Commit Graph

210 Commits

Author SHA1 Message Date
Slavi Pantaleev
d3c9be2cdf
Merge pull request #37 from aaronraimist/fix-well-known-self-check
Fix well known self check
2018-11-17 10:04:14 +01:00
Aaron Raimist
5a2069fa63
Fix well known self check 2018-11-16 16:12:13 -06:00
Aaron Raimist
ddec99b899
Allow Synapse log levels to be configured (#23) 2018-11-14 13:39:52 -06:00
Slavi Pantaleev
12c4591a58 Update mxisd 2018-11-12 08:32:13 +02:00
Slavi Pantaleev
19257677c5 Update dependencies 2018-11-10 10:41:10 +02:00
Slavi Pantaleev
f88b0ca33f
Merge branch 'master' into riot-web-config-json 2018-11-03 12:00:48 +02:00
Aaron Raimist
ef2e330d22
Allow a few parts of Riot config.json to be configured (#24) 2018-11-02 20:14:03 -05:00
Aaron Raimist
ebab95c9ec
Add new variable matrix_nginx_proxy_ssl_protocols 2018-11-02 18:20:05 -05:00
Aaron Raimist
3254a4d161
Disable TLS 1.0 and enable TLS 1.3 2018-11-01 22:14:09 -05:00
Slavi Pantaleev
9e8f216b9b Upgrade Synapse (v0.33.7 -> v0.33.8) 2018-11-01 12:50:33 +02:00
Slavi Pantaleev
4c0970d31e Make postgres_start_wait_time (affecting upgrades) configurable
This also raises the default from 5 seconds to 15 seconds.
2018-11-01 10:11:08 +02:00
Slavi Pantaleev
e417ac4922 Add support for Postgres 11 2018-11-01 09:48:56 +02:00
Slavi Pantaleev
a0a4ee526e Fix bug in Postgres dump/import causing upgrades to fail
Regression since 3fd6fd647f
2018-11-01 09:48:56 +02:00
Slavi Pantaleev
009bb1b776 Add support for configuring Postgres auto-upgrade-backup path 2018-11-01 09:48:56 +02:00
Slavi Pantaleev
ac8d5a839d
Merge pull request #21 from Cadair/flags
Allow specifying which parts of the role run from playbooks
2018-11-01 08:58:42 +02:00
Slavi Pantaleev
fb5115a544 Rename playbook variables so they are consistently prefixed
Pretty much all variables live in their own `matrix_<whatever>`
prefix now and are grouped closer together in the default
variables file (`roles/matrix-server/defaults/main.yml`).
2018-11-01 08:46:47 +02:00
Aaron Raimist
1955aac4bd
Update riot-web (0.17.0 -> 0.17.3) 2018-10-31 11:47:17 -05:00
Stuart Mumford
67e2bf285d
A simple idea to allow playbooks to control which bit of the role to run 2018-10-30 20:49:39 +00:00
Slavi Pantaleev
2186031be2 Remove unnecessary code causing troubles on Debian-based systems
It should be `/bin/mkdir` and `/bin/chown` on Ubuntu 18.04 for example.
Still, it doesn't seem like we need to create and chown these
directories at all, since the playbook takes care of creating them
and setting appropriate permission by itself.
2018-10-29 20:47:56 +02:00
Stuart Mumford
8498c4c5de
comment out all the things 2018-10-28 15:16:21 +00:00
Slavi Pantaleev
cf0a5b3d2e
Merge pull request #20 from izissise/mautrix-whatsapp
Mautrix whatsapp
2018-10-26 19:39:14 +03:00
Slavi Pantaleev
95a6519876 Fix yaml syntax breakage
Regression since 67a445a74a
2018-10-25 18:15:56 +03:00
Slavi Pantaleev
67a445a74a Add support for controlling Matrix federation 2018-10-25 18:02:04 +03:00
Hugues Morisset
b3fcc641c4 Add documentation and fix templates 2018-10-24 18:23:39 +02:00
Hugues Morisset
7a94fc0e24 Add mautrix-whatsapp 2018-10-24 17:09:23 +02:00
Slavi Pantaleev
3ecb16bbef Use disable_guests=true for Riot 2018-10-24 13:59:06 +03:00
Hugues Morisset
83a17f8439 Expose mautrix-telegram public endpoint through nginx
It used to allow user to logging with their own account to the bot
see: https://github.com/tulir/mautrix-telegram/wiki/Authentication#replacing-telegram-accounts-matrix-puppet-with-matrix-account
for more informations
2018-10-21 23:20:37 +02:00
Slavi Pantaleev
c7188e06f9 Relocate some playbook task files to make it easier to navigate 2018-10-21 13:14:47 +03:00
Slavi Pantaleev
d0c2ef10e4 Add self-check command 2018-10-21 12:58:25 +03:00
anadahz
2313907faa Add missing tag to task
The setup-all should include the setup_well_known task as well
2018-10-19 15:07:31 +01:00
Slavi Pantaleev
a0320346e1 Upgrade Synapse (v0.33.7rc2 -> 0.33.7) 2018-10-18 18:15:07 +03:00
Slavi Pantaleev
9b3c882483 Update riot-web (0.16.4 -> 0.17.0) 2018-10-18 15:13:13 +03:00
Slavi Pantaleev
6cc528ba5a Upgrade Synapse (v0.33.5.1 -> v0.33.7rc2)
We skipped v0.33.6 because of matrix-org/synapse#4014,
but v0.33.7rc2 fixed the problem.
2018-10-18 14:49:21 +03:00
Slavi Pantaleev
36658addcd Work around buggy docker_network sometimes failing to work
If a network like `matrix-whatever` already exists for some reason,
the `docker_network` module would not create our `matrix` network.
Working around it by avoiding `docker_network` and doing it manually.

Fixes Github issue #12
2018-10-15 07:49:44 +03:00
Slavi Pantaleev
17ea05683b Fix yum/apt module invocation
The old way is deprecated and would stop working
after Ansible 2.11.
2018-10-12 09:00:53 +03:00
Slavi Pantaleev
a1c1ec9b7f Update dependencies 2018-10-08 08:24:20 +03:00
Slavi Pantaleev
2185177957 Remove lt-cred-mech Coturn option
Coturn reports it as an option that conflicts with `use-auth-secret`.
Some reasoning is here: fa523e8d09
2018-10-08 08:22:40 +03:00
Slavi Pantaleev
cc3e34b128 Fix to_yaml silliness 2018-10-05 10:59:02 +03:00
Slavi Pantaleev
b49f4531e8 Make user presence-status tracking configurable 2018-10-05 10:35:16 +03:00
Slavi Pantaleev
7350842d9b Pull in homeserver.yaml template updates 2018-09-27 10:43:31 +03:00
Slavi Pantaleev
242f388af3 Make Synapse cache factor configurable 2018-09-27 10:03:31 +03:00
Slavi Pantaleev
161854e6d7 Disable Docker container logging
`--log-driver=none` is used for all Docker containers now.

All these containers are started through systemd anyway and get logged in journald,
so there's no need for Docker to be logging the same thing using the default `json-file` driver.
Doing that was growing `/var/lib/docker/containers/..` infinitely until service/container restart.

As a result of this, things like `docker logs matrix-synapse` won't work anymore.
`journalctl -u matrix-synapse` is how one can see the logs.
2018-09-26 09:11:19 +03:00
Slavi Pantaleev
4fbaa02bef Update Synapse (v0.33.4 -> v0.33.5.1) 2018-09-26 08:48:30 +03:00
Slavi Pantaleev
de5f4f7a05 Update matrix-corporal dependency 2018-09-20 10:34:11 +03:00
Slavi Pantaleev
2df4349606 Fix matrix-corporal nginx configuration trouble in certain conditions
If the playbook were to run with `--tags=setup-nginx-proxy`,
it wouldn't go into `setup_corporal.yml`, which meant it wouldn't
perform a bunch of `set_fact` calls which override important
nginx proxy configuration.

We run these variable overrides on each call now (tagged with `always`)
to avoid such problems in the future.
2018-09-20 09:25:00 +03:00
Slavi Pantaleev
0d0ccde286 Add Service Discovery (/.well-known/matrix/client) support 2018-09-17 10:51:46 +03:00
Slavi Pantaleev
38e3ffa29c Rename variable (matrix_riot_web_default_identity_server_url -> matrix_identity_server_url) 2018-09-17 08:44:29 +03:00
Slavi Pantaleev
4f48508014 Rename variable (matrix_nginx_riot_web_data_path -> matrix_riot_web_data_path) 2018-09-17 08:43:31 +03:00
Slavi Pantaleev
3fed0ec594 Remove now-useless file 2018-09-17 08:18:15 +03:00
Slavi Pantaleev
2446b4845c Update matrix-corporal dependency 2018-09-15 11:50:02 +03:00
Slavi Pantaleev
8bbb6f0c60 Update dependencies 2018-09-12 20:04:54 +03:00
Slavi Pantaleev
21916c1a3c Update matrix-corporal (1.1 -> 1.1.1) 2018-09-08 11:19:39 +03:00
Slavi Pantaleev
620553e408 Update README 2018-09-07 23:35:04 +03:00
Hugues Morisset
6ef934a416 Mautrix telegram minimum config variable requirement 2018-09-07 20:03:56 +02:00
Hugues Morisset
45fb2df43f Fix some problem with permissions
Fix typo
Move mautrix variable in `defaults/main.yml` exclusively
2018-09-07 20:02:46 +02:00
Hugues Morisset
7b5f68c431 Add mautrix-telegram to bridge with telegram services 2018-09-07 20:02:46 +02:00
Slavi Pantaleev
7adcdf3040 Add the ability to control event_cache_size for Synapse
I've found the previous 10K default value to be way too low
on a bunch of servers I'm running, so it's now up to
100K and made configurable.
2018-09-07 16:15:40 +03:00
Slavi Pantaleev
b52d91e180 Add the ability to controll password-peppering for Synapse
Closes Github issue #5
2018-09-07 15:01:38 +03:00
Slavi Pantaleev
6d6a6412fa Add the ability to control statistics-reporting for Synapse
Closes Github issue #3
2018-09-07 14:49:51 +03:00
Slavi Pantaleev
88b4434da9 Fix incorrect path 2018-09-07 13:59:29 +03:00
Slavi Pantaleev
7310498f71 Update certbot 2018-09-06 18:23:16 +03:00
Slavi Pantaleev
49e0d0e6db Update dependencies 2018-09-06 18:13:06 +03:00
Slavi Pantaleev
7428b941c8 Remove old s3fs stuff
We've been using Goofys for a long time instead.
2018-08-29 10:14:48 +03:00
Slavi Pantaleev
23e4a4734b Switch from acmetool to certbot for SSL certificate retrieval 2018-08-29 09:37:44 +03:00
Slavi Pantaleev
d5346656e3 Use 0.16.1 for riot-web, as the image for 0.16.2 is still unavailable 2018-08-29 08:46:21 +03:00
Slavi Pantaleev
51ac3421b5 Update matrix-corporal (1.0.1 -> 1.1) 2018-08-24 17:13:58 +03:00
Slavi Pantaleev
314ff09846 Update dependencies 2018-08-24 10:01:25 +03:00
Slavi Pantaleev
92e6fdd279 Update dependencies 2018-08-23 08:35:38 +03:00
Slavi Pantaleev
861957b6f1 Add missing when statement 2018-08-23 08:35:30 +03:00
Slavi Pantaleev
5398d80f01 Add support for matrix-corporal 2018-08-21 13:34:34 +03:00
Slavi Pantaleev
02d5b54fa5 Add controls for influencing Matrix Synapse's rate-limiting 2018-08-20 21:25:06 +03:00
Slavi Pantaleev
14d7d3e670 Add support for matrix-synapse-shared-secret-auth 2018-08-20 17:11:55 +03:00
Slavi Pantaleev
f72882fe1a Fix user registration regression
Regression since a302a7d748,
which made the Matrix Client API only available on
the http port (8008) and not over the federation port (8448).
2018-08-17 12:23:25 +03:00
Slavi Pantaleev
b0f1a1c80f Fix nginx warning: adding already-default text/html to gzip_types 2018-08-17 10:44:34 +03:00
Slavi Pantaleev
832a4d71c1 Default to INFO logging for matrix-synapse-rest-auth, not DEBUG 2018-08-17 09:35:52 +03:00
Slavi Pantaleev
21a108262f Remove some leftover debug statements 2018-08-17 09:30:41 +03:00
Slavi Pantaleev
25becc63d5 Minor fixups for the matrix-synapse-rest-auth handling 2018-08-17 09:25:54 +03:00
Slavi Pantaleev
ea43d46b70 Add matrix-synapse-rest-auth support 2018-08-17 09:02:17 +03:00
Slavi Pantaleev
df79901f8b Improve compression support 2018-08-17 08:00:38 +03:00
Slavi Pantaleev
a302a7d748 Only run federation on 8448 and client on 80
This disables federation on the 80 port, as it's
not necessary. We also disable the old Angular webclient.

For the federation port (8448), we disable the client APIs
as those are not necessary. Those can even cause trouble
if one doesn't know about them and thinks that guarding the client
APIs at the 80 port is enough.
2018-08-17 07:55:58 +03:00
Slavi Pantaleev
74093dfb15 Add mxisd Identity Server support 2018-08-15 10:46:13 +03:00
Slavi Pantaleev
617712000e Minor wording improvements 2018-08-15 10:19:31 +03:00
Slavi Pantaleev
1c71cb110e Change SSL certificate obtaining a bit 2018-08-14 14:50:10 +03:00
Slavi Pantaleev
21da2f572b Add email-sending support 2018-08-14 14:47:44 +03:00
Slavi Pantaleev
cab54879d1 Update dependencies 2018-08-11 09:44:11 +03:00
Slavi Pantaleev
084a0a0e53 Minor consistency improvement 2018-08-08 10:47:03 +03:00
Slavi Pantaleev
700602eed3 Rename a bunch of playbook variables for better consistency 2018-08-08 09:17:18 +03:00
Slavi Pantaleev
336785d1ed Rename Ansible playbook tag (setup-main -> setup-all) 2018-08-08 09:03:37 +03:00
Slavi Pantaleev
3fd6fd647f Put all containers in their own isolated Docker network (matrix)
Moving away from using the default bridge network to using our own.
This isolates our services from other Docker containers running
on the default network on the same host.

The benefits are that:

- isolation is a little better - we no longer share a default
bridge network with any other containers that might be running on the host

- there are no longer hard dependencies - we do service discovery
by DNS name, and not via explicit `--link` usage during container start,
so containers can start out of order and fail without bringing down others
with them
(`matrix-nginx-proxy` can continue running, even if one of the other services dies)

In the future, when other services get introduced,
the increased resilience and simplicity will help as well.
2018-08-08 08:57:48 +03:00
Slavi Pantaleev
b88fe971d6 Fix matrix-nginx-proxy.service dependency on riot-web, if riot-web disabled 2018-08-07 15:39:57 +03:00
Slavi Pantaleev
cdf4eefdf9 Fix typos 2018-08-07 15:08:46 +03:00
Slavi Pantaleev
f6950612a5 Upgrade dependencies 2018-08-02 21:26:25 +03:00
Slavi Pantaleev
6cb14be162 Upgrade dependencies 2018-07-30 16:18:17 +03:00
Slavi Pantaleev
ae7e8e61c6 Update dependencies 2018-07-20 08:28:02 -04:00
Slavi Pantaleev
e4d0a68460 Update riot-web (0.15.5 -> 0.15.6) 2018-06-30 18:51:25 +03:00
Slavi Pantaleev
839b401b28 Set up Synapse configuration using a template (not line/regexp replacements)
Until now, we were starting from a fresh configuration, as generated
by Synapse and manipulating it with regex and line replacements,
until we made it work.

This is more fragile and less predictable, so we're moving to a static
configuration file generated from a Jinja template.

The upside is that configuration will be stable and predictable.

The downside of this new approach is that any manual configuration changes
after the playbook is done, will be thrown away on future playbook
invocations.

There are 2 ways to work around the need for manual configuration
changes though:
- making them part of this playbook and its default template
configuration files (which benefits everyone)
- going your own way for a given host and overriding the template files
that gets used (that is, the
`matrix_synapse_template_synapse_homeserver` or
`matrix_synapse_template_synapse_log` variables)
2018-06-26 21:05:59 +03:00
Slavi Pantaleev
add8169c33 Remove deprecated "ssl" directive from nginx configuration 2018-06-26 20:43:57 +03:00
Slavi Pantaleev
053328be08 Fix nginx failing to start on certain low-cache CPUs 2018-06-26 20:40:48 +03:00
Slavi Pantaleev
1725c3e698 Upgrade riot-web (0.15.4 -> 0.15.5) 2018-06-21 09:44:38 +03:00
Slavi Pantaleev
6335485ad3 Upgrade Synapse (0.31.1 -> 0.31.2) 2018-06-15 00:00:01 +03:00