Commit Graph

255 Commits

Author SHA1 Message Date
Slavi Pantaleev
5a4ea5f866 Make AWX enabling/disabling consistent with other playbook roles
That is:
- enabled in the role by default
- disabled in the compilation (playbook), if considered an optional
component
2021-03-24 14:02:53 +02:00
Slavi Pantaleev
b89936afba Make bridges depend on matrix-nginx-proxy
We don't point them straight to Synapse anymore, but rather
to matrix-nginx-proxy, which forwards to Synapse (or something else).
2021-03-24 14:00:41 +02:00
Aaron Raimist
bab8b950ca
Add mjolnir 2021-03-23 22:46:08 -05:00
Slavi Pantaleev
06c74728eb Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role
This variable was previously undefined in the role and was only getting
defined via `group_vars/matrix_servers`.

We now properly initialize it (and its good default value) in the role
itself.
2021-03-23 10:28:32 +02:00
Slavi Pantaleev
9a0222fa47 Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
foxcris
11cd1cb0fa - removed matrix_postgres_backup_db_list variable
- add matrix_postgres_backup_databases to be build on top of matrix_postgres_additional_databases
- POSTGRES_DB is now directly set from matrix_postgres_backup_databases while building the templates/env-postgres-backup.j2
2021-03-16 11:40:16 +01:00
foxcris
43f7d9afb6 - removed dynamic building of the postgres db list an reused matrix_postgres_additional_databases in group_vars/matrix_servers as source for the list
- adjusted env-postgres-backup.j2 to use the new role specific variables
2021-03-16 10:49:04 +01:00
foxcris
ecc6bdb3ca - changed variables names to use role specific one and redefine them using group_vars/matrix_servers 2021-03-16 10:18:26 +01:00
Slavi Pantaleev
011e95c1d2
Merge pull request #893 from GoMatrixHosting/master
matrix-awx - the GoMatrixHosting v0.3.0 initial PR
2021-03-16 08:40:15 +02:00
Yannick Goossens
20c6bd686e Added the matrix_bot_go_neb_container_http_host_bind_port variable to allow the container to expose its listen port 2021-03-12 11:10:00 +01:00
Yannick Goossens
51e2547484 Added support for the Go-NEB bot 2021-03-11 19:23:01 +01:00
Slavi Pantaleev
a25b8135b8 Fix point overlap between matrix-domain and Jitsi
Mostly affects people who disable the integrated `matrix-nginx-proxy`.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456
and more specifically 4d62a75f6f.
2021-03-01 20:27:45 +02:00
Michael
33ec5710d9 0.2.1 revision 2021-02-28 22:21:40 +08:00
Slavi Pantaleev
1ef683d366 Make nginx proxy config (when disabled) obey matrix_federation_public_port
People who were disabling matrix-nginx-proxy (in favor of their own
nginx webserver) and also overriding `matrix_federation_public_port`,
found that the generated nginx configuration still hardcoded `8448`,
which forced their nginx server to use that, regardless of the fact
that `matrix_federation_public_port` was pointing elsewhere.

We now allow for the in-container federation port to be configurable,
and also automatically wire things properly.
2021-02-24 08:19:20 +02:00
Marcus Proest
2ca8211184 Merge remote-tracking branch 'upstream/master' 2021-02-19 19:02:48 +01:00
Marcus Proest
b99372a3c5 initial commit of mautrix-instagram role 2021-02-19 17:20:26 +01:00
Slavi Pantaleev
91c987ca7d
Merge pull request #872 from xangelix/add-mx-puppet-groupme-gh
Add mx-puppet-groupme support
2021-02-19 11:42:41 +02:00
Slavi Pantaleev
d94d0e2ca5
Merge pull request #456 from eMPee584/synapse-workers
Synapse workers
2021-02-19 11:40:36 +02:00
Slavi Pantaleev
217b4a8808 Release Synapse v1.27.0 to ARM32 via self-building
Related to: https://matrix.org/blog/2021/02/18/synapse-1-27-0-released#dropping-armv7-docker-images
2021-02-19 09:10:16 +02:00
Béla Becker
005f4d57f9 Remove mention of sqlite3 support for Etherpad
The official Etherpad Docker image has no support for sqlite3 databases.
2021-02-18 17:39:36 +01:00
Cody Neiman
c4e1209452
Merge branch 'master' into add-mx-puppet-groupme-gh 2021-02-17 13:52:37 -05:00
Slavi Pantaleev
daae74b074 Merge branch 'master' into synapse-workers 2021-02-16 17:31:40 +02:00
Marc Leuser
1434c371bd safer port binding of etherpad docker container
don't bind to any host port if nginx_proxy is used
only bind to localhost if it's not used
2021-02-15 10:46:23 +01:00
Cody Neiman
e510481e84
Merge branch 'master' into add-mx-puppet-groupme-gh 2021-02-14 13:41:16 -05:00
Cody Neiman
c15d5a58a9
Make mx-puppet-groupme tokens unique 2021-02-14 13:37:12 -05:00
Slavi Pantaleev
5cfeae806b Merge branch 'master' into synapse-workers 2021-02-14 13:00:57 +02:00
Slavi Pantaleev
894679750e
Merge pull request #862 from s-thom/nginx-additional
Add additional domains for Let's Encrypt certificates to be obtained
2021-02-14 11:05:25 +02:00
Cody Neiman
b900a4a3ba
Add groupme postgres 2021-02-13 00:50:00 -05:00
Cody Neiman
5a70a56ff0
Initial implementation 2021-02-12 23:13:30 -05:00
Slavi Pantaleev
2b47258c6c Do not auto-expose metrics on matrix.DOMAIN/_synapse/metrics
.. and other documentation improvements.
2021-02-12 13:47:53 +02:00
Slavi Pantaleev
c8ab200cb1 Break dependency between matrix-prometheus and (matrix-prometheus-node-exporter, matrix-synapse) 2021-02-12 11:59:24 +02:00
Slavi Pantaleev
18e31526a8 Rename some variables 2021-02-12 11:59:24 +02:00
Peetz0r
989100b1c1 Grafana nginx proxy config 2021-02-10 22:54:14 +01:00
Peetz0r
eb5aa93e8a Grafana
Also includes the dashboards for Synapse and for Node Exporter.

Again has only been tested on debian amd64 so far, but the grafana docker image is available for arm64 and arm32. Nice.
2021-02-10 22:54:14 +01:00
Peetz0r
e525970b39 Prometheus Node Exporter
Basic system stats, to show stuff the synapse metrics
can't show such as resource usage by bridges, etc

Seems to work fine as well.

This too has only been tested on debian amd64 so far
2021-02-10 22:54:14 +01:00
Peetz0r
13ef9e85cf Prometheus
Initial attempt. Seems to work fine.

Only tested on debian amd64 so far
2021-02-10 22:54:14 +01:00
Stuart Thomson
064b2e533c Add variable for extra domains to get LE certs for
I felt that adding another variable was probably going to be the easiest way to do this. I may end up adding another variable to enable this feature, for consistency with some of the other things.
2021-02-06 20:02:39 +13:00
Béla Becker
38bf1eda70 Etherpad Jitsi integration 2021-01-26 05:04:47 +01:00
Béla Becker
4b451ff782 Etherpad role 2021-01-26 05:04:47 +01:00
Slavi Pantaleev
d3ecc6f017 Fix bridges failing to upload media when Synapse workers are enabled 2021-01-25 13:55:08 +02:00
Slavi Pantaleev
4d62a75f6f Get matrix-corporal to play nicely with a Synapse worker setup
We do this by creating one more layer of indirection.

First we reach some generic vhost handling matrix.DOMAIN.
A bunch of override rules are added there (capturing traffic to send to
ma1sd, etc). nginx-status and similar generic things also live there.

We then proxy to the homeserver on some other vhost (only Synapse being
available right now, but repointing this to Dendrite or other will be
possible in the future).
Then that homeserver-specific vhost does its thing to proxy to the
homeserver. It may or may not use workers, etc.

Without matrix-corporal, the flow is now:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-nginx-proxy/matrix-synapse.conf
3. matrix-synapse

With matrix-corporal enabled, it becomes:
1. matrix.DOMAIN (matrix-nginx-proxy/matrix-domain.conf)
2. matrix-corporal
3. matrix-nginx-proxy/matrix-synapse.conf
4. matrix-synapse

(matrix-corporal gets injected at step 2).
2021-01-25 09:46:41 +02:00
Slavi Pantaleev
63301b0ef1 Improvements around Synapse worker/metrics ports exposure
There was a `matrix_nginx_proxy_enabled|default(False)` check, but:
- it didn't seem to work reliably for some reason (hmm)
- referring to a `matrix_nginx_proxy_*` variable from within the
  `matrix-synapse` role is not ideal
- exposing always happened on `127.0.0.1`, which may not be good enough
  for some rarer setups (where the own webserver is external to the host)
2021-01-25 08:25:43 +02:00
Slavi Pantaleev
5ca68210cd Do not handle /_matrix/federation on client-server port, nor /_matrix/client stuff on federation port
I guess it didn't hurt to do it until now, but it's not great serving
federation APIs on the client-server API port, etc.

matrix-corporal doesn't work yet (still something to be solved in the
future), but its firewalling operations will also be sabotaged
by Client-Server APIs being served on the federation port (it's a way to get around its firewalling).
2021-01-24 22:22:57 +02:00
Marcel Partap
183adec3d8 Merge remote-tracking branch 'origin/master' into synapse-workers 2021-01-23 15:04:11 +01:00
Panagiotis Georgiadis
f10e3fef0d
Merge branch 'master' into irc 2021-01-22 20:30:24 +00:00
Panagiotis Georgiadis
e502ee33da
Selfbuild appservice-irc bridge 2021-01-22 21:28:53 +01:00
Slavi Pantaleev
f9c1d62435 Fix Postgres database (-alpine) failing to start on ARM32 2021-01-22 13:52:55 +02:00
Slavi Pantaleev
95346f3117 Reorganize Postgres access (breaking change)
In short, this makes Synapse a 2nd class citizen,
preparing for a future where it's just one-of-many homeserver software
options.

We also no longer have a default Postgres superuser password,
which improves security.

The changelog explains more as to why this was done
and how to proceed from here.
2021-01-22 13:26:12 +02:00
Slavi Pantaleev
024a23ed17 Upgrade mautrix-facebook to the new Postgres-only version
I had intentionally held it back in 39ea3496a4
until:
- it received more testing (there were a few bugs during the
migration, but now it seems OK)
- this migration guide was written
2021-01-20 10:12:51 +02:00
Slavi Pantaleev
28d86e3aaa Initial work on support for matrix-corporal v2 2021-01-16 23:47:14 +02:00
Panagiotis Georgiadis
a66a604e53
Selfbuild appservice-slack bridge 2021-01-14 01:29:11 +01:00
Slavi Pantaleev
48b6487d41 Use ready-made image for mautrix-telegram on arm64
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/793
2021-01-13 22:40:47 +02:00
Slavi Pantaleev
105354a052
Remove useless comment 2021-01-13 17:56:10 +02:00
Panagiotis Georgiadis
fd540d8592
Enable Telegram self-building 2021-01-13 16:51:45 +01:00
Marcel Partap
cd8100544b Merge remote-tracking branch 'origin/master' into synapse-workers
Sync with upstream
2021-01-08 20:58:50 +01:00
teutat3s
a2f6adbeaf
Fix appservice-slack default db: nedb 2021-01-06 22:00:49 +01:00
Slavi Pantaleev
6b1e25d843 Do not create matrix_bridge_sms Postgres database
That bridge only supports its own file-based database,
so preparing a Postgres database for it is pointless.
2021-01-03 10:21:59 +02:00
Slavi Pantaleev
df8d9cfd34 Remove some TODOs
The answer to these is: it's good to have them in both places.
The role defines the obvious things it depends on (not knowing
what setup it will find itself into), and then
`group_vars/matrix_servers` "extends" it based on everything else it
knows (the homeserver being Synapse, whether or not the internal
Postgres server is being used, etc.)
2021-01-03 07:46:55 +02:00
Sabine Laszakovits
ffb837d4bc made the bridge use the default postgres db 2021-01-02 00:39:11 +01:00
Sabine Laszakovits
a06c58c753 Merge branch 'master' into signal 2021-01-01 21:05:00 +01:00
David Gnedt
befffa926b Fix concatenation of additional databases
Otherwise the postgres upgrade fails with the following error:

Unexpected templating type error occurred on ({{
  [matrix_postgres_connection_username]
  +
  matrix_postgres_additional_databases|map(attribute='username')
}}
): can only concatenate list (not "generator") to list
2020-12-23 19:24:45 +01:00
Slavi Pantaleev
ea804f2f9f Do not use underscore in salts passed to sha512
Some Ansible installations choke on it, it seems.
Similar to 9f00970c90
2020-12-23 12:59:48 +02:00
Slavi Pantaleev
9f00970c90 Do not use salts longer than 16 characters
We've hit this problem before as well. Certain Ansible installations
choke on it.
2020-12-23 12:31:52 +02:00
Slavi Pantaleev
f19b29846d
Merge pull request #740 from jdreichmann/postgres-per-default
postgres: create databases for all services
2020-12-23 11:00:41 +02:00
Slavi Pantaleev
ad1425eee4 Add pgloader self-building support (for ARM) 2020-12-23 09:08:54 +02:00
Slavi Pantaleev
715bdf2c64 Add support for automatic (nedb -> Postgres) migration to mx-appservice-irc 2020-12-22 19:32:43 +02:00
Slavi Pantaleev
815a80c290 Fix alignment issues 2020-12-22 17:16:56 +02:00
Slavi Pantaleev
15f4cc924d Rename variables (_database_db_name -> _database_name) 2020-12-22 17:10:02 +02:00
Slavi Pantaleev
69cc2145d2 Add support for automatic (Postgres -> SQLite) migration to mx-puppet-steam 2020-12-22 16:51:59 +02:00
Slavi Pantaleev
ed159cc742 Move matrix_architecture to matrix-base
We were only defining this in `group_vars/matrix_servers`, which is
inconsistent with how we normally do things.
2020-12-17 11:33:18 +02:00
Slavi Pantaleev
a197968b7f Make matrix-registration use Postgres by default
Now that 0.7.2 is out, the Docker image supports Postgres
and we can do the (SQLite -> Postgres) migration.

I've also found out that we needed to fix up the `tokens.ex_date` column
data type a bit to prevent matrix-registration from raising exceptions
when comparing `datetime.now()` with `ex_date` coming from the database.

Example:

> File "/usr/local/lib/python3.8/site-packages/matrix_registration/tokens.py", line 58, in valid
> expired = self.ex_date < datetime.now()
> TypeError: can't compare offset-naive and offset-aware datetimes
2020-12-15 23:19:56 +02:00
Slavi Pantaleev
dd797ba6a7 Fix Postgres database importing/upgrading conflicts
We were running into conflicts, because having initialized
the roles (users) and databases, trying to import leads to
errors (role XXX already exists, etc.).

We were previously ignoring the Synapse database (`homeserver`)
when upgrading/importing, because that one gets created by default
whenever the container starts.

For our additional databases, it's a similar situation now.
It's not created by default as soon as Postgres starts with an empty
database, but rather we create it as part of running the playbook.

So we either need to skip those role/database creation statements
while upgrading/importing, or to avoid creating the additional database
and rely on the import for that. I've gone for the former, because
it's already similar to what we were doing and it's simpler
(it lets `setup_postgres.yml` be the same in all scenarios).
2020-12-14 22:28:20 +02:00
Slavi Pantaleev
2a502db239 Add (SQLite + Postgres) support and automatic migration to matrix-dimension 2020-12-14 21:01:47 +02:00
Slavi Pantaleev
8d74593878 Prepare matrix-registation for (SQLite + Postgres) support
Auto-migration and everything seems to work. It's just that
matrix-registration cannot load the Python modules required
for talking to a Postgres database.

Tracked here: https://github.com/ZerataX/matrix-registration/issues/44

Until this gets fixed, we'll continue default to 'sqlite'.
2020-12-14 18:58:37 +02:00
Slavi Pantaleev
3ab7dd1abe Potentially add matrix-postgres.service as required for bridges, etc. 2020-12-14 17:22:31 +02:00
Slavi Pantaleev
af3ea67bba Add (SQLite + Postgres) support and automatic migration to matrix-ma1sd 2020-12-14 17:16:25 +02:00
Slavi Pantaleev
e3a0c9adda Add (Postgres + SQLite) support to matrix-reminder-bot
This has been tested and appears to work.
2020-12-14 15:02:11 +02:00
Slavi Pantaleev
b9a04a7f95 Rename some remaining matrix_*_postgres_* vars back to matrix_*_database_*
Looks like there are some that I missed in 087dbe4ddc
2020-12-14 14:42:18 +02:00
Slavi Pantaleev
087dbe4ddc Rename matrix_*_postgres_* back to matrix_*_database_*
I was thinking that it makes sense to be more specific,
and using `_postgres_` also separated these variables
from the `_database_` variables that ended up in bridge configuration.

However, @jdreichmann makes a good point
(https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/740#discussion_r542281102)
that we don't need to be so specific and can allow for other engines (like MySQL) to use these variables.
2020-12-14 13:02:47 +02:00
Slavi Pantaleev
2848322461 Remove some remaining _database_password usage in favor of _postgres_pasword
The only one that remains is `matrix_synapse_database_password`, but
that's something old and should be dealt with separately in the future
(unless it remains as it is).
2020-12-14 12:19:35 +02:00
Slavi Pantaleev
6a2dd8088c Fix typo (matrix_telegram_facebook_postgres_hostname -> matrix_mautrix_telegram_postgres_hostname)
Related to 9bf8ce878e.
2020-12-14 12:13:10 +02:00
Slavi Pantaleev
05dd091133 Rename _database_hostname to _postgres_hostname
Should have been done during 2a99e84b5b, but I've missed it.

Because of this, 9bf8ce878e was also incomplete and would have caused
an error.
2020-12-14 12:11:41 +02:00
Slavi Pantaleev
2a99e84b5b Rename Postgres-related variables (matrix*database_* -> matrix*postgres_*)
`matrix_SERVICE_database_engine` remains as it is - the only one with a
`_database_` infix. Postgres-related ones move to `_postgres_`.
2020-12-14 11:19:18 +02:00
Slavi Pantaleev
c0edacbefd Fix matrix_postgres_additional_databases syntax problems 2020-12-14 11:17:12 +02:00
Slavi Pantaleev
d91aa5a060 Do not introduce sub-variables exposing implementation details 2020-12-14 10:52:07 +02:00
transcaffeine
b217a2ed69
postgres: set default in playbook to postgres but fallback to sqlite 2020-12-14 07:54:24 +01:00
Slavi Pantaleev
dd994995bc Simplify password for additional Postgres databases
Using the result of `password_hash` works for creating them,
but authentication seems to be failing with some tools like pgloader.

It's possible that we're not escaping things properly somewhere.
Ideally, it'd be nice to solve that. But the easier (and still
relatively safe/good) solution is to just turn that password hash
into a UUID that's safe for passing around without worrying about
escaping.
2020-12-14 01:22:23 +02:00
Slavi Pantaleev
a374d309c8 Make appservice-discord support both SQLite and Postgres
People can toggle between them now. The playbook also defaults
to using SQLite if an external Postgres server is used.

Ideally, we'd be able to create databases/users in external Postgres
servers as well, but our initialization logic (and `docker run` command,
etc.) hardcode too many things right now.
2020-12-14 00:52:25 +02:00
Slavi Pantaleev
46a4034d3e Use "password" for additional Postgres databases, not "pass"
Being more explicit sounds better.
2020-12-14 00:43:03 +02:00
Slavi Pantaleev
d251764c16 Fix syntax issues in matrix_postgres_additional_databases
Quotes are necessary around dictionary field names.

There was a missing `}` as well.
2020-12-13 22:37:04 +02:00
Slavi Pantaleev
0641106370 Allow username of additional Postgres databases to be different
We'll most likely use one that matches the database name, but
it's better to have it configurable.
2020-12-13 22:37:04 +02:00
transcaffeine
d9f4914e0d
WIP: postgres: create databases for all services
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
2020-12-10 18:26:22 +01:00
Slavi Pantaleev
c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev
a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Marcel Partap
b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers 2020-12-01 21:24:26 +01:00
Slavi Pantaleev
04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev
b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev
d235335507 Do not mount /matrix/ssl into matrix-coturn when matrix_ssl_retrieval_method is 'none'
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734

Similar to 12867e9f18, but for `matrix-coturn` (not
`matrix-nginx-proxy`).
2020-11-26 10:08:54 +02:00
anonym
d4ef751052
Update matrix_servers 2020-11-26 01:30:08 +01:00
anonym
732f57cbd9
Note about the max length of the postgres password 2020-11-26 01:24:43 +01:00