Commit Graph

305 Commits

Author SHA1 Message Date
Slavi Pantaleev
f1c9052fe5 Make it obvious that running Coturn in host-networking mode requires manual firewall changes 2023-01-26 17:59:56 +02:00
Slavi Pantaleev
aafa8f019c Allow matrix_coturn_docker_network to be set to 'host' to use host-networking
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)

On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.

If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
bb0faa6bc3 Block various private network ranges via denied_peer_ips for Coturn by default
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2023-01-26 17:35:30 +02:00
Slavi Pantaleev
9ed2e04d80 Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role 2023-01-21 11:07:04 +02:00
Slavi Pantaleev
fb60ba67f6 Announce just 2023-01-13 09:18:27 +02:00
Slavi Pantaleev
ecb5c077f6 Fix typo (too -> to) 2023-01-11 10:41:09 +02:00
Slavi Pantaleev
275a739b22 Announce maurtix-slack
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2227
2023-01-11 10:38:54 +02:00
Slavi Pantaleev
20558589cb Announce matrix-bot-chatgpt
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2386
2023-01-10 17:31:21 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Slavi Pantaleev
0d322a5c86 Announce matrix-postgres replacement and /usr/local/bin cleanup 2022-11-28 08:09:57 +02:00
Slavi Pantaleev
8456657f21 Announce install-* tags 2022-11-25 16:15:19 +02:00
Slavi Pantaleev
6f865a7e0b Announce some playbook changes 2022-11-22 09:23:18 +02:00
Slavi Pantaleev
e9e84341a9 Reverse-proxy to Synapse via matrix-synapse-reverse-proxy-companion
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090
2022-11-20 16:43:33 +02:00
Slavi Pantaleev
13b63eabf0
Merge pull request #2229 from etkecc/make-etherpad-great-again
standalone etherpad
2022-11-05 11:54:51 +02:00
Slavi Pantaleev
805b70bfa3 Announce standalone Etherpad 2022-11-05 11:47:47 +02:00
Slavi Pantaleev
7289992dba Document make roles some more
Improves:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2232
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2217#issuecomment-1304366791
2022-11-05 07:10:04 +02:00
Slavi Pantaleev
c3a7237de7 Initial work on using externally defined roles 2022-11-04 14:58:28 +02:00
Slavi Pantaleev
410a915a8a Move roles/matrix* to roles/custom/matrix*
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
2022-11-03 09:11:29 +02:00
Slavi Pantaleev
63a0e5c4f6 Add warnings to synapse-s3-storage-provider support feature 2022-10-14 17:58:47 +03:00
Slavi Pantaleev
a3759b0466 Announce Synapse customization and synapse-s3-storage-provider support 2022-10-14 17:50:48 +03:00
Slavi Pantaleev
f4804f475a Announce matrix-ldap-registration-proxy
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2038
2022-10-02 09:27:51 +03:00
Jost Alemann
b8b7974b78
fix: typo 2022-09-16 13:13:11 +02:00
Slavi Pantaleev
109e1addb8 Improve reliability when using more than 1 media_repository worker 2022-09-15 10:45:03 +03:00
Slavi Pantaleev
a1fb082618 Add support for running background tasks on a worker 2022-09-15 10:32:51 +03:00
Slavi Pantaleev
5f3f460cda Restore support for appservice and user_dir workers 2022-09-15 10:06:56 +03:00
Slavi Pantaleev
b842447047 Add support for multiple pusher workers 2022-09-15 08:32:55 +03:00
Slavi Pantaleev
ec654ca91e Add support for multiple federation sender workers 2022-09-15 08:13:08 +03:00
Slavi Pantaleev
226c550ffa Add support for stream writer Synapse workers
As stream writer workers are also powered by the `generic_worker`
Synapse app, this necessitated that we provide means for distinguishing
between them and regular `generic_workers`.

I've also taken the time to optimize nginx configuration generation
(more Jinja2 macro usage, less duplication).

Worker names have also changed.
Workers are now named sequentially like this:
- `matrix-synapse-worker-0-generic`
- `matrix-synapse-worker-1-stream-writer-typing`
- `matrix-synapse-worker-2-pusher`

instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a
port number).

People who modify `matrix_synapse_workers_enabled_list` directly will
need to adjust their configuration.
2022-09-15 08:10:04 +03:00
Slavi Pantaleev
c00a8d4099 Announce Cactus Comments support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2089
2022-09-09 14:47:53 +03:00
Slavi Pantaleev
eaf13264e6 Announce Postmoogle email bridge bot
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2043
2022-08-23 14:16:10 +03:00
Slavi Pantaleev
9ab6c99434 Update changelog
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2012
2022-08-10 14:38:35 +03:00
Slavi Pantaleev
81f4e8cffb Announce Conduit support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2002
2022-08-09 11:37:57 +03:00
Slavi Pantaleev
9d10d5543b Announce mautrix-discord support 2022-07-29 08:10:09 +03:00
Slavi Pantaleev
2e40ad7d4e Announce Kakaotalk support 2022-07-27 09:36:58 +03:00
Slavi Pantaleev
e5238bf7d5 Announce maubot
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1894
2022-07-20 12:55:18 +03:00
Slavi Pantaleev
e94ec75e1a Remove matrix-bridge-mx-puppet-skype role 2022-07-14 18:09:19 +03:00
Slavi Pantaleev
a1d0b58471 Try to do the signald (0.19.0) data migration automatically
Improvement over e4caf3fa81.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921
2022-07-14 11:50:18 +03:00
Slavi Pantaleev
e4caf3fa81 Add note about signald (0.19.0+) upgrade
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1921
2022-07-14 11:35:38 +03:00
Slavi Pantaleev
5a0e977df8 Announce ntfy role 2022-07-05 09:46:26 +03:00
nono-lqdn
5f6ad0f603 Added a note on managing the basic_auth password on external prometheus
servers
2022-06-24 17:45:52 +02:00
Slavi Pantaleev
ba51997f7b (BC Break) Redo how metrics are exposed to external Prometheus servers 2022-06-23 17:55:07 +03:00
Slavi Pantaleev
5e9e8f9e29 Announce go-skype-bridge support 2022-06-13 08:02:31 +03:00
Slavi Pantaleev
c05f47666f Announce the ability to run Ansible in a container on the Matrix server
Continuation of 959a6ac0b1
2022-06-09 14:47:04 +03:00
Slavi Pantaleev
246c43be1e Upgrade Synapse (v1.59.1 -> v1.60.0) 2022-05-31 17:24:38 +03:00
Slavi Pantaleev
2f33b330ff Announce Buscarron bot support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1782
2022-04-25 10:29:09 +03:00
Slavi Pantaleev
27ec1d8bde Fix matrix-registration-bot repository URL 2022-04-21 11:21:29 +03:00
Slavi Pantaleev
e435c55458 Announce matrix-registration-bot support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1771
2022-04-21 11:10:45 +03:00
Slavi Pantaleev
295ef29fe0 Announce borg backup support
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1727
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1754
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1755
- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/467
2022-04-19 19:29:41 +03:00
Slavi Pantaleev
f0842d7226 Document that upgrading to Synapse v1.57 may be dangerous in some instances
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1766
2022-04-19 17:29:58 +03:00
Slavi Pantaleev
2df993977a Ensure git cloning when self-building is done with the matrix user, not root
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749
2022-04-14 08:52:37 +03:00
Slavi Pantaleev
958d089b68 Do not install the ma1sd identity server by default
As mentioned in the changelog, this is a breaking change.
2022-03-17 18:00:09 +02:00
Slavi Pantaleev
fb4c6961e9 Announce matrix_encryption_disabler support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621
2022-02-12 09:38:53 +02:00
Slavi Pantaleev
00ea6bf3a4 Adjust contribution author name reference 2022-02-01 14:13:31 +02:00
Slavi Pantaleev
e6c2dd204d Update changelog and configuring-playbook.md
This announces matrix-hookshot support that got added in
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1505
2022-02-01 14:07:43 +02:00
Slavi Pantaleev
548d495d81 Update CHANGELOG 2022-01-08 09:46:24 +02:00
Slavi Pantaleev
53dbf2738c Try to improve Dendrite announcement message
This is an attempt to address this:
dc893485d1 (commitcomment-63097721)
2022-01-08 09:44:58 +02:00
Slavi Pantaleev
425a56c94e Link to Dendrite repository from changelog entry 2022-01-07 16:27:15 +02:00
Slavi Pantaleev
6cedeb094c Mention inability to migrate between homeserver implementation 2022-01-07 16:23:32 +02:00
Slavi Pantaleev
5e2f4564bb Announce Dendrite support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/818
2022-01-07 16:00:51 +02:00
Slavi Pantaleev
6beb39a062 Announce Honoroit support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1511
2022-01-07 09:53:16 +02:00
Slavi Pantaleev
1098e64d19 Announce Cinny support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1509
2022-01-06 10:53:10 +02:00
Slavi Pantaleev
e834a69e60 Announce mautrix-twitter support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1478
2021-12-22 15:53:56 +02:00
Slavi Pantaleev
a8fc4fe6ce Mention log4j vulnerability affecting mautrix-signal
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1459
and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452
2021-12-14 12:33:59 +02:00
Slavi Pantaleev
8abe1ac483 Warn people if on an old SQLite-supporting mautrix-facebook version
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1401

https://github.com/mautrix/facebook/releases/tag/v0.3.2 says that this
version re-adds SQLite support.
2021-11-15 08:28:20 +02:00
Slavi Pantaleev
b195760301 Mention dropped Postgres v9.6 support in the changelog
Related to c4d2c8394c
2021-11-11 16:04:20 +02:00
Slavi Pantaleev
c69ea4cbcd Update changelog
Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1323
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1328
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1329
2021-10-13 07:58:35 +03:00
Slavi Pantaleev
ee663e819e Announce LinkedIn Messaging bridging support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1242
2021-08-23 15:27:16 +03:00
Slavi Pantaleev
9860fb4675 Upgrade Sygnal (v0.9.0 -> v0.10.1) 2021-08-20 17:48:24 +03:00
Slavi Pantaleev
55b92d5a13 Fix another typo 2021-05-21 13:52:33 +03:00
Slavi Pantaleev
0a662dcbcd Fix typo 2021-05-21 13:52:07 +03:00
Slavi Pantaleev
c5d52d49da Announce Hydrogen support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1055
2021-05-21 13:50:49 +03:00
Slavi Pantaleev
9e98450bba Announce Heisenbridge support 2021-05-19 13:21:11 +03:00
Slavi Pantaleev
fcb9e9618a Make Coturn TLSv1/v1.1 configurable
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00
Slavi Pantaleev
6526087c14 Announce automated local Postgres backup support 2021-04-05 11:16:44 +03:00
Slavi Pantaleev
28a6f8bd57 Announce Mjolnir bot support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/962
2021-04-03 10:52:39 +03:00
Slavi Pantaleev
9a0222fa47 Add Sygnal support
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
2021-03-20 13:32:22 +02:00
Slavi Pantaleev
6cbfee539c Announce Go-NEB support 2021-03-16 07:54:26 +02:00
Marcus Proest
913e0dae42 update informational files. 2021-02-19 19:39:46 +01:00
Slavi Pantaleev
e56fcbbc0d Announce mx-puppet-groupme support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/872
2021-02-19 11:54:50 +02:00
Slavi Pantaleev
b754c2778b Announce Synapse workers support 2021-02-19 11:39:58 +02:00
Slavi Pantaleev
87ce12c3eb Add note about potential breaking change 2021-02-12 14:07:26 +02:00
Slavi Pantaleev
890e4ad1af Announce Prometheus/Grafana 2021-02-12 14:02:53 +02:00
Slavi Pantaleev
5df2f6cdd1 Update docs and changelog 2021-01-31 09:54:12 +02:00
T. Küchel
67fab21d7e
Update CHANGELOG.md
propose explicit showing single quotes around the password, since I forgot to put them there.
2021-01-24 12:31:07 +00:00
Slavi Pantaleev
acf7866442 Fix step number 2021-01-23 09:24:08 +02:00
Slavi Pantaleev
f9968b6981 Fix matrix_postgres_connection_password length check 2021-01-22 21:22:58 +02:00
Slavi Pantaleev
3647b23628 Add some warning about ; in SQL statements (take 2) 2021-01-22 20:23:35 +02:00
Slavi Pantaleev
49c0e254db Add some warning about ; in SQL statements
I got at least a few reports of people pasting these statements one by
one and missing the `;`.
2021-01-22 20:21:22 +02:00
Dan Arnfield
d95f160705 Fix typos 2021-01-22 06:48:25 -06:00
Slavi Pantaleev
89db6be568 Fix typo 2021-01-22 14:33:02 +02:00
Slavi Pantaleev
e88dcfa252 Mention Postgres backup 2021-01-22 13:58:55 +02:00
Slavi Pantaleev
95346f3117 Reorganize Postgres access (breaking change)
In short, this makes Synapse a 2nd class citizen,
preparing for a future where it's just one-of-many homeserver software
options.

We also no longer have a default Postgres superuser password,
which improves security.

The changelog explains more as to why this was done
and how to proceed from here.
2021-01-22 13:26:12 +02:00
Slavi Pantaleev
f6861e3c65 Improve wording a bit 2021-01-20 10:19:39 +02:00
Slavi Pantaleev
024a23ed17 Upgrade mautrix-facebook to the new Postgres-only version
I had intentionally held it back in 39ea3496a4
until:
- it received more testing (there were a few bugs during the
migration, but now it seems OK)
- this migration guide was written
2021-01-20 10:12:51 +02:00
Slavi Pantaleev
ef64c88dc7 Announce matrix-corporal v2 2021-01-17 18:48:21 +02:00
Slavi Pantaleev
e1690722f7 Replace cronjobs with systemd timers
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/756

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/737

I feel like timers are somewhat more complicated and dirty (compared to
cronjobs), but they come with these benefits:

- log output goes to journald
- on newer systemd distros, you can see when the timer fired, when it
will fire, etc.
- we don't need to rely on cron (reducing our dependencies to just
systemd + Docker)

Cronjobs work well, but it's one more dependency that needs to be
installed. We were even asking people to install it manually
(in `docs/prerequisites.md`), which could have gone unnoticed.

Once in a while someone says "my SSL certificates didn't renew"
and it's likely because they forgot to install a cron daemon.

Switching to systemd timers means that installation is simpler
and more unified.
2021-01-14 23:35:50 +02:00
Slavi Pantaleev
95ebff1ef1 Announce nginx SSL configuration presets 2021-01-08 21:30:13 +02:00
Agustin Ferrario
25d423e6b6 Fix errors per spantaleev suggestions
The different configurations are now all lower case, for consistent
naming.

`matrix_nginx_proxy_ssl_config` is now called
`matrix_nginx_proxy_ssl_preset`. The different options for "modern",
"intermediate" and "old" are stored in the main.yml file, instead of
being hardcoded in the configuration files. This will improve the
maintainability of the code.

The "custom" preset was removed. Now if one of the variables is set, it
will use it instead of the preset. This will allow to mix and match more
easily, for example using all the intermediate options but only
supporting TLSv1.2. This will also provide better backward
compatibility.
2021-01-08 11:32:10 +01:00
Agustin Ferrario
3cb71e7e84 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy 2021-01-03 13:18:21 +01:00
Slavi Pantaleev
23f246b0ad Mention mautrix-signal migration steps to early adopters 2021-01-03 09:19:06 +02:00