3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-26 10:03:25 +00:00

Merge remote-tracking branch 'upstream/master' into gomatrixhosting-testing

This commit is contained in:
Michael Collins
2021-09-25 10:56:26 +08:00
14 changed files with 67 additions and 40 deletions

View File

@@ -121,7 +121,7 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
- this one **can be executed more than once** without causing trouble - this one **can be executed more than once** without causing trouble
- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux** - works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 10/Buster+, **Ubuntu** 18.04+), **Archlinux**
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place - this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place

View File

@@ -60,7 +60,7 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
It can be worked around by changing the username to `synapse`, for example by using `sed`: It can be worked around by changing the username to `synapse`, for example by using `sed`:
```Shell ```Shell
$ sed -i "s/synapse_user/synapse/g" homeserver.sql" $ sed -i "s/synapse_user/synapse/g" homeserver.sql
``` ```
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.

View File

@@ -4,8 +4,8 @@ To install Matrix services using this Ansible playbook, you need:
- (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems: - (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems:
- **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)) - **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
- **Debian** (9/Stretch or newer) - **Debian** (10/Buster or newer)
- **Ubuntu** (16.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions)) - **Ubuntu** (18.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
- **Archlinux** - **Archlinux**
Generally, newer is better. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. Generally, newer is better. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.

View File

@@ -14,7 +14,7 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# #
# In case SSL renewal fails at some point, you'll also get an email notification there. # In case SSL renewal fails at some point, you'll also get an email notification there.
# #
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt), # If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`). # you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
# #
# Example value: someone@example.com # Example value: someone@example.com

View File

@@ -3,7 +3,7 @@
matrix_bot_mjolnir_enabled: true matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v0.1.19" matrix_bot_mjolnir_version: "v1.1.20"
matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

View File

@@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_version: release-0.30.0 matrix_appservice_irc_version: release-0.31.0
matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"

View File

@@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.0.1 matrix_heisenbridge_version: 1.2.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

View File

@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_version: v1.8.2 matrix_client_element_version: v1.8.5
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View File

@@ -33,17 +33,6 @@
register: matrix_client_hydrogen_git_pull_results register: matrix_client_hydrogen_git_pull_results
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure Hydrogen Docker image is built
docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"
source: build
force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
pull: yes
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure Hydrogen configuration installed - name: Ensure Hydrogen configuration installed
copy: copy:
content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}"
@@ -64,6 +53,19 @@
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
when: "matrix_client_hydrogen_enabled|bool and item.src is not none" when: "matrix_client_hydrogen_enabled|bool and item.src is not none"
# This step MUST come after the steps to install the configuration files because the config files
# are currently only read at build time, not at run time like most other components in the playbook
- name: Ensure Hydrogen Docker image is built
docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"
source: build
force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_client_hydrogen_docker_src_files_path }}"
pull: yes
when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool"
- name: Ensure matrix-client-hydrogen.service installed - name: Ensure matrix-client-hydrogen.service installed
template: template:
src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2"

View File

@@ -3,7 +3,7 @@
matrix_grafana_enabled: false matrix_grafana_enabled: false
matrix_grafana_version: 8.1.2 matrix_grafana_version: 8.1.4
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

View File

@@ -1,5 +1,5 @@
matrix_nginx_proxy_enabled: true matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_version: 1.21.1-alpine matrix_nginx_proxy_version: 1.21.3-alpine
# We use an official nginx image, which we fix-up to run unprivileged. # We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but # An alternative would be an `nginxinc/nginx-unprivileged` image, but
@@ -426,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt. # Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0" matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.19.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_lets_encrypt_support_email: ~

View File

@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first. # amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately. # arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available. # arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.41.1 matrix_synapse_version: v1.43.0
matrix_synapse_version_arm64: v1.41.1 matrix_synapse_version_arm64: v1.43.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View File

@@ -83,20 +83,6 @@ presence:
# #
enabled: {{ matrix_synapse_presence_enabled|to_json }} enabled: {{ matrix_synapse_presence_enabled|to_json }}
# Presence routers are third-party modules that can specify additional logic
# to where presence updates from users are routed.
#
presence_router:
# The custom module's class. Uncomment to use a custom presence router module.
#
#module: "my_custom_router.PresenceRouter"
# Configuration options of the custom module. Refer to your module's
# documentation for available options.
#
#config:
# example_option: 'something'
# Whether to require authentication to retrieve profile data (avatars, # Whether to require authentication to retrieve profile data (avatars,
# display names) of other users through the client API. Defaults to # display names) of other users through the client API. Defaults to
# 'false'. Note that profile data is also available via the federation # 'false'. Note that profile data is also available via the federation
@@ -371,6 +357,24 @@ update_user_directory: false
daemonize: false daemonize: false
{% endif %} {% endif %}
# Connection settings for the manhole
#
manhole_settings:
# The username for the manhole. This defaults to 'matrix'.
#
#username: manhole
# The password for the manhole. This defaults to 'rabbithole'.
#
#password: mypassword
# The private and public SSH key pair used to encrypt the manhole traffic.
# If these are left unset, then hardcoded and non-secret keys are used,
# which could allow traffic to be intercepted if sent over a public network.
#
#ssh_priv_key_path: /data/id_rsa
#ssh_pub_key_path: /data/id_rsa.pub
# Forward extremities can build up in a room due to networking delays between # Forward extremities can build up in a room due to networking delays between
# homeservers. Once this happens in a large room, calculation of the state of # homeservers. Once this happens in a large room, calculation of the state of
# that room can become quite expensive. To mitigate this, once the number of # that room can become quite expensive. To mitigate this, once the number of
@@ -839,6 +843,8 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
# is using # is using
# - one for registration that ratelimits registration requests based on the # - one for registration that ratelimits registration requests based on the
# client's IP address. # client's IP address.
# - one for checking the validity of registration tokens that ratelimits
# requests based on the client's IP address.
# - one for login that ratelimits login requests based on the client's IP # - one for login that ratelimits login requests based on the client's IP
# address. # address.
# - one for login that ratelimits login requests based on the account the # - one for login that ratelimits login requests based on the account the
@@ -869,6 +875,10 @@ rc_message: {{ matrix_synapse_rc_message|to_json }}
# burst_count: 3 # burst_count: 3
rc_registration: {{ matrix_synapse_rc_registration|to_json }} rc_registration: {{ matrix_synapse_rc_registration|to_json }}
# #
#rc_registration_token_validity:
# per_second: 0.1
# burst_count: 5
#
#rc_login: #rc_login:
# address: # address:
# per_second: 0.17 # per_second: 0.17
@@ -1228,6 +1238,15 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
# #
#enable_3pid_lookup: true #enable_3pid_lookup: true
# Require users to submit a token during registration.
# Tokens can be managed using the admin API:
# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html
# Note that `enable_registration` must be set to `true`.
# Disabling this option will not delete any tokens previously generated.
# Defaults to false. Uncomment the following to require tokens:
#
#registration_requires_token: true
# If set, allows registration of standard or admin accounts by anyone who # If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled. # has the shared secret, even if registration is otherwise disabled.
# #
@@ -2257,7 +2276,7 @@ password_config:
# #
#require_lowercase: true #require_lowercase: true
# Whether a password must contain at least one lowercase letter. # Whether a password must contain at least one uppercase letter.
# Defaults to 'false'. # Defaults to 'false'.
# #
#require_uppercase: true #require_uppercase: true

View File

@@ -32,6 +32,8 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/federation/v1/user/devices/ - ^/_matrix/federation/v1/user/devices/
- ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/federation/v1/get_groups_publicised$
- ^/_matrix/key/v2/query - ^/_matrix/key/v2/query
- ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/
- ^/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/
# Inbound federation transaction request # Inbound federation transaction request
- ^/_matrix/federation/v1/send/ - ^/_matrix/federation/v1/send/
@@ -43,6 +45,9 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$ - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$
- ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$
- ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$
- ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
- ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$ - ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$
- ^/_matrix/client/(api/v1|r0|unstable)/devices$ - ^/_matrix/client/(api/v1|r0|unstable)/devices$
- ^/_matrix/client/(api/v1|r0|unstable)/keys/query$ - ^/_matrix/client/(api/v1|r0|unstable)/keys/query$
@@ -59,6 +64,7 @@ matrix_synapse_workers_generic_worker_endpoints:
# Registration/login requests # Registration/login requests
- ^/_matrix/client/(api/v1|r0|unstable)/login$ - ^/_matrix/client/(api/v1|r0|unstable)/login$
- ^/_matrix/client/(r0|unstable)/register$ - ^/_matrix/client/(r0|unstable)/register$
- ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
# Event sending requests # Event sending requests
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact