diff --git a/README.md b/README.md index 0e6bc51b..631dc297 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation +- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md deleted file mode 100644 index 3819a0d3..00000000 --- a/docs/configuring-awx-system.md +++ /dev/null @@ -1,39 +0,0 @@ -# Configuring AWX System (optional) - -An AWX setup for managing multiple Matrix servers. - -This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers. - -Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context. - -The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server. - -This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). - -Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.** - -## Other Required Playbooks - -The following repositories allow you to copy and use this setup: - -[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you. - -[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers. - -[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server. - -[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental. - - -## Does I need an AWX setup to use this? How do I configure it? - -Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). - -For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md). - - -## Does I need a front-end WordPress site? And a DigitalOcean account? - -You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context. - -You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers. diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md new file mode 100644 index 00000000..7ca962c8 --- /dev/null +++ b/docs/configuring-playbook-backup-borg.md @@ -0,0 +1,56 @@ +# Setting up borg backup (optional) + +The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you. +BorgBackup is a deduplicating backup program with optional compression and encryption. +That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day + +## Prerequisites + +1. Create ssh key on any machine: + +```bash +ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix +``` + +2. Add public part of that ssh key to your borg provider / server: + +```bash +# example to append the new PUBKEY contents, where: +# PUBKEY is path to the public key, +# USER is a ssh user on a provider / server +# HOST is a ssh host of a provider / server +cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' +``` + +## Adjusting the playbook configuration + +Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup: + +```yaml +matrix_backup_borg_enabled: true +matrix_backup_borg_location_repositories: + - USER@HOST:REPO +matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" +matrix_backup_borg_ssh_key_private: | + PRIVATE KEY +``` + +where: + +* USER - ssh user of a provider / server +* HOST - ssh host of a provider / server +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the public part of the ssh key you created before + +Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 0df0036b..38e13a8a 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,10 +16,29 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +### URLs for bridges setup + +Unless indicated otherwise, the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). + +| listener | default path | variable | used as | +|---|---|---|---| +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | +| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | +| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | +| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | +| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | +| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | + +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). + +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. + ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 0ac6c103..924de8ca 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -49,4 +49,19 @@ If you want to use the relay-bot feature ([relay bot documentation](https://docs ```yaml matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '*': relaybot ``` + +You might also want to give permissions to administrate the bot: +```yaml +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '@user:DOMAIN': admin +``` + +More details about permissions in this example: +https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410 diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 892bffb2..f178def2 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you" By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.`. +The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically. + ## What does it do? diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..9cb5bf2a 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-dimension` - `matrix-ma1sd` - `matrix-mailer` +- `matrix-bridge-hookshot` - `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-slack` - `matrix-bridge-appservice-webhooks` @@ -33,6 +34,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-skype` +- `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d5300801..53223aaa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -45,27 +45,6 @@ matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if m ###################################################################### -###################################################################### -# -# matrix-awx -# -###################################################################### - -# We don't enable AWX support by default. -matrix_awx_enabled: false - -matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}" -matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}" -matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}" -matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}" - -###################################################################### -# -# /matrix-awx -# -###################################################################### - - ###################################################################### # # matrix-bridge-appservice-discord @@ -709,6 +688,8 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" + matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" @@ -733,9 +714,9 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" -matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" -matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}" ###################################################################### # @@ -946,7 +927,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -1131,6 +1112,27 @@ matrix_bot_mjolnir_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-backup-borg +# +###################################################################### + +matrix_backup_borg_enabled: false +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" +matrix_backup_borg_location_exclude_patterns: | + {{ + { + 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], + }[matrix_homeserver_implementation] + }} + +###################################################################### +# +# /matrix-backup-borg +# +###################################################################### ###################################################################### # @@ -1633,15 +1635,11 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_naffka_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_appservice_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_federationsender_database, + 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ @@ -1656,20 +1654,16 @@ matrix_postgres_additional_databases: | 'name': matrix_dendrite_room_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - },{ - 'name': matrix_dendrite_singingkeyserver_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, },{ 'name': matrix_dendrite_syncapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_account_database, + 'name': matrix_dendrite_userapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_device_database, + 'name': matrix_dendrite_pushserver_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml deleted file mode 100755 index cb847325..00000000 --- a/roles/matrix-awx/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -matrix_awx_enabled: true - -# Defaults for 'Customise Website + Access Export' template -awx_sftp_auth_method: 'Disabled' -awx_sftp_password: '' -awx_sftp_public_key: '' diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py deleted file mode 100644 index 94779ca7..00000000 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ /dev/null @@ -1,29 +0,0 @@ - -import sys -import requests -import json - -janitor_token = sys.argv[1] -synapse_container_ip = sys.argv[2] -synapse_container_port = sys.argv[3] - -# collect total amount of rooms - -rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms' -rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} -rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) -rooms_raw_python = json.loads(rooms_raw.text) -total_rooms = rooms_raw_python["total_rooms"] - -# build complete room list file - -room_list_file = open("/tmp/room_list_complete.json", "w") - -for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i) - rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) - room_list_file.write(rooms_inc.text) - -room_list_file.close() - -print(total_rooms) diff --git a/roles/matrix-awx/surveys/access_export.json.j2 b/roles/matrix-awx/surveys/access_export.json.j2 deleted file mode 100644 index d5e1f945..00000000 --- a/roles/matrix-awx/surveys/access_export.json.j2 +++ /dev/null @@ -1,42 +0,0 @@ -{ - "name": "Access Export", - "description": "Access the services export.", - "spec": [ - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 deleted file mode 100644 index 559daade..00000000 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Backup Server", - "description": "Performs a backup of the entire service to a remote location.", - "spec": [ - { - "question_name": "Enable Backup", - "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_backup_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_backup_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 b/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 deleted file mode 100644 index 85b00a5f..00000000 --- a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 +++ /dev/null @@ -1,66 +0,0 @@ -{ - "name": "Bridge Discord Appservice", - "description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "spec": [ - { - "question_name": "Enable Discord AppService Bridge", - "question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_appservice_discord_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_appservice_discord_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Discord OAuth2 Client ID", - "question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 128, - "default": "{{ matrix_appservice_discord_client_id | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_client_id", - "type": "text" - }, - { - "question_name": "Discord Bot Token", - "question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 256, - "default": "{{ matrix_appservice_discord_bot_token | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_bot_token", - "type": "password" - }, - { - "question_name": "Auto-Admin Matrix User", - "question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.", - "required": false, - "min": 0, - "max": 1024, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_user", - "type": "text" - }, - { - "question_name": "Auto-Admin Rooms", - "question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.", - "required": false, - "min": 0, - "max": 4096, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_rooms", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_corporal.json.j2 b/roles/matrix-awx/surveys/configure_corporal.json.j2 deleted file mode 100755 index dc8cd4fd..00000000 --- a/roles/matrix-awx/surveys/configure_corporal.json.j2 +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "Configure Matrix Corporal", - "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", - "spec": [ - { - "question_name": "Enable Corporal", - "question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_corporal_enabled|string|lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_corporal_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Corporal Policy Provider", - "question_description": "Controls what provider policy is used with Matrix Corporal.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_corporal_policy_provider_mode }}", - "choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)", - "new_question": true, - "variable": "awx_corporal_policy_provider_mode", - "type": "multiplechoice" - }, - { - "question_name": "Simple Static File Configuration", - "question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.", - "required": false, - "min": 0, - "max": 65536, - "default": "", - "new_question": true, - "variable": "awx_corporal_simple_static_config", - "type": "textarea" - }, - { - "question_name": "HTTP Pull Mode URI", - "question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.", - "required": false, - "min": 0, - "max": 4096, - "default": "{{ awx_corporal_pull_mode_uri }}", - "new_question": true, - "variable": "awx_corporal_pull_mode_uri", - "type": "text" - }, - { - "question_name": "HTTP Pull Mode Authentication Token", - "question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ awx_corporal_pull_mode_token }}", - "choices": "", - "new_question": true, - "variable": "awx_corporal_pull_mode_token", - "type": "password" - }, - { - "question_name": "Corporal API Authentication Token", - "question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_corporal_http_api_auth_token }}", - "choices": "", - "new_question": true, - "variable": "matrix_corporal_http_api_auth_token", - "type": "password" - }, - { - "question_name": "Raise Synapse Ratelimits", - "question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_corporal_raise_ratelimits }}", - "choices": "Normal\nRaised", - "new_question": true, - "variable": "awx_corporal_raise_ratelimits", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 deleted file mode 100644 index 5f79cfd0..00000000 --- a/roles/matrix-awx/surveys/configure_dimension.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Configure Dimension", - "description": "Configure Dimension, the self-hosted integrations server.", - "spec": [ - { - "question_name": "Enable Dimension", - "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_dimension_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_dimension_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Dimension Users", - "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_dimension_users_final | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_dimension_users", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 deleted file mode 100755 index b4021732..00000000 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ /dev/null @@ -1,114 +0,0 @@ -{ - "name": "Configure Element", - "description": "Configure Element web client, Element is the most developed Matrix client software.", - "spec": [ - { - "question_name": "Enable Element-Web", - "question_description": "Set if Element web client is enabled or not.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_client_element_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Theme for Web Client", - "question_description": "Sets the default theme for the web client, can be changed later by individual users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_default_theme }}", - "choices": "light\ndark", - "new_question": true, - "variable": "matrix_client_element_default_theme", - "type": "multiplechoice" - }, - { - "question_name": "Set Branding for Web Client", - "question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_client_element_brand | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_brand", - "type": "text" - }, - { - "question_name": "Set Welcome Page Background", - "question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_branding_welcomeBackgroundUrl", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo", - "question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo URL", - "question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo_link | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo_link", - "type": "text" - }, - { - "question_name": "Set Welcome Page Headline", - "question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'", - "required": false, - "min": 0, - "max": 512, - "default": "{{ awx_matrix_client_element_welcome_headline | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_headline", - "type": "text" - }, - { - "question_name": "Set Welcome Page Text", - "question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_matrix_client_element_welcome_text | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_text", - "type": "text" - }, - { - "question_name": "Show Registration Button", - "question_description": "If you show the registration button on the welcome page.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_registration_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_registration_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 b/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 deleted file mode 100644 index 8e6aaf28..00000000 --- a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Element Subdomain", - "description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)", - "spec": [ - { - "question_name": "Set Element Subdomain", - "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_element_subdomain }}", - "choices": "", - "new_question": true, - "variable": "awx_element_subdomain", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 deleted file mode 100644 index 65c21a94..00000000 --- a/roles/matrix-awx/surveys/configure_email_relay.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Configure Email Relay", - "description": "Enable MailGun relay to increase verification email reliability.", - "spec": [ - { - "question_name": "Enable Email Relay", - "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_mailer_relay_use | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_mailer_relay_use", - "type": "multiplechoice" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 deleted file mode 100755 index 9cb3044d..00000000 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "Configure Jitsi", - "description": "Configure Jitsi conferencing settings.", - "spec": [ - { - "question_name": "Enable Jitsi", - "question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_jitsi_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_jitsi_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Default Language", - "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes", - "required": false, - "min": 0, - "max": 2, - "default": "{{ matrix_jitsi_web_config_defaultLanguage }}", - "choices": "", - "new_question": true, - "variable": "matrix_jitsi_web_config_defaultLanguage", - "type": "text" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 deleted file mode 100644 index 055e817c..00000000 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ /dev/null @@ -1,41 +0,0 @@ -{ - "name": "Configure ma1sd", - "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", - "spec": [ - { - "question_name": "Enable ma1sd", - "question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_ma1sd_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_ma1sd_enabled", - "type": "multiplechoice" - }, - { - "question_name": "ma1sd Authentication Mode", - "question_description": "Set the source of user account authentication credentials with the ma1sd.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_matrix_ma1sd_auth_store }}", - "choices": "Synapse Internal\nLDAP/AD", - "new_question": true, - "variable": "awx_matrix_ma1sd_auth_store", - "type": "multiplechoice" - }, - { - "question_name": "LDAP/AD Configuration", - "question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }}, - "new_question": true, - "variable": "awx_matrix_ma1sd_configuration_extension_yaml", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 deleted file mode 100644 index 5e1d78f4..00000000 --- a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "name": "Configure Mjolnir", - "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.", - "spec": [ - { - "question_name": "Enable Mjolnir", - "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_bot_mjolnir_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Mjolnir Management Room", - "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_management_room }}", - "new_question": true, - "variable": "matrix_bot_mjolnir_management_room", - "type": "text" - } - ] -} \ No newline at end of file diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 deleted file mode 100755 index 7a4e711d..00000000 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ /dev/null @@ -1,198 +0,0 @@ -{ - "name": "Configure Synapse", - "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", - "spec": [ - { - "question_name": "Enable Public Registration", - "question_description": "Controls whether people with access to the homeserver can register by themselves.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_registration | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_registration", - "type": "multiplechoice" - }, - { - "question_name": "Enable Federation", - "question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_federation_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_federation_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Allow Public Rooms Over Federation", - "question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_public_rooms_over_federation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Community Creation", - "question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_group_creation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Synapse Presence", - "question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_presence_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_presence_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable URL Previews", - "question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_url_preview_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable Guest Access", - "question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_guest_access", - "type": "multiplechoice" - }, - { - "question_name": "Registration Requires Email", - "question_description": "Controls whether an email address is required to register on the server.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_registrations_require_3pid | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_registrations_require_3pid", - "type": "multiplechoice" - }, - { - "question_name": "Registration Shared Secret", - "question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_matrix_synapse_registration_shared_secret", - "type": "password" - }, - { - "question_name": "Synapse Max Upload Size", - "question_description": "Sets the maximum size for uploaded files in MB.", - "required": false, - "min": 0, - "max": 3, - "default": "{{ matrix_synapse_max_upload_size_mb }}", - "choices": "", - "new_question": true, - "variable": "awx_synapse_max_upload_size_mb", - "type": "text" - }, - { - "question_name": "URL Preview Languages", - "question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_url_preview_accept_language_default | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_url_preview_accept_language", - "type": "textarea" - }, - { - "question_name": "Federation Whitelist", - "question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_federation_whitelist | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_federation_whitelist", - "type": "textarea" - }, - { - "question_name": "Synapse Auto-Join Rooms", - "question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_synapse_auto_join_rooms | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_synapse_auto_join_rooms", - "type": "textarea" - }, - { - "question_name": "Enable ReCaptcha on Registration", - "question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_enable_registration_captcha | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_enable_registration_captcha", - "type": "multiplechoice" - }, - { - "question_name": "Recaptcha Public Key", - "question_description": "Sets the Google ReCaptcha public key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_public_key", - "type": "text" - }, - { - "question_name": "Recaptcha Private Key", - "question_description": "Sets the Google ReCaptcha private key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_private_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_private_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 deleted file mode 100644 index 8845b83a..00000000 --- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Synapse Admin", - "description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.", - "spec": [ - { - "question_name": "Enable Synapse Admin", - "question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_admin_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_admin_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 b/roles/matrix-awx/surveys/configure_website_access_export.json.j2 deleted file mode 100755 index d35fb839..00000000 --- a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Configure Website Access Backup", - "description": "Configure base domain website settings and access the services backup.", - "spec": [ - { - "question_name": "Customise Base Domain Website", - "question_description": "Set if you want to adjust the base domain website using SFTP.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_customise_base_domain_website | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_customise_base_domain_website", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml deleted file mode 100644 index 553eb1b9..00000000 --- a/roles/matrix-awx/tasks/backup_server.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- - -- name: Record Backup Server variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings Start' - with_dict: - 'awx_backup_enabled': '{{ awx_backup_enabled }}' - tags: use-survey - -- name: Save new 'Backup Server' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/backup_server.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - tags: use-survey - -- name: Copy new 'Backup Server' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - dest: '/matrix/awx/backup_server.json' - mode: '0660' - tags: use-survey - -- name: Recreate 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Backup Server" - description: "Performs a backup of the entire service to a remote location." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "backup-server,use-survey" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - tags: use-survey - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - tags: use-survey - -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - borgmatic -c /root/.config/borgmatic/config_1.yaml - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - register: _create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - when: awx_backup_enabled|bool - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: _jobs - until: _jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ _create_instances.results }}" - when: awx_backup_enabled|bool - -- name: Perform borg backup of postgres dump - command: borgmatic -c /root/.config/borgmatic/config_2.yaml - when: awx_backup_enabled|bool - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml deleted file mode 100644 index 3c124db3..00000000 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- - -- name: Record Bridge Discord AppService variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Bridge Discord AppService Start' - with_dict: - 'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}' - 'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}' - 'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}' - -- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list - set_fact: - awx_appservice_discord_admin_rooms_array: |- - {{ awx_appservice_discord_admin_rooms.splitlines() | to_json }} - when: awx_appservice_discord_admin_rooms | trim | length > 0 - -- name: Promote user to administer (PL100) of each room - command: | - docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100' - with_indexed_items: - - "{{ awx_appservice_discord_admin_rooms_array }}" - when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined ) - -- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json' - -- name: Copy new 'Bridge Discord Appservice' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' - mode: '0660' - -- name: Recreate 'Bridge Discord Appservice' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 3 - Bridge Discord AppService" - description: "Enables a private bridge you can use to connect Matrix rooms to Discord." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,bridge-discord-appservice" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml deleted file mode 100644 index ca41880a..00000000 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Collect current datetime - set_fact: - awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" - -- name: Create cached matrix_vars.yml file location - set_fact: - awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' - -- name: Create cached matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml deleted file mode 100644 index 7d984b3d..00000000 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Create a AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: present - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_master_token }}" - register: awx_session_token - no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml deleted file mode 100755 index 7d203ed0..00000000 --- a/roles/matrix-awx/tasks/create_user.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# -# Create user and define if they are admin -# -# /usr/local/bin/matrix-synapse-register-user -# - -- name: Set admin bool to zero - set_fact: - awx_admin_bool: 0 - when: awx_admin_access == 'false' - -- name: Examine if server admin set - set_fact: - awx_admin_bool: 1 - when: awx_admin_access == 'true' - -- name: Create user account - command: | - /usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }} - register: awx_cmd_output - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: Result - debug: msg="{{ awx_cmd_output.stdout }}" - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml deleted file mode 100755 index 80d6d795..00000000 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ /dev/null @@ -1,267 +0,0 @@ ---- - -- name: Enable index.html creation if user doesn't wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' - when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool - -- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' - when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"' - 'awx_sftp_password': '"{{ awx_sftp_password }}"' - 'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"' - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}' - when: awx_customise_base_domain_website is defined - -- name: Reload vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - when: awx_customise_base_domain_website is defined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is defined - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - when: awx_customise_base_domain_website is undefined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is undefined - -- name: Recreate 'Configure Website + Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" - description: "Configure base domain website settings and access the servers export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is defined - -- name: Recreate 'Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Access Export" - description: "Access the services export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is undefined - -- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: '*' - update_password: always - when: awx_sftp_password|length == 0 - -- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: "{{ awx_sftp_password | password_hash('sha512') }}" - update_password: always - when: awx_sftp_password|length > 0 - -- name: Ensure group "sftp" exists - group: - name: sftp - state: present - -- name: adding existing user 'sftp' to group matrix - user: - name: sftp - groups: sftp - append: true - when: awx_customise_base_domain_website is defined - -- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) - file: - path: /chroot - state: directory - owner: root - group: root - mode: '1755' - -- name: Ensure /chroot/website location exists. - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Ensure /chroot/export location exists - file: - path: /chroot/export - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/.ssh location exists - file: - path: /home/sftp/.ssh - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/authorized_keys exists - file: - path: /home/sftp/.ssh/authorized_keys - state: touch - owner: sftp - group: sftp - mode: '0644' - -- name: Clear authorized_keys file - shell: echo "" > /home/sftp/.ssh/authorized_keys - -- name: Insert public SSH key into authorized_keys file - lineinfile: - path: /home/sftp/.ssh/authorized_keys - line: "{{ awx_sftp_public_key }}" - owner: sftp - group: sftp - mode: '0644' - when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - -- name: Remove any existing Subsystem lines - lineinfile: - path: /etc/ssh/sshd_config - state: absent - regexp: '^Subsystem' - -- name: Set SSH Subsystem State - lineinfile: - path: /etc/ssh/sshd_config - insertafter: "^# override default of no subsystems" - line: "Subsystem sftp internal-sftp" - -- name: Add SSH Match User section for disabled auth - blockinfile: - path: /etc/ssh/sshd_config - state: absent - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "Disabled" - -- name: Add SSH Match User section for password auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - when: awx_sftp_auth_method == "Password" - -- name: Add SSH Match User section for publickey auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "SSH Key" - -- name: Restart service ssh.service - service: - name: ssh.service - state: restarted diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml deleted file mode 100644 index a6a52e48..00000000 --- a/roles/matrix-awx/tasks/delete_session_token.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml deleted file mode 100644 index a2b97e79..00000000 --- a/roles/matrix-awx/tasks/export_server.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 - register: awx_create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: awx_jobs - until: awx_jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ awx_create_instances.results }}" - -- name: Schedule deletion of the export in 24 hours - at: - command: rm /chroot/export/matrix* - count: 1 - units: days - unique: true - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml deleted file mode 100644 index b2154c7a..00000000 --- a/roles/matrix-awx/tasks/import_awx.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Ensure correct ownership of /matrix/awx - shell: chown -R matrix:matrix /matrix/awx - -- name: Ensure correct ownership of /matrix/synapse - shell: chown -R matrix:matrix /matrix/synapse diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml deleted file mode 100644 index 6e8bb899..00000000 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include vars in organisation.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: true - -- name: Include vars in hosting_vars.yml - include_vars: - file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: true - -- name: Include AWX master token from awx_tokens.yml - include_vars: - file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml deleted file mode 100755 index 7a76f34b..00000000 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include new vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: If include_vars succeeds overwrite the old matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml deleted file mode 100755 index 93128713..00000000 --- a/roles/matrix-awx/tasks/main.yml +++ /dev/null @@ -1,234 +0,0 @@ ---- -# Load initial hosting and organisation variables from AWX volume -- include_tasks: - file: "load_hosting_and_org_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Renames or updates the vars.yml if needed -- include_tasks: - file: "update_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Create AWX session token -- include_tasks: - file: "create_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Perform a backup of the server -- include_tasks: - file: "backup_server.yml" - apply: - tags: backup-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - backup-server - -# Perform a export of the server -- include_tasks: - file: "export_server.yml" - apply: - tags: export-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - export-server - -# Create a user account if called -- include_tasks: - file: "create_user.yml" - apply: - tags: create-user - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - create-user - -# Purge local/remote media if called -- include_tasks: - file: "purge_media_main.yml" - apply: - tags: purge-media - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-media - -# Purge Synapse database if called -- include_tasks: - file: "purge_database_main.yml" - apply: - tags: purge-database - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-database - -# Rotate SSH key if called -- include_tasks: - file: "rotate_ssh.yml" - apply: - tags: rotate-ssh - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - rotate-ssh - -# Import configs, media repo from /chroot/backup import -- include_tasks: - file: "import_awx.yml" - apply: - tags: import-awx - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - import-awx - -# Perform extra self-check functions -- include_tasks: - file: "self_check.yml" - apply: - tags: self-check - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - self-check - -# Create cached matrix_vars.yml file -- include_tasks: - file: "cache_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Configure SFTP so user can upload a static website or access the servers export -- include_tasks: - file: "customise_website_access_export.yml" - apply: - tags: setup-nginx-proxy - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-nginx-proxy - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element.yml" - apply: - tags: setup-client-element - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element - -# Additional playbook to set the variable file during Mailer configuration -- include_tasks: - file: "set_variables_mailer.yml" - apply: - tags: setup-mailer - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-mailer - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element_subdomain.yml" - apply: - tags: setup-client-element-subdomain - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element-subdomain - -# Additional playbook to set the variable file during Synapse configuration -- include_tasks: - file: "set_variables_synapse.yml" - apply: - tags: setup-synapse - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse - -# Additional playbook to set the variable file during Jitsi configuration -- include_tasks: - file: "set_variables_jitsi.yml" - apply: - tags: setup-jitsi - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-jitsi - -# Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: - file: "set_variables_ma1sd.yml" - apply: - tags: setup-ma1sd - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-ma1sd - -# Additional playbook to set the variable file during Mjolnir Bot configuration -- include_tasks: - file: "set_variables_mjolnir.yml" - apply: - tags: setup-bot-mjolnir - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-bot-mjolnir - -# Additional playbook to set the variable file during Corporal configuration -- include_tasks: - file: "set_variables_corporal.yml" - apply: - tags: setup-corporal - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-corporal - -# Additional playbook to set the variable file during Dimension configuration -- include_tasks: - file: "set_variables_dimension.yml" - apply: - tags: setup-dimension - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-dimension - -# Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: - file: "set_variables_synapse_admin.yml" - apply: - tags: setup-synapse-admin - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse-admin - -# Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: - file: "bridge_discord_appservice.yml" - apply: - tags: bridge-discord-appservice - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - bridge-discord-appservice - -# Delete AWX session token -- include_tasks: - file: "delete_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Load newly formed matrix variables from AWX volume -- include_tasks: - file: "load_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml deleted file mode 100644 index 586bc17c..00000000 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N events - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml deleted file mode 100644 index 9882f195..00000000 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ /dev/null @@ -1,320 +0,0 @@ ---- - -- name: Ensure dateutils and curl is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect before shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_before_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_janitors_token - no_log: true - -- name: Copy build_room_list.py script to target machine - copy: - src: ./roles/matrix-awx/scripts/matrix_build_room_list.py - dest: /usr/local/bin/matrix_build_room_list.py - owner: matrix - group: matrix - mode: '0755' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Run build_room_list.py script - shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }} - register: awx_rooms_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Fetch complete room list from target machine - fetch: - src: /tmp/room_list_complete.json - dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Remove complete room list from target machine - file: - path: /tmp/room_list_complete.json - state: absent - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Generate list of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Count number of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }' - register: awx_rooms_no_local_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Setting host fact awx_room_list_no_local_users - set_fact: - awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Purge all rooms with no local users - include_tasks: purge_database_no_local.yml - loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Collect epoche time from date - delegate_to: 127.0.0.1 - shell: | - date -d '{{ awx_purge_date }}' +"%s" - when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_purge_epoche_time - -- name: Generate list of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Count number of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }' - register: awx_rooms_join_members_total - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Setting host fact awx_room_list_joined_members - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N users - include_tasks: purge_database_users.yml - loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Generate list of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Count number of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }' - register: awx_rooms_state_events_total - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Setting host fact awx_room_list_state_events - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N events - include_tasks: purge_database_events.yml - loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "rust-synapse-compress-state" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Execute rust-synapse-compress-state job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Ensure matrix-synapse is stopped - service: - name: matrix-synapse - state: stopped - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Re-index Synapse database - shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse' - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Ensure matrix-synapse is started - service: - name: matrix-synapse - state: started - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "run-postgres-vacuum,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Execute run-postgres-vacuum job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Cleanup room_list files - delegate_to: 127.0.0.1 - shell: | - rm /tmp/{{ subscription_id }}_room_list* - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: true - -- name: Collect after shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_after_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Print total number of rooms processed - debug: - msg: '{{ awx_rooms_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with no local users - debug: - msg: '{{ awx_rooms_no_local_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with more then N users - debug: - msg: '{{ awx_rooms_join_members_total.stdout }}' - when: awx_purge_mode.find("Number of users") != -1 - -- name: Print the number of rooms purged with more then N events - debug: - msg: '{{ awx_rooms_state_events_total.stdout }}' - when: awx_purge_mode.find("Number of events") != -1 - -- name: Print before purge size of Synapse database - debug: - msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}" - when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 ) - -- name: Print after purge size of Synapse database - debug: - msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}" - when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml deleted file mode 100644 index e464f56d..00000000 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with no local users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml deleted file mode 100644 index d315a9ef..00000000 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml deleted file mode 100644 index 7ef79eca..00000000 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge local media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml deleted file mode 100644 index bd7e7d1c..00000000 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- - -- name: Ensure dateutils is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - register: awx_janitors_token - no_log: true - -- name: Generate list of dates to purge to - delegate_to: 127.0.0.1 - shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}" - register: awx_purge_dates - -- name: Calculate initial size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_before - when: awx_purge_media_type == "Local Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate initial size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_before - when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Purge local media with loop - include_tasks: purge_media_local.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Local Media" - -- name: Purge remote media with loop - include_tasks: purge_media_remote.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Remote Media" - -- name: Calculate final size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_after - when: awx_purge_media_type == "Local Media" - ignore_errors: true - no_log: true - -- name: Calculate final size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_after - when: awx_purge_media_type == "Remote Media" - ignore_errors: true - no_log: true - -- name: Print size of local media repository before purge - debug: - msg: "{{ awx_local_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of local media repository after purge - debug: - msg: "{{ awx_local_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of remote media repository before purge - debug: - msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Print size of remote media repository after purge - debug: - msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml deleted file mode 100644 index 5bb71918..00000000 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge remote media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml deleted file mode 100644 index bd59cbc1..00000000 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Set the new authorized key taken from file - authorized_key: - user: root - state: present - exclusive: true - key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml deleted file mode 100644 index 68e833a4..00000000 --- a/roles/matrix-awx/tasks/self_check.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- - -- name: Install prerequisite apt packages on target - apt: - name: - - sysstat - - curl - state: present - -- name: Install prerequisite yum packages on AWX - delegate_to: 127.0.0.1 - yum: - name: - - bind-utils - state: present - -- name: Install prerequisite pip packages on AWX - delegate_to: 127.0.0.1 - pip: - name: - - dnspython - state: present - -- name: Calculate MAU value - shell: | - curl -s localhost:9000 | grep "^synapse_admin_mau_current " - register: awx_mau_stat - no_log: true - -- name: Calculate CPU usage statistics - shell: iostat -c - register: awx_cpu_usage_stat - no_log: true - -- name: Calculate RAM usage statistics - shell: free -mh - register: awx_ram_usage_stat - no_log: true - -- name: Calculate free disk space - shell: df -h - register: awx_disk_space_stat - no_log: true - -- name: Calculate size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_stat - no_log: true - -- name: Calculate size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate docker container statistics - shell: docker stats --all --no-stream - register: awx_docker_stats - ignore_errors: true - no_log: true - -- name: Print size of remote media repository - debug: - msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" - when: awx_remote_media_size_stat is defined - -- name: Print size of local media repository - debug: - msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" - when: awx_local_media_size_stat is defined - -- name: Print size of Synapse database - debug: - msg: "{{ awx_db_size_stat.stdout.split('\n') }}" - when: awx_db_size_stat is defined - -- name: Print free disk space - debug: - msg: "{{ awx_disk_space_stat.stdout.split('\n') }}" - when: awx_disk_space_stat is defined - -- name: Print RAM usage statistics - debug: - msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}" - when: awx_ram_usage_stat is defined - -- name: Print CPU usage statistics - debug: - msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}" - when: awx_cpu_usage_stat is defined - -- name: Print MAU value - debug: - msg: "{{ awx_mau_stat.stdout.split('\n') }}" - when: awx_mau_stat is defined - -- name: Print docker container statistics - debug: - msg: "{{ awx_docker_stats.stdout.split('\n') }}" - when: awx_docker_stats is defined diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml deleted file mode 100755 index 007ae59f..00000000 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ /dev/null @@ -1,243 +0,0 @@ ---- - -- name: Record Corporal Enabled/Disabled variable - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - -- name: Enable Shared Secret Auth if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Shared Secret Auth if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Enable Rest Auth Endpoint if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Rest Auth Endpoint if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Disable Corporal API if Simple Static File mode selected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'false' - when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) - -- name: Enable Corporal API if Push/Pull mode delected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'true' - when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) - -- name: Record Corporal API Access Token if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' - when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" ) - -- name: Record 'Simple Static File' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: "# Corporal Policy Provider Settings End" - marker_begin: "Corporal" - marker_end: "Corporal" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "static_file", - "Path": "/etc/matrix-corporal/corporal-policy.json" - } - when: awx_corporal_policy_provider_mode == "Simple Static File" - -- name: Touch the /matrix/corporal/ directory - file: - path: "/matrix/corporal/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/config/ directory - file: - path: "/matrix/corporal/config/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/cache/ directory - file: - path: "/matrix/corporal/cache/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the corporal-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/corporal-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Touch the last-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/last-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Record 'Simple Static File' configuration content in corporal-policy.json - copy: - content: "{{ awx_corporal_simple_static_config | string }}" - dest: "/matrix/corporal/config/corporal-policy.json" - owner: matrix - group: matrix - mode: '660' - when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0) - -- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "http", - "Uri": "{{ awx_corporal_pull_mode_uri }}", - "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}", - "CachePath": "/var/cache/matrix-corporal/last-policy.json", - "ReloadIntervalSeconds": 1800, - "TimeoutMilliseconds": 30000 - } - when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0) - -- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "last_seen_store_policy", - "CachePath": "/var/cache/matrix-corporal/last-policy.json" - } - when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)") - -- name: Lower RateLimit if set to 'Normal' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - when: awx_corporal_raise_ratelimits == "Normal" - -- name: Raise RateLimit if set to 'Raised' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - when: awx_corporal_raise_ratelimits == "Raised" - -- name: Save new 'Configure Corporal' survey.json to the AWX tower - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_corporal.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - -- name: Copy new 'Configure Corporal' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - dest: '/matrix/awx/configure_corporal.json' - mode: '0660' - -- debug: - msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" - -- debug: - msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" - -- debug: - msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" - -- debug: - msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" - -- name: Recreate 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-corporal" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml deleted file mode 100644 index 8d8f9c44..00000000 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Install jq and curl on remote machine - apt: - name: - - jq - - curl - state: present - -- name: Collect access token of @admin-dimension user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token' - register: awx_dimension_user_access_token - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Dimension Settings Start' - with_dict: - 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"' - -- name: Set final users list if users are defined - set_fact: - awx_dimension_users_final: "{{ awx_dimension_users }}" - when: awx_dimension_users | length > 0 - -- name: Set final users list if no users are defined - set_fact: - awx_dimension_users_final: '@dimension:{{ matrix_domain }}' - when: awx_dimension_users | length == 0 - -- name: Remove Dimension Users - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - .*\n' - after: 'matrix_dimension_admins:' - before: '# Dimension Settings End' - -- name: Set Dimension Users Header - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: '# Dimension Settings End' - line: "matrix_dimension_admins:" - -- name: Set Dimension Users - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_dimension_admins:' - line: ' - "{{ item }}"' - with_items: "{{ awx_dimension_users_final.splitlines() }}" - -- name: Record Dimension Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Dimension Settings End' - with_dict: - 'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}' - -- name: Save new 'Configure Dimension' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' - -- name: Copy new 'Configure Dimension' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' - mode: '0660' - -- name: Recreate 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Dimension" - description: "Configure Dimension, the self-hosted integrations server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-dimension" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml deleted file mode 100755 index 4b2ce859..00000000 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' - 'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}' - 'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}' - 'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}' - 'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}' - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}' - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}' - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}' - -- name: Record Element-Web custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertbefore: '# Element Settings End' - with_dict: - 'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}' - 'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}' - -- name: Set Element-Web custom branding locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_brand': "{{ matrix_client_element_brand }}" - when: matrix_client_element_brand | trim | length > 0 - -- name: Remove Element-Web custom branding locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_brand: " - state: absent - when: matrix_client_element_brand | trim | length == 0 - -- name: Set fact for 'https' string - set_fact: - awx_https_string: "https" - -- name: Set Element-Web custom logo locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}' - when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 ) - -- name: Remove Element-Web custom logo locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo: " - state: absent - when: matrix_client_element_welcome_logo | trim | length == 0 - -- name: Set Element-Web custom logo link locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}' - when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 ) - -- name: Remove Element-Web custom logo link locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo_link: " - state: absent - when: matrix_client_element_welcome_logo_link | trim | length == 0 - -- name: Set Element-Web custom headline locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}' - when: awx_matrix_client_element_welcome_headline | trim | length > 0 - -- name: Remove Element-Web custom headline locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_headline: " - state: absent - when: awx_matrix_client_element_welcome_headline | trim | length == 0 - -- name: Set Element-Web custom text locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}' - when: awx_matrix_client_element_welcome_text | trim | length > 0 - -- name: Remove Element-Web custom text locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_text: " - state: absent - when: awx_matrix_client_element_welcome_text | trim | length == 0 - -- name: Set Element-Web background locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0 - -- name: Remove Element-Web background locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: " - state: absent - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0 - -- name: Save new 'Configure Element' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - -- name: Copy new 'Configure Element' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - dest: '/matrix/awx/configure_element.json' - mode: '0660' - -- name: Recreate 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element" - description: "Configure Element client via survey." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-client-element" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml deleted file mode 100644 index 1c78b9e0..00000000 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - -- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - -- name: Copy new 'Configure Element Subdomain' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - dest: '/matrix/awx/configure_element_subdomain.json' - mode: '0660' - -- name: Recreate 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-client-element-subdomain" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml deleted file mode 100755 index b12391bf..00000000 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Record Jitsi variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings Start' - with_dict: - 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' - 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}' - -- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - -- name: Copy new 'Configure Jitsi' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' - mode: '0660' - -- name: Recreate 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Jitsi" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-jitsi" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml deleted file mode 100755 index d46d797f..00000000 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- - -- name: Record ma1sd variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings Start' - with_dict: - 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - -- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false' - when: awx_matrix_ma1sd_auth_store == 'Synapse Internal' - -- name: Enable REST auth if using external LDAP/AD with ma1sd - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"' - when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - -- name: Remove entire ma1sd configuration extension - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^.*\n' - after: '# ma1sd Extension Start' - before: '# ma1sd Extension End' - -- name: Replace conjoined ma1sd configuration extension limiters - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^# ma1sd Extension Start# ma1sd Extension End' - replace: '# ma1sd Extension Start\n# ma1sd Extension End' - -- name: Insert/Update ma1sd configuration extension variables - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# ma1sd Extension Start' - block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - -- name: Record ma1sd Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# ma1sd Settings End' - with_dict: - 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' - 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: true - -- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - -- name: Copy new 'Configure ma1sd' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' - mode: '0660' - -- name: Recreate 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-ma1sd" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml deleted file mode 100644 index 6581223d..00000000 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Mailer variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Email Settings Start' - with_dict: - 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' - -- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - -- name: Copy new 'Configure Email Relay' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - dest: '/matrix/awx/configure_email_relay.json' - mode: '0660' - -- name: Recreate 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Email Relay" - description: "Enable MailGun relay to increase verification email reliability." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-mailer" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mjolnir.yml b/roles/matrix-awx/tasks/set_variables_mjolnir.yml deleted file mode 100755 index 6e3bb153..00000000 --- a/roles/matrix-awx/tasks/set_variables_mjolnir.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: | - /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse - register: matrix_synapse_ip - -- name: Collect access token of @admin-mjolnir user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token' - register: awx_mjolnir_user_access_token - no_log: true - -- name: Record Mjolnir Bot variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Mjolnir Settings Start' - with_dict: - 'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}' - 'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}' - 'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"' - no_log: true - -- name: Remove Synapse rate-limiting for admin-mjolnir user - shell: | - /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);" - ignore_errors: true - -- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - -- name: Copy new 'Configure Mjolnir' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - dest: '/matrix/awx/configure_mjolnir.json' - mode: '0660' - -- name: Recreate 'Configure Mjolnir Bot' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot" - description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-bot-mjolnir" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml deleted file mode 100755 index f749f03f..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ /dev/null @@ -1,223 +0,0 @@ ---- - -- name: Limit max upload size to 200MB part 1 - set_fact: - matrix_synapse_max_upload_size_mb: "200" - when: awx_synapse_max_upload_size_mb | int >= 200 - -- name: Limit max upload size to 200MB part 2 - set_fact: - matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}" - when: awx_synapse_max_upload_size_mb | int < 200 - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' - 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' - 'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}' - 'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}' - 'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}' - 'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' - 'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' - 'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' - -- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_synapse_auto_join_rooms: .*$" - replace: "matrix_synapse_auto_join_rooms: []" - when: awx_synapse_auto_join_rooms | length == 0 - -- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list - set_fact: - awx_synapse_auto_join_rooms_array: |- - {{ awx_synapse_auto_join_rooms.splitlines() | to_json }} - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}" - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse Shared Secret if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}' - when: awx_matrix_synapse_registration_shared_secret | length > 0 - -- name: Record registations_require_3pid extra variable if true - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - with_items: - - " registrations_require_3pid:" - - " - email" - when: awx_registrations_require_3pid | bool - -- name: Remove registrations_require_3pid extra variable if false - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - state: absent - with_items: - - " registrations_require_3pid:" - - " - email" - when: not awx_registrations_require_3pid | bool - -- name: Remove URL Languages - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' - after: ' url_preview_accept_language:' - before: '# Synapse Extension End' - -- name: Set URL languages default if raw inputs empty - set_fact: - awx_url_preview_accept_language_default: 'en' - when: awx_url_preview_accept_language | length == 0 - -- name: Set URL languages default if raw inputs not empty - set_fact: - awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}" - when: awx_url_preview_accept_language|length > 0 - -- name: Set URL languages if raw inputs empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ awx_url_preview_accept_language_default }}" - when: awx_url_preview_accept_language|length == 0 - -- name: Set URL languages if raw inputs not empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ item }}" - with_items: "{{ awx_url_preview_accept_language.splitlines() }}" - when: awx_url_preview_accept_language | length > 0 - -- name: Remove Federation Whitelisting 1 - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' - after: ' federation_domain_whitelist:' - before: '# Synapse Extension End' - -- name: Remove Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - line: " federation_domain_whitelist:" - state: absent - -- name: Set Federation Whitelisting 1 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_synapse_configuration_extension_yaml: \|' - line: " federation_domain_whitelist:" - when: awx_federation_whitelist | length > 0 - -- name: Set Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ federation_domain_whitelist:' - line: " - {{ item }}" - with_items: "{{ awx_federation_whitelist.splitlines() }}" - when: awx_federation_whitelist | length > 0 - -- name: Set awx_recaptcha_public_key to a 'public-key' if undefined - set_fact: awx_recaptcha_public_key="public-key" - when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0) - -- name: Set awx_recaptcha_private_key to a 'private-key' if undefined - set_fact: awx_recaptcha_private_key="private-key" - when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0) - -- name: Record Synapse Extension variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Extension End' - with_dict: - ' enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - ' recaptcha_public_key': '{{ awx_recaptcha_public_key }}' - ' recaptcha_private_key': '{{ awx_recaptcha_private_key }}' - -- name: Record Synapse Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Settings End' - with_dict: - 'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}' - 'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}' - 'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - 'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"' - 'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"' - -- name: Save new 'Configure Synapse' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json' - -- name: Copy new 'Configure Synapse' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' - mode: '0660' - -- name: Recreate 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse" - description: "Configure Synapse (homeserver) settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-synapse" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml deleted file mode 100644 index 1e63fb71..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Synapse Admin variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings Start' - with_dict: - 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' - -- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - -- name: Copy new 'Configure Synapse Admin' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' - mode: '0660' - -- name: Recreate 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - description: "Configure 'Synapse Admin', a moderation tool to help you manage your server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml deleted file mode 100644 index b281a8c5..00000000 --- a/roles/matrix-awx/tasks/update_variables.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -- name: Rename synapse presence variable - delegate_to: 127.0.0.1 - replace: - path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - regexp: 'matrix_synapse_use_presence' - replace: 'matrix_synapse_presence_enabled' - -- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml - delegate_to: 127.0.0.1 - register: presence - shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - no_log: true - -- name: Generate matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - command: | - openssl rand -hex 16 - register: generic_secret - no_log: true - when: presence is not changed - -- name: Add new matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" - insertbefore: '# Basic Settings End' - mode: '0600' - state: present - when: presence is not changed diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml new file mode 100644 index 00000000..c8a09f7f --- /dev/null +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -0,0 +1,63 @@ +--- +matrix_backup_borg_enabled: true + +matrix_backup_borg_container_image_self_build: false +matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" + +matrix_backup_borg_version: latest +matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" +matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" + +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_backup_borg_container_extra_arguments: [] + +# List of systemd services that matrix-backup-borg.service depends on +matrix_backup_borg_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-backup-borg.service wants +matrix_backup_borg_systemd_wanted_services_list: [] + +# systemd calendar configuration for backup job +matrix_backup_borg_schedule: "*-*-* 04:00:00" + +# what directories should be added to backup +matrix_backup_borg_location_source_directories: [] + +# target repositories +matrix_backup_borg_location_repositories: [] + +# exclude following paths: +matrix_backup_borg_location_exclude_patterns: [] + +# borg encryption mode, only repokey-* is supported +matrix_backup_borg_encryption: repokey-blake2 + +# private ssh key used to connect to the borg repo +matrix_backup_borg_ssh_key_private: "" + +# borg ssh command with ssh key +matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey + +# compression algorithm +matrix_backup_borg_storage_compression: lz4 + +# archive name format +matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" + +# repository passphrase +matrix_backup_borg_storage_encryption_passphrase: "" + +# retention configuration +matrix_backup_borg_retention_keep_hourly: 0 +matrix_backup_borg_retention_keep_daily: 7 +matrix_backup_borg_retention_keep_weekly: 4 +matrix_backup_borg_retention_keep_monthly: 12 +matrix_backup_borg_retention_keep_yearly: 2 + +# retention prefix +matrix_backup_borg_retention_prefix: "matrix-" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml new file mode 100644 index 00000000..0a90a2e8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -0,0 +1,4 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/matrix-backup-borg/tasks/main.yml new file mode 100644 index 00000000..0dbf54e1 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml new file mode 100644 index 00000000..f2c65a16 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -0,0 +1,97 @@ +--- +- name: Ensure borg paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_backup_borg_config_path }}", when: true} + - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure borg config is created + template: + src: "{{ role_path }}/templates/config.yaml.j2" + dest: "{{ matrix_backup_borg_config_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg passwd is created + template: + src: "{{ role_path }}/templates/passwd.j2" + dest: "{{ matrix_backup_borg_config_path }}/passwd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg ssh key is created + template: + src: "{{ role_path }}/templates/sshkey.j2" + dest: "{{ matrix_backup_borg_config_path }}/sshkey" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + +- name: Ensure borg image is pulled + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" + when: "not matrix_backup_borg_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure borg repository is present on self-build + git: + repo: "{{ matrix_backup_borg_docker_repo }}" + dest: "{{ matrix_backup_borg_docker_src_files_path }}" + force: "yes" + register: matrix_backup_borg_git_pull_results + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure borg image is built + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: build + force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_backup_borg_docker_src_files_path }}" + pull: true + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure matrix-backup-borg.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + mode: 0644 + register: matrix_backup_borg_systemd_service_result + +- name: Ensure matrix-backup-borg.timer installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + mode: 0644 + register: matrix_backup_borg_systemd_timer_result + +- name: Ensure systemd reloaded after matrix-backup-borg.service installation + service: + daemon_reload: true + when: "matrix_backup_borg_systemd_service_result.changed|bool" + +- name: Ensure matrix-backup-borg.service enabled + service: + enabled: true + name: matrix-backup-borg.service + +- name: Ensure matrix-backup-borg.timer enabled + service: + enabled: true + name: matrix-backup-borg.timer diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml new file mode 100644 index 00000000..faad44f7 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- +- name: Check existence of matrix-backup-borg service + stat: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + register: matrix_backup_borg_service_stat + +- name: Ensure matrix-backup-borg is stopped + service: + name: matrix-backup-borg + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.timer doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-backup-borg.service removal + service: + daemon_reload: true + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure Matrix borg paths don't exist + file: + path: "{{ matrix_backup_borg_base_path }}" + state: absent + +- name: Ensure borg Docker image doesn't exist + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml new file mode 100644 index 00000000..4d3fb1c8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_backup_borg_ssh_key_private" + - "matrix_backup_borg_location_repositories" + - "matrix_backup_borg_storage_encryption_passphrase" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 new file mode 100644 index 00000000..89b6ab7d --- /dev/null +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +location: + source_directories: {{ matrix_backup_borg_location_source_directories|to_json }} + repositories: {{ matrix_backup_borg_location_repositories|to_json }} + one_file_system: true + exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} + +storage: + compression: {{ matrix_backup_borg_storage_compression }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command }} + archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + +retention: + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} + prefix: '{{ matrix_backup_borg_retention_prefix }}' + +consistency: + checks: + - repository + - archives + +hooks: + after_backup: + - echo "Backup created." + on_error: + - echo "Error while creating a backup." diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/matrix-backup-borg/templates/passwd.j2 new file mode 100644 index 00000000..d3665cf4 --- /dev/null +++ b/roles/matrix-backup-borg/templates/passwd.j2 @@ -0,0 +1,29 @@ +{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #} +root:x:0:0:root:/root:/bin/ash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +man:x:13:15:man:/usr/man:/sbin/nologin +postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin +squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin +xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +cyrus:x:85:12::/usr/cyrus:/sbin/nologin +vpopmail:x:89:89::/var/vpopmail:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash +nobody:x:65534:65534:nobody:/:/sbin/nologin diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/matrix-backup-borg/templates/sshkey.j2 new file mode 100644 index 00000000..999cf38d --- /dev/null +++ b/roles/matrix-backup-borg/templates/sshkey.j2 @@ -0,0 +1 @@ +{{ matrix_backup_borg_ssh_key_private }} diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 new file mode 100644 index 00000000..76217250 --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -0,0 +1,58 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Borg Backup +{% for service in matrix_backup_borg_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_backup_borg_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=oneshot +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} \ + sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' +SyslogIdentifier=matrix-backup-borg + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 new file mode 100644 index 00000000..541d0020 --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Matrix Borg Backup timer + +[Timer] +Unit=matrix-backup-borg.service +OnCalendar={{ matrix_backup_borg_schedule }} +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index eabf1137..83eb3c7d 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ --log-driver=none \ @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 8495c6e1..90bfa269 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.5 +matrix_bot_honoroit_version: v0.9.6 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 303c5f8b..f3ad9b63 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -43,6 +43,8 @@ template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_honoroit_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 - name: Ensure honoroit image is pulled diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index a2ba1a98..2bb14109 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index b1fe3c32..a9cf8bb8 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index cfb0d06d..0093576c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.2" +matrix_bot_mjolnir_version: "v1.4.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 0b018f25..7ea6be37 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 84dee801..0a527c0c 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 8650bd8d..4bbda18e 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 21ba27ef..017f352f 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index f27111b3..556467b4 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 4498b4f0..37b4f67d 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e6be626e..a55b995d 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,12 +5,21 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.2.0 -matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" + +matrix_hookshot_container_image_self_build: false +matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" +matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" + +matrix_hookshot_version: 1.4.0 + +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" +matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" +matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src" + matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_hookshot_container_url: 'matrix-hookshot' @@ -52,14 +61,15 @@ matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" -matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_showIssueRoomLink: false matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' +matrix_hookshot_github_hotlink_prefix: "#" matrix_hookshot_gitlab_enabled: true @@ -77,32 +87,10 @@ matrix_hookshot_gitlab_instances: matrix_hookshot_gitlab_secret: '' -matrix_hookshot_jira_enabled: false -# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth -matrix_hookshot_jira_secret: '' -matrix_hookshot_jira_oauth_enabled: false -matrix_hookshot_jira_oauth_id: '' -matrix_hookshot_jira_oauth_secret: '' -# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" -matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" -matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" - - -# No need to change these -matrix_hookshot_generic_enabled: true -# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" -matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" -# urlprefix gets updated with protocol & port in group_vars/matrix_servers -matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" -matrix_hookshot_generic_allow_js_transformation_functions: false -# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap -matrix_hookshot_generic_user_id_prefix: '_webhooks_' - - matrix_hookshot_figma_enabled: false # Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" -matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" +matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" # To bridge figma webhooks, you need to configure one of multiple instances like this: # matrix_hookshot_figma_instances: # your-instance: @@ -111,12 +99,70 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksh # passcode: your-webhook-passcode +matrix_hookshot_jira_enabled: false +# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth +matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_enabled: false +matrix_hookshot_jira_oauth_id: '' +matrix_hookshot_jira_oauth_secret: '' +# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + + +# No need to change these +matrix_hookshot_generic_enabled: true +# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" +matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +# urlprefix gets updated with protocol & port in group_vars/matrix_servers +matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_allow_js_transformation_functions: false +# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +matrix_hookshot_generic_user_id_prefix: '_webhooks_' + + # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' # Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it matrix_hookshot_provisioning_enabled: false -matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" +matrix_hookshot_provisioning_internal: "/v1" +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" + + +matrix_hookshot_widgets_enabled: true +matrix_hookshot_widgets_port: 9003 +matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature +matrix_hookshot_widgets_roomSetupWidget_enabled: true +matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false +# `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list. +# matrix_hookshot_widgets_disallowedIpRanges: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 192.0.0.0/24 +# - 169.254.0.0/16 +# - 192.88.99.0/24 +# - 198.18.0.0/15 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - ::1/128 +# - fe80::/10 +# - fc00::/7 +# - 2001:db8::/32 +# - ff00::/8 +# - fec0::/10 +matrix_hookshot_widgets_disallowedIpRanges: '' +matrix_hookshot_widgets_internal: "/widgetapi" +# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" +matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" +matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" + # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a0f9df97..384f6d3b 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,24 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/v1/$1$is_args$args; + proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index b4e44c9c..38dc62a3 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -2,26 +2,50 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- name: Ensure hookshot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_hookshot_base_path }}", when: true} + - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} + when: item.when|bool + - name: Ensure hookshot image is pulled docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + when: not matrix_hookshot_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" until: result is not failed -- name: Ensure hookshot paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_hookshot_base_path }}" +- name: Ensure hookshot repository is present on self-build + git: + repo: "{{ matrix_hookshot_container_image_self_build_repo }}" + dest: "{{ matrix_hookshot_docker_src_files_path }}" + version: "{{ matrix_hookshot_container_image_self_build_branch }}" + force: "yes" + register: matrix_hookshot_git_pull_results + when: "matrix_hookshot_container_image_self_build|bool" + +- name: Ensure hookshot Docker image is built + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: build + force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_hookshot_docker_src_files_path }}" + pull: true + when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists stat: diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index fc04c755..c1771509 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -33,10 +33,12 @@ github: # ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" - showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} prDiff: {{ matrix_hookshot_github_pr_diff }} includingLabels:{{ matrix_hookshot_github_including_labels }} excludingLabels: {{ matrix_hookshot_github_excluding_labels }} + hotlinkIssues: + prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" {% endif %} {% if matrix_hookshot_gitlab_enabled %} gitlab: @@ -47,6 +49,13 @@ gitlab: webhook: secret: {{ matrix_hookshot_gitlab_secret|to_json }} {% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: {{ matrix_hookshot_figma_publicUrl }} + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} {% if matrix_hookshot_jira_enabled %} jira: # (Optional) Configure this to enable Jira support @@ -69,13 +78,6 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} -{% if matrix_hookshot_figma_enabled %} -figma: - # (Optional) Configure this to enable Figma support - # - publicUrl: {{ matrix_hookshot_figma_publicUrl }} - instances: {{ matrix_hookshot_figma_instances }} -{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers @@ -100,6 +102,22 @@ logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # level: info +{% if matrix_hookshot_widgets_enabled %} +widgets: + # (Optional) EXPERIMENTAL support for complimentary widgets + # + addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} +{% if matrix_hookshot_widgets_roomSetupWidget_enabled %} + roomSetupWidget: + addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} +{% endif %} +{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} + disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} +{% endif %} + publicUrl: {{ matrix_hookshot_widgets_publicUrl }} + branding: + widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} +{% endif %} {% if matrix_hookshot_permissions %} permissions: {{ matrix_hookshot_permissions }} {% endif %} @@ -125,3 +143,9 @@ listeners: resources: - provisioning {% endif %} +{% if matrix_hookshot_widgets_enabled %} + - port: {{ matrix_hookshot_widgets_port }} + bindAddress: 0.0.0.0 + resources: + - widgets +{% endif %} diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index c9eaa148..d1469863 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.3 +matrix_mautrix_facebook_version: v0.4.0 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 1f71286e..c3cb1932 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -12,6 +12,9 @@ homeserver: # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically # updating m.direct. asmux: false + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -38,6 +41,11 @@ appservice: # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. external: {{ matrix_mautrix_facebook_appservice_public_external|to_json }} + # Allow logging in within Matrix. If false, users can only log in using the web interface. + allow_matrix_login: true + # Segment API key to enable analytics tracking for web server endpoints. Set to null to disable. + # Currently the only events are login start, success and fail. + segment_key: null # The unique ID of this appservice. id: facebook @@ -106,7 +114,9 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }} - presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }} + # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, + # so it might be more suspicious to Facebook. + presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # End-to-bridge encryption support options. These require matrix-nio to be installed with pip @@ -169,6 +179,8 @@ bridge: # and missed message backfilling when reconnecting. # Set to 0 to always re-sync, or -1 to never re-sync automatically. resync_max_disconnected_time: 5 + # Should the bridge do a resync on startup? + sync_on_startup: true # Whether or not temporary disconnections should send notices to the notice room. # If this is false, disconnections will never send messages and connections will only send # messages if it was disconnected for more than resync_max_disconnected_time seconds. @@ -192,6 +204,34 @@ bridge: permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + relay: + # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to Messenger via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: '$sender_displayname sent a file' + m.image: '$sender_displayname sent an image' + m.audio: '$sender_displayname sent an audio file' + m.video: '$sender_displayname sent a video' + m.location: '$sender_displayname sent a location' + +facebook: + device_seed: generate + default_region_hint: ODN + connection_type: WIFI + carrier: Verizon + hni: 311390 + # Python logging configuration. # # See section 16.7.2 of the Python documentation for more info: diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 2899dd0d..2103dd05 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 168d08f7..e334e8d6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: latest +matrix_mautrix_googlechat_version: v0.3.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index c56473be..930b58c2 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 60f0e055..10402a51 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index c4d90e6b..4ae2d374 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" -matrix_mautrix_instagram_version: v0.1.2 +matrix_mautrix_instagram_version: v0.1.3 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 33a5bab3..d2a6aece 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 6f128da3..0ee05d7d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -15,8 +15,8 @@ Wants={{ service }} Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index a65895ed..d1ef85f3 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -14,8 +14,8 @@ Wants={{ service }} [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 459a0fec..8b21ee2b 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 73bdbc86..0ce9a123 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 68634746..6aae2015 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.4 +matrix_mautrix_whatsapp_version: v0.3.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 4a492492..ae44d342 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 6ffb87cd..7a4c4a38 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index dabafd18..afb46ecb 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 965bb41c..262518fc 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 9a7986e4..ec06485a 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 973771b3..118d0369 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 91675fce..4e3d6bc6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index 0772872b..f1079e3f 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 7e1b1c32..5d7cfca6 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index f4ebd6a0..3f15ac19 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ --log-driver=none \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index edaa189c..34cf22a7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.7 +matrix_client_element_version: v1.10.9 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index fe2a3a86..8d3dec57 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \ --log-driver=none \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index c85aeb97..0196d35b 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml deleted file mode 100644 index ad0a0ee8..00000000 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- name: Create user account @admin-janitor - command: | - /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1 - register: cmd - when: not awx_janitor_user_created|bool - no_log: false - -- name: Update AWX janitor user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_janitor_user_created': 'true' - when: not awx_janitor_user_created|bool - -- name: Create user account @admin-dimension - command: | - /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0 - register: cmd - when: not awx_dimension_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_dimension_user_created': 'true' - when: not awx_dimension_user_created|bool - -- name: Create user account @admin-mjolnir - command: | - /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0 - register: cmd - when: not awx_mjolnir_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_mjolnir_user_created': 'true' - when: not awx_mjolnir_user_created|bool - -- name: Ensure /chroot/website location has correct permissions - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Collect Discord AppService bot invite link if file exists - command: - cat /matrix/appservice-discord/config/invite_link - register: awx_discord_appservice_link - when: awx_appservice_discord_admin_user is defined - args: - removes: /matrix/appservice-discord/config/invite_link - -- name: Print Discord AppService bot link for user - debug: - msg: "{{ awx_discord_appservice_link.stdout }}" - when: awx_discord_appservice_link.stdout is defined diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 75dee15d..f3ccf3a5 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -14,11 +14,6 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/awx_post.yml" - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 262e2e77..d5661b5a 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index f1274657..46492e21 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r8 +matrix_coturn_version: 4.5.2-r11 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" @@ -65,6 +65,7 @@ matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' +matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/matrix-coturn/tasks/validate_config.yml index d8276d3a..637f720d 100644 --- a/roles/matrix-coturn/tasks/validate_config.yml +++ b/roles/matrix-coturn/tasks/validate_config.yml @@ -6,5 +6,4 @@ You need to define a required configuration setting (`{{ item }}`) for using Coturn. when: "vars[item] == ''" with_items: - - "matrix_coturn_turn_external_ip_address" - "matrix_coturn_turn_static_auth_secret" diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index a39030af..54bd015e 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index ba662587..1bdf310a 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,9 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -external-ip={{ matrix_coturn_turn_external_ip_address }} +{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %} +external-ip={{ ip }} +{% endfor %} log-file=stdout pidfile=/var/tmp/turnserver.pid diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index ec3937c7..7f2e629a 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,13 +6,14 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.5.1" +matrix_dendrite_docker_image_tag: "v0.8.1" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config" matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" +matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" # By default, we make Dendrite only serve HTTP (not HTTPS). @@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_naffka_database: "dendrite_naffka" matrix_dendrite_appservice_database: "dendrite_appservice" -matrix_dendrite_federationsender_database: "dendrite_federationsender" +matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" matrix_dendrite_room_database: "dendrite_room" -matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver" matrix_dendrite_syncapi_database: "dendrite_syncapi" -matrix_dendrite_account_database: "dendrite_account" -matrix_dendrite_device_database: "dendrite_device" +matrix_dendrite_userapi_database: "dendrite_userapi" +matrix_dendrite_pushserver_database: "dendrite_pushserver" matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index cbe0cf84..fc306759 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -9,6 +9,7 @@ with_items: - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - {path: "{{ matrix_dendrite_ext_path }}", when: true} + - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 102dd2f5..fcede405 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -28,7 +28,7 @@ # connection can be idle in seconds - a negative value is unlimited. # The version of the configuration file. -version: 1 +version: 2 # Global Matrix configuration. This configuration applies to all components. global: @@ -66,34 +66,47 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. - addresses: [] + # Configures the handling of presence events. + presence: + # Whether inbound presence events are allowed, e.g. receiving presence events from other servers + enable_inbound: false + # Whether outbound presence events are allowed, e.g. sending presence events to other servers + enable_outbound: false - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. + # Server notices allows server admins to send messages to all users. + server_notices: + enabled: false + # The server localpart to be used when sending notices, ensure this is not yet taken + local_part: "_server" + # The displayname to be used when sending notices + display_name: "Server alerts" + # The mxid of the avatar to use + avatar_url: "" + # The roomname to be used when creating messages + room_name: "Server Alerts" + + # Configuration for NATS JetStream + jetstream: + # A list of NATS Server addresses to connect to. If none are specified, an + # internal NATS server will be started automatically when running Dendrite + # in monolith mode. It is required to specify the address of at least one + # NATS Server node if running in polylith mode. + addresses: + # - jetstream:4222 + + # Keep all NATS streams in memory, rather than persisting it to the storage + # path below. This option is present primarily for integration testing and + # should not be used on a real world Dendrite deployment. + in_memory: false + + # Persistent directory to store JetStream streams in. This directory + # should be preserved across Dendrite restarts. + storage_path: "/matrix-nats-store" + + # The prefix to use for stream names for this homeserver - really only + # useful if running more than one Dendrite on the same NATS deployment. topic_prefix: Dendrite - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # Configuration for Prometheus metric collection. metrics: # Whether or not Prometheus metrics are enabled. @@ -129,7 +142,7 @@ app_service_api: # Disable the validation of TLS certificates of appservices. This is # not recommended in production since it may allow appservice traffic # to be sent to an unverified endpoint. - disable_tls_validation: false + disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -146,6 +159,10 @@ client_api: # using the registration shared secret below. registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }} + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }} @@ -175,12 +192,6 @@ client_api: threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} -# Configuration for the EDU server. -edu_server: - internal_api: - listen: http://0.0.0.0:7778 - connect: http://edu_server:7778 - # Configuration for the Federation API. federation_api: internal_api: @@ -188,20 +199,8 @@ federation_api: connect: http://federation_api:7772 external_api: listen: http://0.0.0.0:8072 - - # List of paths to X.509 certificates to be used by the external federation listeners. - # These certificates will be used to calculate the TLS fingerprints and other servers - # will expect the certificate to match these fingerprints. Certificates must be in PEM - # format. - federation_certificates: [] - -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://0.0.0.0:7775 - connect: http://federation_sender:7775 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -214,12 +213,29 @@ federation_sender: # enable this option in production as it presents a security risk! disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} + # Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Use the following proxy server for outbound federation traffic. - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 + #proxy_outbound: + # enabled: false + # protocol: http + # host: localhost + # port: 8080 + + # Perspective keyservers to use as a backup when direct key fetches fail. This may + # be required to satisfy key requests for servers that are no longer online when + # joining some rooms. + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + # This option will control whether Dendrite will prefer to look up keys directly + # or whether it should try perspective servers first, using direct fetches as a + # last resort. + prefer_direct_fetch: false # Configuration for the Key Server (for end-to-end encryption). key_server: @@ -261,15 +277,15 @@ media_api: # A list of thumbnail sizes to be generated for media content. thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale # Configuration for experimental MSC's mscs: @@ -295,40 +311,13 @@ room_server: max_idle_conns: 2 conn_max_lifetime: -1 -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://0.0.0.0:7780 - connect: http://signing_key_server:7780 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - # Configuration for the Sync API. sync_api: internal_api: listen: http://0.0.0.0:7773 connect: http://sync_api:7773 external_api: - listen: http://0.0.0.0:8073 + listen: http://0.0.0.0:8073 database: connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable max_open_conns: 10 @@ -354,12 +343,7 @@ user_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - device_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -369,6 +353,18 @@ user_api: # The default lifetime is 3600000ms (60 minutes). # openid_token_lifetime_ms: 3600000 +# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml +# Configuration for the Push Server API. +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable + max_open_conns: 10 + max_idle_conns: 2 + conn_max_lifetime: -1 + # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on # how this works and how to set it up. diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e14734dd..0457917a 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its matrix-postgres dependency. @@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \ {% for volume in matrix_dendrite_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} @@ -53,8 +54,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index e27a5558..e514a74a 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) {% if matrix_dimension_database_engine == 'sqlite' %} @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index dfdd2f72..6f2ff101 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ --log-driver=none \ --network={{ matrix_docker_network }} \ @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index c9226768..47c15117 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ --log-driver=none \ @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index a4f81e35..e0f58076 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 5f543d4a..c3268267 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-6865 +matrix_jitsi_version: stable-7001 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index d85e0703..0cb7043f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jicofo/env.j2" dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -39,6 +41,8 @@ template: src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - sip-communicator.properties diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index b007ede8..90bf4a69 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jvb/{{ item }}.j2" dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-sip-communicator.properties @@ -42,6 +44,8 @@ template: src: "{{ role_path }}/templates/jvb/env.j2" dest: "{{ matrix_jitsi_jvb_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 301fa82f..6db954b8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -33,6 +33,8 @@ template: src: "{{ role_path }}/templates/prosody/env.j2" dest: "{{ matrix_jitsi_prosody_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index ea831490..feda4ace 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -34,6 +34,8 @@ template: src: "{{ role_path }}/templates/web/env.j2" dest: "{{ matrix_jitsi_web_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -41,6 +43,8 @@ template: src: "{{ role_path }}/templates/web/{{ item }}.j2" dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-config.js diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index 6ecafaa0..694fdc7f 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ --log-driver=none \ @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 2785795d..f0b141fc 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 5a4a81e5..0c3a3932 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 35bfca67..8f29bfa8 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 8e5cc6dd..427f6c9f 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index bf5a2e42..83cd298e 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. # The real hostname is passed via a `HOSTNAME` environment variable though. @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 78191e6c..819de7db 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -11,7 +11,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image. matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data" matrix_nginx_proxy_data_path_in_container: "/nginx-data" -matrix_nginx_proxy_data_path_extension: "/matrix_domain" +matrix_nginx_proxy_data_path_extension: "/matrix-domain" matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d" # List of systemd services that matrix-nginx-proxy.service depends on diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 1143efd4..172a83bc 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 701d8dd3..73341033 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -41,6 +41,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-backup" diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 97c9ae7f..4ecf3745 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -9,7 +9,7 @@ DefaultDependencies=no Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ --log-driver=none \ @@ -22,7 +22,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu {{ matrix_postgres_backup_docker_image_to_use }} ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 43192475..04763a32 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -76,6 +76,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_base_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-psql" diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index d62a689a..b30c5ef2 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' # We need /dev/shm to be larger than the default to allow VACUUM to work. # See: @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 210a0d97..e38b42e3 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 993ebac4..ff8c2ce4 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index ad75d664..8de57201 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index e73e3e5f..8acbd3a5 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 019ab40c..ae7e889d 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 4823d89c..6ed9eaae 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c7be1b43..9e332669 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.54.0 +matrix_synapse_version: v1.56.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -202,12 +202,19 @@ matrix_synapse_include_profile_data_on_invite: true # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# Controls whether people with access to the homeserver can register by themselves without verification (email/msisdn/token) +matrix_synapse_enable_registration_without_verification: false # reCAPTCHA API for validating registration attempts matrix_synapse_enable_registration_captcha: false matrix_synapse_recaptcha_public_key: '' matrix_synapse_recaptcha_private_key: '' +# Requires an MSC3231 token for registration. Note that `matrix_synapse_enable_registration` must be set to `true`. +# Tokens can be created via the API or through synapse-admin. +# Disabling this option will not delete any tokens previously generated. +matrix_synapse_registration_requires_token: false + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false @@ -525,7 +532,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default @@ -620,10 +627,11 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0" +matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" # Default Synapse configuration template which covers the generic use case. diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 36ef0a3a..e1386c75 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -12,7 +12,7 @@ --network={{ matrix_docker_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} - /synapse-compress-state -t -o /work/state-compressor.sql + {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql -p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}" -r '{{ room_details.room_id }}' diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 29986c2e..37cad10f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -35,7 +35,7 @@ modules: {{ matrix_synapse_modules|to_json }} # In most cases you should avoid using a matrix specific subdomain such as # matrix.example.com or synapse.example.com as the server_name for the same # reasons you wouldn't use user@email.example.com as your email address. -# See https://github.com/matrix-org/synapse/blob/master/docs/delegate.md +# See https://matrix-org.github.io/synapse/latest/delegate.html # for information on how to host Synapse on a subdomain while preserving # a clean server_name. # @@ -232,9 +232,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # 'all local interfaces'. # # type: the type of listener. Normally 'http', but other valid options are: -# 'manhole' (see docs/manhole.md), -# 'metrics' (see docs/metrics-howto.md), -# 'replication' (see docs/workers.md). +# 'manhole' (see https://matrix-org.github.io/synapse/latest/manhole.html), +# 'metrics' (see https://matrix-org.github.io/synapse/latest/metrics-howto.html), +# 'replication' (see https://matrix-org.github.io/synapse/latest/workers.html). # # tls: set to true to enable TLS for this listener. Will use the TLS # key/cert specified in tls_private_key_path / tls_certificate_path. @@ -259,8 +259,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # client: the client-server API (/_matrix/client), and the synapse admin # API (/_synapse/admin). Also implies 'media' and 'static'. # -# consent: user consent forms (/_matrix/consent). See -# docs/consent_tracking.md. +# consent: user consent forms (/_matrix/consent). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # federation: the server-server API (/_matrix/federation). Also implies # 'media', 'keys', 'openid' @@ -269,12 +269,13 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # # media: the media API (/_matrix/media). # -# metrics: the metrics interface. See docs/metrics-howto.md. +# metrics: the metrics interface. +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # openid: OpenID authentication. # -# replication: the HTTP replication API (/_synapse/replication). See -# docs/workers.md. +# replication: the HTTP replication API (/_synapse/replication). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) @@ -431,9 +432,16 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# 'mau_limit_alerting' is a means of limiting client side alerting +# should the mau limit be reached. This is useful for small instances +# where the admin has 5 mau seats (say) for 5 specific people and no +# interest increasing the mau limit further. Defaults to True, which +# means that alerting is enabled +# #limit_usage_by_mau: False #max_mau_value: 50 #mau_trial_days: 2 +#mau_limit_alerting: false # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -560,6 +568,15 @@ templates: # #custom_template_directory: /path/to/custom/templates/ +# List of rooms to exclude from sync responses. This is useful for server +# administrators wishing to group users into a room without these users being able +# to see it from their client. +# +# By default, no room is excluded. +# +#exclude_rooms_from_sync: +# - !foo:example.com + # Message retention policy at the server level. # @@ -808,6 +825,12 @@ caches: # 'txn_limit' gives the maximum number of transactions to run per connection # before reconnecting. Defaults to 0, which means no limit. # +# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to +# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended) +# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information +# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here: +# https://wiki.postgresql.org/wiki/Locale_data_changes +# # 'args' gives options which are passed through to the database engine, # except for options starting 'cp_', which are used to configure the Twisted # connection pool. For a reference to valid arguments, see: @@ -1020,7 +1043,7 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # # If you are using a reverse proxy you may also need to set this value in # your reverse proxy's config. Notably Nginx has a small max body size by default. -# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html. +# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" @@ -1171,6 +1194,26 @@ max_spider_size: 10M url_preview_accept_language: {{ matrix_url_preview_accept_language|to_json }} +# oEmbed allows for easier embedding content from a website. It can be +# used for generating URLs previews of services which support it. +# +oembed: + # A default list of oEmbed providers is included with Synapse. + # + # Uncomment the following to disable using these default oEmbed URLs. + # Defaults to 'false'. + # + #disable_default_providers: true + # Additional files with oEmbed configuration (each should be in the + # form of providers.json). + # + # By default, this list is empty (so only the default providers.json + # is used). + # + #additional_providers: + # - oembed/my_providers.json + + ## Captcha ## # See docs/CAPTCHA_SETUP.md for full details of configuring this. @@ -1230,10 +1273,18 @@ turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. -# Enable registration for new users. +# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, +# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration +# without any verification, you must also set `enable_registration_without_verification`, found below. # enable_registration: {{ matrix_synapse_enable_registration|to_json }} +# Enable registration without email or captcha verification. Note: this option is *not* recommended, +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# unless `enable_registration` is also enabled. +# +enable_registration_without_verification: {{ matrix_synapse_enable_registration_without_verification|to_json }} + # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. @@ -1283,8 +1334,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # #nonrefreshable_access_token_lifetime: 24h -# The user must provide all of the below types of 3PID when registering. - # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: @@ -1324,7 +1373,9 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # Disabling this option will not delete any tokens previously generated. # Defaults to false. Uncomment the following to require tokens: # -#registration_requires_token: true +registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} + + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. @@ -1962,7 +2013,7 @@ saml2_config: # # module: The class name of a custom mapping module. Default is # 'synapse.handlers.oidc.JinjaOidcMappingProvider'. -# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers +# See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers # for information on implementing a custom mapping provider. # # config: Configuration for the mapping provider module. This section will @@ -1977,8 +2028,14 @@ saml2_config: # # localpart_template: Jinja2 template for the localpart of the MXID. # If this is not set, the user will be prompted to choose their -# own username (see 'sso_auth_account_details.html' in the 'sso' -# section of this file). +# own username (see the documentation for the +# 'sso_auth_account_details.html' template). This template can +# use the 'localpart_from_email' filter. +# +# confirm_localpart: Whether to prompt the user to validate (or +# change) the generated localpart (see the documentation for the +# 'sso_auth_account_details.html' template), instead of +# registering the account right away. # # display_name_template: Jinja2 template for the display name to set # on first login. If unset, no displayname will be set. @@ -2013,7 +2070,7 @@ saml2_config: # - attribute: groups # value: "admin" # -# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md +# See https://matrix-org.github.io/synapse/latest/openid.html # for information on how to configure these options. # # For backwards compatibility, it is also possible to configure a single OIDC @@ -2038,6 +2095,7 @@ oidc_providers: # token_endpoint: "https://accounts.example.com/oauth2/token" # userinfo_endpoint: "https://accounts.example.com/userinfo" # jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + # skip_verification: true # user_mapping_provider: # config: # subject_claim: "id" @@ -2115,169 +2173,6 @@ sso: # #update_profile_information: true - # Directory in which Synapse will try to find the template files below. - # If not set, or the files named below are not found within the template - # directory, default templates from within the Synapse package will be used. - # - # Synapse will look for the following templates in this directory: - # - # * HTML page to prompt the user to choose an Identity Provider during - # login: 'sso_login_idp_picker.html'. - # - # This is only used if multiple SSO Identity Providers are configured. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL that the user will be redirected to after - # login. - # - # * server_name: the homeserver's name. - # - # * providers: a list of available Identity Providers. Each element is - # an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # The rendered HTML page should contain a form which submits its results - # back as a GET request, with the following query parameters: - # - # * redirectUrl: the client redirect URI (ie, the `redirect_url` passed - # to the template) - # - # * idp: the 'idp_id' of the chosen IDP. - # - # * HTML page to prompt new users to enter a userid and confirm other - # details: 'sso_auth_account_details.html'. This is only shown if the - # SSO implementation (with any user_mapping_provider) does not return - # a localpart. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * idp: details of the SSO Identity Provider that the user logged in - # with: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * user_attributes: an object containing details about the user that - # we received from the IdP. May have the following attributes: - # - # * display_name: the user's display_name - # * emails: a list of email addresses - # - # The template should render a form which submits the following fields: - # - # * username: the localpart of the user's chosen user id - # - # * HTML page allowing the user to consent to the server's terms and - # conditions. This is only shown for new users, and only if - # `user_consent.require_at_registration` is set. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * user_id: the user's matrix proposed ID. - # - # * user_profile.display_name: the user's proposed display name, if any. - # - # * consent_version: the version of the terms that the user will be - # shown - # - # * terms_url: a link to the page showing the terms. - # - # The template should render a form which submits the following fields: - # - # * accepted_version: the version of the terms accepted by the user - # (ie, 'consent_version' from the input variables). - # - # * HTML page for a confirmation step before redirecting back to the client - # with the login token: 'sso_redirect_confirm.html'. - # - # When rendering, this template is given the following variables: - # - # * redirect_url: the URL the user is about to be redirected to. - # - # * display_url: the same as `redirect_url`, but with the query - # parameters stripped. The intention is to have a - # human-readable URL to show to users, not to use it as - # the final address to redirect to. - # - # * server_name: the homeserver's name. - # - # * new_user: a boolean indicating whether this is the user's first time - # logging in. - # - # * user_id: the user's matrix ID. - # - # * user_profile.avatar_url: an MXC URI for the user's avatar, if any. - # None if the user has not set an avatar. - # - # * user_profile.display_name: the user's display name. None if the user - # has not set a display name. - # - # * HTML page which notifies the user that they are authenticating to confirm - # an operation on their account during the user interactive authentication - # process: 'sso_auth_confirm.html'. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL the user is about to be redirected to. - # - # * description: the operation which the user is being asked to confirm - # - # * idp: details of the Identity Provider that we will use to confirm - # the user's identity: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * HTML page shown after a successful user interactive authentication session: - # 'sso_auth_success.html'. - # - # Note that this page must include the JavaScript which notifies of a successful authentication - # (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback). - # - # This template has no additional variables. - # - # * HTML page shown after a user-interactive authentication session which - # does not map correctly onto the expected user: 'sso_auth_bad_user.html'. - # - # When rendering, this template is given the following variables: - # * server_name: the homeserver's name. - # * user_id_to_verify: the MXID of the user that we are trying to - # validate. - # - # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) - # attempts to login: 'sso_account_deactivated.html'. - # - # This template has no additional variables. - # - # * HTML page to display to users if something goes wrong during the - # OpenID Connect authentication process: 'sso_error.html'. - # - # When rendering, this template is given two variables: - # * error: the technical name of the error - # * error_description: a human-readable message for the error - # - # You can see the default templates at: - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates - # - #template_dir: "res/templates" - # JSON web token integration. The following settings can be used to make # Synapse JSON web tokens for authentication, instead of its internal @@ -2292,7 +2187,7 @@ sso: # Note that this is a non-standard login type and client support is # expected to be non-existent. # -# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md. +# See https://matrix-org.github.io/synapse/latest/jwt.html. # #jwt_config: # Uncomment the following to enable authorization using JSON web @@ -2471,7 +2366,8 @@ email: #app_name: my_branded_matrix_server app_name: Matrix - # Enable sending emails for messages that the user has missed + # Uncomment the following to enable sending emails for messages that the user + # has missed. Disabled by default. # #enable_notifs: false enable_notifs: true @@ -2748,7 +2644,7 @@ user_directory: # User Consent configuration # # for detailed instructions, see -# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md +# https://matrix-org.github.io/synapse/latest/consent_tracking.html # # Parts of this section are required if enabling the 'consent' resource under # 'listeners', in particular 'template_dir' and 'version'. @@ -2798,7 +2694,7 @@ user_directory: # Settings for local room and user statistics collection. See -# docs/room_and_user_statistics.md. +# https://matrix-org.github.io/synapse/latest/room_and_user_statistics.html. # stats: # Uncomment the following to disable room and user statistics. Note that doing @@ -2913,7 +2809,7 @@ opentracing: #enabled: true # The list of homeservers we wish to send and receive span contexts and span baggage. - # See docs/opentracing.rst. + # See https://matrix-org.github.io/synapse/latest/opentracing.html. # # This is a list of regexes which are matched against the server_name of the # homeserver. @@ -3013,4 +2909,36 @@ redis: password: {{ matrix_synapse_redis_password }} +## Background Updates ## + +# Background updates are database updates that are run in the background in batches. +# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to +# sleep can all be configured. This is helpful to speed up or slow down the updates. +# +background_updates: + # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set + # a time to change the default. + # + #background_update_duration_ms: 500 + + # Whether to sleep between updates. Defaults to True. Uncomment to change the default. + # + #sleep_enabled: false + + # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment + # and set a duration to change the default. + # + #sleep_duration_ms: 300 + + # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and + # set a size to change the default. + # + #min_batch_size: 10 + + # The batch size to use for the first iteration of a new background update. The default is 100. + # Uncomment and set a size to change the default. + # + #default_batch_size: 50 + + # vim:ft=yaml diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index e69ffa61..2b59748f 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -21,8 +21,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/setup.yml b/setup.yml index 3d99cbdf..e134a87d 100755 --- a/setup.yml +++ b/setup.yml @@ -7,13 +7,13 @@ - roles/matrix-synapse/vars/workers.yml roles: - - matrix-awx - matrix-base - matrix-dynamic-dns - matrix-mailer - matrix-postgres - matrix-redis - matrix-corporal + - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks