Commit Graph

1244 Commits

Author SHA1 Message Date
Marcel Partap
1e971312e8 synapse workers: handle auth fallback endpoint on main process only
(allegedly breaks with SSO enabled)
2020-11-10 21:23:19 +01:00
Marcel Partap
e5072c20d9 synapse workers/nginx: handle media_repository worker endpoints on federation port
to prevent "404 on the federation port for the path `/_matrix/media`,
if a remote server is trying to get the media object on federation
port, see https://github.com/matrix-org/synapse/issues/8695 "

https://github.com/matrix-org/synapse/pull/8701
2020-11-10 20:35:39 +01:00
Aaron Raimist
31619e0968
Upgrade Element (1.7.12 -> 1.7.13) 2020-11-10 11:27:15 -06:00
Slavi Pantaleev
235299939d Upgrade nginx (1.19.3 -> 1.19.4) 2020-11-10 09:30:00 +02:00
Scott Crossen
59bb6b2971 responded to reviewer comments 2020-11-09 13:32:58 -08:00
Scott Crossen
e894befd87 Updates to reviewer comments 2020-11-07 17:53:13 -08:00
Slavi Pantaleev
350c39d745 Update comment 2020-11-02 11:13:25 +02:00
Slavi Pantaleev
ef68d3d296 Add support for reverse-proxying /_synapse/oidc
This broke in 63a49bb2dc.

Proxying the OpenID Connect endpoints is now possible,
but needs to be enabled explicitly now.

Supersedes #702 (Github Pull Request).

This patch builds up on the idea from that Pull Request,
but does things in a cleaner way.
2020-11-02 11:10:03 +02:00
Slavi Pantaleev
5c91e56898 Upgrade Synapse (v1.22.0 -> v1.22.1) 2020-10-30 19:35:55 +02:00
Aaron Raimist
c33d007306
Switch to the new vectorim/element-web Docker image 2020-10-29 11:46:58 -05:00
Marcel Partap
cce90b187a synapse workers: fix undefined variable cases when removing workers 2020-10-28 23:09:21 +01:00
Slavi Pantaleev
c1c6eaefff Upgrade Element (1.7.10 -> 1.7.12) 2020-10-28 17:34:39 +02:00
Slavi Pantaleev
9a46647010 Make https://matrix.DOMAIN/ redirect to https://element.DOMAIN/
Fixes #696 (Github Issue)
2020-10-28 10:39:12 +02:00
Slavi Pantaleev
4700e80389 Raise standalone default Matrix Client API client_max_body_size
We do this to match Synapse's new default "max_upload_size" (50MB).

This `matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb`
default value only affects standalone usage of the `matrix-nginx-proxy`
role. When the role is used in the context of the playbook,
the value is dynamically assigned from `group_vars/matrix_servers`.

Somewhat related to #692 (Github Issue).
2020-10-28 10:02:47 +02:00
Marcel Partap
e078e29ef8 synapse workers: fix self name in workers-doc-to-yaml.awk script 2020-10-28 08:39:31 +01:00
Slavi Pantaleev
ef07aa8e5d Prevent certain nginx location blocks from being ignored
The regex introduced in 63a49bb2dc seems to take precedence
over the bare location blocks, causing a regression.

> It is important to understand that, by default, Nginx will serve regular expression matches in preference to prefix matches.
> However, it evaluates prefix locations first, allowing for the administer to override this tendency by specifying locations using the = and ^~ modifiers.

Source: https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
2020-10-28 09:38:04 +02:00
Marcel Partap
2d1b9f2dbf synapse workers: reworkings + get endpoints from upstream docs via awk
(yes, a bit awkward and brittle… xD)
2020-10-28 07:13:19 +01:00
Slavi Pantaleev
70f0b97a0a Upgrade Synapse (v1.21.2 -> v1.22.0) 2020-10-27 14:24:02 +02:00
Slavi Pantaleev
63a49bb2dc Do not expose /_synapse/admin publicly by default
Fixes #685 (Github Issue).
2020-10-26 10:36:38 +02:00
Marcel Partap
87bd64ce9e Merge remote-tracking branch 'origin/master' into synapse-workers 2020-10-23 23:45:07 +02:00
Marcel Partap
a4125d5446 synapse workers: polishing, cleansing and installation of jq dependency 2020-10-23 20:49:53 +02:00
Marcel Partap
501efee07e synapse workers: supply systemd with actual worker PIDs (requires jq)
also, worker.yaml.j2:
  - hone worker_name
  - remove worker_pid_file entry (would only be used if worker_daemonize
    set to true; also, synapse only knows about the container namespace
    and thus can not provide the required host-view PID)
2020-10-22 20:53:41 +02:00
Slavi Pantaleev
24c6d7e81f Upgrade Element (1.7.9 -> 1.7.10) 2020-10-20 19:06:16 +03:00
Scott Crossen
94dcceb7b9 removed intentional delay 2020-10-19 11:26:37 -07:00
Scott Crossen
efeb651789 Removed typo 2020-10-19 11:25:01 -07:00
Scott Crossen
e7d79a95dc removed platform-specific stuff 2020-10-19 10:46:02 -07:00
Scott Crossen
19721be8b1 removed dhcp option 2020-10-18 21:05:32 -07:00
Scott Crossen
de1511b4bb Fixed valdiation 2020-10-16 21:31:07 -07:00
Scott Crossen
806f98447c Removed directory creation 2020-10-16 21:26:58 -07:00
Scott Crossen
51cca4c312 Added containerization 2020-10-16 21:21:58 -07:00
Tobias Küchel
1cf5b1d80f e2ee_backup: rename variables to be consistent with naming scheme 2020-10-16 09:24:50 +02:00
Tobias Küchel
5158fa4df9 e2ee_backup_methods: rather leave the default empty, so that the system default may apply 2020-10-16 08:50:16 +02:00
Tobias Küchel
8f7e21892d fix indentation, updated to proposed changes from Slavi: no more ifdef 2020-10-16 08:47:37 +02:00
Tobias Küchel
4cfa112755 update default backup_methods as proposed by the system anyway 2020-10-16 08:44:04 +02:00
Tobias Küchel
6599204334 fix commata not being set when secure_backup_required false 2020-10-16 08:20:22 +02:00
Tobias Küchel
48f929dc91 add variables for secure_backup_required and secure_backup_setup_methods 2020-10-16 00:32:00 +02:00
Slavi Pantaleev
f7ecc7a2a5 Upgrade Synapse (v1.21.1 -> v1.21.2) 2020-10-15 17:42:52 +03:00
jgbresson
640166e4c3
Upgrade Element (1.7.8 -> 1.7.9) 2020-10-15 00:09:54 -04:00
Dan Arnfield
b65bfc38ce Update nginx (1.19.2 -> 1.19.3) 2020-10-14 06:23:33 -05:00
Scott Crossen
53bc7a77e1 fixed EOF issues 2020-10-13 16:47:09 -07:00
Scott Crossen
fa5d85426b Renamed systemd descriptions for all bridges 2020-10-13 16:40:30 -07:00
Scott Crossen
1f988969a5 Added role for dynamic dns 2020-10-13 16:26:57 -07:00
Slavi Pantaleev
5abd511368 Upgrade Synapse (v1.21.0 -> v1.21.1) 2020-10-13 13:08:25 +03:00
Slavi Pantaleev
d250727e8b Upgrade certbot (1.7.0 -> 1.9.0) 2020-10-13 09:44:32 +03:00
Aaron Raimist
78529cbd47
Upgrade Synapse (v1.20.1 -> v1.21.0) 2020-10-12 23:59:34 -05:00
Marcel Partap
d2e61af224 Add worker_name to synapse worker config template
& restrict federation listener; frontend_proxy / user_dir don't need it
2020-10-11 21:52:08 +02:00
Marcel Partap
36e9be6092 matrix_synapse_workers_{avail,enabled}_list: sort non-generic workers
.. alphabetically and put those not documented as multi-instance
capable on ports ending on zero.
2020-10-11 21:44:42 +02:00
Marcel Partap
e9241f5fb9 Improve synapse-workers systemd service template
Is the PID magic gonna work? or will it need an ExecStartPost hack..
2020-10-11 21:09:19 +02:00
Marcel Partap
40024e9b81 Prevent workers failing if their config doesn't exist
- cherry-pick "Ensure worker config exists in systemd service (#7528)"
  from synapse d74cdc1a42e8b487d74c214b1d0ca575429d546a:
  "check that the worker config file exists instead of silently failing."
2020-10-11 21:09:19 +02:00
Marcel Partap
93a8ea7e4a Merge remote-tracking branch 'master' into feature/add-worker-support 2020-10-11 20:59:05 +02:00
Fanch
1a9cafa3a3 add run-docker-prune command 2020-10-10 04:11:26 +02:00
Slavi Pantaleev
6a72e3fa54 Try to make importing SQLite from older Synapse version work
If the SQLite database was from an older version of Synapse, it appears
that Synapse would try to run migrations on it first, before importing.
This was failing, because the file wasn't writable.

Hopefully, this fixes the problem.
2020-10-07 08:54:46 +03:00
Slavi Pantaleev
23daec748c Require Ansible v2.7 or newer (because of items2dict and dict2items)
Interestingly, no one has reported this failure before #662 (Github
Issue).

It doesn't make sense to keep saying that we support such old Ansible
versions, when we're not even testing on anything close to those.

Time is also passing and such versions are getting more and more
ancient. It's time we bumped our requirements to something that is more
likely to work.
2020-10-02 11:53:19 +03:00
Slavi Pantaleev
07fa8404bf Upgrade matrix-corporal (1.10.1 -> 1.11.0) 2020-10-01 18:30:30 +03:00
Slavi Pantaleev
9e8c14bf65
Merge pull request #660 from clemsos/master
Element web : update welcome page template
2020-10-01 09:44:48 +03:00
Dan Arnfield
3a3383fada Add support for postgres 13 2020-09-30 16:50:59 -05:00
Slavi Pantaleev
43c5f3ec6e Do not create /home/matrix when creating the matrix user 2020-09-29 18:14:37 +03:00
Clement Renaud
ac3ba1d919 element web : update welcome page template 2020-09-29 12:33:47 +02:00
Slavi Pantaleev
7eb8192a51 Comlain about version requirement on Ansible v1
I don't believe Ansible v1 would even go as far as executing this
sanity check, but.. Adding an extra defensive check for completeness.
2020-09-29 12:37:39 +03:00
Slavi Pantaleev
3d702fe03b Avoid set_fact with error message to prevent confusion 2020-09-29 12:23:39 +03:00
Slavi Pantaleev
3818d82852 Upgrade Element (1.7.7 -> 1.7.8) 2020-09-28 22:20:36 +03:00
Slavi Pantaleev
263727095d
Merge pull request #657 from cnvandijk/feature-client-well-known
Client well known compatibility
2020-09-28 09:19:25 +03:00
Slavi Pantaleev
3e2f0a4240 Upgrade matrix-synapse-admin (0.4.1 -> 0.5.0)
Related to #658 (Github Issue).
2020-09-28 09:11:05 +03:00
Chris van Dijk
b9c8d059d0 Support both the im.vector.riot and io.element variants in client .well-known
According to the docs, "e2ee" is already under "io.element":
  https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md#disabling-encryption-by-default
however "jitsi" is still under "im.vector.riot":
  https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server

For now let's just maintain backward and forward compatibility for both
settings since the client version is out of the control of this
playbook.
2020-09-26 16:57:02 +00:00
Chris van Dijk
f6b0f0a477 Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element 2020-09-26 16:24:09 +00:00
Slavi Pantaleev
9fba46e694
Merge pull request #655 from aaronraimist/element-showLabs
Allow configuration of Element's bug_report_endpoint_url and showLabsSettings
2020-09-25 12:02:29 +03:00
Aaron Raimist
dc2def914e
Allow configuration of Element's bug_report_endpoint_url and showLabsSettings
showLabsSettings is the new enableLabs I guess. enableLabs doesn't seem to do anything anymore. It had been deprecated for a while.

This PR also removes @riot-bot:matrix.org as the default welcome_user_id since it doesn't exist anymore.
2020-09-24 18:37:31 -05:00
Slavi Pantaleev
e68450f094 Upgrade Synapse (v1.20.0 -> v1.20.1) 2020-09-24 18:43:54 +03:00
Slavi Pantaleev
329fef048f Upgrade matrix-corporal (1.10.0 -> 1.10.1) 2020-09-22 19:43:23 +03:00
Slavi Pantaleev
32ac4706cb Upgrade matrix-corporal (1.9.0 -> 1.10.0) 2020-09-22 19:28:27 +03:00
Slavi Pantaleev
dd217137b6 Upgrade Synapse (v1.19.3 -> v1.20.0) 2020-09-22 19:28:07 +03:00
Slavi Pantaleev
65e22a6888 Upgrade Synapse (v1.19.2 -> v1.19.3) 2020-09-18 17:37:04 +03:00
Slavi Pantaleev
6db3a46f88
Merge pull request #650 from dwiegreffe/master
New docker image appservice-slack
2020-09-18 14:31:39 +03:00
Daniel Wiegreffe
b3926e7cca
Update main.yml 2020-09-18 13:26:07 +02:00
Max Klenk
fc2edcbecf
fix media routing 2020-09-18 10:45:01 +02:00
Max Klenk
132daba1af
fix worker routes 2020-09-18 10:18:32 +02:00
Slavi Pantaleev
e10e3e354d Upgrade Synapse (v1.19.1 -> v1.19.2) 2020-09-16 16:35:17 +03:00
Dan Arnfield
faa96ca0c3 Update element (1.7.5 -> 1.7.7) 2020-09-15 06:15:30 -05:00
Daniel Wiegreffe
8f41041f6d replacement of the docker image for appservice-slack to the officially maintained image 2020-09-15 09:11:56 +02:00
Scott Crossen
b24333dd0f
Use the same naming convention as the other mx-puppet suite. 2020-09-14 11:11:30 -07:00
Slavi Pantaleev
6e8a39119b Update matrix-reminder-bot (0.1.0 -> 0.2.0) 2020-09-14 10:19:47 +03:00
0hlov3
c19abe4a76 Changes matrix_dimension_integrations_ui_url from /riot to /element https://dimension.t2bot.io/ 2020-09-13 04:19:19 +02:00
Max Klenk
1e68d8b2e5
allow to pass arguments to the postgres process 2020-09-11 14:29:10 +02:00
Max Klenk
880025324a
fix redis config if no password is set 2020-09-11 10:35:50 +02:00
Max Klenk
4fdfc0a34f
add missing ratelimiting options required for load testing 2020-09-11 09:46:20 +02:00
Max Klenk
9a3d84b931
Merge branch 'master' into feature/add-worker-support 2020-09-10 13:57:11 +02:00
Max Klenk
a25a429a52
add redis support 2020-09-10 13:39:00 +02:00
Slavi Pantaleev
5bb2c43502 Add support for enabling Jitsi lobby
Related to #643 (Github Issue)
2020-09-10 09:08:45 +03:00
Slavi Pantaleev
2a1ec38e3a Stop using Ansible's cron module
This is mainly to address SSL renewal not working for us due to:
- https://github.com/ansible/ansible/issues/71213
- https://github.com/ansible/ansible/pull/71207

Using the cron module was hacky anyway. We shouldn't need an extra
level of buggy abstraction to manage a cronjob file.
2020-09-06 10:49:19 +03:00
Slavi Pantaleev
bed16fd065 Upgrade Element (1.7.4 -> 1.7.5) 2020-09-01 20:51:51 +03:00
Slavi Pantaleev
6def66940f Fix broken cover photo for matrix-registration 2020-09-01 18:17:04 +03:00
Slavi Pantaleev
da38a7869f Add matrix-registration support 2020-09-01 13:46:05 +03:00
Slavi Pantaleev
a456e3a9e7 Surface certain messages at the end of playbook execution
Fixes #106 (Github Issue).
2020-09-01 13:12:35 +03:00
Slavi Pantaleev
e3dca2f66f Try to avoid Docker logs growing too much for one-off containers
We recently had a report of the Postgres backup container's log file
growing the size of /var/lib/docker until it ran out of disk space.

Trying to prevent similar problems in the future.
2020-09-01 09:03:48 +03:00
Max Klenk
06bc430c7c
refactor to use new workers and routes they serve 2020-08-28 13:53:39 +02:00
Max Klenk
53ccc783b7
remove duplicated key 2020-08-27 15:26:46 +02:00
Max Klenk
59d1fb76b6
only apply worker redirects if workers are enabled 2020-08-27 15:25:32 +02:00
Max Klenk
567d0318b0
Merge branch 'synapse-workers' into feature/add-worker-support 2020-08-27 15:22:12 +02:00
Slavi Pantaleev
3c285bc6f5 Install lsb-release on Debian distros if unavailable
Certain more-minimal Debian installations may not have
lsb-release installed, which makes the playbook fail.

We need lsb-release on Debian, so that ansible_lsb
could tell us if this is Debian or Raspbian.
2020-08-27 13:58:35 +03:00
Slavi Pantaleev
6e9600ffec Upgrade Synapse (v1.19.0 -> v1.19.1) 2020-08-27 12:59:11 +03:00