Commit Graph

717 Commits

Author SHA1 Message Date
Slavi Pantaleev
46a4034d3e Use "password" for additional Postgres databases, not "pass"
Being more explicit sounds better.
2020-12-14 00:43:03 +02:00
Slavi Pantaleev
d251764c16 Fix syntax issues in matrix_postgres_additional_databases
Quotes are necessary around dictionary field names.

There was a missing `}` as well.
2020-12-13 22:37:04 +02:00
Slavi Pantaleev
0641106370 Allow username of additional Postgres databases to be different
We'll most likely use one that matches the database name, but
it's better to have it configurable.
2020-12-13 22:37:04 +02:00
transcaffeine
d9f4914e0d
WIP: postgres: create databases for all services
If a service is enabled, a database for it is created in postgres with a uniqque password. The service can then use this database for data storage instead of relying on sqlite.
2020-12-10 18:26:22 +01:00
Slavi Pantaleev
c07c927d9f Automatically enable openid listeners when ma1sd enabled
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)

If federation is disabled, we still need to expose these openid APIs on the
federation port.

Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).

Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.

With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
2020-12-08 16:59:20 +02:00
Slavi Pantaleev
a5ae7e9ef0 Add self-building support to matrix-corporal 2020-12-04 01:48:08 +02:00
Marcel Partap
b73ac965ac Merge remote-tracking branch 'origin/master' into synapse-workers 2020-12-01 21:24:26 +01:00
Slavi Pantaleev
04da1bddf7 Update matrix-mautrix-facebook config a bit
This also disables presence if it's disabled for Synapse.
2020-12-01 11:55:18 +02:00
Slavi Pantaleev
b354155d7c Make JVB websockets reverse-proxying work 2020-11-27 17:57:15 +02:00
Slavi Pantaleev
d235335507 Do not mount /matrix/ssl into matrix-coturn when matrix_ssl_retrieval_method is 'none'
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/734

Similar to 12867e9f18, but for `matrix-coturn` (not
`matrix-nginx-proxy`).
2020-11-26 10:08:54 +02:00
anonym
d4ef751052
Update matrix_servers 2020-11-26 01:30:08 +01:00
anonym
732f57cbd9
Note about the max length of the postgres password 2020-11-26 01:24:43 +01:00
Marcel Partap
4678c5d7bd Merge remote-tracking branch 'origin/master' into synapse-workers
Also, replace vague FIXME by a proper NOTE on the complete
story of the user_dir endpoints..
2020-11-11 21:26:08 +01:00
Slavi Pantaleev
b5435db338 Fix syntax error in group_vars/matrix_servers 2020-11-11 00:22:09 +02:00
Slavi Pantaleev
4d12a6f8e9
Merge pull request #681 from scottcrossen/slc/ddclient
Dynamic DNS
2020-11-10 23:54:21 +02:00
Slavi Pantaleev
de0987e806 Remove unnecessary variable definition
Related to #681 (Github Pull Request)
2020-11-10 23:51:38 +02:00
Slavi Pantaleev
1427286cec Integrate matrix-dynamic-dns with matrix-nginx-proxy without causing a dependency
We'd like the roles to be self-contained (as much as possible).

Thus, the `matrix-nginx-proxy` shouldn't reference any variables from
other roles. Instead, we rely on injection via
`group_vars/matrix_servers`.

Related to #681 (Github Pull Request)
2020-11-10 23:49:36 +02:00
Slavi Pantaleev
73d5faa1f9 Fix variable name typo 2020-11-10 23:30:38 +02:00
Scott Crossen
59bb6b2971 responded to reviewer comments 2020-11-09 13:32:58 -08:00
Scott Crossen
e894befd87 Updates to reviewer comments 2020-11-07 17:53:13 -08:00
Slavi Pantaleev
56ebeb1ae2 Revert "Restore self-building on ARM for Synapse for now"
This reverts commit 7d211b71e2.

The multi-arch images are now available, as discussed in #699 (Github Issue).
2020-10-29 07:35:53 +02:00
Marcel Partap
cce90b187a synapse workers: fix undefined variable cases when removing workers 2020-10-28 23:09:21 +01:00
Slavi Pantaleev
9a46647010 Make https://matrix.DOMAIN/ redirect to https://element.DOMAIN/
Fixes #696 (Github Issue)
2020-10-28 10:39:12 +02:00
Marcel Partap
2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
(yes, a bit awkward and brittle… xD)
2020-10-28 07:13:19 +01:00
Slavi Pantaleev
5a7d265997 Fix Synapse Admin not working due to unexposed Synapse Admin APIs
Regression since 63a49bb2dc.

Related to #685 (Github Issue).

We now automatically expose the APIs when Synapse Admin is enabled.
2020-10-27 20:33:37 +02:00
Slavi Pantaleev
7d211b71e2 Restore self-building on ARM for Synapse for now
While v1.22.0 supposedly has multi-arch Docker images
(thanks to https://github.com/matrix-org/synapse/pull/7921),
I can't them on Docker Hub yet, so I'm backing out of this change
for now and letting people fall back to self-building there.
2020-10-27 14:32:32 +02:00
Slavi Pantaleev
70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Sabine Laszakovits
c36e1355cf cleanup 2020-10-25 20:46:57 +01:00
Sabine Laszakovits
8ebc39dea0 fixed dependencies of bridge service (not ideal, but correct) 2020-10-25 20:46:32 +01:00
Sabine Laszakovits
9b890e9ced moved some settings from role to group_vars 2020-10-25 20:45:24 +01:00
Sabine
7a54e11090 started moving settings to group_vars 2020-10-24 12:15:03 +02:00
Marcel Partap
93a8ea7e4a Merge remote-tracking branch 'master' into feature/add-worker-support 2020-10-11 20:59:05 +02:00
Slavi Pantaleev
263727095d
Merge pull request #657 from cnvandijk/feature-client-well-known
Client well known compatibility
2020-09-28 09:19:25 +03:00
Slavi Pantaleev
172bf24df7 Enable self-building of matrix-synapse-admin on non-amd64
Related to #658 (Github Issue).
2020-09-28 09:06:39 +03:00
Chris van Dijk
f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Max Klenk
9a3d84b931
Merge branch 'master' into feature/add-worker-support 2020-09-10 13:57:11 +02:00
Max Klenk
a25a429a52
add redis support 2020-09-10 13:39:00 +02:00
Slavi Pantaleev
da38a7869f Add matrix-registration support 2020-09-01 13:46:05 +03:00
Slavi Pantaleev
b117dc0cb7 Fix self-check certificate validation when not self-signed 2020-09-01 11:44:44 +03:00
Slavi Pantaleev
9952ec6c16 Upgrade Synapse (v1.18.0 -> v1.19.0) 2020-08-17 17:02:40 +03:00
Slavi Pantaleev
296bd6e211
Fix variable name typo 2020-07-22 12:04:49 +03:00
Slavi Pantaleev
b2ae669566 Add synapse-admin support
Fixes #562 (Github Issue)
2020-07-22 08:10:26 +03:00
Slavi Pantaleev
78b1ef9a5f Add support for matrix-reminder-bot 2020-07-20 14:13:08 +03:00
Slavi Pantaleev
c6ab1c6a90 Riot is now Element
Fixes #586 (Github Issue)
2020-07-17 11:31:20 +03:00
Hugues Morisset
57f498217a Add mx-puppet-steam 2020-07-01 21:01:00 +02:00
Hugues Morisset
42e7f5e9bc Add mx-puppet-discord 2020-07-01 13:31:31 +02:00
Slavi Pantaleev
9686a0fc5b Expose mx-puppet-twitter port when matrix-nginx-proxy disabled 2020-06-30 17:39:19 +03:00
Slavi Pantaleev
744667b270 Merge branch 'master' into mx-puppet-twitter 2020-06-30 17:37:19 +03:00
Slavi Pantaleev
31f9e7bbea
Merge pull request #551 from jdreichmann/feat-mx-puppet-instagram
Add mx-puppet-instagram
2020-06-30 17:33:37 +03:00
Tulir Asokan
13186a1ddc Add mx-puppet-twitter
Signed-off-by: Tulir Asokan <tulir@maunium.net>
2020-06-29 15:28:43 +03:00
Slavi Pantaleev
635f385971 Use pre-built arm64 image for ma1sd
ma1sd 2.4.0 announced experimental support for arm64.
We're making use of those arm64 images instead of self-building.
2020-06-29 14:53:23 +03:00
teutat3s
0162fe31d1
Re-enable ma1sd user directory search 2020-06-28 21:47:39 +02:00
jdreichmann
2073cd6cae
mx-puppet-instagram: change tokens appservice<>homeserver in order to not collide with mx-puppet-slack 2020-06-28 10:40:14 +02:00
Slavi Pantaleev
19b9a1b16c Expose mautrix-hangouts port if matrix-nginx-proxy is disabled 2020-06-28 09:01:48 +03:00
jdreichmann
0fea35cdd2
mx-puppet-instagram: add role 2020-06-27 15:23:21 +02:00
Slavi Pantaleev
10b3ceff72 Make Matrix federation port configurable
Fixes #523 (Github Issue).
2020-06-09 08:29:03 +03:00
Slavi Pantaleev
831c3f4e64 Fix certbot/cerbot image pulling for ARM32 and ARM64
Related to #529 (Github Issue).
2020-06-09 07:54:42 +03:00
Slavi Pantaleev
ab32f6adf6 Add self-building support to matrix-mailer (exim-relay) 2020-06-08 09:52:34 +03:00
benkuly
1ffa4a326c matrix-sms-bridge:
added docs, added seperate service for database, pr comments
2020-05-23 13:14:24 +02:00
benkuly
2d75fca257 added matrix-sms-bridge 2020-05-22 13:50:59 +02:00
Slavi Pantaleev
07ff116266 Do not send User Directory search requests to ma1sd for now
We can undo this once https://github.com/ma1uta/ma1sd/issues/44 gets
resolved.
2020-05-19 12:57:19 +03:00
Slavi Pantaleev
308fc9c60a Fix webhooks service address when matrix-nginx-proxy disabled
Fixes #494 (Github Issue).
2020-05-10 09:52:55 +03:00
Slavi Pantaleev
8cdf3a24f9 Fix variable name typo 2020-04-23 22:13:50 +03:00
Rodrigo Belem
4149e03b69 Initial mx-puppet-slack bridge role 2020-04-23 09:06:08 -04:00
Slavi Pantaleev
272888d917
Merge pull request #462 from cnvandijk/feature-dimension-unfederated
Add support for running dimension in an unfederated environment
2020-04-22 22:47:14 +03:00
Chris van Dijk
3f4bc9b881 Move config supprt for unfederated dimension into group_vars 2020-04-22 19:23:56 +02:00
Horvath Gergely
b5844d2395 shortening line based on @spantaleev 's comment 2020-04-19 13:31:36 +02:00
Horvath Gergely
bd61598faf add experimental(?) architecture support for arm32 and arm64
the changes are necessary because certbot images are tagged, so docker does not recognize the necessary architecture
2020-04-18 22:55:19 +02:00
Slavi Pantaleev
515160f0d7 Fix STUN server URL for jitsi/web (turns -> stun)
Discussed in #446 (Github Pull Request).
2020-04-09 19:09:04 +03:00
Rodrigo Belem
64de103dff Add global var to control skype image self build 2020-04-09 11:03:06 -04:00
Slavi Pantaleev
2f601a4aee
Merge pull request #446 from skoal/master
Jitsi related firewall and port changes
2020-04-09 16:14:06 +03:00
Slavi Pantaleev
e6ebfbf8cc Prevent conflict between Whatsapp and Skype bridge tokens
Fixes an error like this:

> synapse.config._base.ConfigError: Cannot reuse as_token across application services
2020-04-09 16:07:36 +03:00
skoal
0713570e2f
Update matrix_servers
turn tls port update
2020-04-09 14:40:32 +02:00
Slavi Pantaleev
7035af87d8 Add support for Jitsi discovery for Riot via /.well-known/matrix/client
This will not work yet, as no version of Riot currently supports it.
It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
2020-04-09 09:58:35 +03:00
Slavi Pantaleev
59d05ad72c
Merge pull request #441 from Jozian/skype
Initial mx-puppet-skype bridge role
2020-04-09 09:24:11 +03:00
Slavi Pantaleev
67a5ef97ba Fix missing "stun:" prefix for jitsi/web STUN server URLs
Hopefully fixes an error like this (which I haven't been able to
reproduce, but..):

> [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>:  Strophe: Error: Failed to construct 'RTCPeerConnection': 'matrix.DOMAIN' is not one of the supported URL schemes 'stun', 'turn' or 'turns'.
2020-04-09 09:16:10 +03:00
Rodrigo Belem
1107207147 Initial mx-puppet-skype bridge role 2020-04-08 19:25:21 -04:00
Slavi Pantaleev
61fffa169c Use Jitsi STUN servers instead of Google ones
These are some new defaults that we switch to, to follow upstream
changes:

- https://github.com/jitsi/docker-jitsi-meet/commit/264df04
- 3121494d4b
2020-04-08 19:08:15 +03:00
Slavi Pantaleev
845f5f007b Make Synapse use ma1sd (if enabled) for threepid registration 2020-04-03 10:08:37 +03:00
Marcel Partap
874e2e1fc0 Rename variables (s/mxisd/ma1sd/) and adapt roles 2020-04-02 11:31:38 +02:00
Slavi Pantaleev
e06ac41db1 Do not try to obtain jitsi.DOMAIN certificate if Jitsi is disabled 2020-03-24 16:21:26 +02:00
Slavi Pantaleev
d605b219a2 Manage Jitsi configuration by ourselves for most components
We do this for 2 reasons:

- so we can control things which are not controllable using environment
variables (for example `stunServers` in jitsi/web, since we don't wish
to use the hardcoded Google STUN servers if our own Coturn is enabled)

- so playbook variable changes will properly rebuild the configuration.
When using Jitsi environment variables, the configuration is only built
once (the first time) and never rebuilt again. This is not the
consistent with the rest of the playbook and with how Ansible operates.
We're not perfect at it (yet), because we still let the Jitsi containers
generate some files on their own, but we are closer and it should be
good enough for most things.

Related to #415 (Github Pull Request).
2020-03-24 09:35:21 +02:00
Slavi Pantaleev
cdd9ee1962 Add Jitsi support 2020-03-23 17:19:15 +02:00
Slavi Pantaleev
2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
Slavi Pantaleev
8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
Horvath Gergely
310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Horvath Gergely
d53d63ab07 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-03-07 13:57:44 +01:00
Slavi Pantaleev
4a06e52660 Fix matrix-appservice-slack configuration when matrix-nginx-proxy is disabled 2020-03-03 17:48:51 +02:00
Slavi Pantaleev
be6c048abe Remove useless matrix_appservice_webhooks_webhooks_port
In relation to #392 (Github Issue)
2020-03-03 12:38:26 +02:00
Horvath Gergely
a096eafb45 add possibility to install synapse on raspberry pi 2020-02-17 21:48:48 +01:00
teutates
2c4eef72c3
fix slack bridge: salt too large, sha512_crypt requires <= 16 chars 2020-02-10 02:47:26 +01:00
joao-p-marques
a0b313b3d1 fix invalid password salt on slack bridge 2020-02-06 00:25:26 +00:00
Zach Mertes
e0defd4d4c
Fix invalid password salts for slack webhooks 2020-01-24 05:06:36 -05:00
Slavi Pantaleev
2c04384e8e Synchronize config with the one from Synapse 1.9.0
Related to #355.
2020-01-23 15:47:53 +02:00
Björn Marten
50bf8c8dd7 Add matrix-appservice-webhooks role. 2020-01-13 17:20:49 +01:00
Slavi Pantaleev
bd38861179 Add support for automatic Double Puppeting for all Mautrix bridges 2020-01-12 20:28:36 +02:00
Aaron Raimist
2ea507e2ea
Don't make it Dimension specific 2019-12-09 22:23:56 -06:00
Aaron Raimist
79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev
65da600426
Merge branch 'master' into master 2019-08-21 07:34:20 +03:00
Slavi Pantaleev
c8a4d59a81
Merge pull request #251 from Munfred/master
Add mautrix-hangouts bridge role and documentation
2019-08-21 07:15:14 +03:00
Slavi Pantaleev
e4b67fdb6b
Fix typo 2019-08-20 09:07:54 +03:00
microchipster
0585889d5a add hangouts bridge by copying facebook bridge and find-replacing 2019-08-06 05:27:40 +00:00
Slavi Pantaleev
4be35822dd Add Email2Matrix support 2019-08-05 13:09:49 +03:00
kingoftheconnors
177ec295b4 Fixed matrix-appservice-slack docker command problems 2019-07-27 14:25:13 -04:00
kingoftheconnors
49766c5dac Added Slack role 2019-07-26 21:37:21 -04:00
Slavi Pantaleev
8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev
782356d421 Use password_hash salts that obey passlib requirements
According to
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html:

> salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended).
> If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z].

Until now, we were using invalid characters (like `-`). We were also
going over the requested length limit of 16 characters.

This is most likely what was causing `ValueError` exceptions for some people,
as reported in #209 (Github Issue).
Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries
to use passlib if available and falls back to Python's `crypt` module if not.
For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib.

Looks like crypt is forgiving when length or character requirements are
not obeyed. It would auto-trim a salt string to make it work, which means
that we could end up with the same hash if we call it with salts which aer only
different after their 16th character.

For these reasons (crypt autotriming and passlib downright complaining),
we're now using shorter and more diverse salts.
2019-06-26 09:37:02 +03:00
Thomas Kuehne
4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Slavi Pantaleev
174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev
deeb5a96d5 Disable IRC bridge presence if Synapse presence is disabled 2019-06-19 09:31:09 +03:00
Slavi Pantaleev
4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev
2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev
3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev
330648a3e0 Make Facebook bridge configuration playbook-managed
Related to #193, but for the Facebook bridge.
(other bridges can be changed to do the same later).

This patch makes the bridge configuration entirely managed by the
Ansible playbook. The bridge's `config.yaml` and `registration.yaml`
configuration files are regenerated every time the playbook runs.

This allows us to apply updates to those files and to avoid
people having to manage the configuration files manually on the server.

-------------------------------------------------------------

A deficiency of the current approach to dumping YAML configuration in
`config.yaml` is that we strip all comments from it.
Later on, when the bridge actually starts, it will load and redump
(this time with comments), which will make the `config.yaml` file
change.

Subsequent playbook runs will report "changed" for the
"Ensure mautrix-facebook config.yaml installed" task, which is a little
strange.

We might wish to improve this in the future, if possible.

Still, it's better to have a (usually) somewhat meaningless "changed"
task than to what we had -- never rebuilding the configuration.
2019-06-07 14:05:53 +03:00
Slavi Pantaleev
7379968a3c Fix Telegram bridge HTTP proxying when not using matrix-nginx-proxy
From what I see, this was never implemented to begin with.

Fixes #189 (Github Issue).
2019-05-26 20:50:52 +03:00
Slavi Pantaleev
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Dan Arnfield
093859d926 Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning 2019-05-21 10:39:33 -05:00