Slavi Pantaleev
d3c9be2cdf
Merge pull request #37 from aaronraimist/fix-well-known-self-check
...
Fix well known self check
2018-11-17 10:04:14 +01:00
Aaron Raimist
5a2069fa63
Fix well known self check
2018-11-16 16:12:13 -06:00
Aaron Raimist
ddec99b899
Allow Synapse log levels to be configured ( #23 )
2018-11-14 13:39:52 -06:00
Slavi Pantaleev
12c4591a58
Update mxisd
2018-11-12 08:32:13 +02:00
Slavi Pantaleev
19257677c5
Update dependencies
2018-11-10 10:41:10 +02:00
Slavi Pantaleev
f88b0ca33f
Merge branch 'master' into riot-web-config-json
2018-11-03 12:00:48 +02:00
Aaron Raimist
ef2e330d22
Allow a few parts of Riot config.json to be configured ( #24 )
2018-11-02 20:14:03 -05:00
Aaron Raimist
ebab95c9ec
Add new variable matrix_nginx_proxy_ssl_protocols
2018-11-02 18:20:05 -05:00
Aaron Raimist
3254a4d161
Disable TLS 1.0 and enable TLS 1.3
2018-11-01 22:14:09 -05:00
Slavi Pantaleev
9e8f216b9b
Upgrade Synapse (v0.33.7 -> v0.33.8)
2018-11-01 12:50:33 +02:00
Slavi Pantaleev
4c0970d31e
Make postgres_start_wait_time (affecting upgrades) configurable
...
This also raises the default from 5 seconds to 15 seconds.
2018-11-01 10:11:08 +02:00
Slavi Pantaleev
e417ac4922
Add support for Postgres 11
2018-11-01 09:48:56 +02:00
Slavi Pantaleev
a0a4ee526e
Fix bug in Postgres dump/import causing upgrades to fail
...
Regression since 3fd6fd647f
2018-11-01 09:48:56 +02:00
Slavi Pantaleev
009bb1b776
Add support for configuring Postgres auto-upgrade-backup path
2018-11-01 09:48:56 +02:00
Slavi Pantaleev
ac8d5a839d
Merge pull request #21 from Cadair/flags
...
Allow specifying which parts of the role run from playbooks
2018-11-01 08:58:42 +02:00
Slavi Pantaleev
fb5115a544
Rename playbook variables so they are consistently prefixed
...
Pretty much all variables live in their own `matrix_<whatever>`
prefix now and are grouped closer together in the default
variables file (`roles/matrix-server/defaults/main.yml`).
2018-11-01 08:46:47 +02:00
Aaron Raimist
1955aac4bd
Update riot-web (0.17.0 -> 0.17.3)
2018-10-31 11:47:17 -05:00
Stuart Mumford
67e2bf285d
A simple idea to allow playbooks to control which bit of the role to run
2018-10-30 20:49:39 +00:00
Slavi Pantaleev
2186031be2
Remove unnecessary code causing troubles on Debian-based systems
...
It should be `/bin/mkdir` and `/bin/chown` on Ubuntu 18.04 for example.
Still, it doesn't seem like we need to create and chown these
directories at all, since the playbook takes care of creating them
and setting appropriate permission by itself.
2018-10-29 20:47:56 +02:00
Stuart Mumford
8498c4c5de
comment out all the things
2018-10-28 15:16:21 +00:00
Slavi Pantaleev
cf0a5b3d2e
Merge pull request #20 from izissise/mautrix-whatsapp
...
Mautrix whatsapp
2018-10-26 19:39:14 +03:00
Slavi Pantaleev
95a6519876
Fix yaml syntax breakage
...
Regression since 67a445a74a
2018-10-25 18:15:56 +03:00
Slavi Pantaleev
67a445a74a
Add support for controlling Matrix federation
2018-10-25 18:02:04 +03:00
Hugues Morisset
b3fcc641c4
Add documentation and fix templates
2018-10-24 18:23:39 +02:00
Hugues Morisset
7a94fc0e24
Add mautrix-whatsapp
2018-10-24 17:09:23 +02:00
Slavi Pantaleev
3ecb16bbef
Use disable_guests=true for Riot
2018-10-24 13:59:06 +03:00
Hugues Morisset
83a17f8439
Expose mautrix-telegram public endpoint through nginx
...
It used to allow user to logging with their own account to the bot
see: https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account
for more informations
2018-10-21 23:20:37 +02:00
Slavi Pantaleev
c7188e06f9
Relocate some playbook task files to make it easier to navigate
2018-10-21 13:14:47 +03:00
Slavi Pantaleev
d0c2ef10e4
Add self-check command
2018-10-21 12:58:25 +03:00
anadahz
2313907faa
Add missing tag to task
...
The setup-all should include the setup_well_known task as well
2018-10-19 15:07:31 +01:00
Slavi Pantaleev
a0320346e1
Upgrade Synapse (v0.33.7rc2 -> 0.33.7)
2018-10-18 18:15:07 +03:00
Slavi Pantaleev
9b3c882483
Update riot-web (0.16.4 -> 0.17.0)
2018-10-18 15:13:13 +03:00
Slavi Pantaleev
6cc528ba5a
Upgrade Synapse (v0.33.5.1 -> v0.33.7rc2)
...
We skipped v0.33.6 because of matrix-org/synapse#4014 ,
but v0.33.7rc2 fixed the problem.
2018-10-18 14:49:21 +03:00
Slavi Pantaleev
36658addcd
Work around buggy docker_network sometimes failing to work
...
If a network like `matrix-whatever` already exists for some reason,
the `docker_network` module would not create our `matrix` network.
Working around it by avoiding `docker_network` and doing it manually.
Fixes Github issue #12
2018-10-15 07:49:44 +03:00
Slavi Pantaleev
17ea05683b
Fix yum/apt module invocation
...
The old way is deprecated and would stop working
after Ansible 2.11.
2018-10-12 09:00:53 +03:00
Slavi Pantaleev
a1c1ec9b7f
Update dependencies
2018-10-08 08:24:20 +03:00
Slavi Pantaleev
2185177957
Remove lt-cred-mech
Coturn option
...
Coturn reports it as an option that conflicts with `use-auth-secret`.
Some reasoning is here: fa523e8d09
2018-10-08 08:22:40 +03:00
Slavi Pantaleev
cc3e34b128
Fix to_yaml silliness
2018-10-05 10:59:02 +03:00
Slavi Pantaleev
b49f4531e8
Make user presence-status tracking configurable
2018-10-05 10:35:16 +03:00
Slavi Pantaleev
7350842d9b
Pull in homeserver.yaml template updates
2018-09-27 10:43:31 +03:00
Slavi Pantaleev
242f388af3
Make Synapse cache factor configurable
2018-09-27 10:03:31 +03:00
Slavi Pantaleev
161854e6d7
Disable Docker container logging
...
`--log-driver=none` is used for all Docker containers now.
All these containers are started through systemd anyway and get logged in journald,
so there's no need for Docker to be logging the same thing using the default `json-file` driver.
Doing that was growing `/var/lib/docker/containers/..` infinitely until service/container restart.
As a result of this, things like `docker logs matrix-synapse` won't work anymore.
`journalctl -u matrix-synapse` is how one can see the logs.
2018-09-26 09:11:19 +03:00
Slavi Pantaleev
4fbaa02bef
Update Synapse (v0.33.4 -> v0.33.5.1)
2018-09-26 08:48:30 +03:00
Slavi Pantaleev
de5f4f7a05
Update matrix-corporal dependency
2018-09-20 10:34:11 +03:00
Slavi Pantaleev
2df4349606
Fix matrix-corporal nginx configuration trouble in certain conditions
...
If the playbook were to run with `--tags=setup-nginx-proxy`,
it wouldn't go into `setup_corporal.yml`, which meant it wouldn't
perform a bunch of `set_fact` calls which override important
nginx proxy configuration.
We run these variable overrides on each call now (tagged with `always`)
to avoid such problems in the future.
2018-09-20 09:25:00 +03:00
Slavi Pantaleev
0d0ccde286
Add Service Discovery (/.well-known/matrix/client) support
2018-09-17 10:51:46 +03:00
Slavi Pantaleev
38e3ffa29c
Rename variable (matrix_riot_web_default_identity_server_url -> matrix_identity_server_url)
2018-09-17 08:44:29 +03:00
Slavi Pantaleev
4f48508014
Rename variable (matrix_nginx_riot_web_data_path -> matrix_riot_web_data_path)
2018-09-17 08:43:31 +03:00
Slavi Pantaleev
3fed0ec594
Remove now-useless file
2018-09-17 08:18:15 +03:00
Slavi Pantaleev
2446b4845c
Update matrix-corporal dependency
2018-09-15 11:50:02 +03:00
Slavi Pantaleev
8bbb6f0c60
Update dependencies
2018-09-12 20:04:54 +03:00
Slavi Pantaleev
21916c1a3c
Update matrix-corporal (1.1 -> 1.1.1)
2018-09-08 11:19:39 +03:00
Slavi Pantaleev
620553e408
Update README
2018-09-07 23:35:04 +03:00
Hugues Morisset
6ef934a416
Mautrix telegram minimum config variable requirement
2018-09-07 20:03:56 +02:00
Hugues Morisset
45fb2df43f
Fix some problem with permissions
...
Fix typo
Move mautrix variable in `defaults/main.yml` exclusively
2018-09-07 20:02:46 +02:00
Hugues Morisset
7b5f68c431
Add mautrix-telegram to bridge with telegram services
2018-09-07 20:02:46 +02:00
Slavi Pantaleev
7adcdf3040
Add the ability to control event_cache_size for Synapse
...
I've found the previous 10K default value to be way too low
on a bunch of servers I'm running, so it's now up to
100K and made configurable.
2018-09-07 16:15:40 +03:00
Slavi Pantaleev
b52d91e180
Add the ability to controll password-peppering for Synapse
...
Closes Github issue #5
2018-09-07 15:01:38 +03:00
Slavi Pantaleev
6d6a6412fa
Add the ability to control statistics-reporting for Synapse
...
Closes Github issue #3
2018-09-07 14:49:51 +03:00
Slavi Pantaleev
88b4434da9
Fix incorrect path
2018-09-07 13:59:29 +03:00
Slavi Pantaleev
7310498f71
Update certbot
2018-09-06 18:23:16 +03:00
Slavi Pantaleev
49e0d0e6db
Update dependencies
2018-09-06 18:13:06 +03:00
Slavi Pantaleev
7428b941c8
Remove old s3fs stuff
...
We've been using Goofys for a long time instead.
2018-08-29 10:14:48 +03:00
Slavi Pantaleev
23e4a4734b
Switch from acmetool to certbot for SSL certificate retrieval
2018-08-29 09:37:44 +03:00
Slavi Pantaleev
d5346656e3
Use 0.16.1 for riot-web, as the image for 0.16.2 is still unavailable
2018-08-29 08:46:21 +03:00
Slavi Pantaleev
51ac3421b5
Update matrix-corporal (1.0.1 -> 1.1)
2018-08-24 17:13:58 +03:00
Slavi Pantaleev
314ff09846
Update dependencies
2018-08-24 10:01:25 +03:00
Slavi Pantaleev
92e6fdd279
Update dependencies
2018-08-23 08:35:38 +03:00
Slavi Pantaleev
861957b6f1
Add missing when statement
2018-08-23 08:35:30 +03:00
Slavi Pantaleev
5398d80f01
Add support for matrix-corporal
2018-08-21 13:34:34 +03:00
Slavi Pantaleev
02d5b54fa5
Add controls for influencing Matrix Synapse's rate-limiting
2018-08-20 21:25:06 +03:00
Slavi Pantaleev
14d7d3e670
Add support for matrix-synapse-shared-secret-auth
2018-08-20 17:11:55 +03:00
Slavi Pantaleev
f72882fe1a
Fix user registration regression
...
Regression since a302a7d748
,
which made the Matrix Client API only available on
the http port (8008) and not over the federation port (8448).
2018-08-17 12:23:25 +03:00
Slavi Pantaleev
b0f1a1c80f
Fix nginx warning: adding already-default text/html to gzip_types
2018-08-17 10:44:34 +03:00
Slavi Pantaleev
832a4d71c1
Default to INFO logging for matrix-synapse-rest-auth, not DEBUG
2018-08-17 09:35:52 +03:00
Slavi Pantaleev
21a108262f
Remove some leftover debug statements
2018-08-17 09:30:41 +03:00
Slavi Pantaleev
25becc63d5
Minor fixups for the matrix-synapse-rest-auth handling
2018-08-17 09:25:54 +03:00
Slavi Pantaleev
ea43d46b70
Add matrix-synapse-rest-auth support
2018-08-17 09:02:17 +03:00
Slavi Pantaleev
df79901f8b
Improve compression support
2018-08-17 08:00:38 +03:00
Slavi Pantaleev
a302a7d748
Only run federation on 8448 and client on 80
...
This disables federation on the 80 port, as it's
not necessary. We also disable the old Angular webclient.
For the federation port (8448), we disable the client APIs
as those are not necessary. Those can even cause trouble
if one doesn't know about them and thinks that guarding the client
APIs at the 80 port is enough.
2018-08-17 07:55:58 +03:00
Slavi Pantaleev
74093dfb15
Add mxisd Identity Server support
2018-08-15 10:46:13 +03:00
Slavi Pantaleev
617712000e
Minor wording improvements
2018-08-15 10:19:31 +03:00
Slavi Pantaleev
1c71cb110e
Change SSL certificate obtaining a bit
2018-08-14 14:50:10 +03:00
Slavi Pantaleev
21da2f572b
Add email-sending support
2018-08-14 14:47:44 +03:00
Slavi Pantaleev
cab54879d1
Update dependencies
2018-08-11 09:44:11 +03:00
Slavi Pantaleev
084a0a0e53
Minor consistency improvement
2018-08-08 10:47:03 +03:00
Slavi Pantaleev
700602eed3
Rename a bunch of playbook variables for better consistency
2018-08-08 09:17:18 +03:00
Slavi Pantaleev
336785d1ed
Rename Ansible playbook tag (setup-main -> setup-all)
2018-08-08 09:03:37 +03:00
Slavi Pantaleev
3fd6fd647f
Put all containers in their own isolated Docker network (matrix)
...
Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.
The benefits are that:
- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host
- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)
In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
2018-08-08 08:57:48 +03:00
Slavi Pantaleev
b88fe971d6
Fix matrix-nginx-proxy.service dependency on riot-web, if riot-web disabled
2018-08-07 15:39:57 +03:00
Slavi Pantaleev
cdf4eefdf9
Fix typos
2018-08-07 15:08:46 +03:00
Slavi Pantaleev
f6950612a5
Upgrade dependencies
2018-08-02 21:26:25 +03:00
Slavi Pantaleev
6cb14be162
Upgrade dependencies
2018-07-30 16:18:17 +03:00
Slavi Pantaleev
ae7e8e61c6
Update dependencies
2018-07-20 08:28:02 -04:00
Slavi Pantaleev
e4d0a68460
Update riot-web (0.15.5 -> 0.15.6)
2018-06-30 18:51:25 +03:00
Slavi Pantaleev
839b401b28
Set up Synapse configuration using a template (not line/regexp replacements)
...
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.
This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.
The upside is that configuration will be stable and predictable.
The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.
There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00
Slavi Pantaleev
add8169c33
Remove deprecated "ssl" directive from nginx configuration
2018-06-26 20:43:57 +03:00
Slavi Pantaleev
053328be08
Fix nginx failing to start on certain low-cache CPUs
2018-06-26 20:40:48 +03:00
Slavi Pantaleev
1725c3e698
Upgrade riot-web (0.15.4 -> 0.15.5)
2018-06-21 09:44:38 +03:00
Slavi Pantaleev
6335485ad3
Upgrade Synapse (0.31.1 -> 0.31.2)
2018-06-15 00:00:01 +03:00