mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2026-02-08 16:13:10 +00:00
Remove ma1sd (#4898)
* Remove ma1sd
Reuse 6d1ec58a82/docs/configuring-playbook-bridge-mautrix-instagram.md
Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update configuring-playbook-ma1sd.pot
Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
* Update changelog entry date for ma1sd removal
---------
Signed-off-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Suguru Hirahara <did🔑z6MkvVZk1A3KBApWJXv2Ju4H14ErDfRGxh8zxdXSZ4vACDg5>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
This commit is contained in:
Suguru Hirahara
GitHub
@@ -384,8 +384,6 @@ devture_systemd_service_manager_services_list_auto: |
|
||||
+
|
||||
([{'name': 'matrix-ldap-registration-proxy.service', 'priority': 2000, 'groups': ['matrix', 'ldap-registration-proxy']}] if matrix_ldap_registration_proxy_enabled else [])
|
||||
+
|
||||
([{'name': 'matrix-ma1sd.service', 'priority': 2000, 'groups': ['matrix', 'ma1sd']}] if matrix_ma1sd_enabled else [])
|
||||
+
|
||||
([{'name': (matrix_media_repo_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'matrix-media-repo']}] if matrix_media_repo_enabled else [])
|
||||
+
|
||||
([{'name': (exim_relay_identifier ~ '.service'), 'priority': 800, 'groups': ['matrix', 'mailer', 'exim-relay']}] if exim_relay_enabled else [])
|
||||
@@ -508,8 +506,6 @@ docker_daemon_options: "{{ matrix_playbook_docker_installation_daemon_options }}
|
||||
#
|
||||
######################################################################
|
||||
|
||||
matrix_identity_server_url: "{{ (('https://' if matrix_playbook_ssl_enabled else 'http://') + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
|
||||
|
||||
matrix_homeserver_systemd_services_list: |-
|
||||
{{
|
||||
(
|
||||
@@ -3543,95 +3539,6 @@ exim_relay_container_image_self_build: "{{ matrix_architecture not in ['amd64',
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-ma1sd
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# We no longer install the ma1sd identity server by default.
|
||||
#
|
||||
# The main reason we used to install ma1sd by default in the past was to
|
||||
# prevent Element from talking to the `matrix.org` / `vector.im` identity servers,
|
||||
# by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead,
|
||||
# thus preventing contact list leaks.
|
||||
#
|
||||
# Since Element no longer defaults to using a public identity server if another one is not provided,
|
||||
# we can stop installing ma1sd.
|
||||
matrix_ma1sd_enabled: false
|
||||
|
||||
matrix_ma1sd_scheme: "{{ 'https' if matrix_playbook_ssl_enabled else 'http' }}"
|
||||
matrix_ma1sd_hostname: "{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
matrix_ma1sd_docker_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else matrix_ma1sd_docker_image_registry_prefix_upstream_default }}"
|
||||
|
||||
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||
|
||||
matrix_ma1sd_container_http_host_bind_port: "{{ (matrix_playbook_service_host_bind_interface_prefix ~ '' ~ matrix_ma1sd_container_port | string) if matrix_playbook_service_host_bind_interface_prefix else '' }}"
|
||||
|
||||
matrix_ma1sd_container_network: "{{ matrix_homeserver_container_network }}"
|
||||
|
||||
matrix_ma1sd_container_additional_networks_auto: |
|
||||
{{
|
||||
(
|
||||
([matrix_homeserver_container_network] if (matrix_ma1sd_container_network != matrix_homeserver_container_network) else [])
|
||||
+
|
||||
([postgres_container_network] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname and matrix_ma1sd_container_network != postgres_container_network) else [])
|
||||
+
|
||||
([exim_relay_container_network] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier and matrix_ma1sd_container_network != exim_relay_container_network) else [])
|
||||
+
|
||||
([matrix_playbook_reverse_proxyable_services_additional_network] if (matrix_playbook_reverse_proxyable_services_additional_network and matrix_ma1sd_container_labels_traefik_enabled) else [])
|
||||
) | unique
|
||||
}}
|
||||
|
||||
matrix_ma1sd_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
|
||||
matrix_ma1sd_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
|
||||
matrix_ma1sd_container_labels_traefik_entrypoints: "{{ traefik_entrypoint_primary }}"
|
||||
matrix_ma1sd_container_labels_traefik_tls_certResolver: "{{ traefik_certResolver_primary }}"
|
||||
|
||||
# We enable Synapse integration via its Postgres database by default.
|
||||
# When using another Identity store, you might wish to disable this and define
|
||||
# your own configuration in `matrix_ma1sd_configuration_extension_yaml`.
|
||||
matrix_ma1sd_synapsesql_enabled: true
|
||||
matrix_ma1sd_synapsesql_type: postgresql
|
||||
matrix_ma1sd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}
|
||||
|
||||
matrix_ma1sd_dns_overwrite_enabled: true
|
||||
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||
matrix_ma1sd_dns_overwrite_homeserver_client_value: "{{ matrix_addons_homeserver_client_api_url }}"
|
||||
|
||||
# By default, we send mail through the exim relay service.
|
||||
matrix_ma1sd_threepid_medium_email_identity_from: "{{ exim_relay_sender_address }}"
|
||||
matrix_ma1sd_threepid_medium_email_connectors_smtp_host: "{{ exim_relay_identifier }}"
|
||||
matrix_ma1sd_threepid_medium_email_connectors_smtp_port: 8025
|
||||
matrix_ma1sd_threepid_medium_email_connectors_smtp_tls: 0
|
||||
|
||||
matrix_ma1sd_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
|
||||
|
||||
matrix_ma1sd_systemd_required_services_list_auto: |
|
||||
{{
|
||||
matrix_addons_homeserver_systemd_services_list
|
||||
+
|
||||
([postgres_identifier ~ '.service'] if (postgres_enabled and matrix_ma1sd_database_hostname == postgres_connection_hostname) else [])
|
||||
}}
|
||||
|
||||
matrix_ma1sd_systemd_wanted_services_list_auto: |
|
||||
{{
|
||||
([exim_relay_identifier ~ '.service'] if (exim_relay_enabled and matrix_ma1sd_threepid_medium_email_connectors_smtp_host == exim_relay_identifier) else [])
|
||||
}}
|
||||
|
||||
# Postgres is the default, except if not using internal Postgres server
|
||||
matrix_ma1sd_database_engine: "{{ 'postgres' if postgres_enabled else 'sqlite' }}"
|
||||
matrix_ma1sd_database_hostname: "{{ postgres_connection_hostname if postgres_enabled else '' }}"
|
||||
matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ma1sd.db', rounds=655555) | to_uuid }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-ma1sd
|
||||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-media-repo
|
||||
@@ -3823,12 +3730,6 @@ postgres_managed_databases_auto: |
|
||||
'password': matrix_authentication_service_config_database_password,
|
||||
}] if (matrix_authentication_service_enabled and matrix_authentication_service_config_database_host == postgres_connection_hostname) else [])
|
||||
+
|
||||
([{
|
||||
'name': matrix_ma1sd_database_name,
|
||||
'username': matrix_ma1sd_database_username,
|
||||
'password': matrix_ma1sd_database_password,
|
||||
}] if (matrix_ma1sd_enabled and matrix_ma1sd_database_engine == 'postgres' and matrix_ma1sd_database_hostname == postgres_connection_hostname) else [])
|
||||
+
|
||||
([{
|
||||
'name': matrix_bot_matrix_reminder_bot_database_name,
|
||||
'username': matrix_bot_matrix_reminder_bot_database_username,
|
||||
@@ -4436,11 +4337,6 @@ matrix_synapse_rust_synapse_compress_state_docker_image_registry_prefix_upstream
|
||||
|
||||
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url: "{{ ('http://matrix-ma1sd:' + matrix_ma1sd_container_port| string) }}"
|
||||
|
||||
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
|
||||
matrix_synapse_account_threepid_delegates_msisdn: "{{ matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url if matrix_ma1sd_enabled else '' }}"
|
||||
|
||||
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||
#
|
||||
@@ -4463,8 +4359,6 @@ matrix_synapse_container_additional_networks_auto: |
|
||||
+
|
||||
([exim_relay_container_network] if (exim_relay_enabled and matrix_synapse_email_enabled and matrix_synapse_email_smtp_host == exim_relay_identifier and matrix_synapse_container_network != exim_relay_container_network) else [])
|
||||
+
|
||||
([matrix_ma1sd_container_network] if (matrix_ma1sd_enabled and matrix_synapse_account_threepid_delegates_msisdn == matrix_synapse_account_threepid_delegates_msisdn_mas1sd_url and matrix_synapse_container_network != matrix_ma1sd_container_network) else [])
|
||||
+
|
||||
([matrix_bot_draupnir_container_network] if (matrix_synapse_ext_synapse_http_antispam_enabled and matrix_synapse_ext_synapse_http_antispam_config_base_url == matrix_bot_draupnir_synapse_http_antispam_config_base_url and matrix_bot_draupnir_container_network != matrix_synapse_container_network) else [])
|
||||
) | unique
|
||||
}}
|
||||
@@ -4511,7 +4405,7 @@ matrix_synapse_tls_federation_listener_enabled: false
|
||||
matrix_synapse_tls_certificate_path: ~
|
||||
matrix_synapse_tls_private_key_path: ~
|
||||
|
||||
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}"
|
||||
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_user_verification_service_enabled or matrix_livekit_jwt_service_enabled) }}"
|
||||
|
||||
matrix_synapse_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
|
||||
|
||||
@@ -5396,7 +5290,7 @@ matrix_dendrite_disable_tls_validation: "{{ not matrix_playbook_ssl_enabled }}"
|
||||
|
||||
matrix_dendrite_self_check_validate_certificates: "{{ matrix_playbook_ssl_enabled }}"
|
||||
|
||||
matrix_dendrite_trusted_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else ['matrix.org', 'vector.im'] }}"
|
||||
matrix_dendrite_trusted_id_servers: "{{ ['matrix.org', 'vector.im'] }}"
|
||||
|
||||
matrix_dendrite_systemd_required_services_list_auto: |
|
||||
{{
|
||||
|
||||
Reference in New Issue
Block a user