mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 17:43:23 +00:00 
			
		
		
		
	Merge branch 'spantaleev:master' into master
This commit is contained in:
		
							
								
								
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,3 +1,20 @@ | |||||||
|  | # 2022-03-17 | ||||||
|  |  | ||||||
|  | ## (Compatibility Break) ma1sd identity server no longer installed by default | ||||||
|  |  | ||||||
|  | The playbook no longer installs the [ma1sd](https://github.com/ma1uta/ma1sd) identity server by default. The next time you run the playbook, ma1sd will be uninstalled from your server, unless you explicitly enable the ma1sd service (see how below). | ||||||
|  |  | ||||||
|  | The main reason we used to install ma1sd by default in the past was to prevent Element from talking to the `matrix.org` / `vector.im` identity servers, by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, thus preventing contact list leaks. | ||||||
|  |  | ||||||
|  | Since Element no longer defaults to using a public identity server if another one is not provided, we can stop installing ma1sd. | ||||||
|  |  | ||||||
|  | If you need to install the ma1sd identity server for some reason, you can explicitly enable it by adding this to your `vars.yml` file: | ||||||
|  |  | ||||||
|  | ```yaml | ||||||
|  | matrix_ma1sd_enabled: true | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  |  | ||||||
| # 2022-02-12 | # 2022-02-12 | ||||||
|  |  | ||||||
| ## matrix_encryption_disabler support | ## matrix_encryption_disabler support | ||||||
|   | |||||||
| @@ -31,7 +31,7 @@ Using this playbook, you can get the following services configured on your serve | |||||||
|  |  | ||||||
| - (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default | - (optional, default) an [Element](https://app.element.io/) ([formerly Riot](https://element.io/previously-riot)) web UI, which is configured to connect to your own Synapse server by default | ||||||
|  |  | ||||||
| - (optional, default) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server | - (optional) a [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server | ||||||
|  |  | ||||||
| - (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - (optional, default) an [Exim](https://www.exim.org/) mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -62,11 +62,11 @@ The `cinny.<your-domain>` subdomain may be necessary, because this playbook coul | |||||||
|  |  | ||||||
| ## `_matrix-identity._tcp` SRV record setup | ## `_matrix-identity._tcp` SRV record setup | ||||||
|  |  | ||||||
| To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook installs for you) enable its federation features, set up an SRV record that looks like this: | To make the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server (which this playbook may optionally install for you) enable its federation features, set up an SRV record that looks like this: | ||||||
| - Name: `_matrix-identity._tcp` (use this text as-is) | - Name: `_matrix-identity._tcp` (use this text as-is) | ||||||
| - Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own) | - Content: `10 0 443 matrix.<your-domain>` (replace `<your-domain>` with your own) | ||||||
|  |  | ||||||
| This is an optional feature. See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. | This is an optional feature for the optionally-installed [ma1sd service](configuring-playbook-ma1sd.md). See [ma1sd's documentation](https://github.com/ma1uta/ma1sd/wiki/mxisd-and-your-privacy#choices-are-never-easy) for information on the privacy implications of setting up this SRV record. | ||||||
|  |  | ||||||
| Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. | Note: This `_matrix-identity._tcp` SRV record for the identity server is different from the `_matrix._tcp` that can be used for Synapse delegation. See [howto-server-delegation.md](howto-server-delegation.md) for more information about delegation. | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,24 +1,22 @@ | |||||||
| # Adjusting ma1sd Identity Server configuration (optional) | # Adjusting ma1sd Identity Server configuration (optional) | ||||||
|  |  | ||||||
| By default, this playbook configures an [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. | The playbook can configure the [ma1sd](https://github.com/ma1uta/ma1sd) Identity Server for you. | ||||||
|  |  | ||||||
|  | ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). | ||||||
|  |  | ||||||
| This server is private by default, potentially at the expense of user discoverability. | This server is private by default, potentially at the expense of user discoverability. | ||||||
|  |  | ||||||
| *ma1sd is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.* | *ma1sd is a fork of [mxisd](https://github.com/kamax-io/mxisd) which was pronounced end of life 2019-06-21.* | ||||||
|  |  | ||||||
| **Note**: enabling ma1sd (which is also the default), means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). | **Note**: enabling ma1sd, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). | ||||||
|  |  | ||||||
|  | To enable ma1sd, use the following additional configuration in your `vars.yml` file: | ||||||
| ## Disabling ma1sd |  | ||||||
|  |  | ||||||
| ma1sd, being an Identity Server, is not strictly needed. It is only used for 3PIDs (3rd party identifiers like E-mail and phone numbers) and some [enhanced features](https://github.com/ma1uta/ma1sd/#features). |  | ||||||
|  |  | ||||||
| If you'd like for the playbook to not install ma1sd (or to uninstall it if it was previously installed), you can disable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): |  | ||||||
|  |  | ||||||
| ```yaml | ```yaml | ||||||
| matrix_ma1sd_enabled: false | matrix_ma1sd_enabled: true | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Matrix.org lookup forwarding | ## Matrix.org lookup forwarding | ||||||
|  |  | ||||||
| To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information). | To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information). | ||||||
|   | |||||||
| @@ -47,8 +47,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins | |||||||
|  |  | ||||||
| - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) | - [Using an external PostgreSQL server](configuring-playbook-external-postgres.md) (optional) | ||||||
|  |  | ||||||
| - [Adjusting ma1sd Identity Server configuration](configuring-playbook-ma1sd.md) (optional) |  | ||||||
|  |  | ||||||
| - [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) (optional, advanced) | - [Adjusting SSL certificate retrieval](configuring-playbook-ssl-certificates.md) (optional, advanced) | ||||||
|  |  | ||||||
| - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) | - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) | ||||||
| @@ -69,11 +67,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins | |||||||
| - [Adjusting email-sending settings](configuring-playbook-email.md) (optional) | - [Adjusting email-sending settings](configuring-playbook-email.md) (optional) | ||||||
|  |  | ||||||
| - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional) | - [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional) | ||||||
|  |  | ||||||
| - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) | - [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional) | ||||||
|  |  | ||||||
|  |  | ||||||
| ### Authentication and user-related | ### Authentication and user-related | ||||||
|  |  | ||||||
|  | - [Setting up an ma1sd Identity Server](configuring-playbook-ma1sd.md) (optional) | ||||||
|  |  | ||||||
| - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional) | - [Setting up Synapse Admin](configuring-playbook-synapse-admin.md) (optional) | ||||||
|  |  | ||||||
| - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (optional) | - [Setting up matrix-registration](configuring-playbook-matrix-registration.md) (optional) | ||||||
|   | |||||||
| @@ -15,8 +15,6 @@ These services are enabled and used by default, but you can turn them off, if yo | |||||||
|  |  | ||||||
| - [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional) | - [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional) | ||||||
|  |  | ||||||
| - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) |  | ||||||
|  |  | ||||||
| - [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional) | - [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional) | ||||||
|  |  | ||||||
| - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) | - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) | ||||||
| @@ -30,6 +28,8 @@ These services are enabled and used by default, but you can turn them off, if yo | |||||||
|  |  | ||||||
| These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later): | These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later): | ||||||
|  |  | ||||||
|  | - [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional) | ||||||
|  |  | ||||||
| - [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) | - [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional) | ||||||
|  |  | ||||||
| - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) | - [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional) | ||||||
|   | |||||||
| @@ -1328,9 +1328,16 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64 | |||||||
| # | # | ||||||
| ###################################################################### | ###################################################################### | ||||||
|  |  | ||||||
| # By default, this playbook installs the ma1sd identity server on the same domain as Synapse (`matrix_server_fqn_matrix`). | # We no longer install the ma1sd identity server by default. | ||||||
| # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. | # | ||||||
| matrix_ma1sd_enabled: true | # The main reason we used to install ma1sd by default in the past was to | ||||||
|  | # prevent Element from talking to the `matrix.org` / `vector.im` identity servers, | ||||||
|  | # by forcing it to talk to our own self-hosted (but otherwise useless) identity server instead, | ||||||
|  | # thus preventing contact list leaks. | ||||||
|  | # | ||||||
|  | # Since Element no longer defaults to using a public identity server if another one is not provided, | ||||||
|  | # we can stop installing ma1sd. | ||||||
|  | matrix_ma1sd_enabled: false | ||||||
|  |  | ||||||
| matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" | matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -5,7 +5,7 @@ matrix_client_cinny_enabled: true | |||||||
| matrix_client_cinny_container_image_self_build: false | matrix_client_cinny_container_image_self_build: false | ||||||
| matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" | matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" | ||||||
|  |  | ||||||
| matrix_client_cinny_version: v1.8.1 | matrix_client_cinny_version: v1.8.2 | ||||||
| matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" | matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" | ||||||
| matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" | matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||||
| matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" | matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user