From 701591e87ea4d59a3b7f2d14bbb04d497f9d8b71 Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 19:04:38 +0200 Subject: [PATCH 01/48] Added retries to the docker pulls --- roles/matrix-base/defaults/main.yml | 4 ++++ roles/matrix-bot-go-neb/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-honoroit/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml | 4 ++++ roles/matrix-bot-mjolnir/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-appservice-slack/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-appservice-webhooks/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-heisenbridge/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-hookshot/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mautrix-googlechat/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml | 4 ++++ .../matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml | 4 ++++ roles/matrix-bridge-sms/tasks/setup_install.yml | 4 ++++ roles/matrix-client-cinny/tasks/setup_install.yml | 4 ++++ roles/matrix-client-element/tasks/setup_install.yml | 4 ++++ roles/matrix-client-hydrogen/tasks/setup_install.yml | 4 ++++ roles/matrix-corporal/tasks/setup_corporal.yml | 4 ++++ roles/matrix-coturn/tasks/setup_install.yml | 4 ++++ roles/matrix-dendrite/tasks/dendrite/setup_install.yml | 4 ++++ roles/matrix-dimension/tasks/setup_install.yml | 3 +++ roles/matrix-dynamic-dns/tasks/install.yml | 4 ++++ roles/matrix-email2matrix/tasks/setup_install.yml | 4 ++++ roles/matrix-etherpad/tasks/setup_install.yml | 4 ++++ roles/matrix-grafana/tasks/setup.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-ma1sd/tasks/setup_install.yml | 4 ++++ roles/matrix-mailer/tasks/setup_mailer.yml | 4 ++++ roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 4 ++++ roles/matrix-postgres/tasks/setup_postgres.yml | 4 ++++ roles/matrix-prometheus-node-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus-postgres-exporter/tasks/setup.yml | 4 ++++ roles/matrix-prometheus/tasks/setup_install.yml | 4 ++++ roles/matrix-redis/tasks/setup_redis.yml | 4 ++++ roles/matrix-registration/tasks/setup_install.yml | 4 ++++ roles/matrix-sygnal/tasks/setup_install.yml | 4 ++++ roles/matrix-synapse-admin/tasks/setup.yml | 4 ++++ roles/matrix-synapse/tasks/goofys/setup_install.yml | 4 ++++ .../matrix-synapse/tasks/rust-synapse-compress-state/main.yml | 4 ++++ roles/matrix-synapse/tasks/synapse/setup_install.yml | 4 ++++ 58 files changed, 231 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 983a29a0..f8e01ba3 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,6 +67,10 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" +# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +matrix_container_retries_count: 10 +matrix_container_retries_delay: 10 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml index 2291f51b..ef2dfbb0 100644 --- a/roles/matrix-bot-go-neb/tasks/setup_install.yml +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure go-neb config installed copy: diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 81f2eabc..303c5f8b 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}" when: "not matrix_bot_honoroit_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure honoroit repository is present on self-build git: diff --git a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml index cf4f594c..ffb38ffc 100644 --- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml +++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml @@ -47,6 +47,10 @@ force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}" when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-reminder-bot repository is present on self-build git: diff --git a/roles/matrix-bot-mjolnir/tasks/setup_install.yml b/roles/matrix-bot-mjolnir/tasks/setup_install.yml index cf158230..f3b031fa 100644 --- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml +++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}" when: "not matrix_bot_mjolnir_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mjolnir repository is present on self-build git: diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 665db276..a06d38ac 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,6 +32,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure AppService Discord paths exist file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 33af5954..1b317464 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -64,6 +64,10 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-irc repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml index 3eb83bb0..2dcc23c6 100644 --- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml @@ -38,6 +38,10 @@ force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}" when: "not matrix_appservice_slack_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-appservice-slack repository is present when self-building git: diff --git a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml index 84535bdd..6759bca8 100644 --- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}" when: "not matrix_appservice_webhooks_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Appservice webhooks repository is present on self-build diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index c1057fe7..575b22c1 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -29,6 +29,10 @@ force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" when: "not matrix_beeper_linkedin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Beeper LinkedIn repository is present on self-build diff --git a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml index 41dd9ef7..f24bf926 100644 --- a/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml +++ b/roles/matrix-bridge-heisenbridge/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_heisenbridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_heisenbridge_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure heisenbridge paths exist file: diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index 425deebc..b4e44c9c 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure hookshot paths exist file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 95109e49..c37b9e10 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_facebook_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_facebook_docker_image_force_pull }}" when: not matrix_mautrix_facebook_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Facebook paths exist file: diff --git a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml index f6c97389..daab10e3 100644 --- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_googlechat_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_googlechat_docker_image_force_pull }}" when: not matrix_mautrix_googlechat_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix googlechat paths exist file: diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml index 3d3670b2..d2b7157e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -41,6 +41,10 @@ force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" when: not matrix_mautrix_hangouts_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Hangouts paths exist file: diff --git a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml index 93dbcaad..4e531615 100644 --- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml @@ -14,6 +14,10 @@ force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}" when: not matrix_mautrix_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix instagram paths exist file: diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index cf846d74..840cbd6e 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -15,6 +15,10 @@ force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" when: "not matrix_mautrix_signal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Signal repository is present on self-build diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 0de05a1d..1960288d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -55,6 +55,10 @@ force_source: "{{ matrix_mautrix_telegram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_telegram_docker_image_force_pull }}" when: "not matrix_mautrix_telegram_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure lottieconverter is present when self-building git: diff --git a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml index 144c6408..6e587900 100644 --- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}" when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Twitter paths exist file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 79bc039a..8f27ac2a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -57,6 +57,10 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" when: not matrix_mautrix_whatsapp_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Mautrix Whatsapp repository is present on self-build git: diff --git a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml index 3ac916a1..26a7c0c3 100644 --- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml @@ -72,6 +72,10 @@ force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}" when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Discord repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml index 1a04766b..0d43a0d0 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}" when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Groupme repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml index 045e17f7..cb613074 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml @@ -42,6 +42,10 @@ force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}" when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure mx-puppet-instagram paths exist file: diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index a97986bd..c3776c70 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_skype_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_skype_docker_image_force_pull }}" when: matrix_mx_puppet_skype_enabled|bool and not matrix_mx_puppet_skype_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Skype repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index bb57c270..23301eab 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -69,6 +69,10 @@ force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Slack repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml index 1f0dd234..b8b3f737 100644 --- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}" when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Steam repository is present on self build git: diff --git a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml index 5436c189..485900a8 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml @@ -73,6 +73,10 @@ force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}" when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure MX Puppet Twitter repository is present on self build git: diff --git a/roles/matrix-bridge-sms/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml index c09bb5cc..412c26fe 100644 --- a/roles/matrix-bridge-sms/tasks/setup_install.yml +++ b/roles/matrix-bridge-sms/tasks/setup_install.yml @@ -4,6 +4,10 @@ docker_image: name: "{{ matrix_sms_bridge_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-sms-bridge paths exist file: diff --git a/roles/matrix-client-cinny/tasks/setup_install.yml b/roles/matrix-client-cinny/tasks/setup_install.yml index 5571d8d0..48865008 100644 --- a/roles/matrix-client-cinny/tasks/setup_install.yml +++ b/roles/matrix-client-cinny/tasks/setup_install.yml @@ -18,6 +18,10 @@ force_source: "{{ matrix_client_cinny_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_cinny_docker_image_force_pull }}" when: "not matrix_client_cinny_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Cinny repository is present on self-build git: diff --git a/roles/matrix-client-element/tasks/setup_install.yml b/roles/matrix-client-element/tasks/setup_install.yml index 3b877e8e..e9c7096e 100644 --- a/roles/matrix-client-element/tasks/setup_install.yml +++ b/roles/matrix-client-element/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_element_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_element_docker_image_force_pull }}" when: "not matrix_client_element_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Element repository is present on self-build git: diff --git a/roles/matrix-client-hydrogen/tasks/setup_install.yml b/roles/matrix-client-hydrogen/tasks/setup_install.yml index d8372768..0e4868f6 100644 --- a/roles/matrix-client-hydrogen/tasks/setup_install.yml +++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml @@ -19,6 +19,10 @@ force_source: "{{ matrix_client_hydrogen_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_client_hydrogen_docker_image_force_pull }}" when: "not matrix_client_hydrogen_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Hydrogen repository is present on self-build git: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index b8edc596..6c520ee0 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -45,6 +45,10 @@ force_source: "{{ matrix_corporal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_corporal_docker_image_force_pull }}" when: "matrix_corporal_enabled|bool and not matrix_corporal_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Matrix Corporal config installed copy: diff --git a/roles/matrix-coturn/tasks/setup_install.yml b/roles/matrix-coturn/tasks/setup_install.yml index f5726e32..621177e5 100644 --- a/roles/matrix-coturn/tasks/setup_install.yml +++ b/roles/matrix-coturn/tasks/setup_install.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_coturn_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_coturn_docker_image_force_pull }}" when: "not matrix_coturn_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure Coturn repository is present on self-build diff --git a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml index b2f6834d..a18ad065 100644 --- a/roles/matrix-dendrite/tasks/dendrite/setup_install.yml +++ b/roles/matrix-dendrite/tasks/dendrite/setup_install.yml @@ -23,6 +23,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_dendrite_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dendrite_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Dendrite signing key exists stat: diff --git a/roles/matrix-dimension/tasks/setup_install.yml b/roles/matrix-dimension/tasks/setup_install.yml index 4225da3f..1ba4f2d4 100644 --- a/roles/matrix-dimension/tasks/setup_install.yml +++ b/roles/matrix-dimension/tasks/setup_install.yml @@ -92,6 +92,9 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}" when: "not matrix_dimension_container_image_self_build|bool" register: matrix_dimension_pull_results + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: matrix_dimension_pull_results is not failed - name: Ensure dimension repository is present on self-build git: diff --git a/roles/matrix-dynamic-dns/tasks/install.yml b/roles/matrix-dynamic-dns/tasks/install.yml index e2e4f043..4dffe681 100644 --- a/roles/matrix-dynamic-dns/tasks/install.yml +++ b/roles/matrix-dynamic-dns/tasks/install.yml @@ -7,6 +7,10 @@ force_source: "{{ matrix_dynamic_dns_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dynamic_dns_docker_image_force_pull }}" when: matrix_dynamic_dns_enabled|bool and not matrix_dynamic_dns_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Dynamic DNS paths exist file: diff --git a/roles/matrix-email2matrix/tasks/setup_install.yml b/roles/matrix-email2matrix/tasks/setup_install.yml index 44f2ef7d..74e7c676 100644 --- a/roles/matrix-email2matrix/tasks/setup_install.yml +++ b/roles/matrix-email2matrix/tasks/setup_install.yml @@ -28,6 +28,10 @@ force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" when: "not matrix_email2matrix_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Email2Matrix repository is present on self-build git: diff --git a/roles/matrix-etherpad/tasks/setup_install.yml b/roles/matrix-etherpad/tasks/setup_install.yml index 27832e14..6f276e05 100644 --- a/roles/matrix-etherpad/tasks/setup_install.yml +++ b/roles/matrix-etherpad/tasks/setup_install.yml @@ -22,6 +22,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_etherpad_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_etherpad_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-etherpad.service installed template: diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 5f9d21c1..95a0ba53 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_grafana_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_grafana_docker_image_force_pull }}" when: "matrix_grafana_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure grafana paths exists file: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index 2bb781c1..d85e0703 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jicofo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jicofo_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jicofo environment variables file created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index 3b3b8dbf..b007ede8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -23,6 +23,10 @@ force_source: "{{ matrix_jitsi_jvb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_jvb_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-jvb configuration files created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 437e1e9c..301fa82f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -24,6 +24,10 @@ force_source: "{{ matrix_jitsi_prosody_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-prosody environment variables file is created template: diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 0a4d43b0..ea831490 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -25,6 +25,10 @@ force_source: "{{ matrix_jitsi_web_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_web_docker_image_force_pull }}" when: matrix_jitsi_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure jitsi-web environment variables file created template: diff --git a/roles/matrix-ma1sd/tasks/setup_install.yml b/roles/matrix-ma1sd/tasks/setup_install.yml index 27e74d10..c56c81f9 100644 --- a/roles/matrix-ma1sd/tasks/setup_install.yml +++ b/roles/matrix-ma1sd/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_ma1sd_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ma1sd_docker_image_force_pull }}" when: "not matrix_ma1sd_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - block: - name: Ensure gradle is installed for self-building (Debian) diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 1ac4f339..5ad02a57 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -51,6 +51,10 @@ force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-mailer.service installed template: diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 373bc55b..92454e96 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -184,6 +184,10 @@ force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}" when: matrix_nginx_proxy_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-nginx-proxy.service installed template: diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 72329db3..701d8dd3 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -21,6 +21,10 @@ force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" when: matrix_postgres_backup_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres backup paths exist file: diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 46186a4d..43192475 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -43,6 +43,10 @@ force_source: "{{ matrix_postgres_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_docker_image_force_pull }}" when: matrix_postgres_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Postgres paths exist file: diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 419f3592..21d0b55d 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" when: "matrix_prometheus_node_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-node-exporter.service installed template: diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml index a6c49816..08ffe708 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" when: "matrix_prometheus_postgres_exporter_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-prometheus-postgres-exporter.service installed template: diff --git a/roles/matrix-prometheus/tasks/setup_install.yml b/roles/matrix-prometheus/tasks/setup_install.yml index d3512f1b..e0fe8cf6 100644 --- a/roles/matrix-prometheus/tasks/setup_install.yml +++ b/roles/matrix-prometheus/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_prometheus_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Prometheus paths exists file: diff --git a/roles/matrix-redis/tasks/setup_redis.yml b/roles/matrix-redis/tasks/setup_redis.yml index a37174a3..df1d1736 100644 --- a/roles/matrix-redis/tasks/setup_redis.yml +++ b/roles/matrix-redis/tasks/setup_redis.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_redis_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_redis_docker_image_force_pull }}" when: matrix_redis_enabled|bool + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure redis paths exist file: diff --git a/roles/matrix-registration/tasks/setup_install.yml b/roles/matrix-registration/tasks/setup_install.yml index ac9a4e67..2b5beafa 100644 --- a/roles/matrix-registration/tasks/setup_install.yml +++ b/roles/matrix-registration/tasks/setup_install.yml @@ -52,6 +52,10 @@ force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}" when: "not matrix_registration_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-registration repository is present when self-building git: diff --git a/roles/matrix-sygnal/tasks/setup_install.yml b/roles/matrix-sygnal/tasks/setup_install.yml index 0be6fbe0..1a6ce186 100644 --- a/roles/matrix-sygnal/tasks/setup_install.yml +++ b/roles/matrix-sygnal/tasks/setup_install.yml @@ -6,6 +6,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_sygnal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sygnal_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure Sygnal paths exists file: diff --git a/roles/matrix-synapse-admin/tasks/setup.yml b/roles/matrix-synapse-admin/tasks/setup.yml index ab1e6d46..2243706b 100644 --- a/roles/matrix-synapse-admin/tasks/setup.yml +++ b/roles/matrix-synapse-admin/tasks/setup.yml @@ -11,6 +11,10 @@ force_source: "{{ matrix_synapse_admin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_admin_docker_image_force_pull }}" when: "matrix_synapse_admin_enabled|bool and not matrix_synapse_admin_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Ensure matrix-synapse-admin repository is present when self-building git: diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 9e3870e5..d3781520 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -8,6 +8,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_s3_goofys_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_s3_goofys_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml index ad8497cc..1aaf3a81 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/main.yml @@ -48,6 +48,10 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Generate rust-synapse-compress-state room find command set_fact: diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 731be003..deedd7bd 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -54,6 +54,10 @@ force_source: "{{ matrix_synapse_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_docker_image_force_pull }}" when: "not matrix_synapse_container_image_self_build" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed - name: Check if a Synapse signing key exists stat: From 1c1b705b22465c3a3aa0c54b81a7142667f4041b Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 17:32:20 +0200 Subject: [PATCH 02/48] fix typo --- roles/matrix-base/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index f8e01ba3..ae39d00a 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -67,7 +67,7 @@ matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_ar matrix_container_global_registry_prefix: "docker.io/" -# Each docker pull will retry on failed attemt 10 times with deplay of 10 seconds between each attempt. +# Each docker pull will retry on failed attempt 10 times with delay of 10 seconds between each attempt. matrix_container_retries_count: 10 matrix_container_retries_delay: 10 From c741a7485334f6feeda8b08469359f6cacce531d Mon Sep 17 00:00:00 2001 From: Aine Date: Thu, 17 Mar 2022 18:41:05 +0200 Subject: [PATCH 03/48] Switch mx-puppet-slack to the beeper fork --- docs/configuring-playbook-bridge-mx-puppet-slack.md | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 10 ++++++---- .../tasks/setup_install.yml | 3 ++- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 0630270f..8db159d7 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -4,8 +4,8 @@ [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook. -The playbook can install and configure -[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. +The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of +[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bf5c6dfa..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -1,6 +1,6 @@ --- # Mx Puppet Slack is a Matrix <-> Slack bridge -# See: https://github.com/Sorunome/mx-puppet-slack +# See: https://gitlab.com/beeper/mx-puppet-monorepo (originally based on https://github.com/Sorunome/mx-puppet-slack) matrix_mx_puppet_slack_enabled: true @@ -8,7 +8,9 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" # Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). # @@ -16,8 +18,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru matrix_mx_puppet_slack_container_http_host_bind_port: '' matrix_mx_puppet_slack_version: latest -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" -matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" +matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml index 23301eab..b064ee83 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -79,6 +79,7 @@ repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}" dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" force: "yes" + version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}" register: matrix_mx_puppet_slack_git_pull_results when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" @@ -89,7 +90,7 @@ force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_git_pull_results.changed }}" build: - dockerfile: Dockerfile + dockerfile: "{{ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path }}" path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" pull: true when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" From d5a79538a6779a1bda2b058e8cefba2947b9d66a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iikka=20J=C3=A4rvenp=C3=A4=C3=A4?= <41309685+iikkart@users.noreply.github.com> Date: Thu, 17 Mar 2022 20:20:43 +0000 Subject: [PATCH 04/48] Improved documentation about permissions More info: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1699 --- ...onfiguring-playbook-bridge-mautrix-telegram.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 0ac6c103..924de8ca 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -49,4 +49,19 @@ If you want to use the relay-bot feature ([relay bot documentation](https://docs ```yaml matrix_mautrix_telegram_bot_token: YOUR_TELEGRAM_BOT_TOKEN +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '*': relaybot ``` + +You might also want to give permissions to administrate the bot: +```yaml +matrix_mautrix_telegram_configuration_extension_yaml: | + bridge: + permissions: + '@user:DOMAIN': admin +``` + +More details about permissions in this example: +https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml#L410 From b242559df50c0f23c35c83ecf83ec43b27c0c701 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 22 Mar 2022 12:56:04 +0100 Subject: [PATCH 05/48] add detailed docs about hookshot's URLs --- docs/configuring-playbook-bridge-hookshot.md | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 0df0036b..f4cc232d 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -16,10 +16,29 @@ Refer to the [official instructions](https://matrix-org.github.io/matrix-hooksho 2. Take special note of the `matrix_hookshot_*_enabled` variables. Services that need no further configuration are enabled by default (GitLab, Generic), while you must first add the required configuration and enable the others (GitHub, Jira, Figma). 3. If you're setting up the GitHub bridge, you'll need to generate and download a private key file after you created your GitHub app. Copy the contents of that file to the variable `matrix_hookshot_github_private_key` so the playbook can install it for you, or use one of the [other methods](#manage-github-private-key-with-matrix-aux-role) explained below. 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Hookshot can be set up individually using the tag `setup-hookshot`. -5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. Note that the different listeners are bound to certain paths (see `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml)): by default webhooks root is `/hookshot/webhooks/`. +5. Refer to [Hookshot's official instructions](https://matrix-org.github.io/matrix-hookshot/usage.html) to start using the bridge. **Important:** Note that the different listeners are bound to certain paths which might differe from those assumed by the hookshot documentation, see [URLs for bridges setup](urls-for-bridges-setup) below. Other configuration options are available via the `matrix_hookshot_configuration_extension_yaml` and `matrix_hookshot_registration_extension_yaml` variables, see the comments in [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) for how to use them. +### URLs for bridges setup + +All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). + +| Listener | default path | variable | used as | +|---|---|---|---| +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | +| jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | +| figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | +| provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | GitHub "Webhook URL" | +| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | +| widgets | | | not supported | + +See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). + +The different listeners are also reachable *internally* in the docker-network via the container's name (configured by `matrix_hookshot_container_url`) and on different ports (e.g. `matrix_hookshot_appservice_port`). Read [main.yml](/roles/matrix-bridge-hookshot/defaults/main.yml) in detail for more info. + ### Manage GitHub Private Key with matrix-aux role The GitHub bridge requires you to install a private key file. This can be done in multiple ways: From 81d198b5b68fb2107f91563c0fa95cc490589d21 Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Tue, 22 Mar 2022 12:59:12 +0100 Subject: [PATCH 06/48] !fixup add detailed docs about hookshot's URLs --- docs/configuring-playbook-bridge-hookshot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index f4cc232d..5639f159 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -31,7 +31,7 @@ All of the following endpoints are reachable on your `matrix.` subdomain (if the | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | -| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | GitHub "Webhook URL" | +| appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | | metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | | widgets | | | not supported | From 41f948c48bfebee0ece70386ad6be3ae3030c2d5 Mon Sep 17 00:00:00 2001 From: Peter Date: Tue, 22 Mar 2022 13:34:05 +0100 Subject: [PATCH 07/48] Update mautrix-whatsapp 0.2.4 -> 0.3.0 --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 68634746..6aae2015 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.2.4 +matrix_mautrix_whatsapp_version: v0.3.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From d04162b275386d7d754ca534a25a2b32606e150f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Mar 2022 19:35:21 +0200 Subject: [PATCH 08/48] Upgrade Synapse (1.54.0 -> 1.55.0) `roles/matrix-synapse/vars/workers.yml` has not been updated here, because running `roles/matrix-synapse/files/workers-doc-to-yaml.awk` seems to cause some trouble with the current `workers.md` file available at https://github.com/matrix-org/synapse/raw/master/docs/workers.md, namely lots of: > FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually lines and commented out regex lines. This is something that remains to be investigated/fixed. --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 42 ++++++++++++++++++- 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index c7be1b43..80f2781b 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.54.0 +matrix_synapse_version: v1.55.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 29986c2e..63e3b7ad 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1977,8 +1977,14 @@ saml2_config: # # localpart_template: Jinja2 template for the localpart of the MXID. # If this is not set, the user will be prompted to choose their -# own username (see 'sso_auth_account_details.html' in the 'sso' -# section of this file). +# own username (see the documentation for the +# 'sso_auth_account_details.html' template). This template can +# use the 'localpart_from_email' filter. +# +# confirm_localpart: Whether to prompt the user to validate (or +# change) the generated localpart (see the documentation for the +# 'sso_auth_account_details.html' template), instead of +# registering the account right away. # # display_name_template: Jinja2 template for the display name to set # on first login. If unset, no displayname will be set. @@ -3013,4 +3019,36 @@ redis: password: {{ matrix_synapse_redis_password }} +## Background Updates ## + +# Background updates are database updates that are run in the background in batches. +# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to +# sleep can all be configured. This is helpful to speed up or slow down the updates. +# +background_updates: + # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set + # a time to change the default. + # + #background_update_duration_ms: 500 + + # Whether to sleep between updates. Defaults to True. Uncomment to change the default. + # + #sleep_enabled: false + + # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment + # and set a duration to change the default. + # + #sleep_duration_ms: 300 + + # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and + # set a size to change the default. + # + #min_batch_size: 10 + + # The batch size to use for the first iteration of a new background update. The default is 100. + # Uncomment and set a size to change the default. + # + #default_batch_size: 50 + + # vim:ft=yaml From 07e68d48de5e1795913a77d6b72601581af6f01f Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Tue, 22 Mar 2022 20:37:40 +0100 Subject: [PATCH 09/48] Update Mjolnir from 1.3.2 to 1.4.1 --- roles/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-mjolnir/defaults/main.yml b/roles/matrix-bot-mjolnir/defaults/main.yml index cfb0d06d..0093576c 100644 --- a/roles/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.3.2" +matrix_bot_mjolnir_version: "v1.4.1" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From 97865484bd8d33b6c399f7326b8651a27a049499 Mon Sep 17 00:00:00 2001 From: pulmonarycosignerkindness <70479260+pulmonarycosignerkindness@users.noreply.github.com> Date: Wed, 23 Mar 2022 19:17:54 +0000 Subject: [PATCH 10/48] Update mjolnir antispam commit hash Changed the commit hash in matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version to latest. Fixes a Synapse ImportError with mjolnir v1.4.1 leading to a Synapse crash-loop. --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 80f2781b..f028de98 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -525,7 +525,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "70f353fbbad0af469b1001080dea194d512b2815" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default From 38f2dc45534e36d7bc6fc9f890c156699c29a864 Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Thu, 24 Mar 2022 15:54:36 -0400 Subject: [PATCH 11/48] Synapse 1.55.0 -> Synapse 1.55.2 This is a minor hotfix, needs to be bumped though or new deploys will break (existing deploys not affected by bug). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f028de98..65ca3e10 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.55.0 +matrix_synapse_version: v1.55.2 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 85627b59adc9e057d7988aba1ae28edaad830f73 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:04:21 +0200 Subject: [PATCH 12/48] Make synapse-compress-state in-container binary path configurable This makes it easier to use another container image for rust-synapse-compress-state, which may be storing the binary at another path. --- roles/matrix-synapse/defaults/main.yml | 1 + .../tasks/rust-synapse-compress-state/compress_room.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 65ca3e10..0008de3d 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -624,6 +624,7 @@ matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-c matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" # Default Synapse configuration template which covers the generic use case. diff --git a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml index 36ef0a3a..e1386c75 100644 --- a/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml +++ b/roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml @@ -12,7 +12,7 @@ --network={{ matrix_docker_network }} --mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work {{ matrix_synapse_rust_synapse_compress_state_docker_image }} - /synapse-compress-state -t -o /work/state-compressor.sql + {{ matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path }} -t -o /work/state-compressor.sql -p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}" -r '{{ room_details.room_id }}' From dac4df738497018ea0b7f48ab8d464ae600ba012 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Mar 2022 10:31:05 +0200 Subject: [PATCH 13/48] Add arm64 support for rust-synapse-compress-state by switching container image This switches the playbook from devture/rust-synapse-compress-state (a container image which wraps the upstream-prebuilt amd64 binary of rust-synapse-compress-state) to registry.gitlab.com/mb-saces/rust-synapse-compress-state (https://gitlab.com/mb-saces/rust-synapse-compress-state), which builds rust-synapse-compress-state from source and provides a multi-arch image that currently works on amd64 and arm64. Ideally, we'll stop using `:latest` and arm32 support will be made available upstream as well at some point. Discussed here: https://gitlab.com/mb-saces/rust-synapse-compress-state/-/issues/1 --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 0008de3d..4cba18fa 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -620,11 +620,11 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "devture/rust-synapse-compress-state:v0.1.0" +matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" -matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/synapse-compress-state" +matrix_synapse_rust_synapse_compress_state_synapse_compress_state_in_container_path: "/usr/local/bin/synapse_compress_state" # Default Synapse configuration template which covers the generic use case. From fc1e15baffc9782d61587cc4382f37f437989eaa Mon Sep 17 00:00:00 2001 From: GoliathLabs Date: Sat, 26 Mar 2022 12:09:42 +0100 Subject: [PATCH 14/48] Updated: to v0.3.1 --- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 168d08f7..e334e8d6 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_googlechat_enabled: true matrix_mautrix_googlechat_container_image_self_build: false matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/mautrix/googlechat.git" -matrix_mautrix_googlechat_version: latest +matrix_mautrix_googlechat_version: v0.3.1 # See: https://mau.dev/mautrix/googlechat/container_registry matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}" matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}" From f29f51a54c4e58199cfc4a9da76eaf9798e4fd6e Mon Sep 17 00:00:00 2001 From: joecool1029 Date: Mon, 28 Mar 2022 13:52:44 -0400 Subject: [PATCH 15/48] Update Element 1.10.7 -> 1.10.8 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index edaa189c..c395efb7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.7 +matrix_client_element_version: v1.10.8 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 9b0323432351c4ee793ad81bccf4f8347204c8ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:14:44 +0200 Subject: [PATCH 16/48] Fix Facebook presence config key --- roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 1f71286e..49c49be8 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -106,7 +106,9 @@ bridge: # If using this for other servers than the bridge's server, # you must also set the URL in the double_puppet_server_map. login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }} - presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }} + # Should presence from Facebook be bridged? This doesn't use the same API as the Android app, + # so it might be more suspicious to Facebook. + presence_from_facebook: {{ matrix_mautrix_facebook_bridge_presence|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true # End-to-bridge encryption support options. These require matrix-nio to be installed with pip From 326b1090b75f9fab81b282db5becce35374cd084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliv=C3=A9r=20Falvai?= Date: Tue, 29 Mar 2022 22:26:29 +0200 Subject: [PATCH 17/48] Add note about Prometheus retention policy --- docs/configuring-playbook-prometheus-grafana.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 892bffb2..f178def2 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -25,6 +25,8 @@ matrix_grafana_default_admin_password: "some_strong_password_chosen_by_you" By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.`. +The retention policy of Prometheus metrics is [15 days by default](https://prometheus.io/docs/prometheus/latest/storage/#operational-aspects). Older data gets deleted automatically. + ## What does it do? From 0103d92df4a28bef7182e161ce3ca9cc4ff596f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Mar 2022 09:02:17 +0300 Subject: [PATCH 18/48] Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 We're using a pinned commit of this fork, which patches up the npm/yarn lock files, so that self-building of the Discord and Slack bridges can work after GitHub's deprecation of the `git://` and `ssh://` protocols (https://github.blog/2021-09-01-improving-git-protocol-security-github/). When the issue gets fixed in the Beeper fork (via https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35 or otherwise), we'll get back on it. --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 52257689..03bac4e5 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: latest +matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index bb92c1d8..63549bc4 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From ea358e208c36ceabf2bd6441677c5fd026cdde3c Mon Sep 17 00:00:00 2001 From: Kim Brose Date: Wed, 30 Mar 2022 14:18:21 +0200 Subject: [PATCH 19/48] Upgrade Hookshot (1.2.0 -> 1.3.0) --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index e6be626e..01dd43b0 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,7 +5,7 @@ matrix_hookshot_enabled: true -matrix_hookshot_version: 1.2.0 +matrix_hookshot_version: 1.3.0 matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From 999c717cf452efc94ef72f125ec6c2aa1a7c43f4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 31 Mar 2022 08:37:24 +0300 Subject: [PATCH 20/48] Revert "Temporarily switch to Myned-maintained fork of mx-puppet-discord/mx-puppet-slack" This reverts commit 0103d92df4a28bef7182e161ce3ca9cc4ff596f0. The same fix has now been merged upstream (https://gitlab.com/beeper/mx-puppet-monorepo/-/merge_requests/35), so we don't need to use a fork anymore. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1719 --- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 4 ++-- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 03bac4e5..52257689 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,7 @@ matrix_mx_puppet_discord_enabled: true matrix_mx_puppet_discord_container_image_self_build: false -matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_discord_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo" matrix_mx_puppet_discord_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_discord_version == 'latest' else matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Dockerfile-discord" @@ -20,7 +20,7 @@ matrix_mx_puppet_discord_container_image_self_build_dockerfile_path: "docker/Doc # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_discord_version: latest matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}beeper/mx-puppet-monorepo/discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 63549bc4..bb92c1d8 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mx_puppet_slack_oauth_client_id: '' matrix_mx_puppet_slack_oauth_client_secret: '' matrix_mx_puppet_slack_container_image_self_build: false -matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/Myned/mx-puppet-monorepo" +matrix_mx_puppet_slack_container_image_self_build_repo: "https://gitlab.com/beeper/mx-puppet-monorepo.git" matrix_mx_puppet_slack_container_image_self_build_version: "{{ 'main' if matrix_mx_puppet_slack_version == 'latest' else matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Dockerfile-slack" @@ -17,7 +17,7 @@ matrix_mx_puppet_slack_container_image_self_build_dockerfile_path: "docker/Docke # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_version: 40f3142032bacec6333f4bbc051d5e30af88de9c +matrix_mx_puppet_slack_version: latest matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}beeper/mx-puppet-monorepo/slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" From 5f0ece0c28b3c4ee510d51de63e2ba67c2009de5 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 3 Apr 2022 00:49:57 +0300 Subject: [PATCH 21/48] fix permissions --- roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml | 4 ++++ roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 2 ++ roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 4 ++++ roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml | 2 ++ roles/matrix-postgres/tasks/setup_postgres.yml | 2 ++ 6 files changed, 18 insertions(+) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml index d85e0703..0cb7043f 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jicofo.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jicofo/env.j2" dest: "{{ matrix_jitsi_jicofo_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -39,6 +41,8 @@ template: src: "{{ role_path }}/templates/jicofo/{{ item }}.j2" dest: "{{ matrix_jitsi_jicofo_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - sip-communicator.properties diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml index b007ede8..90bf4a69 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml @@ -32,6 +32,8 @@ template: src: "{{ role_path }}/templates/jvb/{{ item }}.j2" dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-sip-communicator.properties @@ -42,6 +44,8 @@ template: src: "{{ role_path }}/templates/jvb/env.j2" dest: "{{ matrix_jitsi_jvb_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 301fa82f..6db954b8 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -33,6 +33,8 @@ template: src: "{{ role_path }}/templates/prosody/env.j2" dest: "{{ matrix_jitsi_prosody_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index ea831490..feda4ace 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -34,6 +34,8 @@ template: src: "{{ role_path }}/templates/web/env.j2" dest: "{{ matrix_jitsi_web_base_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 when: matrix_jitsi_enabled|bool @@ -41,6 +43,8 @@ template: src: "{{ role_path }}/templates/web/{{ item }}.j2" dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0644 with_items: - custom-config.js diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml index 701d8dd3..73341033 100644 --- a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -41,6 +41,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-backup" diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 43192475..04763a32 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -76,6 +76,8 @@ template: src: "{{ role_path }}/templates/{{ item }}.j2" dest: "{{ matrix_postgres_base_path }}/{{ item }}" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 with_items: - "env-postgres-psql" From b3176957c3cf1e0797a8d1f1796d14b91ed3d1ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:10:46 +0700 Subject: [PATCH 22/48] Add hookshot self build for arm64 and amd64 --- docs/self-building.md | 1 + group_vars/matrix_servers | 2 + .../matrix-bridge-hookshot/defaults/main.yml | 11 ++++- .../tasks/setup_install.yml | 42 +++++++++++++++---- 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..4ec5bb86 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -22,6 +22,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-dimension` - `matrix-ma1sd` - `matrix-mailer` +- `matrix-bridge-hookshot` - `matrix-bridge-appservice-irc` - `matrix-bridge-appservice-slack` - `matrix-bridge-appservice-webhooks` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..8673bb7b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,6 +671,8 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" matrix_hookshot_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.hs.tok') | to_uuid }}" diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 01dd43b0..6dab5cd6 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -5,12 +5,21 @@ matrix_hookshot_enabled: true + +matrix_hookshot_container_image_self_build: false +matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" +matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" + matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" + +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot" +matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src" + matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_hookshot_container_url: 'matrix-hookshot' diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index b4e44c9c..cac9fdca 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -2,26 +2,50 @@ - import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml" +- name: Ensure hookshot paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_hookshot_base_path }}", when: true } + - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + when: item.when|bool + - name: Ensure hookshot image is pulled docker_image: name: "{{ matrix_hookshot_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}" + when: not matrix_hookshot_container_image_self_build register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" until: result is not failed -- name: Ensure hookshot paths exist - file: - path: "{{ item }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - with_items: - - "{{ matrix_hookshot_base_path }}" +- name: Ensure hookshot repository is present on self-build + git: + repo: "{{ matrix_hookshot_container_image_self_build_repo }}" + dest: "{{ matrix_hookshot_docker_src_files_path }}" + version: "{{ matrix_hookshot_container_image_self_build_branch }}" + force: "yes" + register: matrix_hookshot_git_pull_results + when: "matrix_hookshot_container_image_self_build|bool" + +- name: Ensure hookshot Docker image is built + docker_image: + name: "{{ matrix_hookshot_docker_image }}" + source: build + force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_hookshot_docker_src_files_path }}" + pull: yes + when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists stat: From cfd8a9c0f8287065dde2d040e55608ac157373ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 17:19:35 +0700 Subject: [PATCH 23/48] [HOOKSHOT] Fix yamllint --- roles/matrix-bridge-hookshot/tasks/setup_install.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-hookshot/tasks/setup_install.yml b/roles/matrix-bridge-hookshot/tasks/setup_install.yml index cac9fdca..38dc62a3 100644 --- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml +++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml @@ -9,9 +9,9 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - with_items: - - { path: "{{ matrix_hookshot_base_path }}", when: true } - - { path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}" } + with_items: + - {path: "{{ matrix_hookshot_base_path }}", when: true} + - {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"} when: item.when|bool - name: Ensure hookshot image is pulled @@ -44,7 +44,7 @@ build: dockerfile: Dockerfile path: "{{ matrix_hookshot_docker_src_files_path }}" - pull: yes + pull: true when: "matrix_hookshot_container_image_self_build|bool" - name: Check if hookshot passkey exists From b38c7371a912132a82ce52177311379de0518c15 Mon Sep 17 00:00:00 2001 From: RoiArthurB Date: Sun, 3 Apr 2022 17:34:27 +0700 Subject: [PATCH 24/48] [STEAM] Move docker source from icewind1991 to tilosp fixed repo --- docs/self-building.md | 1 + group_vars/matrix_servers | 12 ++++++------ .../matrix-bridge-mx-puppet-steam/defaults/main.yml | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/self-building.md b/docs/self-building.md index ef851f22..a86f03af 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -33,6 +33,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-bridge-mautrix-signal` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-skype` +- `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` - `matrix-bot-honoroit` - `matrix-bot-matrix-reminder-bot` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 32be903a..f01444f2 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -908,7 +908,7 @@ matrix_mx_puppet_discord_database_password: "{{ '%s' | format(matrix_homeserver_ # We don't enable bridges by default. matrix_mx_puppet_steam_enabled: false -matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" matrix_mx_puppet_steam_systemd_required_services_list: | {{ @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index 91675fce..4e3d6bc6 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -5,7 +5,7 @@ matrix_mx_puppet_steam_enabled: true matrix_mx_puppet_steam_container_image_self_build: false -matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git" +matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/tilosp/mx-puppet-steam.git" # Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container). # From 1ce891fc70ce7711008675aa159bb6105f3a3383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Brugi=C3=A8re?= <16764085+RoiArthurB@users.noreply.github.com> Date: Sun, 3 Apr 2022 23:42:29 +0700 Subject: [PATCH 25/48] Revert group_var wrong part reindent --- group_vars/matrix_servers | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f01444f2..26485d68 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,11 +1552,11 @@ matrix_ssl_domains_to_obtain_certificates_for: | }} matrix_ssl_architecture: "{{ - { - 'amd64': 'amd64', - 'arm32': 'arm32v6', - 'arm64': 'arm64v8', - }[matrix_architecture] + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] }}" matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matrix_dynamic_dns_enabled else '' }}" From e7978dbdca91351e235d36ae25a74a0a7266f155 Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Tue, 5 Apr 2022 03:40:37 +0100 Subject: [PATCH 26/48] Dendrite 0.7.0 --- group_vars/matrix_servers | 14 +- roles/matrix-dendrite/defaults/main.yml | 11 +- .../matrix-dendrite/tasks/setup_dendrite.yml | 1 + .../templates/dendrite/dendrite.yaml.j2 | 174 ++++++++---------- .../systemd/matrix-dendrite.service.j2 | 1 + 5 files changed, 82 insertions(+), 119 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 26485d68..de81e2a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1592,15 +1592,11 @@ matrix_postgres_additional_databases: | }] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else []) + ([{ - 'name': matrix_dendrite_naffka_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, - },{ 'name': matrix_dendrite_appservice_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_federationsender_database, + 'name': matrix_dendrite_federationapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ @@ -1615,20 +1611,16 @@ matrix_postgres_additional_databases: | 'name': matrix_dendrite_room_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, - },{ - 'name': matrix_dendrite_singingkeyserver_database, - 'username': matrix_dendrite_database_user, - 'password': matrix_dendrite_database_password, },{ 'name': matrix_dendrite_syncapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_account_database, + 'name': matrix_dendrite_userapi_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ - 'name': matrix_dendrite_device_database, + 'name': matrix_dendrite_pushserver_database, 'username': matrix_dendrite_database_user, 'password': matrix_dendrite_database_password, },{ diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index ec3937c7..99ceb1a0 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,13 +6,14 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.5.1" +matrix_dendrite_docker_image_tag: "v0.7.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" matrix_dendrite_config_dir_path: "{{ matrix_dendrite_base_path }}/config" matrix_dendrite_storage_path: "{{ matrix_dendrite_base_path }}/storage" matrix_dendrite_media_store_path: "{{ matrix_dendrite_storage_path }}/media-store" +matrix_dendrite_nats_storage_path: "{{ matrix_dendrite_base_path }}/nats" matrix_dendrite_ext_path: "{{ matrix_dendrite_base_path }}/ext" # By default, we make Dendrite only serve HTTP (not HTTPS). @@ -114,16 +115,14 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "matrix-postgres" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" -matrix_dendrite_naffka_database: "dendrite_naffka" matrix_dendrite_appservice_database: "dendrite_appservice" -matrix_dendrite_federationsender_database: "dendrite_federationsender" +matrix_dendrite_federationapi_database: "dendrite_federationapi" matrix_dendrite_keyserver_database: "dendrite_keyserver" matrix_dendrite_mediaapi_database: "dendrite_mediaapi" matrix_dendrite_room_database: "dendrite_room" -matrix_dendrite_singingkeyserver_database: "dendrite_sigingkeyserver" matrix_dendrite_syncapi_database: "dendrite_syncapi" -matrix_dendrite_account_database: "dendrite_account" -matrix_dendrite_device_database: "dendrite_device" +matrix_dendrite_userapi_database: "dendrite_userapi" +matrix_dendrite_pushserver_database: "dendrite_pushserver" matrix_dendrite_mscs_database: "dendrite_mscs" matrix_dendrite_turn_uris: [] diff --git a/roles/matrix-dendrite/tasks/setup_dendrite.yml b/roles/matrix-dendrite/tasks/setup_dendrite.yml index cbe0cf84..fc306759 100644 --- a/roles/matrix-dendrite/tasks/setup_dendrite.yml +++ b/roles/matrix-dendrite/tasks/setup_dendrite.yml @@ -9,6 +9,7 @@ with_items: - {path: "{{ matrix_dendrite_config_dir_path }}", when: true} - {path: "{{ matrix_dendrite_ext_path }}", when: true} + - {path: "{{ matrix_dendrite_nats_storage_path }}", when: true} when: "matrix_dendrite_enabled|bool and item.when" - import_tasks: "{{ role_path }}/tasks/dendrite/setup.yml" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 102dd2f5..01bb72f7 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -28,7 +28,7 @@ # connection can be idle in seconds - a negative value is unlimited. # The version of the configuration file. -version: 1 +version: 2 # Global Matrix configuration. This configuration applies to all components. global: @@ -66,34 +66,40 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. - addresses: [] + # Server notices allows server admins to send messages to all users. + server_notices: + enabled: false + # The server localpart to be used when sending notices, ensure this is not yet taken + local_part: "_server" + # The displayname to be used when sending notices + display_name: "Server alerts" + # The mxid of the avatar to use + avatar_url: "" + # The roomname to be used when creating messages + room_name: "Server Alerts" - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. + # Configuration for NATS JetStream + jetstream: + # A list of NATS Server addresses to connect to. If none are specified, an + # internal NATS server will be started automatically when running Dendrite + # in monolith mode. It is required to specify the address of at least one + # NATS Server node if running in polylith mode. + addresses: + # - jetstream:4222 + + # Keep all NATS streams in memory, rather than persisting it to the storage + # path below. This option is present primarily for integration testing and + # should not be used on a real world Dendrite deployment. + in_memory: false + + # Persistent directory to store JetStream streams in. This directory + # should be preserved across Dendrite restarts. + storage_path: "/matrix-nats-store" + + # The prefix to use for stream names for this homeserver - really only + # useful if running more than one Dendrite on the same NATS deployment. topic_prefix: Dendrite - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_naffka_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - # Configuration for Prometheus metric collection. metrics: # Whether or not Prometheus metrics are enabled. @@ -126,11 +132,6 @@ app_service_api: max_idle_conns: 2 conn_max_lifetime: -1 - # Disable the validation of TLS certificates of appservices. This is - # not recommended in production since it may allow appservice traffic - # to be sent to an unverified endpoint. - disable_tls_validation: false - # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -146,6 +147,10 @@ client_api: # using the registration shared secret below. registration_disabled: {{ matrix_dendrite_registration_disabled|to_json }} + # Prevents new guest accounts from being created. Guest registration is also + # disabled implicitly by setting 'registration_disabled' above. + guests_disabled: true + # If set, allows registration by anyone who knows the shared secret, regardless of # whether registration is otherwise disabled. registration_shared_secret: {{ matrix_dendrite_registration_shared_secret|string|to_json }} @@ -175,12 +180,6 @@ client_api: threshold: {{ matrix_dendrite_rate_limiting_threshold|to_json }} cooloff_ms: {{ matrix_dendrite_rate_limiting_cooloff_ms|to_json }} -# Configuration for the EDU server. -edu_server: - internal_api: - listen: http://0.0.0.0:7778 - connect: http://edu_server:7778 - # Configuration for the Federation API. federation_api: internal_api: @@ -188,20 +187,8 @@ federation_api: connect: http://federation_api:7772 external_api: listen: http://0.0.0.0:8072 - - # List of paths to X.509 certificates to be used by the external federation listeners. - # These certificates will be used to calculate the TLS fingerprints and other servers - # will expect the certificate to match these fingerprints. Certificates must be in PEM - # format. - federation_certificates: [] - -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://0.0.0.0:7775 - connect: http://federation_sender:7775 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationsender_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federationapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -221,6 +208,22 @@ federation_sender: host: localhost port: 8080 + # Perspective keyservers to use as a backup when direct key fetches fail. This may + # be required to satisfy key requests for servers that are no longer online when + # joining some rooms. + key_perspectives: + - server_name: matrix.org + keys: + - key_id: ed25519:auto + public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw + - key_id: ed25519:a_RXGa + public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ + + # This option will control whether Dendrite will prefer to look up keys directly + # or whether it should try perspective servers first, using direct fetches as a + # last resort. + prefer_direct_fetch: false + # Configuration for the Key Server (for end-to-end encryption). key_server: internal_api: @@ -261,15 +264,15 @@ media_api: # A list of thumbnail sizes to be generated for media content. thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale + - width: 32 + height: 32 + method: crop + - width: 96 + height: 96 + method: crop + - width: 640 + height: 480 + method: scale # Configuration for experimental MSC's mscs: @@ -295,40 +298,13 @@ room_server: max_idle_conns: 2 conn_max_lifetime: -1 -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://0.0.0.0:7780 - connect: http://signing_key_server:7780 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_singingkeyserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - # Configuration for the Sync API. sync_api: internal_api: listen: http://0.0.0.0:7773 connect: http://sync_api:7773 external_api: - listen: http://0.0.0.0:8073 + listen: http://0.0.0.0:8073 database: connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_syncapi_database }}?sslmode=disable max_open_conns: 10 @@ -343,31 +319,25 @@ sync_api: # Configuration for the User API. user_api: - # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 - # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. - # Setting this lower makes registration/login consume less CPU resources at the cost of security - # should the database be compromised. Setting this higher makes registration/login consume more - # CPU resources but makes it harder to brute force password hashes. - # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) - # bcrypt_cost: 10 internal_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_account_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_userapi_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - device_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_device_database }}?sslmode=disable + +# Configuration for the Push Server API. +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 - # The length of time that a token issued for a relying party from - # /_matrix/client/r0/user/{userId}/openid/request_token endpoint - # is considered to be valid in milliseconds. - # The default lifetime is 3600000ms (60 minutes). - # openid_token_lifetime_ms: 3600000 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e14734dd..e1c42cbc 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -37,6 +37,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} --mount type=bind,src={{ matrix_dendrite_config_dir_path }},dst=/data,ro \ --mount type=bind,src={{ matrix_dendrite_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \ + --mount type=bind,src={{ matrix_dendrite_nats_storage_path }},dst=/matrix-nats-store,bind-propagation=slave \ {% for volume in matrix_dendrite_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ {% endfor %} From a5a3769ca9ceff0a8d8616318fb687b35b82bc07 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Apr 2022 11:37:27 +0000 Subject: [PATCH 27/48] add borg backup (#1727) * add borg backup * lint fix * add exlclude patterns * missed in the #1726 fix for honoroit * feedback * Fix indentation * feedback * feedback * feedback Co-authored-by: Slavi Pantaleev --- README.md | 2 + docs/configuring-playbook-backup-borg.md | 56 +++++++++++ group_vars/matrix_servers | 21 ++++ roles/matrix-backup-borg/defaults/main.yml | 63 ++++++++++++ roles/matrix-backup-borg/tasks/init.yml | 4 + roles/matrix-backup-borg/tasks/main.yml | 23 +++++ .../tasks/setup_install.yml | 97 +++++++++++++++++++ .../tasks/setup_uninstall.yml | 41 ++++++++ .../tasks/validate_config.yml | 10 ++ .../templates/config.yaml.j2 | 32 ++++++ roles/matrix-backup-borg/templates/passwd.j2 | 29 ++++++ roles/matrix-backup-borg/templates/sshkey.j2 | 1 + .../systemd/matrix-backup-borg.service.j2 | 58 +++++++++++ .../systemd/matrix-backup-borg.timer.j2 | 10 ++ .../tasks/setup_install.yml | 2 + setup.yml | 1 + 16 files changed, 450 insertions(+) create mode 100644 docs/configuring-playbook-backup-borg.md create mode 100644 roles/matrix-backup-borg/defaults/main.yml create mode 100644 roles/matrix-backup-borg/tasks/init.yml create mode 100644 roles/matrix-backup-borg/tasks/main.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_install.yml create mode 100644 roles/matrix-backup-borg/tasks/setup_uninstall.yml create mode 100644 roles/matrix-backup-borg/tasks/validate_config.yml create mode 100644 roles/matrix-backup-borg/templates/config.yaml.j2 create mode 100644 roles/matrix-backup-borg/templates/passwd.j2 create mode 100644 roles/matrix-backup-borg/templates/sshkey.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 create mode 100644 roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 diff --git a/README.md b/README.md index 0e6bc51b..631dc297 100644 --- a/README.md +++ b/README.md @@ -121,6 +121,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation +- (optional) the [Borg](https://borgbackup.org) backup - see [docs/configuring-playbook-backup-borg.md](docs/configuring-playbook-backup-borg.md) for setup documentation + Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else. **Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need. diff --git a/docs/configuring-playbook-backup-borg.md b/docs/configuring-playbook-backup-borg.md new file mode 100644 index 00000000..7ca962c8 --- /dev/null +++ b/docs/configuring-playbook-backup-borg.md @@ -0,0 +1,56 @@ +# Setting up borg backup (optional) + +The playbook can install and configure [borgbackup](https://www.borgbackup.org/) with [borgmatic](https://torsion.org/borgmatic/) for you. +BorgBackup is a deduplicating backup program with optional compression and encryption. +That means your daily incremental backups can be stored in a fraction of the space and is safe whether you store it at home or on a cloud service. + +The backup will run based on `matrix_backup_borg_schedule` var (systemd timer calendar), default: 4am every day + +## Prerequisites + +1. Create ssh key on any machine: + +```bash +ssh-keygen -t ed25519 -N '' -f matrix-borg-backup -C matrix +``` + +2. Add public part of that ssh key to your borg provider / server: + +```bash +# example to append the new PUBKEY contents, where: +# PUBKEY is path to the public key, +# USER is a ssh user on a provider / server +# HOST is a ssh host of a provider / server +cat PUBKEY | ssh USER@HOST 'dd of=.ssh/authorized_keys oflag=append conv=notrunc' +``` + +## Adjusting the playbook configuration + +Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable borg backup: + +```yaml +matrix_backup_borg_enabled: true +matrix_backup_borg_location_repositories: + - USER@HOST:REPO +matrix_backup_borg_storage_encryption_passphrase: "PASSPHRASE" +matrix_backup_borg_ssh_key_private: | + PRIVATE KEY +``` + +where: + +* USER - ssh user of a provider / server +* HOST - ssh host of a provider / server +* REPO - borg repository name, it will be initialized on backup start, eg: `matrix` +* PASSPHRASE - super-secret borg passphrase, you may generate it with `pwgen -s 64 1` or use any password manager +* PRIVATE KEY - the content of the public part of the ssh key you created before + +Check the `roles/matrix-backup-borg/defaults/main.yml` for the full list of available options + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 54f0ad38..15032cab 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1095,6 +1095,27 @@ matrix_bot_mjolnir_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-backup-borg +# +###################################################################### + +matrix_backup_borg_enabled: false +matrix_backup_borg_location_source_directories: + - "{{ matrix_base_data_path }}" +matrix_backup_borg_location_exclude_patterns: | + {{ + { + 'synapse': ["{{ matrix_synapse_media_store_path }}/local_thumbnails", "{{ matrix_synapse_media_store_path }}/remote_thumbnail", "{{ matrix_synapse_media_store_path }}/url_cache", "{{ matrix_synapse_media_store_path }}/url_cache_thumbnails"], + }[matrix_homeserver_implementation] + }} + +###################################################################### +# +# /matrix-backup-borg +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-backup-borg/defaults/main.yml b/roles/matrix-backup-borg/defaults/main.yml new file mode 100644 index 00000000..c8a09f7f --- /dev/null +++ b/roles/matrix-backup-borg/defaults/main.yml @@ -0,0 +1,63 @@ +--- +matrix_backup_borg_enabled: true + +matrix_backup_borg_container_image_self_build: false +matrix_backup_borg_docker_repo: "https://github.com/borgmatic-collective/docker-borgmatic" +matrix_backup_borg_docker_src_files_path: "{{ matrix_base_data_path }}/borg/docker-src" + +matrix_backup_borg_version: latest +matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" +matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" +matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') }}" + +matrix_backup_borg_base_path: "{{ matrix_base_data_path }}/backup-borg" +matrix_backup_borg_config_path: "{{ matrix_backup_borg_base_path }}/config" + +# A list of extra arguments to pass to the container +matrix_backup_borg_container_extra_arguments: [] + +# List of systemd services that matrix-backup-borg.service depends on +matrix_backup_borg_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-backup-borg.service wants +matrix_backup_borg_systemd_wanted_services_list: [] + +# systemd calendar configuration for backup job +matrix_backup_borg_schedule: "*-*-* 04:00:00" + +# what directories should be added to backup +matrix_backup_borg_location_source_directories: [] + +# target repositories +matrix_backup_borg_location_repositories: [] + +# exclude following paths: +matrix_backup_borg_location_exclude_patterns: [] + +# borg encryption mode, only repokey-* is supported +matrix_backup_borg_encryption: repokey-blake2 + +# private ssh key used to connect to the borg repo +matrix_backup_borg_ssh_key_private: "" + +# borg ssh command with ssh key +matrix_backup_borg_storage_ssh_command: ssh -o "StrictHostKeyChecking accept-new" -i /etc/borgmatic.d/sshkey + +# compression algorithm +matrix_backup_borg_storage_compression: lz4 + +# archive name format +matrix_backup_borg_storage_archive_name_format: "matrix-{now:%Y-%m-%d-%H%M%S}" + +# repository passphrase +matrix_backup_borg_storage_encryption_passphrase: "" + +# retention configuration +matrix_backup_borg_retention_keep_hourly: 0 +matrix_backup_borg_retention_keep_daily: 7 +matrix_backup_borg_retention_keep_weekly: 4 +matrix_backup_borg_retention_keep_monthly: 12 +matrix_backup_borg_retention_keep_yearly: 2 + +# retention prefix +matrix_backup_borg_retention_prefix: "matrix-" diff --git a/roles/matrix-backup-borg/tasks/init.yml b/roles/matrix-backup-borg/tasks/init.yml new file mode 100644 index 00000000..0a90a2e8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/init.yml @@ -0,0 +1,4 @@ +--- +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-backup-borg.service', 'matrix-backup-borg.timer'] }}" + when: matrix_backup_borg_enabled|bool diff --git a/roles/matrix-backup-borg/tasks/main.yml b/roles/matrix-backup-borg/tasks/main.yml new file mode 100644 index 00000000..0dbf54e1 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_backup_borg_enabled|bool" + tags: + - setup-all + - setup-backup-borg diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml new file mode 100644 index 00000000..f2c65a16 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -0,0 +1,97 @@ +--- +- name: Ensure borg paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_backup_borg_config_path }}", when: true} + - {path: "{{ matrix_backup_borg_docker_src_files_path }}", when: true} + when: "item.when|bool" + +- name: Ensure borg config is created + template: + src: "{{ role_path }}/templates/config.yaml.j2" + dest: "{{ matrix_backup_borg_config_path }}/config.yaml" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg passwd is created + template: + src: "{{ role_path }}/templates/passwd.j2" + dest: "{{ matrix_backup_borg_config_path }}/passwd" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure borg ssh key is created + template: + src: "{{ role_path }}/templates/sshkey.j2" + dest: "{{ matrix_backup_borg_config_path }}/sshkey" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0600 + +- name: Ensure borg image is pulled + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_backup_borg_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_backup_borg_docker_image_force_pull }}" + when: "not matrix_backup_borg_container_image_self_build|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure borg repository is present on self-build + git: + repo: "{{ matrix_backup_borg_docker_repo }}" + dest: "{{ matrix_backup_borg_docker_src_files_path }}" + force: "yes" + register: matrix_backup_borg_git_pull_results + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure borg image is built + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + source: build + force_source: "{{ matrix_backup_borg_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_backup_borg_docker_src_files_path }}" + pull: true + when: "matrix_backup_borg_container_image_self_build|bool" + +- name: Ensure matrix-backup-borg.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + mode: 0644 + register: matrix_backup_borg_systemd_service_result + +- name: Ensure matrix-backup-borg.timer installed + template: + src: "{{ role_path }}/templates/systemd/matrix-backup-borg.timer.j2" + dest: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + mode: 0644 + register: matrix_backup_borg_systemd_timer_result + +- name: Ensure systemd reloaded after matrix-backup-borg.service installation + service: + daemon_reload: true + when: "matrix_backup_borg_systemd_service_result.changed|bool" + +- name: Ensure matrix-backup-borg.service enabled + service: + enabled: true + name: matrix-backup-borg.service + +- name: Ensure matrix-backup-borg.timer enabled + service: + enabled: true + name: matrix-backup-borg.timer diff --git a/roles/matrix-backup-borg/tasks/setup_uninstall.yml b/roles/matrix-backup-borg/tasks/setup_uninstall.yml new file mode 100644 index 00000000..faad44f7 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- +- name: Check existence of matrix-backup-borg service + stat: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + register: matrix_backup_borg_service_stat + +- name: Ensure matrix-backup-borg is stopped + service: + name: matrix-backup-borg + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.service" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure matrix-backup-borg.timer doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-backup-borg.timer" + state: absent + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-backup-borg.service removal + service: + daemon_reload: true + when: "matrix_backup_borg_service_stat.stat.exists|bool" + +- name: Ensure Matrix borg paths don't exist + file: + path: "{{ matrix_backup_borg_base_path }}" + state: absent + +- name: Ensure borg Docker image doesn't exist + docker_image: + name: "{{ matrix_backup_borg_docker_image }}" + state: absent diff --git a/roles/matrix-backup-borg/tasks/validate_config.yml b/roles/matrix-backup-borg/tasks/validate_config.yml new file mode 100644 index 00000000..4d3fb1c8 --- /dev/null +++ b/roles/matrix-backup-borg/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_backup_borg_ssh_key_private" + - "matrix_backup_borg_location_repositories" + - "matrix_backup_borg_storage_encryption_passphrase" diff --git a/roles/matrix-backup-borg/templates/config.yaml.j2 b/roles/matrix-backup-borg/templates/config.yaml.j2 new file mode 100644 index 00000000..89b6ab7d --- /dev/null +++ b/roles/matrix-backup-borg/templates/config.yaml.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True", trim_blocks: "True" + +location: + source_directories: {{ matrix_backup_borg_location_source_directories|to_json }} + repositories: {{ matrix_backup_borg_location_repositories|to_json }} + one_file_system: true + exclude_patterns: {{ matrix_backup_borg_location_exclude_patterns|to_json }} + +storage: + compression: {{ matrix_backup_borg_storage_compression }} + ssh_command: {{ matrix_backup_borg_storage_ssh_command }} + archive_name_format: '{{ matrix_backup_borg_storage_archive_name_format }}' + encryption_passphrase: {{ matrix_backup_borg_storage_encryption_passphrase }} + +retention: + keep_hourly: {{ matrix_backup_borg_retention_keep_hourly }} + keep_daily: {{ matrix_backup_borg_retention_keep_daily }} + keep_weekly: {{ matrix_backup_borg_retention_keep_weekly }} + keep_monthly: {{ matrix_backup_borg_retention_keep_monthly }} + keep_yearly: {{ matrix_backup_borg_retention_keep_yearly }} + prefix: '{{ matrix_backup_borg_retention_prefix }}' + +consistency: + checks: + - repository + - archives + +hooks: + after_backup: + - echo "Backup created." + on_error: + - echo "Error while creating a backup." diff --git a/roles/matrix-backup-borg/templates/passwd.j2 b/roles/matrix-backup-borg/templates/passwd.j2 new file mode 100644 index 00000000..d3665cf4 --- /dev/null +++ b/roles/matrix-backup-borg/templates/passwd.j2 @@ -0,0 +1,29 @@ +{# the passwd file with correct username, UID and GID is mandatory to work with borg over ssh, otherwise ssh connections will fail #} +root:x:0:0:root:/root:/bin/ash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +man:x:13:15:man:/usr/man:/sbin/nologin +postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin +squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin +xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +cyrus:x:85:12::/usr/cyrus:/sbin/nologin +vpopmail:x:89:89::/var/vpopmail:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +{{ matrix_user_username }}:x:{{ matrix_user_uid }}:{{ matrix_user_gid }}:Matrix:/tmp:/bin/ash +nobody:x:65534:65534:nobody:/:/sbin/nologin diff --git a/roles/matrix-backup-borg/templates/sshkey.j2 b/roles/matrix-backup-borg/templates/sshkey.j2 new file mode 100644 index 00000000..999cf38d --- /dev/null +++ b/roles/matrix-backup-borg/templates/sshkey.j2 @@ -0,0 +1 @@ +{{ matrix_backup_borg_ssh_key_private }} diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 new file mode 100644 index 00000000..977673ee --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -0,0 +1,58 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Borg Backup +{% for service in matrix_backup_borg_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_backup_borg_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=oneshot +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} \ + sh -c "borgmatic --init --encryption {{ matrix_backup_borg_encryption }}" + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ + --log-driver=none \ + --cap-drop=ALL \ + --read-only \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --network={{ matrix_docker_network }} \ + --tmpfs=/tmp:rw,noexec,nosuid,size=100m \ + --mount type=bind,src={{ matrix_backup_borg_config_path }}/passwd,dst=/etc/passwd,ro \ + --mount type=bind,src={{ matrix_backup_borg_config_path }},dst=/etc/borgmatic.d,ro \ + {% for source in matrix_backup_borg_location_source_directories %} + --mount type=bind,src={{ source }},dst={{ source }},ro \ + {% endfor %} + {% for arg in matrix_backup_borg_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_backup_borg_docker_image }} + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +SyslogIdentifier=matrix-backup-borg + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 new file mode 100644 index 00000000..541d0020 --- /dev/null +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Matrix Borg Backup timer + +[Timer] +Unit=matrix-backup-borg.service +OnCalendar={{ matrix_backup_borg_schedule }} +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/roles/matrix-bot-honoroit/tasks/setup_install.yml b/roles/matrix-bot-honoroit/tasks/setup_install.yml index 303c5f8b..f3ad9b63 100644 --- a/roles/matrix-bot-honoroit/tasks/setup_install.yml +++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml @@ -43,6 +43,8 @@ template: src: "{{ role_path }}/templates/env.j2" dest: "{{ matrix_bot_honoroit_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" mode: 0640 - name: Ensure honoroit image is pulled diff --git a/setup.yml b/setup.yml index 68740b4a..197d313e 100755 --- a/setup.yml +++ b/setup.yml @@ -14,6 +14,7 @@ - matrix-postgres - matrix-redis - matrix-corporal + - matrix-backup-borg - matrix-bridge-appservice-discord - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks From 627333d82bf1d9b902c44e209a7caadc20227553 Mon Sep 17 00:00:00 2001 From: Luke <19363185+mochman@users.noreply.github.com> Date: Tue, 5 Apr 2022 12:42:38 +0000 Subject: [PATCH 28/48] fix container image --- roles/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 6dab5cd6..78eacdb1 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -12,7 +12,7 @@ matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot matrix_hookshot_version: 1.3.0 -matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" +matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}" From db4b6efb5da80629987672a55a87c4ef370f8bcf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Apr 2022 16:08:11 +0300 Subject: [PATCH 29/48] Force self-building of matrix-hookshot on arm64 The `halfshot/matrix-hookshot` container images published to Docker Hub (as of 2022-04-05, at least) are only available for `amd64`, not for `arm64`. Self-building on arm64 is necessary. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1728 It should be noted that a `roiarthurb/matrix-hookshot` container image is available, which is available for the arm64 platform, but that's non-official and doesn't contain an amd64 build, so it's of limited use. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 15032cab..17acd5e1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -671,7 +671,7 @@ matrix_heisenbridge_systemd_wanted_services_list: | # We don't enable bridges by default. matrix_hookshot_enabled: false -matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" +matrix_hookshot_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}" matrix_hookshot_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'hookshot.as.tok') | to_uuid }}" From 7559eb99a77cbb40e82ba566db9dbeb0ae9bc23a Mon Sep 17 00:00:00 2001 From: Aine Date: Tue, 5 Apr 2022 20:48:15 +0300 Subject: [PATCH 30/48] Update Synapse 1.55.2 -> 1.56.0 --- roles/matrix-synapse/defaults/main.yml | 4 +- .../templates/synapse/homeserver.yaml.j2 | 254 +++++------------- 2 files changed, 74 insertions(+), 184 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 4cba18fa..ec58f233 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.55.2 +matrix_synapse_version: v1.56.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -202,6 +202,8 @@ matrix_synapse_include_profile_data_on_invite: true # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false +# Controls whether people with access to the homeserver can register by themselves without verification (email/msisdn/token) +matrix_synapse_enable_registration_without_verification: false # reCAPTCHA API for validating registration attempts matrix_synapse_enable_registration_captcha: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 63e3b7ad..8a701c4d 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -35,7 +35,7 @@ modules: {{ matrix_synapse_modules|to_json }} # In most cases you should avoid using a matrix specific subdomain such as # matrix.example.com or synapse.example.com as the server_name for the same # reasons you wouldn't use user@email.example.com as your email address. -# See https://github.com/matrix-org/synapse/blob/master/docs/delegate.md +# See https://matrix-org.github.io/synapse/latest/delegate.html # for information on how to host Synapse on a subdomain while preserving # a clean server_name. # @@ -232,9 +232,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # 'all local interfaces'. # # type: the type of listener. Normally 'http', but other valid options are: -# 'manhole' (see docs/manhole.md), -# 'metrics' (see docs/metrics-howto.md), -# 'replication' (see docs/workers.md). +# 'manhole' (see https://matrix-org.github.io/synapse/latest/manhole.html), +# 'metrics' (see https://matrix-org.github.io/synapse/latest/metrics-howto.html), +# 'replication' (see https://matrix-org.github.io/synapse/latest/workers.html). # # tls: set to true to enable TLS for this listener. Will use the TLS # key/cert specified in tls_private_key_path / tls_certificate_path. @@ -259,8 +259,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # client: the client-server API (/_matrix/client), and the synapse admin # API (/_synapse/admin). Also implies 'media' and 'static'. # -# consent: user consent forms (/_matrix/consent). See -# docs/consent_tracking.md. +# consent: user consent forms (/_matrix/consent). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # federation: the server-server API (/_matrix/federation). Also implies # 'media', 'keys', 'openid' @@ -269,12 +269,13 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # # media: the media API (/_matrix/media). # -# metrics: the metrics interface. See docs/metrics-howto.md. +# metrics: the metrics interface. +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # openid: OpenID authentication. # -# replication: the HTTP replication API (/_synapse/replication). See -# docs/workers.md. +# replication: the HTTP replication API (/_synapse/replication). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) @@ -431,9 +432,16 @@ manhole_settings: # sign up in a short space of time never to return after their initial # session. # +# 'mau_limit_alerting' is a means of limiting client side alerting +# should the mau limit be reached. This is useful for small instances +# where the admin has 5 mau seats (say) for 5 specific people and no +# interest increasing the mau limit further. Defaults to True, which +# means that alerting is enabled +# #limit_usage_by_mau: False #max_mau_value: 50 #mau_trial_days: 2 +#mau_limit_alerting: false # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -560,6 +568,15 @@ templates: # #custom_template_directory: /path/to/custom/templates/ +# List of rooms to exclude from sync responses. This is useful for server +# administrators wishing to group users into a room without these users being able +# to see it from their client. +# +# By default, no room is excluded. +# +#exclude_rooms_from_sync: +# - !foo:example.com + # Message retention policy at the server level. # @@ -808,6 +825,12 @@ caches: # 'txn_limit' gives the maximum number of transactions to run per connection # before reconnecting. Defaults to 0, which means no limit. # +# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to +# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended) +# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information +# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here: +# https://wiki.postgresql.org/wiki/Locale_data_changes +# # 'args' gives options which are passed through to the database engine, # except for options starting 'cp_', which are used to configure the Twisted # connection pool. For a reference to valid arguments, see: @@ -1020,7 +1043,7 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # # If you are using a reverse proxy you may also need to set this value in # your reverse proxy's config. Notably Nginx has a small max body size by default. -# See https://matrix-org.github.io/synapse/develop/reverse_proxy.html. +# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" @@ -1171,6 +1194,26 @@ max_spider_size: 10M url_preview_accept_language: {{ matrix_url_preview_accept_language|to_json }} +# oEmbed allows for easier embedding content from a website. It can be +# used for generating URLs previews of services which support it. +# +oembed: + # A default list of oEmbed providers is included with Synapse. + # + # Uncomment the following to disable using these default oEmbed URLs. + # Defaults to 'false'. + # + #disable_default_providers: true + # Additional files with oEmbed configuration (each should be in the + # form of providers.json). + # + # By default, this list is empty (so only the default providers.json + # is used). + # + #additional_providers: + # - oembed/my_providers.json + + ## Captcha ## # See docs/CAPTCHA_SETUP.md for full details of configuring this. @@ -1230,10 +1273,18 @@ turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. -# Enable registration for new users. +# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, +# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration +# without any verification, you must also set `enable_registration_without_verification`, found below. # enable_registration: {{ matrix_synapse_enable_registration|to_json }} +# Enable registration without email or captcha verification. Note: this option is *not* recommended, +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# unless `enable_registration` is also enabled. +# +enable_registration_without_verification: {{ matrix_synapse_enable_registration_without_verification|to_json }} + # Time that a user's session remains valid for, after they log in. # # Note that this is not currently compatible with guest logins. @@ -1283,8 +1334,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # #nonrefreshable_access_token_lifetime: 24h -# The user must provide all of the below types of 3PID when registering. - # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: @@ -1962,7 +2011,7 @@ saml2_config: # # module: The class name of a custom mapping module. Default is # 'synapse.handlers.oidc.JinjaOidcMappingProvider'. -# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers +# See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers # for information on implementing a custom mapping provider. # # config: Configuration for the mapping provider module. This section will @@ -2019,7 +2068,7 @@ saml2_config: # - attribute: groups # value: "admin" # -# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md +# See https://matrix-org.github.io/synapse/latest/openid.html # for information on how to configure these options. # # For backwards compatibility, it is also possible to configure a single OIDC @@ -2044,6 +2093,7 @@ oidc_providers: # token_endpoint: "https://accounts.example.com/oauth2/token" # userinfo_endpoint: "https://accounts.example.com/userinfo" # jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + # skip_verification: true # user_mapping_provider: # config: # subject_claim: "id" @@ -2121,169 +2171,6 @@ sso: # #update_profile_information: true - # Directory in which Synapse will try to find the template files below. - # If not set, or the files named below are not found within the template - # directory, default templates from within the Synapse package will be used. - # - # Synapse will look for the following templates in this directory: - # - # * HTML page to prompt the user to choose an Identity Provider during - # login: 'sso_login_idp_picker.html'. - # - # This is only used if multiple SSO Identity Providers are configured. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL that the user will be redirected to after - # login. - # - # * server_name: the homeserver's name. - # - # * providers: a list of available Identity Providers. Each element is - # an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # The rendered HTML page should contain a form which submits its results - # back as a GET request, with the following query parameters: - # - # * redirectUrl: the client redirect URI (ie, the `redirect_url` passed - # to the template) - # - # * idp: the 'idp_id' of the chosen IDP. - # - # * HTML page to prompt new users to enter a userid and confirm other - # details: 'sso_auth_account_details.html'. This is only shown if the - # SSO implementation (with any user_mapping_provider) does not return - # a localpart. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * idp: details of the SSO Identity Provider that the user logged in - # with: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * user_attributes: an object containing details about the user that - # we received from the IdP. May have the following attributes: - # - # * display_name: the user's display_name - # * emails: a list of email addresses - # - # The template should render a form which submits the following fields: - # - # * username: the localpart of the user's chosen user id - # - # * HTML page allowing the user to consent to the server's terms and - # conditions. This is only shown for new users, and only if - # `user_consent.require_at_registration` is set. - # - # When rendering, this template is given the following variables: - # - # * server_name: the homeserver's name. - # - # * user_id: the user's matrix proposed ID. - # - # * user_profile.display_name: the user's proposed display name, if any. - # - # * consent_version: the version of the terms that the user will be - # shown - # - # * terms_url: a link to the page showing the terms. - # - # The template should render a form which submits the following fields: - # - # * accepted_version: the version of the terms accepted by the user - # (ie, 'consent_version' from the input variables). - # - # * HTML page for a confirmation step before redirecting back to the client - # with the login token: 'sso_redirect_confirm.html'. - # - # When rendering, this template is given the following variables: - # - # * redirect_url: the URL the user is about to be redirected to. - # - # * display_url: the same as `redirect_url`, but with the query - # parameters stripped. The intention is to have a - # human-readable URL to show to users, not to use it as - # the final address to redirect to. - # - # * server_name: the homeserver's name. - # - # * new_user: a boolean indicating whether this is the user's first time - # logging in. - # - # * user_id: the user's matrix ID. - # - # * user_profile.avatar_url: an MXC URI for the user's avatar, if any. - # None if the user has not set an avatar. - # - # * user_profile.display_name: the user's display name. None if the user - # has not set a display name. - # - # * HTML page which notifies the user that they are authenticating to confirm - # an operation on their account during the user interactive authentication - # process: 'sso_auth_confirm.html'. - # - # When rendering, this template is given the following variables: - # * redirect_url: the URL the user is about to be redirected to. - # - # * description: the operation which the user is being asked to confirm - # - # * idp: details of the Identity Provider that we will use to confirm - # the user's identity: an object with the following attributes: - # - # * idp_id: unique identifier for the IdP - # * idp_name: user-facing name for the IdP - # * idp_icon: if specified in the IdP config, an MXC URI for an icon - # for the IdP - # * idp_brand: if specified in the IdP config, a textual identifier - # for the brand of the IdP - # - # * HTML page shown after a successful user interactive authentication session: - # 'sso_auth_success.html'. - # - # Note that this page must include the JavaScript which notifies of a successful authentication - # (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback). - # - # This template has no additional variables. - # - # * HTML page shown after a user-interactive authentication session which - # does not map correctly onto the expected user: 'sso_auth_bad_user.html'. - # - # When rendering, this template is given the following variables: - # * server_name: the homeserver's name. - # * user_id_to_verify: the MXID of the user that we are trying to - # validate. - # - # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) - # attempts to login: 'sso_account_deactivated.html'. - # - # This template has no additional variables. - # - # * HTML page to display to users if something goes wrong during the - # OpenID Connect authentication process: 'sso_error.html'. - # - # When rendering, this template is given two variables: - # * error: the technical name of the error - # * error_description: a human-readable message for the error - # - # You can see the default templates at: - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates - # - #template_dir: "res/templates" - # JSON web token integration. The following settings can be used to make # Synapse JSON web tokens for authentication, instead of its internal @@ -2298,7 +2185,7 @@ sso: # Note that this is a non-standard login type and client support is # expected to be non-existent. # -# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md. +# See https://matrix-org.github.io/synapse/latest/jwt.html. # #jwt_config: # Uncomment the following to enable authorization using JSON web @@ -2477,7 +2364,8 @@ email: #app_name: my_branded_matrix_server app_name: Matrix - # Enable sending emails for messages that the user has missed + # Uncomment the following to enable sending emails for messages that the user + # has missed. Disabled by default. # #enable_notifs: false enable_notifs: true @@ -2754,7 +2642,7 @@ user_directory: # User Consent configuration # # for detailed instructions, see -# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md +# https://matrix-org.github.io/synapse/latest/consent_tracking.html # # Parts of this section are required if enabling the 'consent' resource under # 'listeners', in particular 'template_dir' and 'version'. @@ -2804,7 +2692,7 @@ user_directory: # Settings for local room and user statistics collection. See -# docs/room_and_user_statistics.md. +# https://matrix-org.github.io/synapse/latest/room_and_user_statistics.html. # stats: # Uncomment the following to disable room and user statistics. Note that doing @@ -2919,7 +2807,7 @@ opentracing: #enabled: true # The list of homeservers we wish to send and receive span contexts and span baggage. - # See docs/opentracing.rst. + # See https://matrix-org.github.io/synapse/latest/opentracing.html. # # This is a list of regexes which are matched against the server_name of the # homeserver. From a86757a18d11ff8270ecdbf9dc268fb809187159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= Date: Thu, 7 Apr 2022 01:16:54 +0200 Subject: [PATCH 31/48] mautrix-facebook: update to v0.4.0 --- .../defaults/main.yml | 2 +- .../templates/config.yaml.j2 | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index c9eaa148..d1469863 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git" -matrix_mautrix_facebook_version: v0.3.3 +matrix_mautrix_facebook_version: v0.4.0 matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 49c49be8..c3cb1932 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -12,6 +12,9 @@ homeserver: # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically # updating m.direct. asmux: false + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false # Application service host/registration related details # Changing these values requires regeneration of the registration. @@ -38,6 +41,11 @@ appservice: # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. external: {{ matrix_mautrix_facebook_appservice_public_external|to_json }} + # Allow logging in within Matrix. If false, users can only log in using the web interface. + allow_matrix_login: true + # Segment API key to enable analytics tracking for web server endpoints. Set to null to disable. + # Currently the only events are login start, success and fail. + segment_key: null # The unique ID of this appservice. id: facebook @@ -171,6 +179,8 @@ bridge: # and missed message backfilling when reconnecting. # Set to 0 to always re-sync, or -1 to never re-sync automatically. resync_max_disconnected_time: 5 + # Should the bridge do a resync on startup? + sync_on_startup: true # Whether or not temporary disconnections should send notices to the notice room. # If this is false, disconnections will never send messages and connections will only send # messages if it was disconnected for more than resync_max_disconnected_time seconds. @@ -194,6 +204,34 @@ bridge: permissions: '{{ matrix_mautrix_facebook_homeserver_domain }}': user + relay: + # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to Messenger via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: '$sender_displayname sent a file' + m.image: '$sender_displayname sent an image' + m.audio: '$sender_displayname sent an audio file' + m.video: '$sender_displayname sent a video' + m.location: '$sender_displayname sent a location' + +facebook: + device_seed: generate + default_region_hint: ODN + connection_type: WIFI + carrier: Verizon + hni: 311390 + # Python logging configuration. # # See section 16.7.2 of the Python documentation for more info: From 17f8fd003d674eadcb9d3f3396d21cd3fbe74aff Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Thu, 7 Apr 2022 20:01:26 +0800 Subject: [PATCH 32/48] bump mautrix instagram version to 0.1.3 --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index c4d90e6b..4ae2d374 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -7,7 +7,7 @@ matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git" -matrix_mautrix_instagram_version: v0.1.2 +matrix_mautrix_instagram_version: v0.1.3 # See: https://mau.dev/tulir/mautrix-instagram/container_registry matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" From ab3e02c7fd54b1af0c500a77a5ab422d5c1a65a4 Mon Sep 17 00:00:00 2001 From: PC-Admin Date: Sat, 9 Apr 2022 08:48:02 +0800 Subject: [PATCH 33/48] Remove matrix-awx sections --- docs/configuring-awx-system.md | 39 --- group_vars/matrix_servers | 21 -- roles/matrix-awx/defaults/main.yml | 8 - .../scripts/matrix_build_room_list.py | 29 -- .../matrix-awx/surveys/access_export.json.j2 | 42 --- .../matrix-awx/surveys/backup_server.json.j2 | 18 - .../surveys/bridge_discord_appservice.json.j2 | 66 ---- .../surveys/configure_corporal.json.j2 | 88 ----- .../surveys/configure_dimension.json.j2 | 30 -- .../surveys/configure_element.json.j2 | 114 ------- .../configure_element_subdomain.json.j2 | 18 - .../surveys/configure_email_relay.json.j2 | 19 -- .../surveys/configure_jitsi.json.j2 | 31 -- .../surveys/configure_ma1sd.json.j2 | 41 --- .../surveys/configure_mjolnir.json.j2 | 29 -- .../surveys/configure_synapse.json.j2 | 198 ----------- .../surveys/configure_synapse_admin.json.j2 | 18 - .../configure_website_access_export.json.j2 | 54 --- roles/matrix-awx/tasks/backup_server.yml | 101 ------ .../tasks/bridge_discord_appservice.yml | 58 ---- .../tasks/cache_matrix_variables.yml | 13 - .../matrix-awx/tasks/create_session_token.yml | 11 - roles/matrix-awx/tasks/create_user.yml | 41 --- .../tasks/customise_website_access_export.yml | 267 --------------- .../matrix-awx/tasks/delete_session_token.yml | 10 - roles/matrix-awx/tasks/export_server.yml | 43 --- roles/matrix-awx/tasks/import_awx.yml | 7 - .../tasks/load_hosting_and_org_variables.yml | 16 - .../tasks/load_matrix_variables.yml | 16 - roles/matrix-awx/tasks/main.yml | 234 ------------- .../tasks/purge_database_events.yml | 14 - .../matrix-awx/tasks/purge_database_main.yml | 320 ------------------ .../tasks/purge_database_no_local.yml | 14 - .../matrix-awx/tasks/purge_database_users.yml | 14 - roles/matrix-awx/tasks/purge_media_local.yml | 19 -- roles/matrix-awx/tasks/purge_media_main.yml | 111 ------ roles/matrix-awx/tasks/purge_media_remote.yml | 19 -- roles/matrix-awx/tasks/rotate_ssh.yml | 25 -- roles/matrix-awx/tasks/self_check.yml | 108 ------ .../tasks/set_variables_corporal.yml | 243 ------------- .../tasks/set_variables_dimension.yml | 105 ------ .../tasks/set_variables_element.yml | 180 ---------- .../tasks/set_variables_element_subdomain.yml | 43 --- .../matrix-awx/tasks/set_variables_jitsi.yml | 45 --- .../matrix-awx/tasks/set_variables_ma1sd.yml | 102 ------ .../matrix-awx/tasks/set_variables_mailer.yml | 44 --- .../tasks/set_variables_mjolnir.yml | 68 ---- .../tasks/set_variables_synapse.yml | 223 ------------ .../tasks/set_variables_synapse_admin.yml | 44 --- roles/matrix-awx/tasks/update_variables.yml | 32 -- roles/matrix-common-after/tasks/awx_post.yml | 77 ----- roles/matrix-common-after/tasks/main.yml | 5 - setup.yml | 1 - 53 files changed, 3536 deletions(-) delete mode 100644 docs/configuring-awx-system.md delete mode 100755 roles/matrix-awx/defaults/main.yml delete mode 100644 roles/matrix-awx/scripts/matrix_build_room_list.py delete mode 100644 roles/matrix-awx/surveys/access_export.json.j2 delete mode 100644 roles/matrix-awx/surveys/backup_server.json.j2 delete mode 100644 roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_corporal.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_dimension.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_element.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_element_subdomain.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_email_relay.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_jitsi.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_ma1sd.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_mjolnir.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_synapse.json.j2 delete mode 100644 roles/matrix-awx/surveys/configure_synapse_admin.json.j2 delete mode 100755 roles/matrix-awx/surveys/configure_website_access_export.json.j2 delete mode 100644 roles/matrix-awx/tasks/backup_server.yml delete mode 100644 roles/matrix-awx/tasks/bridge_discord_appservice.yml delete mode 100644 roles/matrix-awx/tasks/cache_matrix_variables.yml delete mode 100644 roles/matrix-awx/tasks/create_session_token.yml delete mode 100755 roles/matrix-awx/tasks/create_user.yml delete mode 100755 roles/matrix-awx/tasks/customise_website_access_export.yml delete mode 100644 roles/matrix-awx/tasks/delete_session_token.yml delete mode 100644 roles/matrix-awx/tasks/export_server.yml delete mode 100644 roles/matrix-awx/tasks/import_awx.yml delete mode 100644 roles/matrix-awx/tasks/load_hosting_and_org_variables.yml delete mode 100755 roles/matrix-awx/tasks/load_matrix_variables.yml delete mode 100755 roles/matrix-awx/tasks/main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_events.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_no_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_database_users.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_local.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_main.yml delete mode 100644 roles/matrix-awx/tasks/purge_media_remote.yml delete mode 100644 roles/matrix-awx/tasks/rotate_ssh.yml delete mode 100644 roles/matrix-awx/tasks/self_check.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_corporal.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_dimension.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_element.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_element_subdomain.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_jitsi.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_ma1sd.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_mailer.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_mjolnir.yml delete mode 100755 roles/matrix-awx/tasks/set_variables_synapse.yml delete mode 100644 roles/matrix-awx/tasks/set_variables_synapse_admin.yml delete mode 100644 roles/matrix-awx/tasks/update_variables.yml delete mode 100644 roles/matrix-common-after/tasks/awx_post.yml diff --git a/docs/configuring-awx-system.md b/docs/configuring-awx-system.md deleted file mode 100644 index 3819a0d3..00000000 --- a/docs/configuring-awx-system.md +++ /dev/null @@ -1,39 +0,0 @@ -# Configuring AWX System (optional) - -An AWX setup for managing multiple Matrix servers. - -This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers. - -Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context. - -The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server. - -This system can manage the updates, configuration, import and export, backups and monitoring on its own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy). - -Warning: This system is about to undergo heavy revision, **we do not recommend using it at this time.** - -## Other Required Playbooks - -The following repositories allow you to copy and use this setup: - -[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you. - -[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers. - -[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server. - -[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental. - - -## Does I need an AWX setup to use this? How do I configure it? - -Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation_AWX.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_AWX.md). - -For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal_AWX.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal_AWX.md). - - -## Does I need a front-end WordPress site? And a DigitalOcean account? - -You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context. - -You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 17acd5e1..a1cadd12 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -45,27 +45,6 @@ matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if m ###################################################################### -###################################################################### -# -# matrix-awx -# -###################################################################### - -# We don't enable AWX support by default. -matrix_awx_enabled: false - -matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}" -matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}" -matrix_nginx_proxy_data_path_extension: "{{ '' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/matrix-domain' }}" -matrix_nginx_proxy_base_domain_create_directory: "{{ not matrix_awx_enabled }}" - -###################################################################### -# -# /matrix-awx -# -###################################################################### - - ###################################################################### # # matrix-bridge-appservice-discord diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml deleted file mode 100755 index cb847325..00000000 --- a/roles/matrix-awx/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -matrix_awx_enabled: true - -# Defaults for 'Customise Website + Access Export' template -awx_sftp_auth_method: 'Disabled' -awx_sftp_password: '' -awx_sftp_public_key: '' diff --git a/roles/matrix-awx/scripts/matrix_build_room_list.py b/roles/matrix-awx/scripts/matrix_build_room_list.py deleted file mode 100644 index 94779ca7..00000000 --- a/roles/matrix-awx/scripts/matrix_build_room_list.py +++ /dev/null @@ -1,29 +0,0 @@ - -import sys -import requests -import json - -janitor_token = sys.argv[1] -synapse_container_ip = sys.argv[2] -synapse_container_port = sys.argv[3] - -# collect total amount of rooms - -rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms' -rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token} -rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header) -rooms_raw_python = json.loads(rooms_raw.text) -total_rooms = rooms_raw_python["total_rooms"] - -# build complete room list file - -room_list_file = open("/tmp/room_list_complete.json", "w") - -for i in range(0, total_rooms, 100): - rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i) - rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header) - room_list_file.write(rooms_inc.text) - -room_list_file.close() - -print(total_rooms) diff --git a/roles/matrix-awx/surveys/access_export.json.j2 b/roles/matrix-awx/surveys/access_export.json.j2 deleted file mode 100644 index d5e1f945..00000000 --- a/roles/matrix-awx/surveys/access_export.json.j2 +++ /dev/null @@ -1,42 +0,0 @@ -{ - "name": "Access Export", - "description": "Access the services export.", - "spec": [ - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 deleted file mode 100644 index 559daade..00000000 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Backup Server", - "description": "Performs a backup of the entire service to a remote location.", - "spec": [ - { - "question_name": "Enable Backup", - "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_backup_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_backup_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 b/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 deleted file mode 100644 index 85b00a5f..00000000 --- a/roles/matrix-awx/surveys/bridge_discord_appservice.json.j2 +++ /dev/null @@ -1,66 +0,0 @@ -{ - "name": "Bridge Discord Appservice", - "description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "spec": [ - { - "question_name": "Enable Discord AppService Bridge", - "question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_appservice_discord_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_appservice_discord_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Discord OAuth2 Client ID", - "question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 128, - "default": "{{ matrix_appservice_discord_client_id | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_client_id", - "type": "text" - }, - { - "question_name": "Discord Bot Token", - "question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications", - "required": true, - "min": 0, - "max": 256, - "default": "{{ matrix_appservice_discord_bot_token | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_appservice_discord_bot_token", - "type": "password" - }, - { - "question_name": "Auto-Admin Matrix User", - "question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.", - "required": false, - "min": 0, - "max": 1024, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_user", - "type": "text" - }, - { - "question_name": "Auto-Admin Rooms", - "question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.", - "required": false, - "min": 0, - "max": 4096, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_appservice_discord_admin_rooms", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_corporal.json.j2 b/roles/matrix-awx/surveys/configure_corporal.json.j2 deleted file mode 100755 index dc8cd4fd..00000000 --- a/roles/matrix-awx/surveys/configure_corporal.json.j2 +++ /dev/null @@ -1,88 +0,0 @@ -{ - "name": "Configure Matrix Corporal", - "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", - "spec": [ - { - "question_name": "Enable Corporal", - "question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_corporal_enabled|string|lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_corporal_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Corporal Policy Provider", - "question_description": "Controls what provider policy is used with Matrix Corporal.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_corporal_policy_provider_mode }}", - "choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)", - "new_question": true, - "variable": "awx_corporal_policy_provider_mode", - "type": "multiplechoice" - }, - { - "question_name": "Simple Static File Configuration", - "question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.", - "required": false, - "min": 0, - "max": 65536, - "default": "", - "new_question": true, - "variable": "awx_corporal_simple_static_config", - "type": "textarea" - }, - { - "question_name": "HTTP Pull Mode URI", - "question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.", - "required": false, - "min": 0, - "max": 4096, - "default": "{{ awx_corporal_pull_mode_uri }}", - "new_question": true, - "variable": "awx_corporal_pull_mode_uri", - "type": "text" - }, - { - "question_name": "HTTP Pull Mode Authentication Token", - "question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ awx_corporal_pull_mode_token }}", - "choices": "", - "new_question": true, - "variable": "awx_corporal_pull_mode_token", - "type": "password" - }, - { - "question_name": "Corporal API Authentication Token", - "question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_corporal_http_api_auth_token }}", - "choices": "", - "new_question": true, - "variable": "matrix_corporal_http_api_auth_token", - "type": "password" - }, - { - "question_name": "Raise Synapse Ratelimits", - "question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_corporal_raise_ratelimits }}", - "choices": "Normal\nRaised", - "new_question": true, - "variable": "awx_corporal_raise_ratelimits", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 deleted file mode 100644 index 5f79cfd0..00000000 --- a/roles/matrix-awx/surveys/configure_dimension.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Configure Dimension", - "description": "Configure Dimension, the self-hosted integrations server.", - "spec": [ - { - "question_name": "Enable Dimension", - "question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_dimension_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_dimension_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Dimension Users", - "question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_dimension_users_final | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_dimension_users", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 deleted file mode 100755 index b4021732..00000000 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ /dev/null @@ -1,114 +0,0 @@ -{ - "name": "Configure Element", - "description": "Configure Element web client, Element is the most developed Matrix client software.", - "spec": [ - { - "question_name": "Enable Element-Web", - "question_description": "Set if Element web client is enabled or not.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_client_element_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Theme for Web Client", - "question_description": "Sets the default theme for the web client, can be changed later by individual users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_default_theme }}", - "choices": "light\ndark", - "new_question": true, - "variable": "matrix_client_element_default_theme", - "type": "multiplechoice" - }, - { - "question_name": "Set Branding for Web Client", - "question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'", - "required": false, - "min": 0, - "max": 256, - "default": "{{ matrix_client_element_brand | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_brand", - "type": "text" - }, - { - "question_name": "Set Welcome Page Background", - "question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_branding_welcomeBackgroundUrl", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo", - "question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo", - "type": "text" - }, - { - "question_name": "Set Welcome Page Logo URL", - "question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'", - "required": false, - "min": 0, - "max": 1024, - "default": "{{ matrix_client_element_welcome_logo_link | trim }}", - "choices": "", - "new_question": true, - "variable": "matrix_client_element_welcome_logo_link", - "type": "text" - }, - { - "question_name": "Set Welcome Page Headline", - "question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'", - "required": false, - "min": 0, - "max": 512, - "default": "{{ awx_matrix_client_element_welcome_headline | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_headline", - "type": "text" - }, - { - "question_name": "Set Welcome Page Text", - "question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_matrix_client_element_welcome_text | trim }}", - "choices": "", - "new_question": true, - "variable": "awx_matrix_client_element_welcome_text", - "type": "text" - }, - { - "question_name": "Show Registration Button", - "question_description": "If you show the registration button on the welcome page.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_client_element_registration_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_client_element_registration_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 b/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 deleted file mode 100644 index 8e6aaf28..00000000 --- a/roles/matrix-awx/surveys/configure_element_subdomain.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Element Subdomain", - "description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)", - "spec": [ - { - "question_name": "Set Element Subdomain", - "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.", - "required": false, - "min": 0, - "max": 2048, - "default": "{{ awx_element_subdomain }}", - "choices": "", - "new_question": true, - "variable": "awx_element_subdomain", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_email_relay.json.j2 b/roles/matrix-awx/surveys/configure_email_relay.json.j2 deleted file mode 100644 index 65c21a94..00000000 --- a/roles/matrix-awx/surveys/configure_email_relay.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "Configure Email Relay", - "description": "Enable MailGun relay to increase verification email reliability.", - "spec": [ - { - "question_name": "Enable Email Relay", - "question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_mailer_relay_use | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_mailer_relay_use", - "type": "multiplechoice" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 deleted file mode 100755 index 9cb3044d..00000000 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "name": "Configure Jitsi", - "description": "Configure Jitsi conferencing settings.", - "spec": [ - { - "question_name": "Enable Jitsi", - "question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_jitsi_enabled }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_jitsi_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Set Default Language", - "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes", - "required": false, - "min": 0, - "max": 2, - "default": "{{ matrix_jitsi_web_config_defaultLanguage }}", - "choices": "", - "new_question": true, - "variable": "matrix_jitsi_web_config_defaultLanguage", - "type": "text" - } - ] -} - diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 deleted file mode 100644 index 055e817c..00000000 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ /dev/null @@ -1,41 +0,0 @@ -{ - "name": "Configure ma1sd", - "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", - "spec": [ - { - "question_name": "Enable ma1sd", - "question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_ma1sd_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_ma1sd_enabled", - "type": "multiplechoice" - }, - { - "question_name": "ma1sd Authentication Mode", - "question_description": "Set the source of user account authentication credentials with the ma1sd.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_matrix_ma1sd_auth_store }}", - "choices": "Synapse Internal\nLDAP/AD", - "new_question": true, - "variable": "awx_matrix_ma1sd_auth_store", - "type": "multiplechoice" - }, - { - "question_name": "LDAP/AD Configuration", - "question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }}, - "new_question": true, - "variable": "awx_matrix_ma1sd_configuration_extension_yaml", - "type": "textarea" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 b/roles/matrix-awx/surveys/configure_mjolnir.json.j2 deleted file mode 100644 index 5e1d78f4..00000000 --- a/roles/matrix-awx/surveys/configure_mjolnir.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "name": "Configure Mjolnir", - "description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.", - "spec": [ - { - "question_name": "Enable Mjolnir", - "question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_bot_mjolnir_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Mjolnir Management Room", - "question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'", - "required": true, - "min": null, - "max": null, - "default": "{{ matrix_bot_mjolnir_management_room }}", - "new_question": true, - "variable": "matrix_bot_mjolnir_management_room", - "type": "text" - } - ] -} \ No newline at end of file diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 deleted file mode 100755 index 7a4e711d..00000000 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ /dev/null @@ -1,198 +0,0 @@ -{ - "name": "Configure Synapse", - "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", - "spec": [ - { - "question_name": "Enable Public Registration", - "question_description": "Controls whether people with access to the homeserver can register by themselves.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_registration | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_registration", - "type": "multiplechoice" - }, - { - "question_name": "Enable Federation", - "question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_federation_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_federation_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Allow Public Rooms Over Federation", - "question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_public_rooms_over_federation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Community Creation", - "question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_enable_group_creation | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_enable_group_creation", - "type": "multiplechoice" - }, - { - "question_name": "Enable Synapse Presence", - "question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_presence_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_presence_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable URL Previews", - "question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_url_preview_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_url_preview_enabled", - "type": "multiplechoice" - }, - { - "question_name": "Enable Guest Access", - "question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_allow_guest_access | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_allow_guest_access", - "type": "multiplechoice" - }, - { - "question_name": "Registration Requires Email", - "question_description": "Controls whether an email address is required to register on the server.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_registrations_require_3pid | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_registrations_require_3pid", - "type": "multiplechoice" - }, - { - "question_name": "Registration Shared Secret", - "question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 256, - "default": "", - "choices": "", - "new_question": true, - "variable": "awx_matrix_synapse_registration_shared_secret", - "type": "password" - }, - { - "question_name": "Synapse Max Upload Size", - "question_description": "Sets the maximum size for uploaded files in MB.", - "required": false, - "min": 0, - "max": 3, - "default": "{{ matrix_synapse_max_upload_size_mb }}", - "choices": "", - "new_question": true, - "variable": "awx_synapse_max_upload_size_mb", - "type": "text" - }, - { - "question_name": "URL Preview Languages", - "question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_url_preview_accept_language_default | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_url_preview_accept_language", - "type": "textarea" - }, - { - "question_name": "Federation Whitelist", - "question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_federation_whitelist | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_federation_whitelist", - "type": "textarea" - }, - { - "question_name": "Synapse Auto-Join Rooms", - "question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'", - "required": false, - "min": 0, - "max": 65536, - "default": {{ awx_synapse_auto_join_rooms | to_json }}, - "choices": "", - "new_question": true, - "variable": "awx_synapse_auto_join_rooms", - "type": "textarea" - }, - { - "question_name": "Enable ReCaptcha on Registration", - "question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.", - "required": false, - "min": null, - "max": null, - "default": "{{ awx_enable_registration_captcha | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_enable_registration_captcha", - "type": "multiplechoice" - }, - { - "question_name": "Recaptcha Public Key", - "question_description": "Sets the Google ReCaptcha public key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_public_key", - "type": "text" - }, - { - "question_name": "Recaptcha Private Key", - "question_description": "Sets the Google ReCaptcha private key for this website.", - "required": false, - "min": 0, - "max": 40, - "default": "{{ awx_recaptcha_private_key }}", - "choices": "", - "new_question": true, - "variable": "awx_recaptcha_private_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 b/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 deleted file mode 100644 index 8845b83a..00000000 --- a/roles/matrix-awx/surveys/configure_synapse_admin.json.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Configure Synapse Admin", - "description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.", - "spec": [ - { - "question_name": "Enable Synapse Admin", - "question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.", - "required": false, - "min": null, - "max": null, - "default": "{{ matrix_synapse_admin_enabled | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "matrix_synapse_admin_enabled", - "type": "multiplechoice" - } - ] -} diff --git a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 b/roles/matrix-awx/surveys/configure_website_access_export.json.j2 deleted file mode 100755 index d35fb839..00000000 --- a/roles/matrix-awx/surveys/configure_website_access_export.json.j2 +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Configure Website Access Backup", - "description": "Configure base domain website settings and access the services backup.", - "spec": [ - { - "question_name": "Customise Base Domain Website", - "question_description": "Set if you want to adjust the base domain website using SFTP.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_customise_base_domain_website | string | lower }}", - "choices": "true\nfalse", - "new_question": true, - "variable": "awx_customise_base_domain_website", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Authorisation Method", - "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", - "required": true, - "min": null, - "max": null, - "default": "{{ awx_sftp_auth_method | string }}", - "choices": "Disabled\nPassword\nSSH Key", - "new_question": true, - "variable": "awx_sftp_auth_method", - "type": "multiplechoice" - }, - { - "question_name": "SFTP Password", - "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", - "required": false, - "min": 0, - "max": 64, - "default": "{{ awx_sftp_password }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_password", - "type": "password" - }, - { - "question_name": "SFTP Public SSH Key (More Secure)", - "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", - "required": false, - "min": 0, - "max": 16384, - "default": "{{ awx_sftp_public_key }}", - "choices": "", - "new_question": true, - "variable": "awx_sftp_public_key", - "type": "text" - } - ] -} diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml deleted file mode 100644 index 553eb1b9..00000000 --- a/roles/matrix-awx/tasks/backup_server.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- - -- name: Record Backup Server variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# AWX Settings Start' - with_dict: - 'awx_backup_enabled': '{{ awx_backup_enabled }}' - tags: use-survey - -- name: Save new 'Backup Server' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/backup_server.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - tags: use-survey - -- name: Copy new 'Backup Server' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' - dest: '/matrix/awx/backup_server.json' - mode: '0660' - tags: use-survey - -- name: Recreate 'Backup Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Backup Server" - description: "Performs a backup of the entire service to a remote location." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "backup-server,use-survey" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - tags: use-survey - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' - tags: use-survey - -- name: Run initial backup of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - borgmatic -c /root/.config/borgmatic/config_1.yaml - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - register: _create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - when: awx_backup_enabled|bool - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: _jobs - until: _jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ _create_instances.results }}" - when: awx_backup_enabled|bool - -- name: Perform borg backup of postgres dump - command: borgmatic -c /root/.config/borgmatic/config_2.yaml - when: awx_backup_enabled|bool - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/bridge_discord_appservice.yml b/roles/matrix-awx/tasks/bridge_discord_appservice.yml deleted file mode 100644 index 3c124db3..00000000 --- a/roles/matrix-awx/tasks/bridge_discord_appservice.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- - -- name: Record Bridge Discord AppService variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Bridge Discord AppService Start' - with_dict: - 'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}' - 'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}' - 'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}' - -- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list - set_fact: - awx_appservice_discord_admin_rooms_array: |- - {{ awx_appservice_discord_admin_rooms.splitlines() | to_json }} - when: awx_appservice_discord_admin_rooms | trim | length > 0 - -- name: Promote user to administer (PL100) of each room - command: | - docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100' - with_indexed_items: - - "{{ awx_appservice_discord_admin_rooms_array }}" - when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined ) - -- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json' - -- name: Copy new 'Bridge Discord Appservice' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json' - dest: '/matrix/awx/bridge_discord_appservice.json' - mode: '0660' - -- name: Recreate 'Bridge Discord Appservice' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 3 - Bridge Discord AppService" - description: "Enables a private bridge you can use to connect Matrix rooms to Discord." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,bridge-discord-appservice" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/cache_matrix_variables.yml b/roles/matrix-awx/tasks/cache_matrix_variables.yml deleted file mode 100644 index ca41880a..00000000 --- a/roles/matrix-awx/tasks/cache_matrix_variables.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -- name: Collect current datetime - set_fact: - awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" - -- name: Create cached matrix_vars.yml file location - set_fact: - awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' - -- name: Create cached matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" diff --git a/roles/matrix-awx/tasks/create_session_token.yml b/roles/matrix-awx/tasks/create_session_token.yml deleted file mode 100644 index 7d984b3d..00000000 --- a/roles/matrix-awx/tasks/create_session_token.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -- name: Create a AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: present - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_master_token }}" - register: awx_session_token - no_log: true diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml deleted file mode 100755 index 7d203ed0..00000000 --- a/roles/matrix-awx/tasks/create_user.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# -# Create user and define if they are admin -# -# /usr/local/bin/matrix-synapse-register-user -# - -- name: Set admin bool to zero - set_fact: - awx_admin_bool: 0 - when: awx_admin_access == 'false' - -- name: Examine if server admin set - set_fact: - awx_admin_bool: 1 - when: awx_admin_access == 'true' - -- name: Create user account - command: | - /usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }} - register: awx_cmd_output - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: Result - debug: msg="{{ awx_cmd_output.stdout }}" - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml deleted file mode 100755 index 80d6d795..00000000 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ /dev/null @@ -1,267 +0,0 @@ ---- - -- name: Enable index.html creation if user doesn't wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' - when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool - -- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Base Domain Settings Start' - with_dict: - 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' - when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"' - 'awx_sftp_password': '"{{ awx_sftp_password }}"' - 'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"' - -- name: Record custom 'Customise Website + Access Export' variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Custom Settings Start' - with_dict: - 'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}' - when: awx_customise_base_domain_website is defined - -- name: Reload vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - when: awx_customise_base_domain_website is defined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' - dest: '/matrix/awx/configure_website_access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is defined - -- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: './roles/matrix-awx/surveys/access_export.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - when: awx_customise_base_domain_website is undefined - -- name: Copy new 'Customise Website + Access Export' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' - dest: '/matrix/awx/access_export.json' - mode: '0660' - when: awx_customise_base_domain_website is undefined - -- name: Recreate 'Configure Website + Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" - description: "Configure base domain website settings and access the servers export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is defined - -- name: Recreate 'Access Export' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Access Export" - description: "Access the services export." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-nginx-proxy" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: awx_customise_base_domain_website is undefined - -- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: '*' - update_password: always - when: awx_sftp_password|length == 0 - -- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account - user: - name: sftp - comment: SFTP user to set custom web files and access servers export - shell: /bin/false - home: /home/sftp - group: matrix - password: "{{ awx_sftp_password | password_hash('sha512') }}" - update_password: always - when: awx_sftp_password|length > 0 - -- name: Ensure group "sftp" exists - group: - name: sftp - state: present - -- name: adding existing user 'sftp' to group matrix - user: - name: sftp - groups: sftp - append: true - when: awx_customise_base_domain_website is defined - -- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) - file: - path: /chroot - state: directory - owner: root - group: root - mode: '1755' - -- name: Ensure /chroot/website location exists. - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Ensure /chroot/export location exists - file: - path: /chroot/export - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/.ssh location exists - file: - path: /home/sftp/.ssh - state: directory - owner: sftp - group: sftp - mode: '0700' - -- name: Ensure /home/sftp/authorized_keys exists - file: - path: /home/sftp/.ssh/authorized_keys - state: touch - owner: sftp - group: sftp - mode: '0644' - -- name: Clear authorized_keys file - shell: echo "" > /home/sftp/.ssh/authorized_keys - -- name: Insert public SSH key into authorized_keys file - lineinfile: - path: /home/sftp/.ssh/authorized_keys - line: "{{ awx_sftp_public_key }}" - owner: sftp - group: sftp - mode: '0644' - when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key") - -- name: Remove any existing Subsystem lines - lineinfile: - path: /etc/ssh/sshd_config - state: absent - regexp: '^Subsystem' - -- name: Set SSH Subsystem State - lineinfile: - path: /etc/ssh/sshd_config - insertafter: "^# override default of no subsystems" - line: "Subsystem sftp internal-sftp" - -- name: Add SSH Match User section for disabled auth - blockinfile: - path: /etc/ssh/sshd_config - state: absent - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "Disabled" - -- name: Add SSH Match User section for password auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - PasswordAuthentication yes - when: awx_sftp_auth_method == "Password" - -- name: Add SSH Match User section for publickey auth - blockinfile: - path: /etc/ssh/sshd_config - state: present - block: | - Match User sftp - ChrootDirectory /chroot - PermitTunnel no - X11Forwarding no - AllowTcpForwarding no - AuthorizedKeysFile /home/sftp/.ssh/authorized_keys - when: awx_sftp_auth_method == "SSH Key" - -- name: Restart service ssh.service - service: - name: ssh.service - state: restarted diff --git a/roles/matrix-awx/tasks/delete_session_token.yml b/roles/matrix-awx/tasks/delete_session_token.yml deleted file mode 100644 index a6a52e48..00000000 --- a/roles/matrix-awx/tasks/delete_session_token.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" diff --git a/roles/matrix-awx/tasks/export_server.yml b/roles/matrix-awx/tasks/export_server.yml deleted file mode 100644 index a2b97e79..00000000 --- a/roles/matrix-awx/tasks/export_server.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Run export of /matrix/ and snapshot the database simultaneously - command: "{{ item }}" - with_items: - - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 - - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 - register: awx_create_instances - async: 3600 # Maximum runtime in seconds. - poll: 0 # Fire and continue (never poll) - -- name: Wait for both of these jobs to finish - async_status: - jid: "{{ item.ansible_job_id }}" - register: awx_jobs - until: awx_jobs.finished - delay: 5 # Check every 5 seconds. - retries: 720 # Retry for a full hour. - with_items: "{{ awx_create_instances.results }}" - -- name: Schedule deletion of the export in 24 hours - at: - command: rm /chroot/export/matrix* - count: 1 - units: days - unique: true - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml deleted file mode 100644 index b2154c7a..00000000 --- a/roles/matrix-awx/tasks/import_awx.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -- name: Ensure correct ownership of /matrix/awx - shell: chown -R matrix:matrix /matrix/awx - -- name: Ensure correct ownership of /matrix/synapse - shell: chown -R matrix:matrix /matrix/synapse diff --git a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml b/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml deleted file mode 100644 index 6e8bb899..00000000 --- a/roles/matrix-awx/tasks/load_hosting_and_org_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include vars in organisation.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' - no_log: true - -- name: Include vars in hosting_vars.yml - include_vars: - file: '/var/lib/awx/projects/hosting/hosting_vars.yml' - no_log: true - -- name: Include AWX master token from awx_tokens.yml - include_vars: - file: /var/lib/awx/projects/hosting/awx_tokens.yml - no_log: true diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml deleted file mode 100755 index 7a76f34b..00000000 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- - -- name: Include new vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: If include_vars succeeds overwrite the old matrix_vars.yml - delegate_to: 127.0.0.1 - shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" - -- name: Copy new 'matrix_vars.yml' to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - dest: '/matrix/awx/matrix_vars.yml' - mode: '0660' diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml deleted file mode 100755 index 93128713..00000000 --- a/roles/matrix-awx/tasks/main.yml +++ /dev/null @@ -1,234 +0,0 @@ ---- -# Load initial hosting and organisation variables from AWX volume -- include_tasks: - file: "load_hosting_and_org_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Renames or updates the vars.yml if needed -- include_tasks: - file: "update_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Create AWX session token -- include_tasks: - file: "create_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Perform a backup of the server -- include_tasks: - file: "backup_server.yml" - apply: - tags: backup-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - backup-server - -# Perform a export of the server -- include_tasks: - file: "export_server.yml" - apply: - tags: export-server - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - export-server - -# Create a user account if called -- include_tasks: - file: "create_user.yml" - apply: - tags: create-user - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - create-user - -# Purge local/remote media if called -- include_tasks: - file: "purge_media_main.yml" - apply: - tags: purge-media - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-media - -# Purge Synapse database if called -- include_tasks: - file: "purge_database_main.yml" - apply: - tags: purge-database - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - purge-database - -# Rotate SSH key if called -- include_tasks: - file: "rotate_ssh.yml" - apply: - tags: rotate-ssh - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - rotate-ssh - -# Import configs, media repo from /chroot/backup import -- include_tasks: - file: "import_awx.yml" - apply: - tags: import-awx - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - import-awx - -# Perform extra self-check functions -- include_tasks: - file: "self_check.yml" - apply: - tags: self-check - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - self-check - -# Create cached matrix_vars.yml file -- include_tasks: - file: "cache_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Configure SFTP so user can upload a static website or access the servers export -- include_tasks: - file: "customise_website_access_export.yml" - apply: - tags: setup-nginx-proxy - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-nginx-proxy - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element.yml" - apply: - tags: setup-client-element - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element - -# Additional playbook to set the variable file during Mailer configuration -- include_tasks: - file: "set_variables_mailer.yml" - apply: - tags: setup-mailer - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-mailer - -# Additional playbook to set the variable file during Element configuration -- include_tasks: - file: "set_variables_element_subdomain.yml" - apply: - tags: setup-client-element-subdomain - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-client-element-subdomain - -# Additional playbook to set the variable file during Synapse configuration -- include_tasks: - file: "set_variables_synapse.yml" - apply: - tags: setup-synapse - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse - -# Additional playbook to set the variable file during Jitsi configuration -- include_tasks: - file: "set_variables_jitsi.yml" - apply: - tags: setup-jitsi - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-jitsi - -# Additional playbook to set the variable file during Ma1sd configuration -- include_tasks: - file: "set_variables_ma1sd.yml" - apply: - tags: setup-ma1sd - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-ma1sd - -# Additional playbook to set the variable file during Mjolnir Bot configuration -- include_tasks: - file: "set_variables_mjolnir.yml" - apply: - tags: setup-bot-mjolnir - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-bot-mjolnir - -# Additional playbook to set the variable file during Corporal configuration -- include_tasks: - file: "set_variables_corporal.yml" - apply: - tags: setup-corporal - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-corporal - -# Additional playbook to set the variable file during Dimension configuration -- include_tasks: - file: "set_variables_dimension.yml" - apply: - tags: setup-dimension - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-dimension - -# Additional playbook to set the variable file during Synapse Admin configuration -- include_tasks: - file: "set_variables_synapse_admin.yml" - apply: - tags: setup-synapse-admin - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - setup-synapse-admin - -# Additional playbook to set the variable file during Discord Appservice Bridge configuration -- include_tasks: - file: "bridge_discord_appservice.yml" - apply: - tags: bridge-discord-appservice - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - bridge-discord-appservice - -# Delete AWX session token -- include_tasks: - file: "delete_session_token.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - -# Load newly formed matrix variables from AWX volume -- include_tasks: - file: "load_matrix_variables.yml" - apply: - tags: always - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always diff --git a/roles/matrix-awx/tasks/purge_database_events.yml b/roles/matrix-awx/tasks/purge_database_events.yml deleted file mode 100644 index 586bc17c..00000000 --- a/roles/matrix-awx/tasks/purge_database_events.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N events - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml deleted file mode 100644 index 9882f195..00000000 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ /dev/null @@ -1,320 +0,0 @@ ---- - -- name: Ensure dateutils and curl is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect before shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_before_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_janitors_token - no_log: true - -- name: Copy build_room_list.py script to target machine - copy: - src: ./roles/matrix-awx/scripts/matrix_build_room_list.py - dest: /usr/local/bin/matrix_build_room_list.py - owner: matrix - group: matrix - mode: '0755' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Run build_room_list.py script - shell: | - runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }} - register: awx_rooms_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Fetch complete room list from target machine - fetch: - src: /tmp/room_list_complete.json - dest: "/tmp/{{ subscription_id }}_room_list_complete.json" - flat: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Remove complete room list from target machine - file: - path: /tmp/room_list_complete.json - state: absent - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Generate list of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Count number of rooms with no local users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }' - register: awx_rooms_no_local_total - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Setting host fact awx_room_list_no_local_users - set_fact: - awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" - no_log: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Purge all rooms with no local users - include_tasks: purge_database_no_local.yml - loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}" - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Collect epoche time from date - delegate_to: 127.0.0.1 - shell: | - date -d '{{ awx_purge_date }}' +"%s" - when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - register: awx_purge_epoche_time - -- name: Generate list of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Count number of rooms with more then N users - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }' - register: awx_rooms_join_members_total - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Setting host fact awx_room_list_joined_members - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N users - include_tasks: purge_database_users.yml - loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of users [slower]") != -1 - -- name: Generate list of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Count number of rooms with more then N events - delegate_to: 127.0.0.1 - shell: | - wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }' - register: awx_rooms_state_events_total - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Setting host fact awx_room_list_state_events - delegate_to: 127.0.0.1 - set_fact: - awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - no_log: true - -- name: Purge all rooms with more then N events - include_tasks: purge_database_events.yml - loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}" - when: awx_purge_mode.find("Number of events [slower]") != -1 - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "rust-synapse-compress-state" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Execute rust-synapse-compress-state job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) - -- name: Ensure matrix-synapse is stopped - service: - name: matrix-synapse - state: stopped - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Re-index Synapse database - shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse' - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Ensure matrix-synapse is started - service: - name: matrix-synapse - state: started - daemon_reload: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Adjust 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "run-postgres-vacuum,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Execute run-postgres-vacuum job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_launch: - job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - wait: true - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Revert 'Deploy/Update a Server' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" - description: "Creates a new matrix service with Spantaleev's playbooks" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "setup-all,start" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true - when: (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Cleanup room_list files - delegate_to: 127.0.0.1 - shell: | - rm /tmp/{{ subscription_id }}_room_list* - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - ignore_errors: true - -- name: Collect after shrink size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_after_stat - when: (awx_purge_mode.find("Perform final shrink") != -1) - no_log: true - -- name: Print total number of rooms processed - debug: - msg: '{{ awx_rooms_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with no local users - debug: - msg: '{{ awx_rooms_no_local_total.stdout }}' - when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) - -- name: Print the number of rooms purged with more then N users - debug: - msg: '{{ awx_rooms_join_members_total.stdout }}' - when: awx_purge_mode.find("Number of users") != -1 - -- name: Print the number of rooms purged with more then N events - debug: - msg: '{{ awx_rooms_state_events_total.stdout }}' - when: awx_purge_mode.find("Number of events") != -1 - -- name: Print before purge size of Synapse database - debug: - msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}" - when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 ) - -- name: Print after purge size of Synapse database - debug: - msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}" - when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1) - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_database_no_local.yml b/roles/matrix-awx/tasks/purge_database_no_local.yml deleted file mode 100644 index e464f56d..00000000 --- a/roles/matrix-awx/tasks/purge_database_no_local.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with no local users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_database_users.yml b/roles/matrix-awx/tasks/purge_database_users.yml deleted file mode 100644 index d315a9ef..00000000 --- a/roles/matrix-awx/tasks/purge_database_users.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: Purge all rooms with more then N users - shell: | - curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_local.yml b/roles/matrix-awx/tasks/purge_media_local.yml deleted file mode 100644 index 7ef79eca..00000000 --- a/roles/matrix-awx/tasks/purge_media_local.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge local media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml deleted file mode 100644 index bd7e7d1c..00000000 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- - -- name: Ensure dateutils is installed in AWX - delegate_to: 127.0.0.1 - yum: - name: dateutils - state: latest - -- name: Include vars in matrix_vars.yml - include_vars: - file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - no_log: true - -- name: Ensure curl and jq intalled on target machine - apt: - pkg: - - curl - - jq - state: present - -- name: Collect the internal IP of the matrix-synapse container - shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" - register: awx_synapse_container_ip - -- name: Collect access token for @admin-janitor user - shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' - register: awx_janitors_token - no_log: true - -- name: Generate list of dates to purge to - delegate_to: 127.0.0.1 - shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}" - register: awx_purge_dates - -- name: Calculate initial size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_before - when: awx_purge_media_type == "Local Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate initial size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_before - when: awx_purge_media_type == "Remote Media" - async: 600 - ignore_errors: true - no_log: true - -- name: Purge local media with loop - include_tasks: purge_media_local.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Local Media" - -- name: Purge remote media with loop - include_tasks: purge_media_remote.yml - loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}" - when: awx_purge_media_type == "Remote Media" - -- name: Calculate final size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_after - when: awx_purge_media_type == "Local Media" - ignore_errors: true - no_log: true - -- name: Calculate final size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_after - when: awx_purge_media_type == "Remote Media" - ignore_errors: true - no_log: true - -- name: Print size of local media repository before purge - debug: - msg: "{{ awx_local_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of local media repository after purge - debug: - msg: "{{ awx_local_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Local Media" - -- name: Print size of remote media repository before purge - debug: - msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Print size of remote media repository after purge - debug: - msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}" - when: awx_purge_media_type == "Remote Media" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - awx_end_playbook: true - -- name: End playbook early if this task is called. - meta: end_play - when: awx_end_playbook is defined and awx_end_playbook|bool diff --git a/roles/matrix-awx/tasks/purge_media_remote.yml b/roles/matrix-awx/tasks/purge_media_remote.yml deleted file mode 100644 index 5bb71918..00000000 --- a/roles/matrix-awx/tasks/purge_media_remote.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Collect epoche time from date - shell: | - date -d '{{ item }}' +"%s" - register: awx_epoche_time - -- name: Purge remote media to specific date - shell: | - curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000' - register: awx_purge_command - -- name: Print output of purge command - debug: - msg: "{{ awx_purge_command.stdout }}" - -- name: Pause for 5 seconds to let Synapse breathe - pause: - seconds: 5 diff --git a/roles/matrix-awx/tasks/rotate_ssh.yml b/roles/matrix-awx/tasks/rotate_ssh.yml deleted file mode 100644 index bd59cbc1..00000000 --- a/roles/matrix-awx/tasks/rotate_ssh.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: Set the new authorized key taken from file - authorized_key: - user: root - state: present - exclusive: true - key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" - -- name: Delete the AWX session token for executing modules - awx.awx.tower_token: - description: 'AWX Session Token' - scope: "write" - state: absent - existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}" - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - -- name: Set boolean value to exit playbook - set_fact: - end_playbook: true - -- name: End playbook if this task list is called. - meta: end_play - when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml deleted file mode 100644 index 68e833a4..00000000 --- a/roles/matrix-awx/tasks/self_check.yml +++ /dev/null @@ -1,108 +0,0 @@ ---- - -- name: Install prerequisite apt packages on target - apt: - name: - - sysstat - - curl - state: present - -- name: Install prerequisite yum packages on AWX - delegate_to: 127.0.0.1 - yum: - name: - - bind-utils - state: present - -- name: Install prerequisite pip packages on AWX - delegate_to: 127.0.0.1 - pip: - name: - - dnspython - state: present - -- name: Calculate MAU value - shell: | - curl -s localhost:9000 | grep "^synapse_admin_mau_current " - register: awx_mau_stat - no_log: true - -- name: Calculate CPU usage statistics - shell: iostat -c - register: awx_cpu_usage_stat - no_log: true - -- name: Calculate RAM usage statistics - shell: free -mh - register: awx_ram_usage_stat - no_log: true - -- name: Calculate free disk space - shell: df -h - register: awx_disk_space_stat - no_log: true - -- name: Calculate size of Synapse database - shell: du -sh /matrix/postgres/data - register: awx_db_size_stat - no_log: true - -- name: Calculate size of local media repository - shell: du -sh /matrix/synapse/storage/media-store/local* - register: awx_local_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate size of remote media repository - shell: du -sh /matrix/synapse/storage/media-store/remote* - register: awx_remote_media_size_stat - async: 600 - ignore_errors: true - no_log: true - -- name: Calculate docker container statistics - shell: docker stats --all --no-stream - register: awx_docker_stats - ignore_errors: true - no_log: true - -- name: Print size of remote media repository - debug: - msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}" - when: awx_remote_media_size_stat is defined - -- name: Print size of local media repository - debug: - msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}" - when: awx_local_media_size_stat is defined - -- name: Print size of Synapse database - debug: - msg: "{{ awx_db_size_stat.stdout.split('\n') }}" - when: awx_db_size_stat is defined - -- name: Print free disk space - debug: - msg: "{{ awx_disk_space_stat.stdout.split('\n') }}" - when: awx_disk_space_stat is defined - -- name: Print RAM usage statistics - debug: - msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}" - when: awx_ram_usage_stat is defined - -- name: Print CPU usage statistics - debug: - msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}" - when: awx_cpu_usage_stat is defined - -- name: Print MAU value - debug: - msg: "{{ awx_mau_stat.stdout.split('\n') }}" - when: awx_mau_stat is defined - -- name: Print docker container statistics - debug: - msg: "{{ awx_docker_stats.stdout.split('\n') }}" - when: awx_docker_stats is defined diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml deleted file mode 100755 index 007ae59f..00000000 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ /dev/null @@ -1,243 +0,0 @@ ---- - -- name: Record Corporal Enabled/Disabled variable - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - -- name: Enable Shared Secret Auth if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Shared Secret Auth if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Shared Secret Auth Settings Start' - with_dict: - 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Enable Rest Auth Endpoint if Corporal enabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' - when: matrix_corporal_enabled|bool - -- name: Disable Rest Auth Endpoint if Corporal disabled - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' - when: not matrix_corporal_enabled|bool - -- name: Disable Corporal API if Simple Static File mode selected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'false' - when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) - -- name: Enable Corporal API if Push/Pull mode delected - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_enabled': 'true' - when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) - -- name: Record Corporal API Access Token if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Corporal Settings Start' - with_dict: - 'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' - when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" ) - -- name: Record 'Simple Static File' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: "# Corporal Policy Provider Settings End" - marker_begin: "Corporal" - marker_end: "Corporal" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "static_file", - "Path": "/etc/matrix-corporal/corporal-policy.json" - } - when: awx_corporal_policy_provider_mode == "Simple Static File" - -- name: Touch the /matrix/corporal/ directory - file: - path: "/matrix/corporal/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/config/ directory - file: - path: "/matrix/corporal/config/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the /matrix/corporal/cache/ directory - file: - path: "/matrix/corporal/cache/" - state: directory - owner: matrix - group: matrix - mode: '750' - -- name: Touch the corporal-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/corporal-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Touch the last-policy.json file to ensure it exists - file: - path: "/matrix/corporal/config/last-policy.json" - state: touch - owner: matrix - group: matrix - mode: '660' - -- name: Record 'Simple Static File' configuration content in corporal-policy.json - copy: - content: "{{ awx_corporal_simple_static_config | string }}" - dest: "/matrix/corporal/config/corporal-policy.json" - owner: matrix - group: matrix - mode: '660' - when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0) - -- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "http", - "Uri": "{{ awx_corporal_pull_mode_uri }}", - "AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}", - "CachePath": "/var/cache/matrix-corporal/last-policy.json", - "ReloadIntervalSeconds": 1800, - "TimeoutMilliseconds": 30000 - } - when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0) - -- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: "# Corporal Policy Provider Settings Start" - block: | - matrix_corporal_policy_provider_config: | - { - "Type": "last_seen_store_policy", - "CachePath": "/var/cache/matrix-corporal/last-policy.json" - } - when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)") - -- name: Lower RateLimit if set to 'Normal' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - when: awx_corporal_raise_ratelimits == "Normal" - -- name: Raise RateLimit if set to 'Raised' - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3' - replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300' - when: awx_corporal_raise_ratelimits == "Raised" - -- name: Save new 'Configure Corporal' survey.json to the AWX tower - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_corporal.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - -- name: Copy new 'Configure Corporal' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' - dest: '/matrix/awx/configure_corporal.json' - mode: '0660' - -- debug: - msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" - -- debug: - msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" - -- debug: - msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" - -- debug: - msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" - -- name: Recreate 'Configure Corporal (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" - description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-corporal" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml deleted file mode 100644 index 8d8f9c44..00000000 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ /dev/null @@ -1,105 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Install jq and curl on remote machine - apt: - name: - - jq - - curl - state: present - -- name: Collect access token of @admin-dimension user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token' - register: awx_dimension_user_access_token - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Dimension Settings Start' - with_dict: - 'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' - 'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"' - -- name: Set final users list if users are defined - set_fact: - awx_dimension_users_final: "{{ awx_dimension_users }}" - when: awx_dimension_users | length > 0 - -- name: Set final users list if no users are defined - set_fact: - awx_dimension_users_final: '@dimension:{{ matrix_domain }}' - when: awx_dimension_users | length == 0 - -- name: Remove Dimension Users - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - .*\n' - after: 'matrix_dimension_admins:' - before: '# Dimension Settings End' - -- name: Set Dimension Users Header - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertbefore: '# Dimension Settings End' - line: "matrix_dimension_admins:" - -- name: Set Dimension Users - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_dimension_admins:' - line: ' - "{{ item }}"' - with_items: "{{ awx_dimension_users_final.splitlines() }}" - -- name: Record Dimension Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Dimension Settings End' - with_dict: - 'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}' - -- name: Save new 'Configure Dimension' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' - -- name: Copy new 'Configure Dimension' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' - dest: '/matrix/awx/configure_dimension.json' - mode: '0660' - -- name: Recreate 'Configure Dimension' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Dimension" - description: "Configure Dimension, the self-hosted integrations server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-dimension" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml deleted file mode 100755 index 4b2ce859..00000000 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' - 'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}' - 'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}' - 'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}' - 'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}' - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}' - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}' - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}' - -- name: Record Element-Web custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertbefore: '# Element Settings End' - with_dict: - 'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}' - 'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}' - -- name: Set Element-Web custom branding locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_brand': "{{ matrix_client_element_brand }}" - when: matrix_client_element_brand | trim | length > 0 - -- name: Remove Element-Web custom branding locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_brand: " - state: absent - when: matrix_client_element_brand | trim | length == 0 - -- name: Set fact for 'https' string - set_fact: - awx_https_string: "https" - -- name: Set Element-Web custom logo locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}' - when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 ) - -- name: Remove Element-Web custom logo locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo: " - state: absent - when: matrix_client_element_welcome_logo | trim | length == 0 - -- name: Set Element-Web custom logo link locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}' - when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 ) - -- name: Remove Element-Web custom logo link locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_logo_link: " - state: absent - when: matrix_client_element_welcome_logo_link | trim | length == 0 - -- name: Set Element-Web custom headline locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}' - when: awx_matrix_client_element_welcome_headline | trim | length > 0 - -- name: Remove Element-Web custom headline locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_headline: " - state: absent - when: awx_matrix_client_element_welcome_headline | trim | length == 0 - -- name: Set Element-Web custom text locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}' - when: awx_matrix_client_element_welcome_text | trim | length > 0 - -- name: Remove Element-Web custom text locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_welcome_text: " - state: absent - when: awx_matrix_client_element_welcome_text | trim | length == 0 - -- name: Set Element-Web background locally on AWX if defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: '{{ item.value }}'" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0 - -- name: Remove Element-Web background locally on AWX if not defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: " - state: absent - when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0 - -- name: Save new 'Configure Element' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - -- name: Copy new 'Configure Element' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' - dest: '/matrix/awx/configure_element.json' - mode: '0660' - -- name: Recreate 'Configure Element' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element" - description: "Configure Element client via survey." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-client-element" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml b/roles/matrix-awx/tasks/set_variables_element_subdomain.yml deleted file mode 100644 index 1c78b9e0..00000000 --- a/roles/matrix-awx/tasks/set_variables_element_subdomain.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Record Element-Web variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Element Settings Start' - with_dict: - 'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}" - -- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - -- name: Copy new 'Configure Element Subdomain' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' - dest: '/matrix/awx/configure_element_subdomain.json' - mode: '0660' - -- name: Recreate 'Configure Element Subdomain' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" - description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)" - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all,setup-client-element-subdomain" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml deleted file mode 100755 index b12391bf..00000000 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Record Jitsi variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Jitsi Settings Start' - with_dict: - 'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' - 'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}' - -- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - -- name: Copy new 'Configure Jitsi' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' - dest: '/matrix/awx/configure_jitsi.json' - mode: '0660' - -- name: Recreate 'Configure Jitsi' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Jitsi" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-jitsi" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml deleted file mode 100755 index d46d797f..00000000 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- - -- name: Record ma1sd variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# ma1sd Settings Start' - with_dict: - 'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' - -- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false' - when: awx_matrix_ma1sd_auth_store == 'Synapse Internal' - -- name: Enable REST auth if using external LDAP/AD with ma1sd - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Extension Start' - with_dict: - 'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true' - 'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"' - when: awx_matrix_ma1sd_auth_store == 'LDAP/AD' - -- name: Remove entire ma1sd configuration extension - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^.*\n' - after: '# ma1sd Extension Start' - before: '# ma1sd Extension End' - -- name: Replace conjoined ma1sd configuration extension limiters - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^# ma1sd Extension Start# ma1sd Extension End' - replace: '# ma1sd Extension Start\n# ma1sd Extension End' - -- name: Insert/Update ma1sd configuration extension variables - delegate_to: 127.0.0.1 - blockinfile: - path: '{{ awx_cached_matrix_vars }}' - marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" - insertafter: '# ma1sd Extension Start' - block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}' - -- name: Record ma1sd Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# ma1sd Settings End' - with_dict: - 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' - 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' - no_log: true - -- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - -- name: Copy new 'Configure ma1sd' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' - dest: '/matrix/awx/configure_ma1sd.json' - mode: '0660' - -- name: Recreate 'Configure ma1sd (Advanced)' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" - description: "Configure Jitsi conferencing settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-ma1sd" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mailer.yml b/roles/matrix-awx/tasks/set_variables_mailer.yml deleted file mode 100644 index 6581223d..00000000 --- a/roles/matrix-awx/tasks/set_variables_mailer.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Mailer variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Email Settings Start' - with_dict: - 'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' - -- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - -- name: Copy new 'Configure Email Relay' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' - dest: '/matrix/awx/configure_email_relay.json' - mode: '0660' - -- name: Recreate 'Configure Email Relay' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Email Relay" - description: "Enable MailGun relay to increase verification email reliability." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-mailer" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_mjolnir.yml b/roles/matrix-awx/tasks/set_variables_mjolnir.yml deleted file mode 100755 index 6e3bb153..00000000 --- a/roles/matrix-awx/tasks/set_variables_mjolnir.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- - -- name: Include vars in matrix_vars.yml - include_vars: - file: '{{ awx_cached_matrix_vars }}' - no_log: true - -- name: Collect the internal IP of the matrix-synapse container - shell: | - /usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse - register: matrix_synapse_ip - -- name: Collect access token of @admin-mjolnir user - shell: | - curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token' - register: awx_mjolnir_user_access_token - no_log: true - -- name: Record Mjolnir Bot variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Mjolnir Settings Start' - with_dict: - 'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}' - 'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}' - 'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"' - no_log: true - -- name: Remove Synapse rate-limiting for admin-mjolnir user - shell: | - /usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);" - ignore_errors: true - -- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - -- name: Copy new 'Configure Mjolnir' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json' - dest: '/matrix/awx/configure_mjolnir.json' - mode: '0660' - -- name: Recreate 'Configure Mjolnir Bot' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot" - description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-bot-mjolnir" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml deleted file mode 100755 index f749f03f..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ /dev/null @@ -1,223 +0,0 @@ ---- - -- name: Limit max upload size to 200MB part 1 - set_fact: - matrix_synapse_max_upload_size_mb: "200" - when: awx_synapse_max_upload_size_mb | int >= 200 - -- name: Limit max upload size to 200MB part 2 - set_fact: - matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}" - when: awx_synapse_max_upload_size_mb | int < 200 - -- name: Record Synapse variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' - 'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' - 'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}' - 'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}' - 'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}' - 'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' - 'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' - 'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' - -- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^matrix_synapse_auto_join_rooms: .*$" - replace: "matrix_synapse_auto_join_rooms: []" - when: awx_synapse_auto_join_rooms | length == 0 - -- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list - set_fact: - awx_synapse_auto_join_rooms_array: |- - {{ awx_synapse_auto_join_rooms.splitlines() | to_json }} - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - "matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}" - when: awx_synapse_auto_join_rooms | length > 0 - -- name: Record Synapse Shared Secret if it's defined - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Settings Start' - with_dict: - 'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}' - when: awx_matrix_synapse_registration_shared_secret | length > 0 - -- name: Record registations_require_3pid extra variable if true - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - with_items: - - " registrations_require_3pid:" - - " - email" - when: awx_registrations_require_3pid | bool - -- name: Remove registrations_require_3pid extra variable if false - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "{{ item }}" - line: "{{ item }}" - insertbefore: '# Synapse Extension End' - state: absent - with_items: - - " registrations_require_3pid:" - - " - email" - when: not awx_registrations_require_3pid | bool - -- name: Remove URL Languages - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n' - after: ' url_preview_accept_language:' - before: '# Synapse Extension End' - -- name: Set URL languages default if raw inputs empty - set_fact: - awx_url_preview_accept_language_default: 'en' - when: awx_url_preview_accept_language | length == 0 - -- name: Set URL languages default if raw inputs not empty - set_fact: - awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}" - when: awx_url_preview_accept_language|length > 0 - -- name: Set URL languages if raw inputs empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ awx_url_preview_accept_language_default }}" - when: awx_url_preview_accept_language|length == 0 - -- name: Set URL languages if raw inputs not empty - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ url_preview_accept_language:' - line: " - {{ item }}" - with_items: "{{ awx_url_preview_accept_language.splitlines() }}" - when: awx_url_preview_accept_language | length > 0 - -- name: Remove Federation Whitelisting 1 - delegate_to: 127.0.0.1 - replace: - path: '{{ awx_cached_matrix_vars }}' - regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n' - after: ' federation_domain_whitelist:' - before: '# Synapse Extension End' - -- name: Remove Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - line: " federation_domain_whitelist:" - state: absent - -- name: Set Federation Whitelisting 1 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^matrix_synapse_configuration_extension_yaml: \|' - line: " federation_domain_whitelist:" - when: awx_federation_whitelist | length > 0 - -- name: Set Federation Whitelisting 2 - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - insertafter: '^ federation_domain_whitelist:' - line: " - {{ item }}" - with_items: "{{ awx_federation_whitelist.splitlines() }}" - when: awx_federation_whitelist | length > 0 - -- name: Set awx_recaptcha_public_key to a 'public-key' if undefined - set_fact: awx_recaptcha_public_key="public-key" - when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0) - -- name: Set awx_recaptcha_private_key to a 'private-key' if undefined - set_fact: awx_recaptcha_private_key="private-key" - when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0) - -- name: Record Synapse Extension variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Extension End' - with_dict: - ' enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - ' recaptcha_public_key': '{{ awx_recaptcha_public_key }}' - ' recaptcha_private_key': '{{ awx_recaptcha_private_key }}' - -- name: Record Synapse Custom variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertbefore: '# Synapse Settings End' - with_dict: - 'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}' - 'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}' - 'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}' - 'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"' - 'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"' - -- name: Save new 'Configure Synapse' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json' - -- name: Copy new 'Configure Synapse' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' - dest: '/matrix/awx/configure_synapse.json' - mode: '0660' - -- name: Recreate 'Configure Synapse' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse" - description: "Configure Synapse (homeserver) settings." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-synapse" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml deleted file mode 100644 index 1e63fb71..00000000 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -- name: Record Synapse Admin variables locally on AWX - delegate_to: 127.0.0.1 - lineinfile: - path: '{{ awx_cached_matrix_vars }}' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: '# Synapse Admin Settings Start' - with_dict: - 'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' - -- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template - delegate_to: 127.0.0.1 - template: - src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2' - dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - -- name: Copy new 'Configure Synapse Admin' survey.json to target machine - copy: - src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' - dest: '/matrix/awx/configure_synapse_admin.json' - mode: '0660' - -- name: Recreate 'Configure Synapse Admin' job template - delegate_to: 127.0.0.1 - awx.awx.tower_job_template: - name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" - description: "Configure 'Synapse Admin', a moderation tool to help you manage your server." - extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" - job_type: run - job_tags: "start,setup-all" - inventory: "{{ member_id }}" - project: "{{ member_id }} - Matrix Docker Ansible Deploy" - playbook: setup.yml - credential: "{{ member_id }} - AWX SSH Key" - survey_enabled: true - survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" - become_enabled: true - state: present - verbosity: 1 - tower_host: "https://{{ awx_host }}" - tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" - validate_certs: true diff --git a/roles/matrix-awx/tasks/update_variables.yml b/roles/matrix-awx/tasks/update_variables.yml deleted file mode 100644 index b281a8c5..00000000 --- a/roles/matrix-awx/tasks/update_variables.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -- name: Rename synapse presence variable - delegate_to: 127.0.0.1 - replace: - path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - regexp: 'matrix_synapse_use_presence' - replace: 'matrix_synapse_presence_enabled' - -- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml - delegate_to: 127.0.0.1 - register: presence - shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" - no_log: true - -- name: Generate matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - command: | - openssl rand -hex 16 - register: generic_secret - no_log: true - when: presence is not changed - -- name: Add new matrix_homeserver_generic_secret_key variable if not present - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}" - insertbefore: '# Basic Settings End' - mode: '0600' - state: present - when: presence is not changed diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml deleted file mode 100644 index ad0a0ee8..00000000 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- - -- name: Create user account @admin-janitor - command: | - /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1 - register: cmd - when: not awx_janitor_user_created|bool - no_log: false - -- name: Update AWX janitor user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_janitor_user_created': 'true' - when: not awx_janitor_user_created|bool - -- name: Create user account @admin-dimension - command: | - /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0 - register: cmd - when: not awx_dimension_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_dimension_user_created': 'true' - when: not awx_dimension_user_created|bool - -- name: Create user account @admin-mjolnir - command: | - /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0 - register: cmd - when: not awx_mjolnir_user_created|bool - no_log: false - -- name: Update AWX dimension user created variable - delegate_to: 127.0.0.1 - lineinfile: - path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' - regexp: "^#? *{{ item.key | regex_escape() }}:" - line: "{{ item.key }}: {{ item.value }}" - insertafter: 'AWX Settings' - with_dict: - 'awx_mjolnir_user_created': 'true' - when: not awx_mjolnir_user_created|bool - -- name: Ensure /chroot/website location has correct permissions - file: - path: /chroot/website - state: directory - owner: matrix - group: matrix - mode: '0770' - when: awx_customise_base_domain_website is defined - -- name: Collect Discord AppService bot invite link if file exists - command: - cat /matrix/appservice-discord/config/invite_link - register: awx_discord_appservice_link - when: awx_appservice_discord_admin_user is defined - args: - removes: /matrix/appservice-discord/config/invite_link - -- name: Print Discord AppService bot link for user - debug: - msg: "{{ awx_discord_appservice_link.stdout }}" - when: awx_discord_appservice_link.stdout is defined diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 75dee15d..f3ccf3a5 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -14,11 +14,6 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/awx_post.yml" - when: run_setup|bool and matrix_awx_enabled|bool - tags: - - always - - import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml" tags: - run-docker-prune diff --git a/setup.yml b/setup.yml index 197d313e..52079e32 100755 --- a/setup.yml +++ b/setup.yml @@ -7,7 +7,6 @@ - roles/matrix-synapse/vars/workers.yml roles: - - matrix-awx - matrix-base - matrix-dynamic-dns - matrix-mailer From 6925e26960246d54efa03d798b7363c12b01ac46 Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Sat, 9 Apr 2022 02:55:48 +0100 Subject: [PATCH 34/48] Dendrite 0.8.1 --- roles/matrix-dendrite/defaults/main.yml | 2 +- .../templates/dendrite/dendrite.yaml.j2 | 54 ++++++++++++++----- 2 files changed, 41 insertions(+), 15 deletions(-) diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index 99ceb1a0..7f2e629a 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.7.0" +matrix_dendrite_docker_image_tag: "v0.8.1" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 01bb72f7..308ee3f3 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -66,6 +66,13 @@ global: # to other servers and the federation API will not be exposed. disable_federation: {{ (not matrix_dendrite_federation_enabled)|to_json }} + # Configures the handling of presence events. + presence: + # Whether inbound presence events are allowed, e.g. receiving presence events from other servers + enable_inbound: false + # Whether outbound presence events are allowed, e.g. sending presence events to other servers + enable_outbound: false + # Server notices allows server admins to send messages to all users. server_notices: enabled: false @@ -132,6 +139,11 @@ app_service_api: max_idle_conns: 2 conn_max_lifetime: -1 + # Disable the validation of TLS certificates of appservices. This is + # not recommended in production since it may allow appservice traffic + # to be sent to an unverified endpoint. + disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} + # Appservice configuration files to load into this homeserver. config_files: {{ matrix_dendrite_app_service_config_files|to_json }} @@ -201,12 +213,13 @@ federation_api: # enable this option in production as it presents a security risk! disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }} + # Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Use the following proxy server for outbound federation traffic. - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 + #proxy_outbound: + # enabled: false + # protocol: http + # host: localhost + # port: 8080 # Perspective keyservers to use as a backup when direct key fetches fail. This may # be required to satisfy key requests for servers that are no longer online when @@ -319,6 +332,13 @@ sync_api: # Configuration for the User API. user_api: + # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31 + # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information. + # Setting this lower makes registration/login consume less CPU resources at the cost of security + # should the database be compromised. Setting this higher makes registration/login consume more + # CPU resources but makes it harder to brute force password hashes. + # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds) + # bcrypt_cost: 10 internal_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 @@ -327,17 +347,23 @@ user_api: max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 + # The length of time that a token issued for a relying party from + # /_matrix/client/r0/user/{userId}/openid/request_token endpoint + # is considered to be valid in milliseconds. + # The default lifetime is 3600000ms (60 minutes). + # openid_token_lifetime_ms: 3600000 +# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml (DB is created just in case) # Configuration for the Push Server API. -push_server: - internal_api: - listen: http://localhost:7782 - connect: http://localhost:7782 - database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 +#push_server: +# internal_api: +# listen: http://localhost:7782 +# connect: http://localhost:7782 +# database: +# connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable +# max_open_conns: 10 +# max_idle_conns: 2 +# conn_max_lifetime: -1 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on From b982733a8a518e5db82182e6851993e9c7332709 Mon Sep 17 00:00:00 2001 From: Yan Minagawa Date: Sat, 9 Apr 2022 19:41:48 +0700 Subject: [PATCH 35/48] fix typo in document path for the proxy --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 4b1810ea..de1a3146 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -11,7 +11,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image. matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data" matrix_nginx_proxy_data_path_in_container: "/nginx-data" -matrix_nginx_proxy_data_path_extension: "/matrix_domain" +matrix_nginx_proxy_data_path_extension: "/matrix-domain" matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d" # List of systemd services that matrix-nginx-proxy.service depends on From 515792790ae0b6dd821a786c49518496f94c4bdc Mon Sep 17 00:00:00 2001 From: SaltireSoul Date: Sat, 9 Apr 2022 21:41:35 +0100 Subject: [PATCH 36/48] uncomment push_server config --- .../templates/dendrite/dendrite.yaml.j2 | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 308ee3f3..fcede405 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -353,17 +353,17 @@ user_api: # The default lifetime is 3600000ms (60 minutes). # openid_token_lifetime_ms: 3600000 -# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml (DB is created just in case) +# Not in dendrite-config.yaml, but is in build/docker/config/dendrite.yaml # Configuration for the Push Server API. -#push_server: -# internal_api: -# listen: http://localhost:7782 -# connect: http://localhost:7782 -# database: -# connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable -# max_open_conns: 10 -# max_idle_conns: 2 -# conn_max_lifetime: -1 +push_server: + internal_api: + listen: http://localhost:7782 + connect: http://localhost:7782 + database: + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_pushserver_database }}?sslmode=disable + max_open_conns: 10 + max_idle_conns: 2 + conn_max_lifetime: -1 # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on From 29847627f1aee22c4810699d92a61d1f4b63aea8 Mon Sep 17 00:00:00 2001 From: heftyzauk <80178101+heftyzauk@users.noreply.github.com> Date: Sun, 10 Apr 2022 21:51:03 +0100 Subject: [PATCH 37/48] Multi-IP coturn Add support for multiple external turn IP addresses, this allows for better comptability with dualstack ipv4/ipv6 hosts, and is supported as per the documentation (point 6 here: https://matrix-org.github.io/synapse/latest/turn-howto.html#configuration) --- group_vars/matrix_servers | 2 +- roles/matrix-coturn/defaults/main.yml | 2 +- roles/matrix-coturn/templates/turnserver.conf.j2 | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a1cadd12..92df1bd4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1144,7 +1144,7 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" -matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" +matrix_coturn_turn_external_ip_address: ["{{ ansible_host }}"] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index f1274657..c4743089 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -64,7 +64,7 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. -matrix_coturn_turn_external_ip_address: '' +matrix_coturn_turn_external_ip_address: [] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index ba662587..dfa9f4cc 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,9 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -external-ip={{ matrix_coturn_turn_external_ip_address }} +{% for ip in matrix_coturn_turn_external_ip_address %} +external-ip={{ ip }} +{% endfor %} log-file=stdout pidfile=/var/tmp/turnserver.pid From 0364c6c6341ba69f9fa0bd5d94b6339c27ab9b35 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Apr 2022 09:05:33 +0300 Subject: [PATCH 38/48] Suppress old container cleanup (kill/rm) failures People often report and ask about these "failures". More-so previously, when the `docker kill/rm` output was collected, but it still happens now when people do `systemctl status matrix-something` and notice that it says "FAILURE". Suppressing to avoid further time being wasted on saying "this is expected". --- .../templates/systemd/matrix-backup-borg.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-go-neb.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-honoroit.service.j2 | 8 ++++---- .../systemd/matrix-bot-matrix-reminder-bot.service.j2 | 8 ++++---- .../templates/systemd/matrix-bot-mjolnir.service.j2 | 8 ++++---- .../systemd/matrix-appservice-discord.service.j2 | 8 ++++---- .../templates/systemd/matrix-appservice-irc.service.j2 | 8 ++++---- .../templates/systemd/matrix-appservice-slack.service.j2 | 8 ++++---- .../systemd/matrix-appservice-webhooks.service.j2 | 8 ++++---- .../templates/systemd/matrix-beeper-linkedin.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-facebook.service.j2 | 8 ++++---- .../systemd/matrix-mautrix-googlechat.service.j2 | 4 ++-- .../templates/systemd/matrix-mautrix-hangouts.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-instagram.service.j2 | 8 ++++---- .../systemd/matrix-mautrix-signal-daemon.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-signal.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-twitter.service.j2 | 8 ++++---- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-discord.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-groupme.service.j2 | 8 ++++---- .../systemd/matrix-mx-puppet-instagram.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-skype.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-steam.service.j2 | 8 ++++---- .../templates/systemd/matrix-mx-puppet-twitter.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-cinny.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-element.service.j2 | 8 ++++---- .../templates/systemd/matrix-client-hydrogen.service.j2 | 8 ++++---- .../templates/systemd/matrix-corporal.service.j2 | 8 ++++---- .../templates/systemd/matrix-coturn.service.j2 | 8 ++++---- .../templates/dendrite/systemd/matrix-dendrite.service.j2 | 8 ++++---- .../templates/systemd/matrix-dimension.service.j2 | 8 ++++---- .../templates/systemd/matrix-dynamic-dns.service.j2 | 8 ++++---- .../templates/systemd/matrix-email2matrix.service.j2 | 8 ++++---- .../templates/systemd/matrix-grafana.service.j2 | 8 ++++---- .../templates/jicofo/matrix-jitsi-jicofo.service.j2 | 8 ++++---- .../templates/jvb/matrix-jitsi-jvb.service.j2 | 8 ++++---- .../templates/prosody/matrix-jitsi-prosody.service.j2 | 8 ++++---- .../templates/web/matrix-jitsi-web.service.j2 | 8 ++++---- .../templates/systemd/matrix-ma1sd.service.j2 | 8 ++++---- .../templates/systemd/matrix-mailer.service.j2 | 8 ++++---- .../templates/systemd/matrix-nginx-proxy.service.j2 | 8 ++++---- .../templates/systemd/matrix-postgres-backup.service.j2 | 4 ++-- .../templates/systemd/matrix-postgres.service.j2 | 8 ++++---- .../systemd/matrix-prometheus-node-exporter.service.j2 | 8 ++++---- .../matrix-prometheus-postgres-exporter.service.j2 | 8 ++++---- .../templates/systemd/matrix-prometheus.service.j2 | 8 ++++---- .../templates/systemd/matrix-registration.service.j2 | 8 ++++---- .../templates/systemd/matrix-sygnal.service.j2 | 8 ++++---- .../templates/systemd/matrix-synapse-admin.service.j2 | 8 ++++---- .../templates/synapse/systemd/matrix-synapse.service.j2 | 8 ++++---- 52 files changed, 204 insertions(+), 204 deletions(-) diff --git a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 index 977673ee..76217250 100644 --- a/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 +++ b/roles/matrix-backup-borg/templates/systemd/matrix-backup-borg.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=oneshot Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ --log-driver=none \ --cap-drop=ALL \ @@ -50,8 +50,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-backup-borg \ {% endfor %} {{ matrix_backup_borg_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-backup-borg 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-backup-borg 2>/dev/null || true' SyslogIdentifier=matrix-backup-borg [Install] diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index eabf1137..83eb3c7d 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ --log-driver=none \ @@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ {{ matrix_bot_go_neb_docker_image }} \ -c "go-neb /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-go-neb diff --git a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 index a2ba1a98..2bb14109 100644 --- a/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 +++ b/roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \ {% endfor %} {{ matrix_bot_honoroit_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-honoroit diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 index b1fe3c32..a9cf8bb8 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem {{ matrix_bot_matrix_reminder_bot_docker_image }} \ -c "matrix-reminder-bot /config/config.yaml" -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-matrix-reminder-bot diff --git a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 index 0b018f25..7ea6be37 100644 --- a/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 +++ b/roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \ {% endfor %} {{ matrix_bot_mjolnir_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-mjolnir diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 84dee801..0a527c0c 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 8650bd8d..4bbda18e 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 21ba27ef..017f352f 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index f27111b3..556467b4 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 index 4498b4f0..37b4f67d 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi {{ matrix_beeper_linkedin_docker_image }} \ python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-beeper-linkedin diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index 2899dd0d..2103dd05 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 index c56473be..930b58c2 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google {{ matrix_mautrix_googlechat_docker_image }} \ python3 -m mautrix_googlechat -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-googlechat diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index 60f0e055..10402a51 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null || true' ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 index 33a5bab3..d2a6aece 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag {{ matrix_mautrix_instagram_docker_image }} \ python3 -m mautrix_instagram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-instagram diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index 6f128da3..0ee05d7d 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -15,8 +15,8 @@ Wants={{ service }} Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal -v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \ {{ matrix_mautrix_signal_daemon_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 index a65895ed..d1ef85f3 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2 @@ -14,8 +14,8 @@ Wants={{ service }} [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal {{ matrix_mautrix_signal_docker_image }} \ python3 -m mautrix_signal -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' Restart=always RestartSec=30 diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 459a0fec..8b21ee2b 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 index 73bdbc86..0ce9a123 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/systemd/matrix-mautrix-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitte {{ matrix_mautrix_twitter_docker_image }} \ python3 -m mautrix_twitter -c /config/config.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-twitter diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index 4a492492..ae44d342 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 index 6ffb87cd..7a4c4a38 100644 --- a/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 +++ b/roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc {% endfor %} {{ matrix_mx_puppet_discord_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-discord diff --git a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 index dabafd18..afb46ecb 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 +++ b/roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-grou {% endfor %} {{ matrix_mx_puppet_groupme_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-groupme diff --git a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 index 965bb41c..262518fc 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 +++ b/roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst {% endfor %} {{ matrix_mx_puppet_instagram_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-instagram diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index 9a7986e4..ec06485a 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 973771b3..118d0369 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 index 0772872b..f1079e3f 100644 --- a/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 +++ b/roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea {% endfor %} {{ matrix_mx_puppet_steam_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-steam diff --git a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 index 7e1b1c32..5d7cfca6 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 +++ b/roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twit {% endfor %} {{ matrix_mx_puppet_twitter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-twitter diff --git a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 index f4ebd6a0..3f15ac19 100644 --- a/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 +++ b/roles/matrix-client-cinny/templates/systemd/matrix-client-cinny.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ --log-driver=none \ @@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-cinny \ {% endfor %} {{ matrix_client_cinny_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-cinny 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-cinny 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-cinny diff --git a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 index fe2a3a86..8d3dec57 100644 --- a/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 +++ b/roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element \ --log-driver=none \ @@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element {% endfor %} {{ matrix_client_element_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-element 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-element 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-element diff --git a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 index c85aeb97..0196d35b 100644 --- a/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 +++ b/roles/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydrogen \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-hydroge {% endfor %} {{ matrix_client_hydrogen_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-client-hydrogen 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-client-hydrogen 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-client-hydrogen diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 262e2e77..d5661b5a 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-corporal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-corporal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index a39030af..54bd015e 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ @@ -43,8 +43,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-coturn 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-coturn 2>/dev/null || true' # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index e1c42cbc..0457917a 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' {% if 'matrix-postgres.service' in matrix_dendrite_systemd_required_services_list %} # Dendrite is too quick to start in relation to its matrix-postgres dependency. @@ -54,8 +54,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endif %} {{ matrix_dendrite_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-dendrite /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index e27a5558..e514a74a 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' # Fixup database ownership if it got changed somehow (during a server migration, etc.) {% if matrix_dimension_database_engine == 'sqlite' %} @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dimension 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dimension 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 index dfdd2f72..6f2ff101 100644 --- a/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 +++ b/roles/matrix-dynamic-dns/templates/systemd/matrix-dynamic-dns.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ --log-driver=none \ --network={{ matrix_docker_network }} \ @@ -26,8 +26,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dynamic-dns \ {% endfor %} {{ matrix_dynamic_dns_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dynamic-dns 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dynamic-dns 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-dynamic-dns diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index c9226768..47c15117 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ --log-driver=none \ @@ -24,8 +24,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-email2matrix 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-email2matrix 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 index a4f81e35..e0f58076 100644 --- a/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 +++ b/roles/matrix-grafana/templates/systemd/matrix-grafana.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-grafana \ {% endfor %} {{ matrix_grafana_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-grafana 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-grafana 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-grafana diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index 6ecafaa0..694fdc7f 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ --log-driver=none \ @@ -23,8 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 2785795d..f0b141fc 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-jvb 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-jvb 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 5a4a81e5..0c3a3932 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ @@ -28,8 +28,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-prosody 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-prosody 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 35bfca67..8f29bfa8 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -10,8 +10,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ @@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-jitsi-web 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-jitsi-web 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 8e5cc6dd..427f6c9f 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. @@ -38,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index bf5a2e42..83cd298e 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' # --hostname gives us a friendlier hostname than the default. # The real hostname is passed via a `HOSTNAME` environment variable though. @@ -27,8 +27,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mailer 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mailer 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 1143efd4..172a83bc 100755 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ @@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ ExecStartPost={{ matrix_host_command_sh }} -c 'attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`docker inspect -f {{ '{{.State.Running}}' }} matrix-nginx-proxy 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ matrix_host_command_docker }} network connect {{ network }} matrix-nginx-proxy' {% endfor %} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 index 97c9ae7f..4ecf3745 100644 --- a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -9,7 +9,7 @@ DefaultDependencies=no Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ --log-driver=none \ @@ -22,7 +22,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backu {{ matrix_postgres_backup_docker_image_to_use }} ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres-backup diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index d62a689a..b30c5ef2 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -8,8 +8,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' # We need /dev/shm to be larger than the default to allow VACUUM to work. # See: @@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ {{ matrix_postgres_docker_image_to_use }} \ postgres {{ matrix_postgres_process_extra_arguments|join(' ') }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-postgres 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 index 210a0d97..e38b42e3 100644 --- a/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ b/roles/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ @@ -34,8 +34,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-nod {{ matrix_prometheus_node_exporter_docker_image }} \ --path.rootfs=/host -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-node-exporter diff --git a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 index 993ebac4..ff8c2ce4 100644 --- a/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ b/roles/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus-pos --pid=host \ {{ matrix_prometheus_postgres_exporter_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus-postgres-exporter diff --git a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 index ad75d664..8de57201 100644 --- a/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 +++ b/roles/matrix-prometheus/templates/systemd/matrix-prometheus.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-prometheus \ {% endfor %} {{ matrix_prometheus_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-prometheus 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-prometheus 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-prometheus diff --git a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 index e73e3e5f..8acbd3a5 100644 --- a/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 +++ b/roles/matrix-registration/templates/systemd/matrix-registration.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \ {{ matrix_registration_docker_image }} \ serve -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-registration 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-registration 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-registration diff --git a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 index 019ab40c..ae7e889d 100644 --- a/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 +++ b/roles/matrix-sygnal/templates/systemd/matrix-sygnal.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-sygnal \ {% endfor %} {{ matrix_sygnal_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-sygnal 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-sygnal 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-sygnal diff --git a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 index 4823d89c..6ed9eaae 100644 --- a/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 +++ b/roles/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 @@ -13,8 +13,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin \ --log-driver=none \ @@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse-admin {% endfor %} {{ matrix_synapse_admin_docker_image }} -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse-admin 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse-admin 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse-admin diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index e69ffa61..2b59748f 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -21,8 +21,8 @@ DefaultDependencies=no [Service] Type=simple Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, @@ -63,8 +63,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ run -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-synapse 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-synapse 2>/dev/null || true' ExecReload={{ matrix_host_command_docker }} exec matrix-synapse /bin/sh -c 'kill -HUP 1' Restart=always RestartSec=30 From 268b079374a74b418a87f6fd05ea90d56511cab9 Mon Sep 17 00:00:00 2001 From: heftyzauk <80178101+heftyzauk@users.noreply.github.com> Date: Mon, 11 Apr 2022 11:50:41 +0100 Subject: [PATCH 39/48] Revert Coturn Address Change, add new Addresses var (#2) --- group_vars/matrix_servers | 3 ++- roles/matrix-coturn/defaults/main.yml | 3 ++- roles/matrix-coturn/templates/turnserver.conf.j2 | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 92df1bd4..49f1f091 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1144,7 +1144,8 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" -matrix_coturn_turn_external_ip_address: ["{{ ansible_host }}"] +matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" +matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index c4743089..39790bac 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -64,7 +64,8 @@ matrix_coturn_turn_udp_max_port: 49172 matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. -matrix_coturn_turn_external_ip_address: [] +matrix_coturn_turn_external_ip_address: '' +matrix_coturn_turn_external_ip_addresses: [] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index dfa9f4cc..2b1ee4f6 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_address %} +{% for ip in matrix_coturn_turn_external_ip_addresses %} external-ip={{ ip }} {% endfor %} From 03d2dcc996d6c197819348fc844a9b0fe07bac7b Mon Sep 17 00:00:00 2001 From: Hefty Zauk Date: Mon, 11 Apr 2022 11:20:09 +0000 Subject: [PATCH 40/48] Move into coturn defaults --- group_vars/matrix_servers | 1 - roles/matrix-coturn/defaults/main.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 49f1f091..a1cadd12 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1145,7 +1145,6 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" -matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_turn_static_auth_secret: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'coturn.sas') | to_uuid }}" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 39790bac..df9e53fe 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -65,7 +65,7 @@ matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: [] +matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] From f4ba995d9b85b527205bcb32c266f5e98f4ef9d3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 Apr 2022 15:38:35 +0300 Subject: [PATCH 41/48] Fix validation and prevent empty "external-ip=" lines in Coturn config We no longer validate that there's an IP address defined. Seems like Coturn can start without one as well, so there's no need to require it. If people populate `matrix_coturn_turn_external_ip_addresses` directly to specify multiple addresses, they can leave `matrix_coturn_turn_external_ip_address` empty. We use the "select not equal to empty string" thing in the for loop to avoid `matrix_coturn_turn_external_ip_address` leading to `matrix_coturn_turn_external_ip_addresses: ['']` leading to `external-ip=` in the Coturn configuration. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1741 --- roles/matrix-coturn/defaults/main.yml | 2 +- roles/matrix-coturn/tasks/validate_config.yml | 1 - roles/matrix-coturn/templates/turnserver.conf.j2 | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index df9e53fe..8ea7d3a5 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -65,7 +65,7 @@ matrix_coturn_turn_static_auth_secret: "" # The external IP address of the machine where Coturn is. matrix_coturn_turn_external_ip_address: '' -matrix_coturn_turn_external_ip_addresses: [ "{{ matrix_coturn_turn_external_ip_address }}" ] +matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] matrix_coturn_allowed_peer_ips: [] matrix_coturn_denied_peer_ips: [] diff --git a/roles/matrix-coturn/tasks/validate_config.yml b/roles/matrix-coturn/tasks/validate_config.yml index d8276d3a..637f720d 100644 --- a/roles/matrix-coturn/tasks/validate_config.yml +++ b/roles/matrix-coturn/tasks/validate_config.yml @@ -6,5 +6,4 @@ You need to define a required configuration setting (`{{ item }}`) for using Coturn. when: "vars[item] == ''" with_items: - - "matrix_coturn_turn_external_ip_address" - "matrix_coturn_turn_static_auth_secret" diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index 2b1ee4f6..1bdf310a 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -5,7 +5,7 @@ realm=turn.{{ matrix_server_fqn_matrix }} min-port={{ matrix_coturn_turn_udp_min_port }} max-port={{ matrix_coturn_turn_udp_max_port }} -{% for ip in matrix_coturn_turn_external_ip_addresses %} +{% for ip in matrix_coturn_turn_external_ip_addresses|select('ne', '') %} external-ip={{ ip }} {% endfor %} From ceb2f54970611e40e2916ebfbe31222420ef0fbc Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 11 Apr 2022 16:45:33 +0200 Subject: [PATCH 42/48] Make hookshot hardcoded public URLs dynamic --- group_vars/matrix_servers | 6 +-- .../matrix-bridge-hookshot/defaults/main.yml | 51 ++++++++++--------- roles/matrix-bridge-hookshot/tasks/init.yml | 4 +- .../templates/config.yml.j2 | 14 ++--- 4 files changed, 38 insertions(+), 37 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a1cadd12..a4e63028 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -676,9 +676,9 @@ matrix_hookshot_provisioning_enabled: "{{ matrix_hookshot_provisioning_secret an matrix_hookshot_proxy_metrics: "{{ matrix_nginx_proxy_proxy_synapse_metrics }}" matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled }}" -matrix_hookshot_generic_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" -matrix_hookshot_generic_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_generic_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_urlprefix_port if matrix_hookshot_generic_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" +matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 78eacdb1..9a0f5456 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -61,7 +61,7 @@ matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page # Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth" matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth" -matrix_hookshot_github_oauth_uri: "https://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_github_oauth_endpoint }}" +matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}" # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' @@ -86,32 +86,10 @@ matrix_hookshot_gitlab_instances: matrix_hookshot_gitlab_secret: '' -matrix_hookshot_jira_enabled: false -# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth -matrix_hookshot_jira_secret: '' -matrix_hookshot_jira_oauth_enabled: false -matrix_hookshot_jira_oauth_id: '' -matrix_hookshot_jira_oauth_secret: '' -# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" -matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" -matrix_hookshot_jira_oauth_uri: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_jira_oauth_endpoint }}" - - -# No need to change these -matrix_hookshot_generic_enabled: true -# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" -matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" -# urlprefix gets updated with protocol & port in group_vars/matrix_servers -matrix_hookshot_generic_urlprefix: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_generic_endpoint }}" -matrix_hookshot_generic_allow_js_transformation_functions: false -# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap -matrix_hookshot_generic_user_id_prefix: '_webhooks_' - - matrix_hookshot_figma_enabled: false # Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook" matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook" -matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_figma_endpoint }}" +matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" # To bridge figma webhooks, you need to configure one of multiple instances like this: # matrix_hookshot_figma_instances: # your-instance: @@ -120,12 +98,35 @@ matrix_hookshot_figma_publicUrl: "{{ matrix_server_fqn_matrix }}{{ matrix_hooksh # passcode: your-webhook-passcode +matrix_hookshot_jira_enabled: false +# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth +matrix_hookshot_jira_secret: '' +matrix_hookshot_jira_oauth_enabled: false +matrix_hookshot_jira_oauth_id: '' +matrix_hookshot_jira_oauth_secret: '' +# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth" +matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth" +matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}" + + +# No need to change these +matrix_hookshot_generic_enabled: true +# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks" +matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}" +# urlprefix gets updated with protocol & port in group_vars/matrix_servers +matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_generic_allow_js_transformation_functions: false +# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap +matrix_hookshot_generic_user_id_prefix: '_webhooks_' + + # There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead. matrix_hookshot_provisioning_port: 9002 matrix_hookshot_provisioning_secret: '' # Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it matrix_hookshot_provisioning_enabled: false -matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1" +matrix_hookshot_provisioning_internal: "/v1" +matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index a0f9df97..55dde6ef 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -55,10 +55,10 @@ {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}"; - proxy_pass http://$backend/v1/$1$is_args$args; + proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}/v1/$1$is_args$args; + proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args; {% endif %} proxy_set_header Host $host; } diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index fc04c755..bb05f42c 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -47,6 +47,13 @@ gitlab: webhook: secret: {{ matrix_hookshot_gitlab_secret|to_json }} {% endif %} +{% if matrix_hookshot_figma_enabled %} +figma: + # (Optional) Configure this to enable Figma support + # + publicUrl: {{ matrix_hookshot_figma_publicUrl }} + instances: {{ matrix_hookshot_figma_instances }} +{% endif %} {% if matrix_hookshot_jira_enabled %} jira: # (Optional) Configure this to enable Jira support @@ -69,13 +76,6 @@ generic: allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }} userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }} {% endif %} -{% if matrix_hookshot_figma_enabled %} -figma: - # (Optional) Configure this to enable Figma support - # - publicUrl: {{ matrix_hookshot_figma_publicUrl }} - instances: {{ matrix_hookshot_figma_instances }} -{% endif %} {% if matrix_hookshot_provisioning_enabled %} provisioning: # (Optional) Provisioning API for integration managers From a9e6538ef8ac01fa81885487f69eb15e2579ce4c Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Mon, 11 Apr 2022 16:48:50 +0200 Subject: [PATCH 43/48] Upgrade Hookshot (1.3.0 -> 1.4.0) https://github.com/matrix-org/matrix-hookshot/releases/tag/1.4.0 --- docs/configuring-playbook-bridge-hookshot.md | 10 ++--- group_vars/matrix_servers | 2 +- .../matrix-bridge-hookshot/defaults/main.yml | 40 ++++++++++++++++++- roles/matrix-bridge-hookshot/tasks/init.yml | 14 +++++++ .../templates/config.yml.j2 | 26 +++++++++++- 5 files changed, 83 insertions(+), 9 deletions(-) diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index 5639f159..38e13a8a 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -22,18 +22,18 @@ Other configuration options are available via the `matrix_hookshot_configuration ### URLs for bridges setup -All of the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). +Unless indicated otherwise, the following endpoints are reachable on your `matrix.` subdomain (if the feature is enabled). -| Listener | default path | variable | used as | +| listener | default path | variable | used as | |---|---|---|---| -| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | GitHub "Webhook URL" | +| webhooks | `/hookshot/webhooks/` | `matrix_hookshot_webhook_endpoint` | generics, GitHub "Webhook URL", etc. | | github oauth | `/hookshot/webhooks/oauth` | `matrix_hookshot_github_oauth_endpoint` | GitHub "Callback URL" | | jira oauth | `/hookshot/webhooks/jira/oauth` | `matrix_hookshot_jira_oauth_endpoint` | JIRA OAuth | | figma endpoint | `/hookshot/webhooks/figma/webhook` | `matrix_hookshot_figma_endpoint` | Figma | | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | -| metrics | `/hookshot/metrics/` | `matrix_hookshot_metrics_endpoint` | Prometheus | -| widgets | | | not supported | +| widgets | `/hookshot/widgetapi/` | `/matrix_hookshot_widgets_endpoint` | Widgets | +| metrics | `/hookshot/metrics/` (on `stats.` subdomain) | `matrix_hookshot_metrics_endpoint` | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/matrix-bridge-hookshot/tasks/init.yml). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index a4e63028..85b8a701 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -678,7 +678,7 @@ matrix_hookshot_proxy_metrics_basic_auth_enabled: "{{ matrix_nginx_proxy_proxy_s matrix_hookshot_urlprefix_port_enabled: "{{ matrix_nginx_proxy_container_https_host_bind_port == 443 if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_https_host_bind_port == 80 }}" matrix_hookshot_urlprefix_port: ":{{ matrix_nginx_proxy_container_https_host_bind_port if matrix_nginx_proxy_https_enabled else matrix_nginx_proxy_container_http_host_bind_port }}" -matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}{{ matrix_hookshot_generic_endpoint }}" +matrix_hookshot_urlprefix: "http{{ 's' if matrix_nginx_proxy_https_enabled else '' }}://{{ matrix_server_fqn_matrix }}{{ matrix_hookshot_urlprefix_port if matrix_hookshot_urlprefix_port_enabled else '' }}" ###################################################################### # diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml index 9a0f5456..a55b995d 100644 --- a/roles/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 1.3.0 +matrix_hookshot_version: 1.4.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" @@ -65,10 +65,11 @@ matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hook # These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration matrix_hookshot_github_ignore_hooks: "{}" matrix_hookshot_github_command_prefix: '!gh' -matrix_hookshot_github_show_issue_room_link: false +matrix_hookshot_github_showIssueRoomLink: false matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}" matrix_hookshot_github_including_labels: '' matrix_hookshot_github_excluding_labels: '' +matrix_hookshot_github_hotlink_prefix: "#" matrix_hookshot_gitlab_enabled: true @@ -128,6 +129,41 @@ matrix_hookshot_provisioning_enabled: false matrix_hookshot_provisioning_internal: "/v1" matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}" + +matrix_hookshot_widgets_enabled: true +matrix_hookshot_widgets_port: 9003 +matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature +matrix_hookshot_widgets_roomSetupWidget_enabled: true +matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false +# `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list. +# matrix_hookshot_widgets_disallowedIpRanges: +# - 127.0.0.0/8 +# - 10.0.0.0/8 +# - 172.16.0.0/12 +# - 192.168.0.0/16 +# - 100.64.0.0/10 +# - 192.0.0.0/24 +# - 169.254.0.0/16 +# - 192.88.99.0/24 +# - 198.18.0.0/15 +# - 192.0.2.0/24 +# - 198.51.100.0/24 +# - 203.0.113.0/24 +# - 224.0.0.0/4 +# - ::1/128 +# - fe80::/10 +# - fc00::/7 +# - 2001:db8::/32 +# - ff00::/8 +# - fec0::/10 +matrix_hookshot_widgets_disallowedIpRanges: '' +matrix_hookshot_widgets_internal: "/widgetapi" +# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi" +matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}" +matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" +matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" + + # You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions # When empty, the default permissions are applied. # Example: diff --git a/roles/matrix-bridge-hookshot/tasks/init.yml b/roles/matrix-bridge-hookshot/tasks/init.yml index 55dde6ef..384f6d3b 100644 --- a/roles/matrix-bridge-hookshot/tasks/init.yml +++ b/roles/matrix-bridge-hookshot/tasks/init.yml @@ -63,6 +63,20 @@ proxy_set_header Host $host; } {% endif %} + {% if matrix_hookshot_widgets_enabled %} + location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}"; + proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args; + {% endif %} + proxy_set_header Host $host; + } + {% endif %} location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ { {% if matrix_nginx_proxy_enabled|default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2 index bb05f42c..c1771509 100644 --- a/roles/matrix-bridge-hookshot/templates/config.yml.j2 +++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2 @@ -33,10 +33,12 @@ github: # ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }} commandPrefix: "{{ matrix_hookshot_github_command_prefix }}" - showIssueRoomLink: {{ matrix_hookshot_github_show_issue_room_link }} + showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }} prDiff: {{ matrix_hookshot_github_pr_diff }} includingLabels:{{ matrix_hookshot_github_including_labels }} excludingLabels: {{ matrix_hookshot_github_excluding_labels }} + hotlinkIssues: + prefix: "{{ matrix_hookshot_github_hotlink_prefix }}" {% endif %} {% if matrix_hookshot_gitlab_enabled %} gitlab: @@ -100,6 +102,22 @@ logging: # (Optional) Logging settings. You can have a severity debug,info,warn,error # level: info +{% if matrix_hookshot_widgets_enabled %} +widgets: + # (Optional) EXPERIMENTAL support for complimentary widgets + # + addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }} +{% if matrix_hookshot_widgets_roomSetupWidget_enabled %} + roomSetupWidget: + addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }} +{% endif %} +{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %} + disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }} +{% endif %} + publicUrl: {{ matrix_hookshot_widgets_publicUrl }} + branding: + widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }} +{% endif %} {% if matrix_hookshot_permissions %} permissions: {{ matrix_hookshot_permissions }} {% endif %} @@ -125,3 +143,9 @@ listeners: resources: - provisioning {% endif %} +{% if matrix_hookshot_widgets_enabled %} + - port: {{ matrix_hookshot_widgets_port }} + bindAddress: 0.0.0.0 + resources: + - widgets +{% endif %} From f6cb59116b93bc826fdb2a7b8999046eaa08e0d6 Mon Sep 17 00:00:00 2001 From: Yan Minagawa Date: Tue, 12 Apr 2022 14:31:49 +0700 Subject: [PATCH 44/48] This adds a variable for requiring MSC3231 token for registration --- roles/matrix-synapse/defaults/main.yml | 5 +++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ec58f233..9e332669 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -210,6 +210,11 @@ matrix_synapse_enable_registration_captcha: false matrix_synapse_recaptcha_public_key: '' matrix_synapse_recaptcha_private_key: '' +# Requires an MSC3231 token for registration. Note that `matrix_synapse_enable_registration` must be set to `true`. +# Tokens can be created via the API or through synapse-admin. +# Disabling this option will not delete any tokens previously generated. +matrix_synapse_registration_requires_token: false + # Allows non-server-admin users to create groups on this server matrix_synapse_enable_group_creation: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 8a701c4d..37cad10f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1373,7 +1373,9 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} # Disabling this option will not delete any tokens previously generated. # Defaults to false. Uncomment the following to require tokens: # -#registration_requires_token: true +registration_requires_token: {{ matrix_synapse_registration_requires_token|to_json }} + + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. From 10c6c24c160e4b956c455161a14708c0a4b6ff47 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 11:15:11 +0000 Subject: [PATCH 45/48] Update element 1.10.8 -> 1.10.9 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index c395efb7..34cf22a7 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.8 +matrix_client_element_version: v1.10.9 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From ac1bd494940e1d476b7f63625968f7ee7bee1e33 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 11:16:36 +0000 Subject: [PATCH 46/48] Update coturn 4.5.2-r8 -> 4.5.2-r11 --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 8ea7d3a5..46492e21 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -7,7 +7,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r8 +matrix_coturn_version: 4.5.2-r11 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 9c606d1fcb2b5f921ec2a0bd46fbed15b6b0be97 Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 12 Apr 2022 17:00:07 +0300 Subject: [PATCH 47/48] Update jitsi to version 7001 Tested, works without any configuration changes. --- roles/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 5f543d4a..c3268267 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-6865 +matrix_jitsi_version: stable-7001 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From b9bf20c761eedb612d51b5fe4654d336142189ae Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 12 Apr 2022 15:52:49 +0000 Subject: [PATCH 48/48] Update honoroit 0.9.5 -> 0.9.6 This update brings stable threads support --- roles/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index 8495c6e1..90bfa269 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -8,7 +8,7 @@ matrix_bot_honoroit_container_image_self_build: false matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.5 +matrix_bot_honoroit_version: v0.9.6 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"