-11-18 11:20:01 -06:00
Dan Arnfield
3cec6947ed Refactor base server setup tasks 2019-11-18 11:11:56 -06:00
Hardy Erlinger
eb7391d373 Fix: Restrict a Debian-specific task to Debian OS.
Since commit b9753635 the task 'Ensure docker-ce is installed (Debian)' fails with an error on CentOS although it should not even run on this OS.
2019-11-16 14:53:42 +01:00
Dan Arnfield
b975363530 Don't install docker-ce if docker.io is installed 2019-11-15 14:56:42 -06:00
Dan Arnfield
140002ed49 Update certbot (0.38.0 -> 0.40.1) 2019-11-13 15:19:38 -06:00
Slavi Pantaleev
2da40c729a Do not expose server room directory by default
Prompted by: https://matrix.org/blog/2019/11/09/avoiding-unwelcome-visitors-on-private-matrix-servers

This is a bit controversial, because.. the Synapse default remains open,
while the general advice (as per the blog post) is to make it more private.

I'm not sure exactly what kind of server people set up and whether they
want to make the room directory public. Our general goal is to favor
privacy and security when running personal (family & friends) and corporate
homeservers, both of which likely benefit from having a more secure default.
2019-11-10 08:55:46 +02:00
Slavi Pantaleev
50614f1bad Simplify Prerequisites a bit
Don't mention systemd-journald adjustment anymore, because
we've changed log levels to WARNING and Synapse is not chatty by default
anymore.

The "excessive log messages may get dropped on CentOS" issue no longer
applies to most users and we shouldn't bother them with it.
2019-11-10 08:35:17 +02:00
Mike
4edb1eb131
Update init.yml
Removed a set_facts that I have used for tracing down the issue
2019-11-09 23:53:04 +01:00
Michael Haak
5b213e6ad0 Replace constructs appending elements with variables to matrix_synapse_container_extra_arguments. Fixes issue https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/304 2019-11-09 23:16:12 +01:00
Aaron Raimist
c600ff758d
Upgrade riot-web (1.5.2 -> 1.5.3) 2019-11-08 09:48:08 -06:00
Slavi Pantaleev
f0e80218b0 Upgrade Synapse (1.5.0 -> 1.5.1) 2019-11-06 12:28:48 +02:00
Dan Arnfield
80265bfec5 Update riot-web (1.5.0 -> 1.5.2) 2019-11-05 13:00:19 -06:00
recklesscoder
5d3b765241
Actually use matrix_synapse_storage_path
matrix_synapse_storage_path is already defined in matrix-synapse/defaults/main.yml (with a default of "{{ matrix_synapse_base_path }}/storage"), but was not being used for its presumed purpose in matrix-synapse.service.j2. As a result, if matrix_synapse_storage_path was overridden (in a vars.yml), the synapse service failed to start.
2019-11-02 13:46:02 +01:00
Slavi Pantaleev
721ca9b83f Add missing publicUrl configuration for Dimension
Discussed in #282 (Github Issue).
2019-10-31 15:38:32 +02:00
Dan Arnfield
9b187eca8f Update nginx (1.17.4 -> 1.17.5) 2019-10-29 11:08:56 -05:00
Dan Arnfield
f0ce0db7dc Update synapse (1.4.1 -> 1.5.0) 2019-10-29 10:41:46 -05:00
Slavi Pantaleev
e81837a586
Undo some formatting changes 2019-10-22 10:57:16 +03:00
Noah Fleischmann
1df3d53243 Verbose logging should be off per default 2019-10-21 20:47:23 +02:00
Noah Fleischmann
9728bdffee Undo auto formatting 2019-10-21 20:41:45 +02:00
Noah Fleischmann
852fceb33f Add documentation 2019-10-21 20:11:00 +02:00
Noah Fleischmann
c3fb7ebf4c Add variable for mxisd verbose logging 2019-10-21 20:06:57 +02:00
Slavi Pantaleev
3bf7a7a85e Upgrade riot-web (1.4.2 -> 1.5.0) 2019-10-19 11:08:35 +03:00
Slavi Pantaleev
e0ea708acc Upgrade Synapse (1.4.0 -> 1.4.1) 2019-10-18 13:31:40 +03:00
Julian Foad
7ce80bc58e
Quote docker args in case inputs contain spaces 2019-10-14 08:59:56 +01:00
Slavi Pantaleev
e32aaacaa7 Make gzipped SQL dumps by default during --upgrade-postgres 2019-10-05 11:42:08 +03:00
Slavi Pantaleev
29526e7bb1 Add support for backing up / importing all Postgres databases/users 2019-10-05 11:42:08 +03:00
Aaron Raimist
5a2c1a44e4
Upgrade riot-web (1.4.1 -> 1.4.2) 2019-10-04 19:21:39 -05:00
Paul Tötterman
aabb16d78b Fix spelling ngnix -> nginx 2019-10-04 11:07:37 +03:00
Slavi Pantaleev
9c438a3870 Add support for Postgres v12 2019-10-04 08:51:36 +03:00
Dan Arnfield
b59642950e Update riot-web (1.4.0 -> 1.4.1) 2019-10-03 13:07:48 -05:00
Slavi Pantaleev
f25696489b
Merge pull request #273 from Sporiff/patch-1
Bump riot web version 1.3.6 -> 1.4.0
2019-10-03 19:36:10 +03:00
Slavi Pantaleev
19fb96fa57
Merge pull request #275 from aaronraimist/synapse-1.4.0
Upgrade Synapse (1.3.1 -> 1.4.0)
2019-10-03 19:35:54 +03:00
Slavi Pantaleev
a37b96d829 Upgrade Synapse to 1.4.0 2019-10-03 19:26:38 +03:00
Slavi Pantaleev
392f8202bd Make SAML2 configuration match sample config generated using generate command 2019-10-03 19:26:38 +03:00
Slavi Pantaleev
810d0fb0e4 Make it possible to serve static websites from the base domain 2019-10-03 11:24:04 +03:00
Aaron Raimist
413d9ec143
WIP: Upgrade Synapse (1.3.1 -> 1.4.0rc2) 2019-10-02 21:35:44 -05:00
Ciarán Ainsworth
271d32b866
Bump riot web version 1.3.6 -> 1.4.0 2019-09-28 17:13:07 +01:00
Slavi Pantaleev
1dd1f9602f
Merge pull request #271 from thedanbob/certbot-0.38
Update certbot (0.37.1 -> 0.38.0)
2019-09-25 16:31:36 +03:00
Dan Arnfield
c12ca8fff0 Update certbot (0.37.1 -> 0.38.0) 2019-09-25 06:17:12 -05:00
Dan Arnfield
2dd9dc4882 Update nginx (1.17.3 -> 1.17.4) 2019-09-25 06:00:44 -05:00
Slavi Pantaleev
3264024055 Update matrix-corporal (1.5.0 -> 1.6.0) 2019-09-24 11:07:09 +03:00
Slavi Pantaleev
73c90e9513 Try to make Synapse config/key generation respect uid/gid
Attempt at fixing #268 (Github Issue)
2019-09-23 18:08:36 +03:00
Dan Arnfield
f076bd2474 Update riot-web (1.3.5 -> 1.3.6) 2019-09-20 08:03:02 -05:00
Slavi Pantaleev
39ae7959bd Upgrade Telegram bridge (0.6.0 -> 0.6.1) 2019-09-20 15:23:34 +03:00
gusttt
25262fa0e1 Disable docker network tasks in check mode to allow running the playbook in check mode (--check --diff) 2019-09-17 22:24:38 +02:00
Aaron Raimist
b930c29bf0
Upgrade riot-web (1.3.3 -> 1.3.5) 2019-09-16 21:36:49 -05:00
Slavi Pantaleev
68ed2ebefa Add support for Synapse Simple Antispam
Fixes #255 (Github Issue).
2019-09-09 08:13:10 +03:00
Slavi Pantaleev
4b1e9a4827 Add support for configuring Synapse spam_checker setting 2019-09-09 08:11:32 +03:00
Slavi Pantaleev
6b8ca70a0b Upgrade Exim (4.92.1 -> 4.92.2) 2019-09-09 07:22:45 +03:00
Slavi Pantaleev
14e242aec1 Make matrix-mailer exit more gracefully 2019-09-04 10:04:57 +03:00
Slavi Pantaleev
1784bde226 Ensure Postgres data ownership is correct
Fixes #257 (Github Issue)
2019-09-02 10:01:31 +03:00
Slavi Pantaleev
a6d51ebe9b Force-pull Slack Docker image if :latest 2019-08-28 14:00:34 +03:00
Julian Foad
a5eb845a2d
Fix force-pulling of mautrix-whatsapp 2019-08-28 11:52:42 +01:00
Slavi Pantaleev
f2f3d41649 Make matrix-corporal configuration extensible
Fixes #70 (Github Issue).
2019-08-25 10:58:30 +03:00
Slavi Pantaleev
2d4e19326d Add missing when statement 2019-08-25 10:44:01 +03:00
Slavi Pantaleev
0edd7e8089 Make Riot-web configuration extensible
Fixes #71 (Github Issue).
2019-08-25 10:37:05 +03:00
Slavi Pantaleev
c4eebc5355 Add information about community-grouping for the Facebook bridge 2019-08-24 12:14:17 +03:00
Slavi Pantaleev
10a9deba4a Make Synapse configuration extensible 2019-08-22 09:49:22 +03:00
Slavi Pantaleev
b440d5b73c Remove some fact definitions during runtime 2019-08-22 08:00:02 +03:00
Slavi Pantaleev
65da600426
Merge branch 'master' into master 2019-08-21 07:34:20 +03:00
Slavi Pantaleev
c8a4d59a81
Merge pull request #251 from Munfred/master
Add mautrix-hangouts bridge role and documentation
2019-08-21 07:15:14 +03:00
Slavi Pantaleev
2ef8898421
Add comment 2019-08-21 07:14:31 +03:00
Slavi Pantaleev
97fb71d98c
Change privilege level 2019-08-21 07:12:46 +03:00
Slavi Pantaleev
1bcbc4a9ba Update matrix-corporal (1.4.0 -> 1.5.0) 2019-08-20 11:20:26 +03:00
Slavi Pantaleev
2efcf11ee8
Remove some whitespace 2019-08-20 09:06:14 +03:00
Dan Arnfield
1ce3526bf2 Update riot-web (1.3.2 -> 1.3.3) 2019-08-19 06:46:11 -05:00
Dan Arnfield
42ea3cb0e1 Update synapse (1.3.0 -> 1.3.1) 2019-08-19 06:45:51 -05:00
Slavi Pantaleev
db57618abd Update nginx and certbot 2019-08-17 10:21:23 +03:00
Slavi Pantaleev
1b2191a0f1 Add new Synapse configuration options (since 1.3.0)
Continuation of #246 (Github Pull Request)
2019-08-16 09:57:51 +03:00
Dan Arnfield
7b5e633776 Update synapse (1.2.1 -> 1.3.0) 2019-08-15 06:59:37 -05:00
Slavi Pantaleev
a1afafeb35 Upgrade mxisd (1.4.5 -> 1.4.6) 2019-08-15 09:36:04 +03:00
Slavi Pantaleev
59d807fca7 Ensure auth.clientID is passed as string in Discord configuration
Discord client IDs are numeric (e.g. 12345).
Passing them as integers however, causes the Discord bridge's YAML parser
to parse them as integers and its config schema validation will fail.

Fixes #240 (Github Issue)
2019-08-11 16:16:05 +03:00
Dan Arnfield
dc11704c11 Bump postgres versions (11.5, 10.10, 9.6.15) 2019-08-09 06:03:26 -05:00
Slavi Pantaleev
910ffb481c Update email2matrix (1.0 -> 1.0.1) 2019-08-09 12:10:53 +03:00
Slavi Pantaleev
99f5baa7bb Fix undefined variable error (matrix_synapse_id_servers_public)
This only gets triggered if:
- the Synapse role is used standalone and the default values are used
- the whole playbook is used, with `matrix_mxisd_enabled: false`
2019-08-08 18:30:54 +03:00
Slavi Pantaleev
5b736c416b
Merge pull request #236 from oleg-fiksel/guest-access
Added possibility to enable guest access on synapse
2019-08-08 13:18:55 +03:00
Oleg Fiksel
43628ddad6 Added "|to_json" to ensure we really pass a boolean 2019-08-08 12:11:19 +02:00
Oleg Fiksel
f713bbe0f8 Added possibility to enable guest access on synapse 2019-08-08 11:57:35 +02:00
Slavi Pantaleev
3e57a1463a Serve nginx status page over HTTPS as well
Continuation of #234 (Github Pull Request).

I had unintentionally updated the documentation for the feature,
saying the page is available at `https://matrix.DOMAIN/nginx_status`.

Looks like it wasn't the case, going against my expectations.

I'm correcting this with this patch.
The status page is being made available on both HTTP and HTTPS.
Serving over HTTP is likely necessary for services like
Longview
(https://www.linode.com/docs/platform/longview/longview-app-for-nginx/)
2019-08-07 12:53:53 +03:00
p5t2vspoqqw
c32a3e3204 correct defaults 2019-08-07 10:56:29 +02:00
p5t2vspoqqw
4b8190dc3f serve status page for matrix.DOMAIN only 2019-08-07 10:54:14 +02:00
p5t2vspoqqw
281f2ee519 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-08-07 09:30:24 +02:00
Dan Arnfield
dc71457132 Update riot-web (1.3.0 -> 1.3.2) 2019-08-06 06:36:14 -05:00
microchipster
122c3f1ec0 sync more chats in hangouts, switch to admin mode 2019-08-06 05:27:40 +00:00
microchipster
1e8d593f7a fix hangout displayname bug 2019-08-06 05:27:40 +00:00
microchipster
75785a0734 fix login url 2019-08-06 05:27:40 +00:00
microchipster
74d9eb1ec0 fix incorrect nginx proxy entry for hangouts bridge 2019-08-06 05:27:40 +00:00
microchipster
754c475338 matrix-hangouts/login instead of just /login 2019-08-06 05:27:40 +00:00
microchipster
95750c1bc7 attempt to inject nginx config for hangouts bridge 2019-08-06 05:27:40 +00:00
microchipster
264704a29e absorb Munfred changes 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
c1aea7c3fc Update validate_config.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
85c7e9eb09 Update validate_config.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
0a9ce65d3b Update validate_config.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
ad682f2180 Update main.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
ef9f6efd12 Update main.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
451d84a981 Update main.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
da6d2e5621 Update main.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
bc1c30168c remove login block -- wrong file 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
c71cef3f70 Add hangouts /login in the right place 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
b0f203b2ec Update main.yml 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
ab6e808bc6 fix /login for mautrix-hangouts bridge 2019-08-06 05:27:40 +00:00
Eduardo Beltrame
4528e6402b add Publicly accessible base URL for the login endpoints.
# Auth server config
        auth:
            # Publicly accessible base URL for the login endpoints.
            # The prefix below is not implicitly added. This URL and all subpaths should be proxied
            # or otherwise pointed to the appservice's webserver to the path specified below (prefix).
            # This path should usually include a trailing slash.
            public: http://example.com/login/
            # Internal prefix in the appservice web server for the login endpoints.
            prefix: /login
2019-08-06 05:27:40 +00:00
Eduardo Beltrame
2d3fc98d18 Update main.yml 2019-08-06 05:27:40 +00:00
microchipster
a16347789d nginx settings for hangouts bridge login 2019-08-06 05:27:40 +00:00
microchipster
0585889d5a add hangouts bridge by copying facebook bridge and find-replacing 2019-08-06 05:27:40 +00:00
Slavi Pantaleev
4be35822dd Add Email2Matrix support 2019-08-05 13:09:49 +03:00
p5t2vspoqqw
51d5741bb3 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-08-05 09:34:30 +02:00
Slavi Pantaleev
6fe4bafc2a Decrease default Synapse logging level
Also discussed previously in #213 (Github Pull Request).

shared-secret-auth and rest-auth logging is still at `INFO`
intentionally, as user login events seem more important to keep.
Those modules typically don't spam as much.
2019-08-03 07:48:04 +03:00
Slavi Pantaleev
6fc779dc83 Ensure matrix_ssl_retrieval_method value is valid
We recently had someone in the support room who set it to `false`
and the playbook ran without any issues.

This currently seems to yield the same result as 'none', but it's
better to avoid such behavior.
2019-08-02 11:59:10 +03:00
Slavi Pantaleev
c40d28a0dc Relocate user-store.db/room-store.db when migrating Discord bridge files
Refer to 524436ebef and #230 (Github Issue).
2019-08-01 14:40:12 +03:00
Slavi Pantaleev
524436ebef Add missing required parameters for Discord bridge
Fixes #230 (Github Issue).

Related to https://github.com/Half-Shot/matrix-appservice-discord/issues/510
2019-08-01 14:36:02 +03:00
Slavi Pantaleev
18f6b29372 Bump matrix-mailer / exim release (4.92.1-r0-0 -> 4.92.1-r0-1)
It adds support for a new `DISABLE_SENDER_VERIFICATION` environment
variable that can be used to disable verification of sender addresses.

It doesn't matter for us, but we upgrade to keep up with latest.
2019-07-31 10:47:57 +03:00
Slavi Pantaleev
0e3b73a612 Upgrade matrix-mailer / exim (4.92 -> 4.92.1) 2019-07-30 20:56:05 +03:00
Slavi Pantaleev
d543780e42 Use mautrix-telegram Docker image from new official registry 2019-07-28 19:33:02 +03:00
Slavi Pantaleev
53ab66eef8 Use mautrix-whatsapp Docker image from new official registry 2019-07-28 19:31:42 +03:00
Slavi Pantaleev
82bb55ae7a Use new default port config for mautrix-facebook 2019-07-28 18:42:42 +03:00
Slavi Pantaleev
b0162d6f75 Use mautrix-facebook Docker image from new official registry 2019-07-28 18:40:55 +03:00
kingoftheconnors
177ec295b4 Fixed matrix-appservice-slack docker command problems 2019-07-27 14:25:13 -04:00
kingoftheconnors
49766c5dac Added Slack role 2019-07-26 21:37:21 -04:00
Dan Arnfield
de6c1c99b2 Fix apt message: docker doesn't support arch 'i386' 2019-07-26 14:43:35 -05:00
Slavi Pantaleev
bd99dd05b4 Upgrade Synapse (1.2.0 -> 1.2.1) 2019-07-26 14:17:31 +03:00
Slavi Pantaleev
255b67a0ce Update homeserver.yaml with new options from Synapse v1.2.0
Related to #223 (Github Pull Request)
2019-07-25 22:03:12 +03:00
Dan Arnfield
0e54515c9d Update synapse (1.1.0 -> 1.2.0) 2019-07-25 08:42:33 -05:00
Dan Arnfield
9296dfd094 Update nginx (1.17.1 -> 1.17.2) 2019-07-24 06:21:37 -05:00
Lyubomir Popov
5e104e6667
Upgrade riot-web (1.2.4 - 1.3.0) 2019-07-19 10:33:27 +00:00
p5t2vspoqqw
fde8615d4e Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-18 10:29:40 +02:00
Slavi Pantaleev
479a5137ca
Merge pull request #218 from RedooNetworks/master
introduce configuration to change riot branding / title
2019-07-17 17:07:31 +03:00
Stefan Warnat
2d24779583 remove newline 2019-07-17 15:57:22 +02:00
Stefan Warnat
2706ca9586 add configuration to change Riot.im branding 2019-07-17 15:56:15 +02:00
p5t2vspoqqw
5054fff88b Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-12 15:45:19 +02:00
Slavi Pantaleev
3a8ed2dd81 Upgrade riot-web (1.2.3 -> 1.2.4) 2019-07-12 13:09:21 +03:00
Slavi Pantaleev
5a6c546d87 Upgrade Telegram bridge (0.5.2 -> 0.6.0) 2019-07-12 13:08:48 +03:00
Slavi Pantaleev
87e3650327 Ensure Discord client id is passed as a string
Looks like these client ids are actually integers,
but unless we pass them as a string, the bridge would complain with
an error like:

    {"field":"data.auth.clientID","message":"is the wrong type","value":123456789012345678,"type":"string","schemaPath":["properties","auth","properties","clientID"]}

Explicitly-casting to a string should fix the problem.

The Discord bridge should probably be improved to handle both ints and
strings though.
2019-07-12 10:15:43 +03:00
Slavi Pantaleev
277a6eb7da
Merge pull request #215 from danbob/update-riot-web
Update to riot 1.2.3
2019-07-09 15:10:39 +03:00
Dan Arnfield
b087d06f1e Update to riot 1.2.3 2019-07-09 05:55:48 -05:00
Slavi Pantaleev
1316d36f8b Fix deprecation warning (using cron module without name) 2019-07-09 09:11:38 +03:00
Slavi Pantaleev
9d07aaefbf Fix passkey.pem permissions breaking IRC bridge
Regression since 174a6fcd1b, #204 (Github Pull Request),
which only affects new servers.

Old servers which had their passkey.pem file relocated were okay.
2019-07-08 10:13:45 +03:00
Slavi Pantaleev
0ca21d80d7 Add Synapse Maintenance docs and synapse-janitor integration 2019-07-08 09:38:36 +03:00
Slavi Pantaleev
631a14bf0c Rename run control variables for consistency 2019-07-08 09:38:36 +03:00
Slavi Pantaleev
e805044b80 Delete scripts when uninstalling Postgres 2019-07-08 09:38:36 +03:00
p5t2vspoqqw
d88e261150 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-07-05 16:12:29 +02:00
Dan Arnfield
f83bbf8525 Bump nginx version 2019-07-04 22:59:21 -05:00
Slavi Pantaleev
17cd52ced6 Make Synapse log messages a bit prettier
ef5e4ad061 intentionally makes us conform to
the logging format suggested by the official Docker image.

Reverting this part, because it's uglier.

This likely should be fixed upstream as well though.
2019-07-04 18:19:52 +03:00
Slavi Pantaleev
ef5e4ad061 Make Synapse not log to text files
Somewhat related to #213 (Github Pull Request).

We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
2019-07-04 17:46:31 +03:00
Slavi Pantaleev
b84139088c Fix password providers not working on Synapse v1.1.0
Fixes a regression introduced during the upgrade to
Synapse v1.1.0 (in 2b3865ceea).

Since Synapse v1.1.0 upgraded to Python 3.7
(https://github.com/matrix-org/synapse/pull/5546),
we need to use a different modules directory when mounting
password provider modules.
2019-07-04 17:28:38 +03:00
Slavi Pantaleev
73158e6c2f Fix unintentionally inverted boolean
Fixes a problem introduced by da6edc9cba.

Related to #145 (Github Pull Request).
2019-07-04 17:27:42 +03:00
Slavi Pantaleev
da6edc9cba Add support for disabling Synapse's local database for user auth
This is a new feature of Synapse v1.1.0.

Discussed in #145 (Github Pull Request).
2019-07-04 17:11:51 +03:00
Slavi Pantaleev
2b3865ceea Upgrade Synapse (1.0.0 -> 1.1.0) 2019-07-04 16:58:45 +03:00
p5t2vspoqqw
9874c3df90 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-26 10:41:14 +02:00
Slavi Pantaleev
8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev
918526c5fe Update riot-web (1.2.1 -> 1.2.2) 2019-06-25 14:42:54 +03:00
Dan Arnfield
1eaa7b6967 Update postgres versions to latest 2019-06-24 13:11:23 -05:00
Dan Arnfield
ae3a1bb148 Update nginx to 1.17.0 2019-06-24 13:10:58 -05:00
Slavi Pantaleev
37c8b96d06 Use stricter regex in bridges' registration.yaml
I've been thinking of doing before, but haven't.

Now that the Whatsapp bridge does it (since 4797469383),
it makes sense to do it for all other bridges as well.
(Except for the IRC bridge - that one manages most of registration.yaml by itself)
2019-06-24 07:50:51 +03:00
Slavi Pantaleev
c876a7df1d Use |regex_escape in Whatsapp registration.yaml
Doesn't matter much, but it makes it consistent with the other bridges.
2019-06-24 07:49:19 +03:00
Slavi Pantaleev
3ff57ed74d Use container network for communication between homeserver and Whatsapp bridge 2019-06-24 07:48:56 +03:00
Slavi Pantaleev
6e26d286af
Merge pull request #207 from tommes0815/whatsapp-config-playbook-managed
Whatsapp config playbook managed
2019-06-24 07:44:26 +03:00
Slavi Pantaleev
62509e4849
Fix indentation consistency 2019-06-24 07:42:39 +03:00
Thomas Kuehne
4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Lee Verberne
9195ef4c07 Disable appservice-irc log files
appservice-irc doesn't have permission to create files in its project
directory and the intention is to log to the console, anyway. By
commenting out the file names, appservice-irc won't attempt to open the
files.
2019-06-22 08:39:24 +02:00
p5t2vspoqqw
466b35b1b6 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-19 16:56:29 +02:00
Slavi Pantaleev
174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev
668f98a2d3 Escape domain in bridge registration regex 2019-06-19 10:40:59 +03:00
Slavi Pantaleev
380714d290 Talk to Telegram bridge over container network 2019-06-19 10:10:17 +03:00
Slavi Pantaleev
f994e40bb7 Extend IRC bridge configuration with some additional options 2019-06-19 09:28:41 +03:00
Slavi Pantaleev
6b023d09d4 Use container network address for communication between IRC bridge and homeserver
This means we need to explicitly specify a `media_url` now,
because without it, `url` would be used for building public URLs to
files/images. That doesn't work when `url` is not a public URL.
2019-06-19 09:21:13 +03:00
Slavi Pantaleev
169b09f0ed Fix token mismatch error for the Telegram bridge
Regression since 4e8543ce21
2019-06-15 12:01:52 +03:00
Slavi Pantaleev
4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev
2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev
00383a73ac Make running --tags=setup-synapse only not fail to register bridges
Until now, if `--tags=setup-synapse` was used, bridge tasks would not
run and bridges would fail to register with the `matrix-synapse` role.
This means that Synapse's configuration would be generated with an empty
list of appservices (`app_service_config_files: []`).

.. and then bridges would fail, because Synapse would not be aware of
there being any bridges.

From now on, bridges always run their init tasks and always register
with Synapse.

For the Telegram bridge, the same applies to registering with
matrix-nginx-proxy. Previously, running `--tags=setup-nginx-proxy` would
get rid of the Telegram endpoint configuration for the same reason.
Not anymore.
2019-06-14 10:19:52 +03:00
Slavi Pantaleev
d8a4007220 Upgrade exim (4.91 -> 4.92)
Note: https://www.us-cert.gov/ncas/current-activity/2019/06/13/Exim-Releases-Security-Patches

That said, I don't believe we've been affected.
Not in a bad way at least, because:
- we run exim as non-root and capabilities dropped
- we run exim in a private Docker network with known trusted relayers
(Synapse and mxisd)
2019-06-14 08:07:54 +03:00
Slavi Pantaleev
3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev
2e16257e50 Do not ask for _matrix._tcp SRV records anymore
With most people on Synapse v0.99+ and Synapse v1.0 now available,
we should no longer try to be backward compatible with Synapse 0.34,
because this just complicates the instructions for no good reason.
2019-06-12 14:51:10 +03:00
p5t2vspoqqw
8fcdac3738 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-12 10:10:52 +02:00
Slavi Pantaleev
d8afb241ca
Merge pull request #201 from aaronraimist/default-room-version
Allow default room version to be configured
2019-06-12 09:17:45 +03:00
Slavi Pantaleev
f4574961c7
Prevent double-quotes around default room version
Using `|to_json` on a string is expected to correctly wrap it in quotes (e.g. `"4"`).
Wrapping it explicitly in double-quotes results in undesirable double-quoting (`""4""`).
2019-06-12 09:17:35 +03:00
Aaron Raimist
483bdd8c01
Allow default room version to be configured 2019-06-11 21:18:06 -05:00
Aaron Raimist
d262028d82
Upgrade mxisd (1.4.4 -> 1.4.5) 2019-06-11 20:19:15 -05:00
Slavi Pantaleev
e4068e55ee Upgrade Synapse (0.99.5.2 -> 1.0.0) 2019-06-11 20:30:18 +03:00
Slavi Pantaleev
7d3adc4512 Automatically force-pull :latest images
We do use some `:latest` images by default for the following services:
- matrix-dimension
- Goofys (in the matrix-synapse role)
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-discord
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-whatsapp

It's terribly unfortunate that those software projects don't release
anything other than `:latest`, but that's how it is for now.

Updating that software requires that users manually do `docker pull`
on the server. The playbook didn't force-repull images that it already
had.

With this patch, it starts doing so. Any image tagged `:latest` will be
force re-pulled by the playbook every time it's executed.

It should be noted that even though we ask the `docker_image` module to
force-pull, it only reports "changed" when it actually pulls something
new. This is nice, because it lets people know exactly when something
gets updated, as opposed to giving the indication that it's always
updating the images (even though it isn't).
2019-06-10 14:30:28 +03:00
Slavi Pantaleev
4f87f7e43e
Explain matrix_postgres_container_postgres_bind_port a little more
Previously, it only mentioned exposing for psql-usage purposes.

Realistically, it can be used for much more. Especially given that
psql can be easily accessed via our matrix-postgres-cli script,
without exposing the container port.
2019-06-10 08:24:37 +03:00
Aaron Raimist
6fce809d10
Add config option to be able to access database outside of container 2019-06-09 20:35:35 -05:00
Aaron Raimist
79f4bcf5be
Enable sentry.io integration 2019-06-07 16:02:41 -05:00
Slavi Pantaleev
44156fe659 Fix Ansible 2.8 deprecation in Dimension role 2019-06-07 17:44:32 +03:00
Slavi Pantaleev
3567d9adba Fix typo 2019-06-07 16:07:01 +03:00
Slavi Pantaleev
a9953dd641 Make Facebook/Telegram bridges not log to files
We log to journald anyway. There's no need for double-logging.

It should not that matrix-synapse logs to journald and to files,
but that's likely to change in the future as well.
Because Synapse's logs are insanely verbose right now (and may get
dropped by journald), it's more reliable to have file-logging too.

As Synapse matures and gets more stable, logging should hopefully
get less, we should be able to only use journald and stop writing to
files for it as well.
2019-06-07 15:48:13 +03:00
Slavi Pantaleev
18baeabdf2 Do not create Facebook bridge directories with recurse: true
I'm not sure what I had in mind when I added this earlier,
but I think we'd better go without it.
2019-06-07 15:18:29 +03:00
Slavi Pantaleev
bf446b6e15 Fix double mv command 2019-06-07 15:06:21 +03:00
Slavi Pantaleev
172b0fa88c Separate Facebook bridge configuration and data
Using a separate directory allows easier backups
(only need to back up the Ansible playbook configuration and the
bridge's `./data` directory).

The playbook takes care of migrating an existing database file
from the base directory into the `./data` directory.

In the future, we can also mount the configuration read-only,
to ensure the bridge won't touch it.
For now, mautrix-facebook is keen on rebuilding the `config.yaml`
file on startup though, so this will have to wait.
2019-06-07 14:52:38 +03:00
Slavi Pantaleev
330648a3e0 Make Facebook bridge configuration playbook-managed
Related to #193, but for the Facebook bridge.
(other bridges can be changed to do the same later).

This patch makes the bridge configuration entirely managed by the
Ansible playbook. The bridge's `config.yaml` and `registration.yaml`
configuration files are regenerated every time the playbook runs.

This allows us to apply updates to those files and to avoid
people having to manage the configuration files manually on the server.

-------------------------------------------------------------

A deficiency of the current approach to dumping YAML configuration in
`config.yaml` is that we strip all comments from it.
Later on, when the bridge actually starts, it will load and redump
(this time with comments), which will make the `config.yaml` file
change.

Subsequent playbook runs will report "changed" for the
"Ensure mautrix-facebook config.yaml installed" task, which is a little
strange.

We might wish to improve this in the future, if possible.

Still, it's better to have a (usually) somewhat meaningless "changed"
task than to what we had -- never rebuilding the configuration.
2019-06-07 14:05:53 +03:00
Slavi Pantaleev
d6d6c152a3 Delay bridge startup to ensure Synapse is up
Bridges start matrix-synapse.service as a dependency, but
Synapse is sometimes slow to start, while bridges are quick to
hit it and die (if unavailable).

They'll auto-restart later, but .. this still breaks `--tags=start`,
which doesn't wait long enough for such a restart to happen.

This attempts to slow down bridge startup enough to ensure Synapse
is up and no failures happen at all.
2019-06-07 12:15:37 +03:00
Slavi Pantaleev
328d981b05 Fix undefined variables in mxisd and Dimension configuration 2019-06-07 11:46:35 +03:00
p5t2vspoqqw
0e9953f1ef Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-05 10:08:18 +02:00
Slavi Pantaleev
99086f90e8 Upgrade riot-web (1.2.0 -> 1.2.1) 2019-06-04 19:31:14 +03:00
p5t2vspoqqw
4b657b3822 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-06-03 10:13:25 +02:00
kingoftheconnors
c06b47af77 Fixed error message to direct users to the right debug command 2019-06-02 18:24:18 -04:00
Slavi Pantaleev
3bc8aa0a82 Upgrade Synapse (0.99.5.1 -> 0.99.5.2) 2019-05-30 20:50:09 +03:00
Slavi Pantaleev
35892286a1 Upgrade mxisd (1.4.3 -> 1.4.4) 2019-05-30 17:22:39 +03:00
Slavi Pantaleev
2982b03809 Explicitly serialize matrix_synapse_app_service_config_files
Attempt to fix #192 (Github Issue), potential regression since
70487061f4.

Serializing as JSON/YAML explicitly is much better than relying on
magic (well, Python serialization being valid YAML..).
It seems like Python may prefix strings with `u` sometimes (Python 3?),
which causes Python serialization to not be compatible with YAML.
2019-05-30 09:42:08 +03:00
Slavi Pantaleev
f1c124331f Upgrade riot-web (1.1.2 -> 1.2.0) 2019-05-30 08:44:21 +03:00
Slavi Pantaleev
70487061f4 Prefer --mount instead of -v for mounting volumes
This doesn't replace all usage of `-v`, but it's a start.

People sometimes troubleshoot by deleting files (especially bridge
config files). Restarting Synapse with a missing registration.yaml file
for a given bridge, causes the `-v
/something/registration.yaml:/something/registration.yaml:ro` option
to force-create `/something/registration.yaml` as a directory.

When a path that's provided to the `-v` option is missing, Docker
auto-creates that path as a directory.
This causes more breakage and confusion later on.

We'd rather fail, instead of magically creating directories.
Using `--mount`, instead of `-v` is the solution to this.

From Docker's documentation:

> When you use --mount with type=bind, the host-path must refer to an existing path on the host.
> The path will not be created for you and the service will fail with an error if the path does not exist.
2019-05-29 09:59:50 +03:00
Slavi Pantaleev
7d8dde8a53 Add support for proxying /_synapse/admin APIs
Fixes #191 (Github Issue).
2019-05-29 08:32:24 +03:00
Slavi Pantaleev
5361d3a412 Fix Telegram bridge proxying config when matrix-nginx-proxy disabled
Related to #189 (Github Issue).

People had proxying problems if:
- they used the whole playbook (including the `matrix-nginx-proxy` role)
- and they were disabling the proxy (`matrix_nginx_proxy_enabled: false`)
- and they were proxying with their own nginx server

For them,
`matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks`
would not be modified to inject the necessary proxying configuration.
2019-05-27 10:04:52 +03:00
Slavi Pantaleev
7379968a3c Fix Telegram bridge HTTP proxying when not using matrix-nginx-proxy
From what I see, this was never implemented to begin with.

Fixes #189 (Github Issue).
2019-05-26 20:50:52 +03:00
Slavi Pantaleev
120abaf391 Upgrade Telegram bridge (0.5.1 -> 0.5.2) 2019-05-26 20:41:21 +03:00
Slavi Pantaleev
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Slavi Pantaleev
be2812bc8f Remove unnecessary variables
Continuation of 54a281a425.
Related to #188 (Github Pull Request).
2019-05-24 08:01:24 +09:00
Jason Locklin
54a281a425 Config validation not required
Validate_config was copied from the telegram bridge code, but doesn't
apply to the facebook bridge.
2019-05-23 15:02:44 -04:00
p5t2vspoqqw
0cfa73f153 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-23 10:48:22 +02:00
Slavi Pantaleev
a8b633561d Upgrade Synapse (v0.99.4 -> v0.99.5.1) 2019-05-23 09:23:04 +09:00
Dan Arnfield
9c23d877fe Fix docker_image option for ansible < 2.8 2019-05-22 05:43:33 -05:00
Dan Arnfield
fa38c84be2 Fix casting int to string warning 2019-05-21 10:37:05 -05:00
Dan Arnfield
db15791819 Add source option to docker_image to fix deprecation warning 2019-05-21 10:29:12 -05:00
Dan Arnfield
3982f114af Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 2019-05-21 10:25:59 -05:00
Slavi Pantaleev
affb99003c Improve Synapse variable naming consistency 2019-05-21 12:09:38 +09:00
Slavi Pantaleev
5c821b581a Check fullchain.pem, not cert.pem
While using certbot means we'll have both files retrieved,
it's actually the fullchain.pem file that we use in nginx configuration.

Using that one for the check makes more sense.
2019-05-21 11:58:18 +09:00
Slavi Pantaleev
3250df6765 Make bridge uninstallation stop services
Fixes #155 (Github Issue)
2019-05-21 11:27:09 +09:00
Slavi Pantaleev
a1e9818356 Update comment 2019-05-21 11:25:32 +09:00
Slavi Pantaleev
3ece9375c6
Merge pull request #179 from spantaleev/separate-bridge-roles
Move bridges into separate roles
2019-05-21 11:05:30 +09:00
Slavi Pantaleev
fc7ba153b1 Make matrix-synapse role respect matrix_synapse_enabled flag 2019-05-21 10:46:49 +09:00
Slavi Pantaleev
8d654aecdd Improve file naming consistency 2019-05-21 09:57:48 +09:00
Stuart Mumford
a4bcd7ce8f
Add a variable to control the stop tasks 2019-05-20 17:03:05 +01:00
Slavi Pantaleev
e3b4622ac8 Split Synapse extension tasks into install/uninstall files 2019-05-18 06:36:54 +09:00
Slavi Pantaleev
663d1add92 Move matrix-appservice-discord into a separate role 2019-05-18 01:14:12 +09:00
Slavi Pantaleev
13c4e7e5b6 Merge branch 'master' into separate-bridge-roles 2019-05-16 09:45:06 +09:00
Slavi Pantaleev
ae7c8d1524 Use SyslogIdentifier to improve logging
Reasoning is the same as for matrix-org/synapse#5023.

For us, the journal used to contain `docker` for all services, which
is not very helpful when looking at them all together (`journalctl -f`).
2019-05-16 09:43:46 +09:00
Slavi Pantaleev
cf3117011b Upgrade Synapse (0.99.3.2 -> 0.99.4) 2019-05-16 09:20:43 +09:00
Slavi Pantaleev
6db10ed6f3 Upgrade riot-web (1.1.1 -> 1.1.2) 2019-05-16 09:09:42 +09:00
Slavi Pantaleev
3339e37ce9 Move matrix-appservice-irc into a separate role 2019-05-16 09:07:40 +09:00
Slavi Pantaleev
854cf84aa3 Upgrade riot-web (1.1.0 -> 1.1.1) 2019-05-15 09:50:25 +09:00
Slavi Pantaleev
47745254f9
Merge pull request #180 from eMPee584/fix-commented-mxisd-ldap-option
Fix case of the mxisd ldap.connection.baseDNs option in matrix_mxisd_configuration_extension_yaml comment
2019-05-15 09:49:34 +09:00
Slavi Pantaleev
43fd3cc274 Move mautrix-facebook into a separate role 2019-05-15 09:34:31 +09:00
Marcel Partap
5aa7f637d8 Fix matrix_synapse_ext_password_provider_ldap_start_tls (it's boolean) 2019-05-14 23:09:59 +02:00
Marcel Partap
25d3b315de Fix case of the mxisd ldap.connection.baseDNs option in comment 2019-05-14 22:38:21 +02:00
Slavi Pantaleev
bb816df557 Move mautrix telegram and whatsapp into separate roles
The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).
2019-05-14 23:47:22 +09:00
Marcel Partap
d114736014 Add a task to stop services (and remove containers) 2019-05-14 11:46:07 +02:00
Slavi Pantaleev
873c291be6 Fix appservice-discord configuration-extension merging 2019-05-14 08:24:03 +09:00
Slavi Pantaleev
953ae021ba Upgrade mxisd (1.4.2 -> 1.4.3) 2019-05-14 08:22:10 +09:00
Dan Arnfield
6163ba5bb1 Bump postgres versions 2019-05-10 08:02:32 -05:00
inthewaves
51e408bc94
Bump riot-web version (1.0.8->1.1.0) 2019-05-10 05:57:28 +00:00
p5t2vspoqqw
4315b472af Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-09 09:34:09 +02:00
Slavi Pantaleev
216cdf8c74
Merge pull request #166 from izissise/mautrix-facebook
Mautrix facebook
2019-05-09 10:05:14 +03:00
Slavi Pantaleev
565236a49c
Merge pull request #168 from danbob/nginx-proxy-3pid-registration
Add option to proxy 3pid registration endpoints
2019-05-09 09:53:47 +03:00
Dan Arnfield
171c6db41e Add option to proxy 3pid registration endpoints 2019-05-08 13:49:51 -05:00
Dan Arnfield
958ad68078 Add registrations_require_3pid synapse option 2019-05-08 12:29:18 -05:00
Hugues Morisset
a82d5ed281 Add tulir mautrix-facebook (https://github.com/tulir/mautrix-facebook) 2019-05-08 17:11:07 +02:00
Slavi Pantaleev
5f2f17cb1e
Merge pull request #160 from danbob/fix-matrix-mxisd-config
Fix template indentation
2019-05-08 08:01:00 +03:00
Hugues De Keyzer
c451025134 Fix indentation in templates
Use Jinja2 lstrip_blocks option in templates to ensure consistent
indentation in generated files.
2019-05-07 21:23:35 +02:00
Dan Arnfield
3abed49764 Fix jinja config for indented code blocks 2019-05-07 06:02:38 -05:00
Dan Arnfield
07e7d518d5 Revert "Fix template indentation"
This reverts commit 172d59ba05.
2019-05-07 05:57:20 -05:00
Slavi Pantaleev
0e7310fd7c
Merge pull request #164 from TheLastProject/fix/string_before_to_json
string before to_json when string value is expected
2019-05-07 10:41:41 +03:00
Sylvia van Os
9ea593df37 Fix incorrect casts 2019-05-07 09:35:51 +02:00
Sylvia van Os
ed0ecf5bea string before to_json when string value is expected
This prevents Ansible from sometimes failing to decrypt vault variables
2019-05-06 10:10:27 +02:00
Slavi Pantaleev
e0b7b4dc61
Merge pull request #159 from TheLastProject/feature/docker_add_hosts
Add the possibility to pass extra flags to the docker container
2019-05-05 10:22:59 +03:00
Slavi Pantaleev
1653e40239
Merge pull request #158 from lpopov/master
Add the ability to update user passwords with ansible
2019-05-05 10:21:45 +03:00
Slavi Pantaleev
6bea3237c9
Merge pull request #163 from aaronraimist/synapse-0.99.3.1
Update Synapse (0.99.3 -> 0.99.3.1)
2019-05-03 22:10:20 +03:00
Aaron Raimist
8051ea9ef9
Update Synapse (0.99.3.1 -> 0.99.3.2) 2019-05-03 13:34:45 -05:00
Aaron Raimist
d1646bb497
Update Synapse (0.99.3 -> 0.99.3.1) 2019-05-03 12:07:58 -05:00
Dan Arnfield
172d59ba05
Fix template indentation 2019-05-03 10:37:14 -05:00
Lyubomir Popov
c9a2380193 Merge remote-tracking branch 'upstream/master' 2019-05-03 11:05:03 +03:00
Lyubomir Popov
a206b65ed7 Use the '-p' non-interactive option to generate password hash instead of 'expect' 2019-05-03 11:02:17 +03:00
p5t2vspoqqw
79ad60cf0a Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-05-02 14:31:18 +02:00
Slavi Pantaleev
0e391b5870 Add explicit |int casting for more variables
As discussed in #151 (Github Pull Request), it's
a good idea to not selectively apply casting, but to do it in all
cases involving arithmetic operations.
2019-04-30 18:26:03 +03:00
Sylvia van Os
75b1528d13 Add the possibility to pass extra flags to the docker container 2019-04-30 16:35:18 +02:00
Lyubomir Popov
134faa3139 Add the ability to update user passwords with ansible (when using the matrix-postgres container). 2019-04-30 16:30:26 +03:00
Sylvia van Os
bf77f776a2 Add variable to disable homeserver url preview 2019-04-30 13:58:48 +02:00
Slavi Pantaleev
db977ea584
Merge pull request #151 from huguesdk/bugfix/nginx_proxy_tmpfs_size
Fix value of nginx-proxy tmpfs size
2019-04-29 09:00:37 +03:00
Slavi Pantaleev
7c246b4a99 Make error about unset matrix_ssl_lets_encrypt_support_email more descriptive
Previously, we'd show an error like this:

{"changed": false, "item": null, "msg": "Detected an undefined required variable"}

.. which didn't mention the variable name
(`matrix_ssl_lets_encrypt_support_email`).
2019-04-28 11:02:17 +03:00
Slavi Pantaleev
00ec22688a Upgrade mxisd (1.4.1 -> 1.4.2)
Looks like we may not have to do this,
since 1.4.2 fixes edge cases for people who used the broken
1.4.0 release.

We jumped straight to 1.4.1, so maybe we're okay.
Still, upgrading anyway, just in case.
2019-04-28 10:15:46 +03:00
Slavi Pantaleev
817c7143ca
Merge pull request #154 from aaronraimist/mxisd-1.4.1
Update mxisd (1.3.1 -> 1.4.1)
2019-04-28 09:00:47 +03:00
Slavi Pantaleev
528f537db7
Merge pull request #152 from huguesdk/bugfix/remove_hardcoded_values_in_remove_all
Remove hardcoded values in matrix-remove-all
2019-04-28 08:54:34 +03:00
Aaron Raimist
e42fe4b18c
Include Slavi's improvements to keep roles independent 2019-04-27 17:09:21 -05:00
Aaron Raimist
5586eaddef
Set Riot's enable_presence_by_hs_url to false if presence is disabled 2019-04-27 16:35:26 -05:00
Aaron Raimist
ed442af96f
Update mxisd (1.3.1 -> 1.4.1) 2019-04-27 16:28:40 -05:00
Hugues De Keyzer
1e344d5a7a Remove hardcoded values in matrix-remove-all
Use matrix_docker_network and matrix_base_data_path in matrix-remove-all
instead of hardcoded default values.
2019-04-27 22:12:05 +02:00
Hugues De Keyzer
6aa6633ee7 Fix value of nginx-proxy tmpfs size
Use an int conversion in the computation of the value of
matrix_nginx_proxy_tmp_directory_size_mb, to have the integer value
multiplied by 50 instead of having the string repeated 50 times.
2019-04-27 21:54:21 +02:00
Ciaran Ainsworth
8624cf4a57 Fixed default url preview settings 2019-04-26 14:11:40 +01:00
p5t2vspoqqw
e0bc86875b Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-04-26 14:30:51 +02:00
Slavi Pantaleev
f99b24f3be
Merge pull request #144 from dhoffend/welcome
make welcome.html customizable
2019-04-25 08:15:00 +03:00
Daniel Hoffend
ca15d219b9 make welcome.html customizable 2019-04-25 01:05:28 +02:00
p5t2vspoqqw
af8beb3627 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-04-24 15:03:47 +02:00
Slavi Pantaleev
ec0f936227 Try SSL renewal more frequently and reload later
It doesn't hurt to attempt renewal more frequently, as it only does
real work if it's actually necessary.

Reloading, we postpone some more, because certbot adds some random delay
(between 1 and 8 * 60 seconds) when renewing. We want to ensure
we reload at least 8 minutes later, which wasn't the case.

To make it even safer (in case future certbot versions use a longer
delay), we reload a whole hour later. We're in no rush to start using
the new certificates anyway, especially given that we attempt renewal
often.

Somewhat fixes #146 (Github Issue)
2019-04-23 17:59:02 +03:00
p5t2vspoqqw
c2eabf2b9d Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2019-04-23 09:45:10 +02:00
p5t2vspoqqw
7ee6927ca9 add suggested change; correct indent 2019-04-23 09:44:02 +02:00
Slavi Pantaleev
892abdc700 Do not refer to Synapse as "Matrix Synapse" 2019-04-23 10:20:56 +03:00
Slavi Pantaleev
39566aa7fe Generate a Synapse signing key file, if missing
The code used to check for a `homeserver.yaml` file and generate
a configuration (+ key) only if such a configuration file didn't exist.

Certain rare cases (setting up with one server name and then
changing to another) lead to `homeserver.yaml` being there,
but a `matrix.DOMAIN.signing.key` file missing (because the domain
changed).
A new signing key file would never get generated, because `homeserver.yaml`'s
existence used to be (incorrectly) satisfactory for us.

From now on, we don't mix things up like that.
We don't care about `homeserver.yaml` anymore, but rather
about the actual signing key.

The rest of the configuration (`homeserver.yaml` and
`matrix.DOMAIN.log.config`) is rebuilt by us in any case, so whether
it exists or not is irrelevant and doesn't need checking.
2019-04-23 10:06:42 +03:00
Slavi Pantaleev
18a562c000 Upgrade services 2019-04-21 08:57:49 +03:00
p5t2vspoqqw
deeefac84c add ngnix-status to config
add doc
2019-04-17 13:45:42 +02:00
Lyubomir Popov
eab8f31eed Add additional room config options:
- matrix_enable_room_list_search - Controls whether searching the public room list is enabled.
 - matrix_alias_creation_rules - Controls who's allowed to create aliases on this server.
 - matrix_room_list_publication_rules - Controls who can publish and which rooms can be published in the public room list.
2019-04-16 12:40:38 +03:00
NullIsNot0
596f2ec1e2
Make Dimension communicat to Synapse through Docker network
Media is pulled from client side, so we specify external Matrix DNS name as mediaUrl
2019-04-14 16:09:29 +03:00
Slavi Pantaleev
9a05b030cb Fix unknown tag error when generating Goofys service
`{% matrix_s3_media_store_custom_endpoint_enabled %}` should have
been `{% if matrix_s3_media_store_custom_endpoint_enabled %}` instead.

Related to #132 (Github Pull Request).
2019-04-10 08:45:52 +03:00
Slavi Pantaleev
bec59c06bb Update images 2019-04-09 09:33:24 +03:00
Slavi Pantaleev
901516d806 Update matrix-corporal (1.3.0 -> 1.4.0) 2019-04-06 12:34:15 +03:00
Alexander Acevedo
6cc6638098
revert 3953705682
that's not how it works
2019-04-05 06:01:58 -04:00
Alexander Acevedo
3953705682
add custom endpoint environment variable 2019-04-05 05:56:36 -04:00
Alexander Acevedo
3ffb03f20e
missing whitespace 2019-04-05 05:54:58 -04:00
Alexander Acevedo
c55e49d733
add custom endpoint to matrix-goofys.service.j2
This (should) check if custom endpoint is enabled.
2019-04-05 05:48:31 -04:00
Alexander Acevedo
b5fbec8d83
add goofys custom
Creates the configuration variable to toggle custom endpoint and the default custom endpoint.
2019-04-05 05:33:38 -04:00
Slavi Pantaleev
af1c9ae59d Do not force firewalld on people
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00
Slavi Pantaleev
9202b2b8d9 Ensure systemd services are running when doing --tags=start
Fixes #129 (Github Issue).

Unfortunately, we rely on `service_facts`, which is only available
in Ansible >= 2.5.

There's little reason to stick to an old version such as Ansible 2.4:
- some time has passed since we've raised version requirements - it's
time to move into the future (a little bit)
- we've recently (in 82b4640072) improved the way one can run
Ansible in a Docker container

From now on, Ansible >= 2.5 is required.
2019-04-03 11:19:06 +03:00
NullIsNot0
64556569da
Update Riot Web from 1.0.5 to 1.0.6 2019-04-02 07:20:25 +03:00
Slavi Pantaleev
631b7cc6a6 Add support for adjusting Synapse rate-limiting configuration 2019-04-01 21:40:14 +03:00
Slavi Pantaleev
77359ae867 Synchronize Synapse config with the sample from 0.99.3 2019-04-01 21:22:05 +03:00
Slavi Pantaleev
95e4234dca Update nginx (1.15.9 -> 1.15.10) 2019-04-01 19:54:53 +03:00
Aaron Raimist
c6f1f7aa23
Update Synapse (0.99.2 -> 0.99.3) 2019-04-01 11:26:46 -05:00
Slavi Pantaleev
60b0ba379b Update riot-web (1.0.4 -> 1.0.5) 2019-03-22 20:36:23 +02:00
Slavi Pantaleev
d9c6884b6a Update mautrix-telegram (0.4.0 -> 0.5.1) 2019-03-22 18:50:41 +02:00
Slavi Pantaleev
73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
Slavi Pantaleev
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
Slavi Pantaleev
018aeed5e9 Add support for mounting additional volumes to matrix-coturn 2019-03-19 09:16:30 +02:00
Slavi Pantaleev
a50ea0f0a9 Update riot-web (1.0.3 -> 1.0.4) 2019-03-19 08:00:48 +02:00
Slavi Pantaleev
24cf27c60c Isolate Coturn from services in the default Docker network
Most (all?) of our Matrix services are running in the `matrix` network,
so they were safe -- not accessible from Coturn to begin with.

Isolating Coturn into its own network is a security improvement
for people who were starting other services in the default
Docker network. Those services were potentially reachable over the
private Docker network from Coturn.

Discussed in #120 (Github Pull Request)
2019-03-18 17:41:14 +02:00
Slavi Pantaleev
c6858d2a08 Define matrix_coturn_turn_external_ip_address in the playbook group vars
This is more explicit than hiding it in the role defaults.

People who reuse the roles in their own playbook (and not only) may
incorrectly define `ansible_host` to be a hostname or some local address.

Making it more explicit is more likely to prevent such mistakes.
2019-03-18 17:04:40 +02:00
Stuart Mumford
e367a2d0de
Add nulls for quotas as well 2019-03-18 11:58:52 +00:00
Stuart Mumford
9d236c5466
Add defaults for ips 2019-03-18 11:44:40 +00:00
Stuart Mumford
c0dc56324a
Add config options to turnserver.conf 2019-03-18 11:18:30 +00:00
Slavi Pantaleev
221703f257
Merge pull request #118 from verb/systemctl
Use common path for systemctl in lets encrypt cron
2019-03-17 20:55:40 +02:00
Slavi Pantaleev
e65514223e
Merge branch 'master' into update-homeserver-yaml 2019-03-17 20:53:52 +02:00
Slavi Pantaleev
2f1662626e Use |to_json for matrix_synapse_push_include_content
Doing this for consistency.

Related to #117 (Github Pull Request).
2019-03-17 20:51:12 +02:00
Aaron Raimist
ae912c4529
Update homeserver.yaml with some new options we could enable 2019-03-16 15:51:41 -05:00
Lee Verberne
d90bc20690 Use common path for systemctl in lets encrypt cron
Currently the nginx reload cron fails on Debian 9 because the path to
systemctl is /bin/systemctl rather than /usr/bin/systemctl.

CentOS 7 places systemctl in both /bin and /usr/bin, so we can just use
/bin/systemctl as the full path.
2019-03-16 20:48:58 +01:00
Lee Verberne
71c7c74b7b Allow configuring push content for matrix-synapse
This allows overriding the default value for `include_content`. Setting
this to false allows homeserver admins to ensure that message content
isn't sent in the clear through third party servers.
2019-03-16 07:16:20 +01:00
Lorrin Nelson
ceba99eed3 Make federation self-check conditional on matrix_synapse_federation_enabled 2019-03-13 22:33:52 -07:00
Slavi Pantaleev
2d56ff0afa Skip some uninstall tasks if not necessary to run 2019-03-13 07:40:51 +02:00
Slavi Pantaleev
b066f8a0d8 Do not try to start matrix-coturn.service if not enabled 2019-03-13 07:36:28 +02:00
Slavi Pantaleev
c545d3eb85 Add support for serving base domain via matrix-nginx-proxy 2019-03-12 23:01:16 +02:00
Slavi Pantaleev
e645b0e372 Rename matrix_nginx_proxy_data_path to matrix_nginx_proxy_base_path
`matrix_nginx_proxy_data_path` has always served as a base path,
so we're renaming it to reflect that.

Along with this, we're also introducing a new "data path" variable
(`matrix_nginx_proxy_data_path`), which is really a data path this time.
It's used for storing additional, non-configuration, files related to
matrix-nginx-proxy.
2019-03-12 23:01:16 +02:00
Plailect
f6de3fd668
Start appservice-irc as non-root 2019-03-12 13:17:51 -04:00
Edgars Voroboks
610eef82b5 Add option to enable Dimension widgets serve sites with self signed certs 2019-03-12 12:17:12 +02:00
Edgars Voroboks
1d8fd9792f Fix Matrix homeserver name in Dimension configuration 2019-03-11 20:05:52 +02:00
Slavi Pantaleev
4067e09409 Fix rare YAML parsing problems in Dimension config
It's been reported that YAML parsing errors
would occur on certain Ansible/Python combinations for some reason.

It appears that a bare `{{ matrix_dimension_admins }}` would sometimes
yield things like `[u'@user:domain.com', ..]` (note the `u` string prefix).

To prevent such problems, we now explicitly serialize with `|to_json`.
2019-03-10 22:23:06 +02:00
Slavi Pantaleev
6c5cc173b0 Fix permission mode for some files 2019-03-09 21:15:16 +02:00
Slavi Pantaleev
ecabe8f814
Merge pull request #107 from NullIsNot0/master
Implement self-hosted Dimension server
2019-03-09 20:59:52 +02:00
Edgars Voroboks
5f13a1e50b Generate Dimension config from variable 2019-03-09 19:08:00 +02:00
Edgars Voroboks
bcbfc1e838 Make Matrix Federation required and fix internal federationUrl 2019-03-09 10:30:31 +02:00
Edgars Voroboks
27772a6420 Point federationUrl to matrix-synapse container 2019-03-08 22:01:11 +02:00
Edgars Voroboks
b2263f811a Disable logging to file. Set console logging to verbose. 2019-03-08 22:00:05 +02:00
Edgars Voroboks
30738d064e Fix errors 2019-03-08 19:14:15 +02:00
Edgars Voroboks
1eb78ca93e Add additional changes for Dimension to work 2019-03-08 15:00:53 +02:00
Slavi Pantaleev
390ec8a599 Skip some tasks when not necessary to run them 2019-03-08 12:14:58 +02:00
Sylvia van Os
93992f7756
Fix indenting of generators value 2019-03-08 10:50:51 +01:00
Slavi Pantaleev
62e2acada5
Merge pull request #104 from dangersalad/master
allow exposing mautrix_telegram port
2019-03-08 08:50:05 +02:00
paulbdavis
17e86ba817 implement requested changes 2019-03-07 12:45:58 -07:00
Sylvia van Os
8cc420da15
Upgrade riot-web to v1.0.3 2019-03-07 13:53:33 +01:00
Sylvia van Os
f297ff506b Explain how to set the template variables 2019-03-07 13:34:07 +01:00
Sylvia van Os
0cd8b99b00 Add support for custom MXISD templates 2019-03-07 13:28:00 +01:00
Edgars Voroboks
9735a2f600 Implement self-hosted Dimension server 2019-03-07 07:22:08 +02:00
Slavi Pantaleev
aae8757027 Update coturn (4.5.1.0 -> 4.5.1.1) 2019-03-06 19:59:40 +02:00
Slavi Pantaleev
85c5adfd69 Minor consistency improvements 2019-03-05 09:20:36 +02:00
Slavi Pantaleev
a310a01818 Use non-root and no-capability containers during Discord setup
Related to #105 (Github Pull Request).
2019-03-05 09:10:51 +02:00
Slavi Pantaleev
f037f63a07
Merge pull request #105 from Lionstiger/matrix-discord-bridge
Add Support for matrix-appservice-discord
2019-03-05 06:39:46 +00:00
Lionstiger
c2834d2226 running as matrix user from the start 2019-03-04 16:26:19 +01:00
Lionstiger
278484656b ensure systemd reloaded after bridge installation 2019-03-04 15:12:37 +01:00
Lionstiger
2d78c5f89d made matrix_appservice_discord_client_id lowercase 2019-03-04 15:11:06 +01:00
Lionstiger
7aadd8bbe9 undo changed synapse version 2019-03-03 19:55:56 +01:00
Lionstiger
4aeeb5cf31 Autogenerate Discord invite link
Generates the link required to add the Bridge to a Discord server.
2019-03-03 19:33:16 +01:00
Lionstiger
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
Slavi Pantaleev
6f6dff3e2b Update some Docker images 2019-03-03 12:27:43 +02:00
Slavi Pantaleev
45618679f5 Reload systemd services when they get updated
Fixes #69 (Github Issue)
2019-03-03 11:55:15 +02:00
Slavi Pantaleev
041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
paulbdavis
f2a2cad107 allow exposing mautrix_telegram port 2019-03-01 16:05:01 -07:00
Slavi Pantaleev
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev
8cac29a5d5 Update matrix-synapse-rest-auth (0.1.1 -> 0.1.2) 2019-02-28 11:15:26 +02:00
Slavi Pantaleev
25bdc10617 Follow redirects for some well-known files
The Server spec says that redirects should be followed for
`/.well-known/matrix/server`. So we follow them.

The Client-Server specs doesn't mention redirects, so we don't
follow redirects there.
2019-02-25 21:03:33 +02:00
Slavi Pantaleev
433780384e Do not use docker_container module
Using `docker_container` with a `cap_drop` argument requires
Ansible >=2.7.

We want to support older versions too (2.4), so we either need to
stop invoking it with `cap_drop` (insecure), or just stop using
the module altogether.

Since it was suffering from other bugs too (not deleting containers
on failure), we've decided to remove `docker_container` usage completely.
2019-02-25 10:42:27 +02:00
Slavi Pantaleev
639fc0bb5c Treat empty string dig lookup responses as "missing record" 2019-02-22 18:02:10 +02:00
Slavi Pantaleev
4c512c8e64 Upgrade mxisd (1.3.0 -> 1.3.1) 2019-02-22 15:44:13 +02:00
Slavi Pantaleev
550d398e6c Remove some unnecessary slashes 2019-02-20 21:21:20 +02:00
Slavi Pantaleev
d552a742f8 Fix Riot caching troubles
Some resources shouldn't be cached right now,
as per https://github.com/vector-im/riot-web/pull/8702

(note all of the suggestions from that pull request were applied,
because some of them do not seem relevant - no such files)

Fixes #98 (Github Issue)
2019-02-16 17:59:41 +02:00
Slavi Pantaleev
350b25690d Add Riot v1.0 (v1.0.1) support 2019-02-16 11:48:17 +02:00
Slavi Pantaleev
0f55823c5f Update Synapse (0.99.1 -> 0.99.1.1)
It's not important for us, as it only contains
some ACME-related fix.
2019-02-14 19:43:13 +02:00
Slavi Pantaleev
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
Slavi Pantaleev
df76ae707a Fix inaccurate comment 2019-02-13 14:07:16 +02:00
Slavi Pantaleev
7a1b5a2024 Update mxisd (1.2.2 -> 1.3.0) 2019-02-10 23:20:05 +02:00
Slavi Pantaleev
42c4de348c Revert "Bind metrics on :: too"
This reverts commit 536c85619f.

Looks like binding metrics on IPv6 (`::`) fails with an error:

socket.gaierror: [Errno -2] Name does not resolve
2019-02-09 13:21:18 +02:00
Slavi Pantaleev
08635666df Do not attempt to start coturn TLS listeners
We don't provide certificates, so it fails anyway,
but we'd rather suppress the warnings about it too.
2019-02-07 13:20:30 +02:00
Slavi Pantaleev
f5cd916de8 Update coturn (4.5.0.8 -> 4.5.1.0) 2019-02-07 13:15:59 +02:00
Slavi Pantaleev
536c85619f Bind metrics on :: too
For consistency with all our other listeners,
we make this one bind on the `::` address too
(both IPv4 and IPv6).

Additional details are in #91 (Github Pull Request).
2019-02-06 14:24:10 +02:00
Slavi Pantaleev
91a757c581 Add support for reloading Synapse 2019-02-06 09:25:13 +02:00
Slavi Pantaleev
40f3793af7 Upgrade Synapse to v0.99 and simplify dummy TLS cert logic 2019-02-06 09:17:55 +02:00
Slavi Pantaleev
5db692f877 Remove some useless homeserver.yaml configuration 2019-02-05 14:02:01 +02:00
Slavi Pantaleev
738c592c27 Bump Synapse version (0.34.1.1 -> 0.99.0rc4) 2019-02-05 13:33:39 +02:00
Slavi Pantaleev
119016e858 Cache /.well-known/matrix files for longer 2019-02-05 13:06:17 +02:00
Slavi Pantaleev
764a040a90 Make /.well-known/matrix/server optional
People who wish to rely on SRV records can prevent
the `/.well-known/matrix/server` file from being generated
(and thus, served.. which causes trouble).
2019-02-05 12:09:46 +02:00
Slavi Pantaleev
74710427e5 Allow for the federation port (tcp/8448)'s certificate to be changed
If someone decides to not use `/.well-known/matrix/server` and only
relies on SRV records, then they would need to serve tcp/8448 using
a certificate for the base domain (not for the matrix) domain.

Until now, they could do that by giving the certificate to Synapse
and setting it terminate TLS. That makes swapping certificates
more annoying (Synapse requires a restart to re-read certificates),
so it's better if we can support it via matrix-nginx-proxy.

Mounting certificates (or any other file) into the matrix-nginx-proxy container
can be done with `matrix_nginx_proxy_container_additional_volumes`,
introduced in 96afbbb5a.
2019-02-05 12:09:46 +02:00
Slavi Pantaleev
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
Slavi Pantaleev
e06e5dd208 Fix syntax breakage
Regression since 96afbbb5af
2019-02-05 12:09:33 +02:00
Slavi Pantaleev
96afbbb5af Allow additional volumes to be mounted into matrix-nginx-proxy
Certain use-cases may require that people mount additional files
into the matrix-nginx-proxy container. Similarly to how we do it
for Synapse, we are introducing a new variable that makes this
possible (`matrix_nginx_proxy_container_additional_volumes`).

This makes the htpasswd file for Synapse Metrics (introduced in #86,
Github Pull Request) to also perform mounting using this new mechanism.
Hopefully, for such an "extension", keeping htpasswd file-creation and
volume definition in the same place (the tasks file) is better.

All other major volumes' mounting mechanism remains the same (explicit
mounting).
2019-02-05 11:46:16 +02:00
Slavi Pantaleev
9a251e4e46 Remove some more references to localhost
Continuation of 1f0cc92b33.

As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.

To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
2019-02-05 11:11:28 +02:00
Aaron Raimist
1f0cc92b33
Use IPv4 localhost everywhere (or almost everywhere) 2019-02-04 09:49:45 -06:00
Aaron Raimist
58ca2e7dfd
Turn off IPv6 when using your own Nginx server
Docker apparently doesn't like IPv6.
2019-02-04 09:03:43 -06:00
Slavi Pantaleev
52d5e540c0 Fix ownership of generated self-signed certificates (root -> matrix) 2019-02-02 17:32:13 +02:00
dhose
87e3deebfd Enable exposure of Prometheus metrics. 2019-02-01 20:02:11 +01:00
Plailect
29b40b428a
Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
Slavi Pantaleev
897cfbdcba Fix /.well-known/matrix/client installation
Regression since 51312b82
2019-02-01 17:06:49 +02:00
Slavi Pantaleev
8681a5dc69 Add 'none' SSL certificate retrieval method 2019-02-01 16:50:25 +02:00
Slavi Pantaleev
cd332d9b4e Add TLS v1.3 support to matrix-nginx-proxy
This was mentioned in #27 (Github Pull Request),
but it's just now that the nginx Docker image actually supports
TLS v1.3 and we can enable it.
2019-02-01 11:49:22 +02:00
Slavi Pantaleev
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
Slavi Pantaleev
08321ea4bb
Merge pull request #87 from Plailect/master
Add support for matrix-appservice-irc
2019-01-31 20:20:32 +02:00
Plailect
0dac5ea508
Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00