diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c68ed63..03ce5c7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,49 @@ +# 2022-04-25 + +## buscarron bot support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [the Buscarron bot](https://gitlab.com/etke.cc/buscarron). It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room + +See our [Setting up Buscarron](docs/configuring-playbook-bot-buscarron.md) documentation to get started. + + +# 2022-04-21 + +## matrix-registration-bot support + +Thanks to [Julian-Samuel Gebühr (@moan0s)](https://github.com/moan0s), the playbook can now help you set up [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) - a bot that is used to create and manage registration tokens for a Matrix server. + +See our [Setting up matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) documentation to get started. + + +# 2022-04-19 + +## Borg backup support + +Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up [Borg](https://www.borgbackup.org/) backups with [borgmatic](https://torsion.org/borgmatic/) of your Matrix server. + +See our [Setting up borg backup](docs/configuring-playbook-backup-borg.md) documentation to get started. + + +## (Compatibility Break) Upgrading to Synapse v1.57 on setups using workers may require manual action + +If you're running a worker setup for Synapse (`matrix_synapse_workers_enabled: true`), the [Synapse v1.57 upgrade notes](https://github.com/matrix-org/synapse/blob/v1.57.0rc1/docs/upgrade.md#changes-to-database-schema-for-application-services) say that you may need to take special care when upgrading: + +> Synapse v1.57.0 includes a change to the way transaction IDs are managed for application services. If your deployment uses a dedicated worker for application service traffic, **it must be stopped** when the database is upgraded (which normally happens when the main process is upgraded), to ensure the change is made safely without any risk of reusing transaction IDs. + +If you're not running an `appservice` worker (`matrix_synapse_workers_preset: little-federation-helper` or `matrix_synapse_workers_appservice_workers_count: 0`), you are probably safe to upgrade as per normal, without taking any special care. + +If you are running a setup with an `appservice` worker, or otherwise want to be on the safe side, we recommend the following upgrade path: + +0. Pull the latest playbook changes +1. Stop all services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`) +2. Re-run the playbook (`ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`) +3. Start Postgres (`systemctl start matrix-postgres` on the server) +4. Start the main Synapse process (`systemctl start matrix-synapse` on the server) +5. Wait a while so that Synapse can start and complete the database migrations. You can use `journalctl -fu matrix-synapse` on the server to get a clue. Waiting a few minutes should also be enough. +6. It should now be safe to start all other services. `ansible-playbook -i inventory/hosts setup.yml --tags=start` will do it for you + + # 2022-04-14 ## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action diff --git a/README.md b/README.md index 631dc297..26f10940 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation +- (optional) the [Buscarron](https://gitlab.com/etke.cc/buscarron) bot - see [docs/configuring-playbook-bot-buscarron.md](docs/configuring-playbook-bot-buscarron.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a6c2a02a..c8097b60 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -2,7 +2,7 @@ As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. -To that end add the following variable to your `vars.yaml` file: +To that end add the following variable to your `vars.yml` file (see [Configuring playbook](configuring-playbook.md)): ```yaml matrix_architecture: @@ -13,7 +13,7 @@ Currently supported architectures are the following: - `arm64` - `arm32` -so for the Raspberry Pi, the following should be in your `vars.yaml` file: +so for the Raspberry Pi, the following should be in your `vars.yml` file: ```yaml matrix_architecture: "arm32" diff --git a/docs/assets/obtain_admin_access_token_element.png b/docs/assets/obtain_admin_access_token_element.png new file mode 100644 index 00000000..2204ff39 Binary files /dev/null and b/docs/assets/obtain_admin_access_token_element.png differ diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 9984fe50..9d1df5da 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -39,6 +39,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | | CNAME | `wsproxy` | - | - | - | `matrix.` | +| CNAME | `buscarron` | - | - | - | `matrix.` | ## Subdomains setup @@ -61,7 +62,11 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +<<<<<<< HEAD The `wsproxy.` subdomain may be necessary, because this playbook could install the [wsproxy](https://github.com/mautrix/wsproxy) web client. The installation of wsproxy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring wsproxy guide](configuring-playbook-bridge-mautrix-wsproxy.md). If you do not wish to set up wsproxy, feel free to skip the `wsproxy.` DNS record. +======= +The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://github.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. +>>>>>>> 7adc167412b95917ff04012ff5a01577211ef41c ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md index 70466a6e..44c970af 100644 --- a/docs/configuring-playbook-backup-borg.md +++ b/docs/configuring-playbook-backup-borg.md @@ -8,6 +8,9 @@ You will need a remote server where borg will store the backups. There are hoste The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day. +By default, if you're using the integrated Postgres database server (as opposed to [an external Postgres server](configuring-playbook-external-postgres.md)), Borg backups will also include dumps of your Postgres database. An alternative solution for backing up the Postgres database is [postgres backup](configuring-playbook-postgres-backup.md). If you decide to go with another solution, you can disable Postgres-backup support for Borg using the `matrix_backup_borg_postgresql_enabled` variable. + + ## Prerequisites 1. Create a new SSH key: @@ -51,6 +54,8 @@ where: * PASSPHRASE - passphrase used for encrypting backups, you may generate it with `pwgen -s 64 1` or use any password manager * PRIVATE KEY - the content of the **private** part of the SSH key you created before +To backup without encryption, add `matrix_backup_borg_encryption: 'none'` to your vars. This will also enable the `matrix_backup_borg_unknown_unencrypted_repo_access_is_ok` variable. + `matrix_backup_borg_location_source_directories` defines the list of directories to back up: it's set to `{{ matrix_base_data_path }}` by default, which is the base directory for every service's data, such as Synapse, Postgres and the bridges. You might want to exclude certain directories or file patterns from the backup using the `matrix_backup_borg_location_exclude_patterns` variable. Check the `roles/matrix-backup-borg/defaults/main.yml` file for the full list of available options. diff --git a/docs/configuring-playbook-bot-buscarron.md b/docs/configuring-playbook-bot-buscarron.md new file mode 100644 index 00000000..3a5822ab --- /dev/null +++ b/docs/configuring-playbook-bot-buscarron.md @@ -0,0 +1,75 @@ +# Setting up Buscarron (optional) + +The playbook can install and configure [buscarron](https://gitlab.com/etke.cc/buscarron) for you. + +It's a bot you can use to setup **your own helpdesk on matrix** +It's a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) matrix room + +## Registering the bot user + +By default, the playbook will set up the bot with a username like this: `@bot.buscarron:DOMAIN`. + +(to use a different username, adjust the `matrix_bot_buscarron_login` variable). + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.buscarron password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_buscarron_enabled: true + +# Adjust this to whatever password you chose when registering the bot user +matrix_bot_buscarron_password: PASSWORD_FOR_THE_BOT + +# Adjust accepted forms +matrix_bot_buscarron_forms: + - name: contact # (mandatory) Your form name, will be used as endpoint, eg: buscarron.DOMAIN/contact + room: "!yourRoomID:DOMAIN" # (mandatory) Room ID where form submission will be posted + redirect: https://DOMAIN # (mandatory) To what page user will be redirected after the form submission + ratelimit: 1r/m # (optional) rate limit of the form, format: r/, eg: 1r/s or 54r/m + extensions: [] # (optional) list of form extensions (not used yet) + +matrix_bot_buscarron_spam_hosts: [] # (optional) list of email domains/hosts that should be rejected automatically +matrix_bot_buscarron_spam_emails: [] # (optional) list of email addresses that should be rejected automatically +``` + +You will also need to add a DNS record so that buscarron can be accessed. +By default buscarron will use https://buscarron.DOMAIN so you will need to create an CNAME record for `buscarron`. +See [Configuring DNS](configuring-dns.md). + +If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain): + +```yaml +matrix_server_fqn_buscarron: "form.{{ matrix_domain }}" +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, invite the `@bot.buscarron:DOMAIN` to the room you specified in a config, after that any point your form to the form url, example for the `contact` form: + +```html +
+ +
+``` + +You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/buscarron). diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md new file mode 100644 index 00000000..c47d5bfd --- /dev/null +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -0,0 +1,72 @@ +# Setting up matrix-registration-bot (optional) + +The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. + +The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, +where you invite someone by sending them a registration token. They can register as normal but have to provide a valid +registration token in a final step of the registration. + +See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it +does and why it might be useful to you. + + +## Registering the bot user + +By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`. + +(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). + +You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user +``` + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +## Obtaining an admin access token + +In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the +bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account +(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom. +You can expand "Access token" to copy it. + +![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) + +**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: + +```yaml +matrix_bot_matrix_registration_bot_enabled: true +# Token obtained via logging into the bot account (see above) +matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +# Enables registration +matrix_synapse_enable_registration: true + +# Restrict registration to users with a token +matrix_synapse_registration_requires_token: true +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +In this room send `help` and the bot will reply with all options. + +You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). +If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) +or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). diff --git a/docs/configuring-playbook-postgres-backup.md b/docs/configuring-playbook-postgres-backup.md index 2d878c11..75b599c8 100644 --- a/docs/configuring-playbook-postgres-backup.md +++ b/docs/configuring-playbook-postgres-backup.md @@ -2,6 +2,9 @@ The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you. +For a more complete backup solution (one that includes not only Postgres, but also other configuration/data files), you may wish to look into [borg backup](configuring-playbook-backup-borg.md) instead. + + ## Adjusting the playbook configuration Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3d5e6c2c..16a7aeeb 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -145,12 +145,23 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) +- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) + - [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional) - [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional) - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +- [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional) + + +### Backups + +- [Setting up borg backup](configuring-playbook-backup-borg.md) - a full Matrix server backup solution, including the Postgres database (optional) + +- [Setting up postgres backup](configuring-playbook-postgres-backup.md) - a Postgres-database backup solution (note: does not include other files) (optional) + ### Other specialized services diff --git a/docs/faq.md b/docs/faq.md index d9c7a586..f2df8698 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -55,7 +55,7 @@ There are 3 ways to get into Martix, depending on your technical ability and nee - **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting. -- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. +- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://joinmatrix.org/servers/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login. - **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 50e79ce6..cf03ec1a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -458,7 +458,7 @@ matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db') | to_uuid }}" matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" -matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" ###################################################################### # @@ -533,14 +533,14 @@ matrix_mautrix_twitter_systemd_required_services_list: | (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_twitter_appservice_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}" +matrix_mautrix_twitter_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.as.token') | to_uuid }}" -matrix_mautrix_twitter_homeserver_token: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}" +matrix_mautrix_twitter_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'twt.hs.token') | to_uuid }}" matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_twitter_database_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}" -matrix_mautrix_twitter_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" +matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.twt.db') | to_uuid if matrix_postgres_enabled else '' }}" ###################################################################### # @@ -1025,6 +1025,35 @@ matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architectu # ###################################################################### + +###################################################################### +# +# matrix-bot-matrix-registration-bot +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_matrix_registration_bot_enabled: false + +matrix_bot_matrix_registration_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + +matrix_bot_matrix_registration_bot_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + + +###################################################################### +# +# /matrix-bot-matrix-registration-bot +# +###################################################################### + + ###################################################################### # # matrix-bot-honoroit @@ -1056,6 +1085,37 @@ matrix_bot_honoroit_container_image_self_build: "{{ matrix_architecture not in [ # ###################################################################### +###################################################################### +# +# matrix-bot-buscarron +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_buscarron_enabled: false + +matrix_bot_buscarron_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_bot_buscarron_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_bot_buscarron_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'buscarron.bot.db') | to_uuid }}" +matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}" + +###################################################################### +# +# /matrix-bot-buscarron +# +###################################################################### + ###################################################################### # @@ -1481,6 +1541,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_proxy_hydrogen_enabled: "{{ matrix_client_hydrogen_enabled }}" matrix_nginx_proxy_proxy_cinny_enabled: "{{ matrix_client_cinny_enabled }}" +matrix_nginx_proxy_proxy_buscarron_enabled: "{{ matrix_bot_buscarron_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" @@ -1566,6 +1627,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-client-cinny.service'] if matrix_client_cinny_enabled else []) + + (['matrix-bot-buscarron.service'] if matrix_bot_buscarron_enabled else []) + + (['matrix-client-element.service'] if matrix_client_element_enabled else []) + (['matrix-client-hydrogen.service'] if matrix_client_hydrogen_enabled else []) @@ -1597,6 +1660,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_cinny] if matrix_client_cinny_enabled else []) + + ([matrix_server_fqn_buscarron] if matrix_bot_buscarron_enabled else []) + + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) @@ -1710,6 +1775,12 @@ matrix_postgres_additional_databases: | 'password': matrix_bot_honoroit_database_password, }] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_bot_buscarron_database_name, + 'username': matrix_bot_buscarron_database_username, + 'password': matrix_bot_buscarron_database_password, + }] if (matrix_bot_buscarron_enabled and matrix_bot_buscarron_database_engine == 'postgres' and matrix_bot_buscarron_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_registration_database_name, 'username': matrix_registration_database_username, @@ -2327,9 +2398,9 @@ matrix_dendrite_container_https_host_bind_address: "{{ '' if matrix_nginx_proxy_ matrix_dendrite_sync_api_real_ip_header: "{{ 'X-Forwarded-For' if matrix_nginx_proxy_enabled else '' }}" -matrix_dendrite_registration_shared_secret: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.rss') | to_uuid }}" +matrix_dendrite_registration_shared_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.rss') | to_uuid }}" -matrix_dendrite_database_password: "{{ matrix_homeserver_generic_secret_key | password_hash('sha512', 'dendrite.db') | to_uuid }}" +matrix_dendrite_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'dendrite.db') | to_uuid }}" # Even if TURN doesn't support TLS (it does by default), # it doesn't hurt to try a secure connection anyway. diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml index 189b6042..906522c2 100644 --- a/roles/matrix-backup-borg/defaults/main.yml +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -44,12 +44,15 @@ matrix_backup_borg_location_repositories: [] # exclude following paths: matrix_backup_borg_location_exclude_patterns: [] -# borg encryption mode, only repokey-* is supported +# borg encryption mode, only "repokey-*" and "none" are supported matrix_backup_borg_encryption: repokey-blake2 # private ssh key used to connect to the borg repo matrix_backup_borg_ssh_key_private: "" +# allow unencrypted repo access +matrix_backup_borg_unknown_unencrypted_repo_access_is_ok: "{{ matrix_backup_borg_encryption == 'none' }}" + # borg ssh command with ssh key matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml index 0a90a2e8..a82fb7b8 100644 --- a/roles/matrix-backup-borg/tasks/init.yml +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -1,4 +1,4 @@ --- - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.timer'] }}" when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml index 4d3fb1c8..84b78d1e 100644 --- a/roles/matrix-backup-borg/tasks/validate_config.yml +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -7,4 +7,9 @@ with_items: - "matrix_backup_borg_ssh_key_private" - "matrix_backup_borg_location_repositories" - - "matrix_backup_borg_storage_encryption_passphrase" + +- name: Fail if encryption passphrase is undefined unless repository is unencrypted + fail: + msg: >- + You need to define a required passphrase using the `matrix_backup_borg_storage_encryption_passphrase` variable. + when: "matrix_backup_borg_storage_encryption_passphrase == '' and matrix_backup_borg_encryption != 'none'" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 index 2929db8b..210b7a65 100644 --- a/roles/matrix-backup-borg/templates/config.yaml.j2 +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -11,6 +11,7 @@ storage: ssh_command: {{ matrix_backup_borg_storage_ssh_command|to_json }} archive_name_format: {{ matrix_backup_borg_storage_archive_name_format|to_json }} encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase|to_json }} + unknown_unencrypted_repo_access_is_ok: {{ matrix_backup_borg_unknown_unencrypted_repo_access_is_ok|to_json }} retention: keep_hourly: {{ matrix_backup_borg_retention_keep_hourly|to_json }} diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index d97f4602..1654837a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -37,6 +37,9 @@ matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}" # This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default). matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}" +# This is where you access the buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default). +matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}" + # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" @@ -74,6 +77,10 @@ matrix_container_global_registry_prefix: "docker.io/" matrix_container_retries_count: 10 matrix_container_retries_delay: 10 +# Each get_url will retry on failed attempt 10 times with delay of 10 seconds between each attempt. +matrix_geturl_retries_count: 10 +matrix_geturl_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-buscarron/defaults/main.yml b/roles/matrix-bot-buscarron/defaults/main.yml new file mode 100644 index 00000000..96e8ef91 --- /dev/null +++ b/roles/matrix-bot-buscarron/defaults/main.yml @@ -0,0 +1,96 @@ +--- +# buscarron is a helpdesk bot +# See: https://gitlab.com/etke.cc/buscarron + +matrix_bot_buscarron_enabled: true + +matrix_bot_buscarron_container_image_self_build: false +matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" +matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" + +matrix_bot_buscarron_version: v1.0.0 +matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" +matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" + +matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" +matrix_bot_buscarron_config_path: "{{ matrix_bot_buscarron_base_path }}/config" +matrix_bot_buscarron_data_path: "{{ matrix_bot_buscarron_base_path }}/data" +matrix_bot_buscarron_data_store_path: "{{ matrix_bot_buscarron_data_path }}/store" + +# A list of extra arguments to pass to the container +matrix_bot_buscarron_container_extra_arguments: [] + +# List of systemd services that matrix-bot-buscarron.service depends on +matrix_bot_buscarron_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-buscarron.service wants +matrix_bot_buscarron_systemd_wanted_services_list: [] + + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_bot_buscarron_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_bot_buscarron_database_*` variables +matrix_bot_buscarron_database_engine: 'sqlite' + +matrix_bot_buscarron_sqlite_database_path_local: "{{ matrix_bot_buscarron_data_path }}/bot.db" +matrix_bot_buscarron_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_buscarron_database_username: 'buscarron' +matrix_bot_buscarron_database_password: 'some-password' +matrix_bot_buscarron_database_hostname: 'matrix-postgres' +matrix_bot_buscarron_database_port: 5432 +matrix_bot_buscarron_database_name: 'buscarron' + +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' + +matrix_bot_buscarron_storage_database: "{{ + { + 'sqlite': matrix_bot_buscarron_sqlite_database_path_in_container, + 'postgres': matrix_bot_buscarron_database_connection_string, + }[matrix_bot_buscarron_database_engine] +}}" + +matrix_bot_buscarron_database_dialect: "{{ + { + 'sqlite': 'sqlite3', + 'postgres': 'postgres', + }[matrix_bot_buscarron_database_engine] +}}" + + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_buscarron_password`. +matrix_bot_buscarron_login: "bot.buscarron" + +# The password that the bot uses to authenticate. +matrix_bot_buscarron_password: '' + +# the homeserver URL, uses internal synapse container address by default +matrix_bot_buscarron_homeserver: "{{ matrix_homeserver_container_url }}" + +# forms configuration +matrix_bot_buscarron_forms: [] + +# Sentry DSN +matrix_bot_buscarron_sentry: + +# Log level +matrix_bot_buscarron_loglevel: INFO + +# spam hosts/domains +matrix_bot_buscarron_spam_hosts: [] + +# spam email addresses +matrix_bot_buscarron_spam_emails: [] + +# Additional environment variables to pass to the buscarron container +# +# Example: +# matrix_bot_buscarron_environment_variables_extension: | +# BUSCARRON_LOGLEVEL=DEBUG +matrix_bot_buscarron_environment_variables_extension: '' diff --git a/roles/matrix-bot-buscarron/tasks/init.yml b/roles/matrix-bot-buscarron/tasks/init.yml new file mode 100644 index 00000000..3da32948 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-buscarron.service'] }}" + when: matrix_bot_buscarron_enabled|bool diff --git a/roles/matrix-bot-buscarron/tasks/main.yml b/roles/matrix-bot-buscarron/tasks/main.yml new file mode 100644 index 00000000..63e87dfb --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_buscarron_enabled|bool" + tags: + - setup-all + - setup-bot-buscarron diff --git a/roles/matrix-bot-buscarron/tasks/setup_install.yml b/roles/matrix-bot-buscarron/tasks/setup_install.yml new file mode 100644 index 00000000..0ebe7e42 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_install.yml @@ -0,0 +1,100 @@ +--- +- set_fact: + matrix_bot_buscarron_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + stat: + path: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + register: matrix_bot_buscarron_sqlite_database_path_local_stat_result + + - block: + - set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}" + dst: "{{ matrix_bot_buscarron_database_connection_string }}" + caller: "{{ role_path|basename }}" + engine_variable_name: 'matrix_bot_buscarron_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-bot-buscarron.service'] + + - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" + + - set_fact: + matrix_bot_buscarron_requires_restart: true + when: "matrix_bot_buscarron_sqlite_database_path_local_stat_result.stat.exists|bool" + when: "matrix_bot_buscarron_database_engine == 'postgres'" + +- name: Ensure buscarron paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_buscarron_config_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_data_store_path }}", when: true} + - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure buscarron environment variables file created + template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_buscarron_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure buscarron image is pulled + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_buscarron_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_buscarron_docker_image_force_pull }}" + when: "not matrix_bot_buscarron_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure buscarron repository is present on self-build + git: + repo: "{{ matrix_bot_buscarron_docker_repo }}" + dest: "{{ matrix_bot_buscarron_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_buscarron_git_pull_results + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure buscarron image is built + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + source: build + force_source: "{{ matrix_bot_buscarron_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_buscarron_docker_src_files_path }}" + pull: true + when: "matrix_bot_buscarron_container_image_self_build|bool" + +- name: Ensure matrix-bot-buscarron.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-buscarron.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + mode: 0644 + register: matrix_bot_buscarron_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service installation + service: + daemon_reload: true + when: "matrix_bot_buscarron_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-buscarron.service restarted, if necessary + service: + name: "matrix-bot-buscarron.service" + state: restarted + when: "matrix_bot_buscarron_requires_restart|bool" diff --git a/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml new file mode 100644 index 00000000..cc70e79a --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-buscarron service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + register: matrix_bot_buscarron_service_stat + +- name: Ensure matrix-buscarron is stopped + service: + name: matrix-bot-buscarron + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-buscarron.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-buscarron.service" + state: absent + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-buscarron.service removal + service: + daemon_reload: true + when: "matrix_bot_buscarron_service_stat.stat.exists|bool" + +- name: Ensure Matrix buscarron paths don't exist + file: + path: "{{ matrix_bot_buscarron_base_path }}" + state: absent + +- name: Ensure buscarron Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_buscarron_docker_image }}" + state: absent diff --git a/roles/matrix-bot-buscarron/tasks/validate_config.yml b/roles/matrix-bot-buscarron/tasks/validate_config.yml new file mode 100644 index 00000000..5a517d39 --- /dev/null +++ b/roles/matrix-bot-buscarron/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_buscarron_password" diff --git a/roles/matrix-bot-buscarron/templates/env.j2 b/roles/matrix-bot-buscarron/templates/env.j2 new file mode 100644 index 00000000..c833f27b --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/env.j2 @@ -0,0 +1,19 @@ +BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }} +BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }} +BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }} +BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }} +BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }} +BUSCARRON_SPAM_HOSTS={{ matrix_bot_buscarron_spam_hosts|join(" ") }} +BUSCARRON_SPAM_EMAILS={{ matrix_bot_buscarron_spam_emails|join(" ") }} +BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }} +BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }} +{% set forms = [] %} +{% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} +BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} +BUSCARRON_{{ form.name|upper }}_REDIRECT={{ form.redirect|default('') }} +BUSCARRON_{{ form.name|upper }}_RATELIMIT={{ form.ratelimit|default('') }} +BUSCARRON_{{ form.name|upper }}_EXTENSIONS={{ form.extensions|default('')|join(' ') }} +{% endfor %} +BUSCARRON_LIST={{ forms|join(" ") }} + +{{ matrix_bot_buscarron_environment_variables_extension }} diff --git a/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 new file mode 100644 index 00000000..fd6d0310 --- /dev/null +++ b/roles/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2 @@ -0,0 +1,39 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix web forms bot +{% for service in matrix_bot_buscarron_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_buscarron_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-buscarron \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_buscarron_config_path }}/env \ + --mount type=bind,src={{ matrix_bot_buscarron_data_path }},dst=/data \ + {% for arg in matrix_bot_buscarron_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_buscarron_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-buscarron 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-buscarron + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 90bfa269..9e7cf2b5 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.6 +matrix_bot_honoroit_version: v0.9.7 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -96,6 +96,15 @@ matrix_bot_honoroit_text_prefix_done: '' # Text: greetings matrix_bot_honoroit_text_greetings: '' +# Text: invite +matrix_bot_honoroit_text_invite: '' + +# Text: join +matrix_bot_honoroit_text_join: '' + +# Text: leave +matrix_bot_honoroit_text_leave: '' + # Text: error matrix_bot_honoroit_text_error: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index 37719d03..7f1eef5b 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -11,6 +11,9 @@ HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }} +HONOROIT_TEXT_INVITE={{ matrix_bot_honoroit_text_invite }} +HONOROIT_TEXT_JOIN={{ matrix_bot_honoroit_text_join }} +HONOROIT_TEXT_LEAVE={{ matrix_bot_honoroit_text_leave }} HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }} HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }} HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }} diff --git a/roles/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml new file mode 100644 index 00000000..40538478 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -0,0 +1,49 @@ +--- +# matrix-registration-bot creates and manages registration tokens for a matrix server +# See: https://github.com/moan0s/matrix-registration-bot + +matrix_bot_matrix_registration_bot_enabled: true +matrix_bot_matrix_registration_bot_container_image_self_build: false +matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matrix-registration-bot.git" +matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" + +matrix_bot_matrix_registration_bot_version: latest +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" + +matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" +matrix_bot_matrix_registration_bot_config_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/config" +matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/data" + +matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" +matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" + +# The access token that the bot uses to communicate in Matrix chats +# This does not necessarily need to be a privileged (admin) access token. +matrix_bot_matrix_registration_bot_bot_access_token: '' + +# The access token that the bot uses to call the Matrix API for creating registration tokens. +# This needs to be a privileged (admin) access token. +# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. +# If necessary, you can define your own other access token here, which might even be for a different Matrix user. +matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" + +matrix_bot_matrix_registration_bot_logging_level: info +matrix_bot_matrix_registration_environment_variables_extension: '' + +# A list of extra arguments to pass to the container +matrix_bot_matrix_registration_bot_container_extra_arguments: [] + +# List of systemd services that matrix-bot-matrix-registration-bot.service depends on +matrix_bot_matrix_registration_bot_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-matrix-registration-bot.service wants +matrix_bot_matrix_registration_bot_systemd_wanted_services_list: [] + +# The bot's username. This user needs to be created manually beforehand. +# Also see `matrix_bot_matrix_registration_bot_user_password`. +matrix_bot_matrix_registration_bot_matrix_user_id_localpart: "bot.matrix-registration-bot" + +matrix_bot_matrix_registration_bot_matrix_user_id: '@{{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart }}:{{ matrix_domain }}' + +matrix_bot_matrix_registration_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/init.yml b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml new file mode 100644 index 00000000..03235b80 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-registration-bot.service'] }}" + when: matrix_bot_matrix_registration_bot_enabled|bool diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml new file mode 100644 index 00000000..c90da6a8 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_matrix_registration_bot_enabled|bool" + tags: + - setup-all + - setup-bot-matrix-registration-bot diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml new file mode 100644 index 00000000..716d67bc --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +- name: Ensure matrix-registration-bot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} + - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure matrix-registration-bot configuration file created + template: + src: "{{ role_path }}/templates/config/config.yml.j2" + dest: "{{ matrix_bot_matrix_registration_bot_config_path }}/config.yml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure matrix-registration-bot image is pulled + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_matrix_registration_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_registration_bot_docker_image_force_pull }}" + when: "not matrix_bot_matrix_registration_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-registration-bot repository is present on self-build + git: + repo: "{{ matrix_bot_matrix_registration_bot_docker_repo }}" + dest: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_matrix_registration_bot_git_pull_results + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-registration-bot image is built + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + source: build + force_source: "{{ matrix_bot_matrix_registration_bot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}" + pull: true + when: "matrix_bot_matrix_registration_bot_container_image_self_build|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-matrix-registration-bot.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + mode: 0644 + register: matrix_bot_matrix_registration_bot_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service installation + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service restarted, if necessary + service: + name: "matrix-bot-matrix-registration-bot.service" + state: restarted diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml new file mode 100644 index 00000000..9881592f --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-matrix-registration-bot service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + register: matrix_bot_matrix_registration_bot_service_stat + +- name: Ensure matrix-matrix-registration-bot is stopped + service: + name: matrix-bot-matrix-registration-bot + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-matrix-registration-bot.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-matrix-registration-bot.service" + state: absent + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-matrix-registration-bot.service removal + service: + daemon_reload: true + when: "matrix_bot_matrix_registration_bot_service_stat.stat.exists|bool" + +- name: Ensure Matrix matrix-registration-bot paths don't exist + file: + path: "{{ matrix_bot_matrix_registration_bot_base_path }}" + state: absent + +- name: Ensure matrix-registration-bot Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_matrix_registration_bot_docker_image }}" + state: absent diff --git a/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml new file mode 100644 index 00000000..d5db028d --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_access_token" + - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 new file mode 100644 index 00000000..756efb01 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -0,0 +1,12 @@ +bot: + server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} + username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} + access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} +api: + # API endpoint of the registration tokens + base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} + # Access token of an administrator on the server + token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +logging: + level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} + diff --git a/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 new file mode 100644 index 00000000..e1aa8954 --- /dev/null +++ b/roles/matrix-bot-matrix-registration-bot/templates/systemd/matrix-bot-matrix-registration-bot.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix registration bot +{% for service in matrix_bot_matrix_registration_bot_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_matrix_registration_bot_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-registration-bot \ + --log-driver=none \ + --cap-drop=ALL \ + -e "CONFIG_PATH=/config/config.yml" \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --read-only \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_matrix_registration_bot_data_path }},dst=/data \ + --network={{ matrix_docker_network }} \ + {{ matrix_bot_matrix_registration_bot_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-registration-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-registration-bot 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-matrix-registration-bot + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 index 96e68967..911dd75e 100644 --- a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -9,6 +9,21 @@ homeserver: url: "{{ matrix_appservice_slack_homeserver_url }}" media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" +# Real Time Messaging API (RTM) +# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise. +# +rtm: + # Use the RTM API to listen for requests, which does not require + # the bridge to listen on the hook port. + # You should leave this enabled, unless you plan to use the + # bridge exclusively for webhooks. + # + enable: true + + # Logging level specific to RTM traffic. + # + log_level: "silent" + {% if matrix_appservice_slack_database_engine == 'nedb' %} dbdir: "/data" {% else %} diff --git a/roles/matrix-bridge-heisenbridge/defaults/main.yml b/roles/matrix-bridge-heisenbridge/defaults/main.yml index 80b3c95a..96ab3382 100644 --- a/roles/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.10.1 +matrix_heisenbridge_version: 1.12.0 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 4e95f1f9..14a2c35f 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -8,18 +8,19 @@ matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src" -matrix_mautrix_signal_version: v0.2.3 -matrix_mautrix_signal_daemon_version: 0.17.0 +matrix_mautrix_signal_version: v0.3.0 +matrix_mautrix_signal_daemon_version: 0.18.1 # See: https://mau.dev/mautrix/signal/container_registry matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_container_image_self_build: false -matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git" +matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" -matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}" -matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" +matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index c7202f05..06f77348 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -70,7 +70,7 @@ force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: Containerfile path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" pull: true when: "matrix_mautrix_signal_daemon_container_image_self_build|bool" diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index eb70d3fa..65a446e0 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -14,7 +14,7 @@ matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" -matrix_mautrix_telegram_version: v0.11.2 +matrix_mautrix_telegram_version: v0.11.3 # See: https://mau.dev/mautrix/telegram/container_registry matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6aae2015..d920be51 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.3.0 +matrix_mautrix_whatsapp_version: v0.3.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 205f3480..e4545875 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.10 +matrix_client_element_version: v1.10.11 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 7f2e629a..f3876875 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -61,7 +61,7 @@ matrix_dendrite_systemd_wanted_services_list: [] # Specifies which template files to use when configuring Dendrite. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_dendrite_template_dendrite_config: "{{ playbook_dir }}/inventory/host_vars//dendrite.yaml.j2" matrix_dendrite_template_dendrite_config: "{{ role_path }}/templates/dendrite/dendrite.yaml.j2" diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 0ee7a86a..ee184e1d 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.4.1 +matrix_grafana_version: 8.5.1 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 95a0ba53..16b9fa65 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -70,6 +70,10 @@ group: "{{ matrix_user_groupname }}" with_items: "{{ matrix_grafana_dashboard_download_urls_all }}" when: matrix_grafana_enabled|bool + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure matrix-grafana.service installed template: diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index efab8745..c4ed61a6 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -3,3 +3,8 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-jitsi-web.service', 'matrix-jitsi-prosody.service', 'matrix-jitsi-jicofo.service', 'matrix-jitsi-jvb.service'] }}" when: matrix_jitsi_enabled|bool + +- name: Fail if on an unsupported architecture + fail: + msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" + when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 819de7db..90afd937 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -159,6 +159,10 @@ matrix_nginx_proxy_proxy_hydrogen_hostname: "{{ matrix_server_fqn_hydrogen }}" matrix_nginx_proxy_proxy_cinny_enabled: false matrix_nginx_proxy_proxy_cinny_hostname: "{{ matrix_server_fqn_cinny }}" +# Controls whether proxying the buscarron domain should be done. +matrix_nginx_proxy_proxy_buscarron_enabled: false +matrix_nginx_proxy_proxy_buscarron_hostname: "{{ matrix_server_fqn_buscarron }}" + # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" @@ -225,6 +229,7 @@ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled: false # e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` # The part after `prometheus:` is needed here. matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key: "" +matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" # The addresses where the Matrix Client API is. # Certain extensions (like matrix-corporal) may override this in order to capture all traffic. @@ -279,7 +284,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_trusted_certificate: "{{ matr # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}" - +matrix_nginx_proxy_tmp_cache_directory_size_mb: "{{ (matrix_nginx_proxy_synapse_cache_max_size_mb | int) * 2 }}" # A list of strings containing additional configuration blocks to add to the nginx server configuration (nginx.conf). # for big matrixservers to enlarge the number of open files to prevent timeouts # matrix_nginx_proxy_proxy_additional_configuration_blocks: @@ -307,6 +312,9 @@ matrix_nginx_proxy_proxy_hydrogen_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Cinny's server configuration (matrix-client-cinny.conf). matrix_nginx_proxy_proxy_cinny_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to buscarron's server configuration (matrix-bot-buscarron.conf). +matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] @@ -564,6 +572,16 @@ matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] matrix_nginx_proxy_synapse_frontend_proxy_locations: [] +# synapse content caching +matrix_nginx_proxy_synapse_cache_enabled: false +matrix_nginx_proxy_synapse_cache_path: "{{ '/tmp/synapse-cache' if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path+'/synapse-cache' }}" +matrix_nginx_proxy_synapse_cache_keys_zone_name: "STATIC" +matrix_nginx_proxy_synapse_cache_keys_zone_size: "10m" +matrix_nginx_proxy_synapse_cache_inactive_time: "48h" +matrix_nginx_proxy_synapse_cache_max_size_mb: 1024 +matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time: "24h" + + # The amount of worker processes and connections # Consider increasing these when you are expecting high amounts of traffic # http://nginx.org/en/docs/ngx_core_module.html#worker_connections diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 31e5c908..8a88db94 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -12,15 +12,17 @@ # - name: Ensure Matrix nginx-proxy paths exist file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" with_items: - - "{{ matrix_nginx_proxy_base_path }}" - - "{{ matrix_nginx_proxy_data_path }}" - - "{{ matrix_nginx_proxy_confd_path }}" + - {path: "{{ matrix_nginx_proxy_base_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_data_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_confd_path }}", when: true} + - {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"} + when: item.when|bool - name: Ensure Matrix nginx-proxy configured (main config override) template: @@ -108,6 +110,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_cinny_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_buscarron_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for dimension domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" @@ -264,6 +273,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 new file mode 100644 index 00000000..0ce1473b --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2 @@ -0,0 +1,104 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header Content-Security-Policy "frame-ancestors 'none'"; + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + {% for configuration_block in matrix_nginx_proxy_proxy_buscarron_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-buscarron:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:8080; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_buscarron_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_buscarron_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 720b5086..9a1576d4 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -5,6 +5,9 @@ {% set user_dir_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'user_dir')|list %} {% set frontend_proxy_workers = matrix_nginx_proxy_synapse_workers_list|selectattr('type', 'equalto', 'frontend_proxy')|list %} {% if matrix_nginx_proxy_synapse_workers_enabled %} + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_cache_path {{ matrix_nginx_proxy_synapse_cache_path }} levels=1:2 keys_zone={{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}:{{ matrix_nginx_proxy_synapse_cache_keys_zone_size }} inactive={{ matrix_nginx_proxy_synapse_cache_inactive_time }} max_size={{ matrix_nginx_proxy_synapse_cache_max_size_mb }}m; + {% endif %} # Round Robin "upstream" pools for workers {% if generic_workers %} @@ -95,6 +98,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} @@ -150,7 +161,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} @@ -166,7 +177,7 @@ server { {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; - auth_basic_user_file /nginx-data/matrix-synapse-metrics-htpasswd; + auth_basic_user_file {{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_path }}; {% endif %} } {% endif %} @@ -227,6 +238,14 @@ server { client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; proxy_max_temp_file_size 0; + + {% if matrix_nginx_proxy_synapse_cache_enabled %} + proxy_buffering on; + proxy_cache {{ matrix_nginx_proxy_synapse_cache_keys_zone_name }}; + proxy_cache_valid any {{ matrix_nginx_proxy_synapse_cache_proxy_cache_valid_time }}; + proxy_force_ranges on; + add_header X-Cache-Status $upstream_cache_status; + {% endif %} } {% endfor %} {% endif %} diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 172a83bc..74356ea9 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \ + {% if matrix_nginx_proxy_synapse_cache_enabled %} + --tmpfs=/tmp/synapse-cache:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_cache_directory_size_mb }}m\ + {% endif %} --network={{ matrix_docker_network }} \ {% if matrix_nginx_proxy_container_http_host_bind_port %} -p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \ diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 6c3082ef..f378a10f 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -9,7 +9,7 @@ if [ $# -ne 2 ]; then fi docker run \ - -it \ + -i \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index e0fe8cf6..06989e7e 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -32,6 +32,10 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: "matrix_prometheus_scraper_synapse_rules_enabled|bool" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - name: Ensure prometheus.yml installed copy: diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9e332669..db61cb72 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.56.0 +matrix_synapse_version: v1.57.1 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -74,7 +74,7 @@ matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste # the original files into your inventory (e.g. in `inventory/host_vars//`) -# and then change the specific host's `vars.yaml` file like this: +# and then change the specific host's `vars.yml` file like this: # matrix_synapse_template_synapse_homeserver: "{{ playbook_dir }}/inventory/host_vars//homeserver.yaml.j2" matrix_synapse_template_synapse_homeserver: "{{ role_path }}/templates/synapse/homeserver.yaml.j2" matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse.log.config.j2" diff --git a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index dfc15a20..90411a34 100644 --- a/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -8,6 +8,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index 634b1ca5..13a64c58 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -13,6 +13,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_password_providers_enabled: true diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index f408e2f9..843f0370 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -18,6 +18,10 @@ mode: 0440 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" + register: result + retries: "{{ matrix_geturl_retries_count }}" + delay: "{{ matrix_geturl_retries_delay }}" + until: result is not failed - set_fact: matrix_synapse_modules: | diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index 1aaf3a81..219f1c98 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -11,17 +11,17 @@ - name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 300 + matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 1800 when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_compress_room_time: 1800 + matrix_synapse_rust_synapse_compress_state_compress_room_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided set_fact: - matrix_synapse_rust_synapse_compress_state_psql_import_time: 1800 + matrix_synapse_rust_synapse_compress_state_psql_import_time: 3600 when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''" - name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided diff --git a/setup.yml b/setup.yml index d8b01671..6609a209 100755 --- a/setup.yml +++ b/setup.yml @@ -38,6 +38,8 @@ - matrix-bridge-heisenbridge - matrix-bridge-hookshot - matrix-bot-matrix-reminder-bot + - matrix-bot-matrix-registration-bot + - matrix-bot-buscarron - matrix-bot-honoroit - matrix-bot-go-neb - matrix-bot-mjolnir