mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 01:53:24 +00:00 
			
		
		
		
	Merge branch 'spantaleev:master' into master
This commit is contained in:
		| @@ -34,6 +34,8 @@ Updates to this section are trailed here: | |||||||
|  |  | ||||||
| Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository. | Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository. | ||||||
|  |  | ||||||
|  | For simpler installation steps you can use to get started with this system, check out our minimal installation guide at '/doc/Installation_Minimal.md'. | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Does I need a front-end WordPress site? And a DigitalOcean account?  | ## Does I need a front-end WordPress site? And a DigitalOcean account?  | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										42
									
								
								roles/matrix-awx/surveys/access_export.json.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								roles/matrix-awx/surveys/access_export.json.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,42 @@ | |||||||
|  | { | ||||||
|  |   "name": "Access Export", | ||||||
|  |   "description": "Access the services export.", | ||||||
|  |   "spec": [ | ||||||
|  |     { | ||||||
|  |       "question_name": "SFTP Authorisation Method", | ||||||
|  |       "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", | ||||||
|  |       "required": true, | ||||||
|  |       "min": null, | ||||||
|  |       "max": null, | ||||||
|  |       "default": "{{ sftp_auth_method | string }}", | ||||||
|  |       "choices": "Disabled\nPassword\nSSH Key", | ||||||
|  |       "new_question": true, | ||||||
|  |       "variable": "sftp_auth_method", | ||||||
|  |       "type": "multiplechoice" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "question_name": "SFTP Password", | ||||||
|  |       "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", | ||||||
|  |       "required": false, | ||||||
|  |       "min": 0, | ||||||
|  |       "max": 64, | ||||||
|  |       "default": "{{ sftp_password }}", | ||||||
|  |       "choices": "", | ||||||
|  |       "new_question": true, | ||||||
|  |       "variable": "sftp_password", | ||||||
|  |       "type": "password" | ||||||
|  |     }, | ||||||
|  |     { | ||||||
|  |       "question_name": "SFTP Public SSH Key (More Secure)", | ||||||
|  |       "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", | ||||||
|  |       "required": false, | ||||||
|  |       "min": 0, | ||||||
|  |       "max": 16384, | ||||||
|  |       "default": "{{ sftp_public_key }}", | ||||||
|  |       "choices": "", | ||||||
|  |       "new_question": true, | ||||||
|  |       "variable": "sftp_public_key", | ||||||
|  |       "type": "text" | ||||||
|  |     } | ||||||
|  |   ] | ||||||
|  | } | ||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "Backup Server", |   "name": "Backup Server", | ||||||
|   "description": "", |   "description": "Performs a backup of the entire service to a remote location.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Backup", |       "question_name": "Enable Backup", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "Configure Matrix Corporal", |   "name": "Configure Matrix Corporal", | ||||||
|   "description": "", |   "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Corporal", |       "question_name": "Enable Corporal", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "Configure Dimension", |   "name": "Configure Dimension", | ||||||
|   "description": "", |   "description": "Configure Dimension, the self-hosted integrations server.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Dimension", |       "question_name": "Enable Dimension", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "", |   "name": "Configure Element", | ||||||
|   "description": "", |   "description": "Configure Element web client, Element is the most developed Matrix client software.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Element-Web", |       "question_name": "Enable Element-Web", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "", |   "name": "Configure Jitsi", | ||||||
|   "description": "", |   "description": "Configure Jitsi conferencing settings.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Jitsi", |       "question_name": "Enable Jitsi", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "", |   "name": "Configure ma1sd", | ||||||
|   "description": "", |   "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable ma1sd", |       "question_name": "Enable ma1sd", | ||||||
|   | |||||||
| @@ -1,6 +1,6 @@ | |||||||
| { | { | ||||||
|   "name": "Configure Synapse", |   "name": "Configure Synapse", | ||||||
|   "description": "", |   "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", | ||||||
|   "spec": [ |   "spec": [ | ||||||
|     { |     { | ||||||
|       "question_name": "Enable Public Registration", |       "question_name": "Enable Public Registration", | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
|     insertafter: '# Base Domain Settings Start' |     insertafter: '# Base Domain Settings Start' | ||||||
|   with_dict: |   with_dict: | ||||||
|     'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' |     'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' | ||||||
|   when: customise_base_domain_website|bool == false |   when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool | ||||||
|  |  | ||||||
| - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain | - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
| @@ -19,7 +19,19 @@ | |||||||
|     insertafter: '# Base Domain Settings Start' |     insertafter: '# Base Domain Settings Start' | ||||||
|   with_dict: |   with_dict: | ||||||
|     'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' |     'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' | ||||||
|   when: customise_base_domain_website|bool == true |   when: (customise_base_domain_website is defined) and customise_base_domain_website|bool | ||||||
|  |  | ||||||
|  | - name: Record custom 'Customise Website + Access Export' variables locally on AWX | ||||||
|  |   delegate_to: 127.0.0.1 | ||||||
|  |   lineinfile: | ||||||
|  |     path: '{{ awx_cached_matrix_vars }}' | ||||||
|  |     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||||
|  |     line: "{{ item.key }}: {{ item.value }}" | ||||||
|  |     insertafter: '# Custom Settings Start' | ||||||
|  |   with_dict: | ||||||
|  |     'sftp_auth_method': '"{{ sftp_auth_method }}"' | ||||||
|  |     'sftp_password': '"{{ sftp_password }}"' | ||||||
|  |     'sftp_public_key': '"{{ sftp_public_key }}"' | ||||||
|  |  | ||||||
| - name: Record custom 'Customise Website + Access Export' variables locally on AWX | - name: Record custom 'Customise Website + Access Export' variables locally on AWX | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
| @@ -30,28 +42,40 @@ | |||||||
|     insertafter: '# Custom Settings Start' |     insertafter: '# Custom Settings Start' | ||||||
|   with_dict: |   with_dict: | ||||||
|     'customise_base_domain_website': '{{ customise_base_domain_website }}' |     'customise_base_domain_website': '{{ customise_base_domain_website }}' | ||||||
|     'sftp_auth_method': '"{{ sftp_auth_method }}"' |   when: customise_base_domain_website is defined | ||||||
|     'sftp_password': '"{{ sftp_password }}"' |  | ||||||
|     'sftp_public_key': '"{{ sftp_public_key }}"' |  | ||||||
|  |  | ||||||
| - name: Reload vars in matrix_vars.yml | - name: Reload vars in matrix_vars.yml | ||||||
|   include_vars: |   include_vars: | ||||||
|     file: '{{ awx_cached_matrix_vars }}' |     file: '{{ awx_cached_matrix_vars }}' | ||||||
|   no_log: True |   no_log: True | ||||||
|  |  | ||||||
| # ^ Is this even needed? |  | ||||||
|  |  | ||||||
| - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template | - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
|   template: |   template: | ||||||
|     src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' |     src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' | ||||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' |     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
| - name: Copy new 'Customise Website + Access Export' survey.json to target machine | - name: Copy new 'Customise Website + Access Export' survey.json to target machine | ||||||
|   copy: |   copy: | ||||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' |     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' | ||||||
|     dest:  '/matrix/awx/configure_website_access_export.json' |     dest:  '/matrix/awx/configure_website_access_export.json' | ||||||
|     mode: '0660' |     mode: '0660' | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
|  | - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template | ||||||
|  |   delegate_to: 127.0.0.1 | ||||||
|  |   template: | ||||||
|  |     src: './roles/matrix-awx/surveys/access_export.json.j2' | ||||||
|  |     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' | ||||||
|  |   when: customise_base_domain_website is undefined | ||||||
|  |  | ||||||
|  | - name: Copy new 'Customise Website + Access Export' survey.json to target machine | ||||||
|  |   copy: | ||||||
|  |     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' | ||||||
|  |     dest:  '/matrix/awx/access_export.json' | ||||||
|  |     mode: '0660' | ||||||
|  |   when: customise_base_domain_website is undefined | ||||||
|  |  | ||||||
| - name: Collect AWX admin token the hard way! | - name: Collect AWX admin token the hard way! | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
| @@ -60,7 +84,7 @@ | |||||||
|   register: tower_token |   register: tower_token | ||||||
|   no_log: True |   no_log: True | ||||||
|  |  | ||||||
| - name: Recreate 'Customise Base Domain Export' job template | - name: Recreate 'Configure Website + Access Export' job template | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
|   awx.awx.tower_job_template: |   awx.awx.tower_job_template: | ||||||
|     name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" |     name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" | ||||||
| @@ -80,6 +104,29 @@ | |||||||
|     tower_host: "https://{{ tower_host }}" |     tower_host: "https://{{ tower_host }}" | ||||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" |     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||||
|     validate_certs: yes |     validate_certs: yes | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
|  | - name: Recreate 'Access Export' job template | ||||||
|  |   delegate_to: 127.0.0.1 | ||||||
|  |   awx.awx.tower_job_template: | ||||||
|  |     name: "{{ matrix_domain }} - 1 - Access Export" | ||||||
|  |     description: "Access the services export." | ||||||
|  |     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||||
|  |     job_type: run | ||||||
|  |     job_tags: "start,setup-nginx-proxy" | ||||||
|  |     inventory: "{{ member_id }}" | ||||||
|  |     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||||
|  |     playbook: setup.yml | ||||||
|  |     credential: "{{ member_id }} - AWX SSH Key" | ||||||
|  |     survey_enabled: true | ||||||
|  |     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" | ||||||
|  |     become_enabled: yes | ||||||
|  |     state: present | ||||||
|  |     verbosity: 1 | ||||||
|  |     tower_host: "https://{{ tower_host }}" | ||||||
|  |     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||||
|  |     validate_certs: yes | ||||||
|  |   when: customise_base_domain_website is undefined | ||||||
|  |  | ||||||
| - name: Ensure group "sftp" exists | - name: Ensure group "sftp" exists | ||||||
|   group: |   group: | ||||||
| @@ -113,6 +160,7 @@ | |||||||
|     name: sftp |     name: sftp | ||||||
|     groups: matrix |     groups: matrix | ||||||
|     append: yes |     append: yes | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
| - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) | - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) | ||||||
|   file: |   file: | ||||||
| @@ -129,6 +177,7 @@ | |||||||
|     owner: matrix |     owner: matrix | ||||||
|     group: matrix |     group: matrix | ||||||
|     mode: '0574' |     mode: '0574' | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
| - name: Ensure /chroot/export location exists | - name: Ensure /chroot/export location exists | ||||||
|   file: |   file: | ||||||
|   | |||||||
| @@ -16,8 +16,3 @@ | |||||||
| - name: Ensure correct ownership of /matrix/synapse | - name: Ensure correct ownership of /matrix/synapse | ||||||
|   shell: chown -R matrix:matrix /matrix/synapse |   shell: chown -R matrix:matrix /matrix/synapse | ||||||
|  |  | ||||||
| - name: Fetch matrix_vars.yml file to AWX |  | ||||||
|   fetch: |  | ||||||
|     src: /matrix/awx/matrix_vars.yml |  | ||||||
|     dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/ |  | ||||||
|     flat: yes |  | ||||||
|   | |||||||
| @@ -6,7 +6,12 @@ | |||||||
|  |  | ||||||
| - name: Purge local media to specific date | - name: Purge local media to specific date | ||||||
|   shell: | |   shell: | | ||||||
|     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout }}" 'https://matrix.{{ matrix_domain }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}' |     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}' | ||||||
|  |   register: purge_command | ||||||
|  |    | ||||||
|  | - name: Print output of purge command | ||||||
|  |   debug:  | ||||||
|  |     msg: "{{ purge_command.stdout }}" | ||||||
|  |  | ||||||
| - name: Pause for 5 seconds to let Synapse breathe | - name: Pause for 5 seconds to let Synapse breathe | ||||||
|   pause: |   pause: | ||||||
|   | |||||||
| @@ -22,6 +22,10 @@ | |||||||
|     curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token' |     curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token' | ||||||
|   register: janitors_token |   register: janitors_token | ||||||
|    |    | ||||||
|  | - name: Collect the internal IP of the matrix-synapse container | ||||||
|  |   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" | ||||||
|  |   register: synapse_container_ip | ||||||
|  |      | ||||||
| - name: Generate list of dates to purge to | - name: Generate list of dates to purge to | ||||||
|   delegate_to: 127.0.0.1 |   delegate_to: 127.0.0.1 | ||||||
|   shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" |   shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" | ||||||
|   | |||||||
| @@ -6,7 +6,12 @@ | |||||||
|  |  | ||||||
| - name: Purge local media to specific date | - name: Purge local media to specific date | ||||||
|   shell: | |   shell: | | ||||||
|     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout }}" 'https://matrix.{{ matrix_domain }}/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}' |     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}' | ||||||
|  |   register: purge_command | ||||||
|  |    | ||||||
|  | - name: Print output of purge command | ||||||
|  |   debug:  | ||||||
|  |     msg: "{{ purge_command.stdout }}" | ||||||
|  |  | ||||||
| - name: Pause for 5 seconds to let Synapse breathe | - name: Pause for 5 seconds to let Synapse breathe | ||||||
|   pause: |   pause: | ||||||
|   | |||||||
| @@ -4,9 +4,11 @@ | |||||||
|     file: '{{ awx_cached_matrix_vars }}' |     file: '{{ awx_cached_matrix_vars }}' | ||||||
|   no_log: True |   no_log: True | ||||||
|  |  | ||||||
| - name: Install jq on remote machine | - name: Install jq and curl on remote machine | ||||||
|   apt: |   apt: | ||||||
|     name: jq |     name:  | ||||||
|  |       - jq | ||||||
|  |       - curl | ||||||
|     state: present |     state: present | ||||||
|  |  | ||||||
| - name: Collect access token of Dimension user | - name: Collect access token of Dimension user | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ | |||||||
|  |  | ||||||
| matrix_sms_bridge_enabled: true | matrix_sms_bridge_enabled: true | ||||||
|  |  | ||||||
| matrix_sms_bridge_version: 0.5.5 | matrix_sms_bridge_version: 0.5.7 | ||||||
| matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" | matrix_sms_bridge_docker_image: "{{ matrix_container_global_registry_prefix }}folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" | ||||||
|  |  | ||||||
| matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" | matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ matrix_client_element_enabled: true | |||||||
| matrix_client_element_container_image_self_build: false | matrix_client_element_container_image_self_build: false | ||||||
| matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" | matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" | ||||||
|  |  | ||||||
| matrix_client_element_version: v1.7.25 | matrix_client_element_version: v1.7.26 | ||||||
| matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" | matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" | ||||||
| matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" | matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||||
| matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" | matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" | ||||||
|   | |||||||
| @@ -35,3 +35,18 @@ | |||||||
|   with_dict: |   with_dict: | ||||||
|     'matrix_awx_dimension_user_created': 'true' |     'matrix_awx_dimension_user_created': 'true' | ||||||
|   when: not matrix_awx_dimension_user_created|bool |   when: not matrix_awx_dimension_user_created|bool | ||||||
|  |    | ||||||
|  | - name: Ensure /chroot/website location has correct permissions | ||||||
|  |   file: | ||||||
|  |     path: /chroot/website | ||||||
|  |     state: directory | ||||||
|  |     owner: matrix | ||||||
|  |     group: matrix | ||||||
|  |     mode: '0574' | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|  |  | ||||||
|  | - name: Ensure erroneous /chroot/website/matrix-domain location doesn't exist | ||||||
|  |   file: | ||||||
|  |     path: /chroot/website/matrix-domain | ||||||
|  |     state: absent | ||||||
|  |   when: customise_base_domain_website is defined | ||||||
|   | |||||||
| @@ -1,7 +1,9 @@ | |||||||
| matrix_coturn_enabled: true | matrix_coturn_enabled: true | ||||||
|  |  | ||||||
| matrix_coturn_container_image_self_build: false | matrix_coturn_container_image_self_build: false | ||||||
| matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn/tree/master/docker/coturn/alpine.git" | matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn" | ||||||
|  | matrix_coturn_container_image_self_build_repo_version: "upstream/{{ matrix_coturn_version }}" | ||||||
|  | matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" | ||||||
|  |  | ||||||
| matrix_coturn_version: 4.5.2 | matrix_coturn_version: 4.5.2 | ||||||
| matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" | matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" | ||||||
|   | |||||||
| @@ -30,7 +30,7 @@ | |||||||
|       git: |       git: | ||||||
|         repo: "{{ matrix_coturn_container_image_self_build_repo }}" |         repo: "{{ matrix_coturn_container_image_self_build_repo }}" | ||||||
|         dest: "{{ matrix_coturn_docker_src_files_path }}" |         dest: "{{ matrix_coturn_docker_src_files_path }}" | ||||||
|         version: "{{ matrix_coturn_docker_image.split(':')[1] }}" |         version: "{{ matrix_coturn_container_image_self_build_repo_version }}" | ||||||
|         force: "yes" |         force: "yes" | ||||||
|       register: matrix_coturn_git_pull_results |       register: matrix_coturn_git_pull_results | ||||||
|  |  | ||||||
| @@ -40,7 +40,7 @@ | |||||||
|         source: build |         source: build | ||||||
|         force_source: "{{ matrix_coturn_git_pull_results.changed }}" |         force_source: "{{ matrix_coturn_git_pull_results.changed }}" | ||||||
|         build: |         build: | ||||||
|           dockerfile: Dockerfile |           dockerfile: "{{ matrix_coturn_container_image_self_build_repo_dockerfile_path }}" | ||||||
|           path: "{{ matrix_coturn_docker_src_files_path }}" |           path: "{{ matrix_coturn_docker_src_files_path }}" | ||||||
|           pull: yes |           pull: yes | ||||||
|   when: "matrix_coturn_container_image_self_build|bool" |   when: "matrix_coturn_container_image_self_build|bool" | ||||||
|   | |||||||
| @@ -3,7 +3,7 @@ | |||||||
|  |  | ||||||
| matrix_grafana_enabled: false | matrix_grafana_enabled: false | ||||||
|  |  | ||||||
| matrix_grafana_version: 7.5.4 | matrix_grafana_version: 7.5.5 | ||||||
| matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" | matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" | ||||||
| matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" | matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
| @@ -50,5 +50,3 @@ matrix_grafana_systemd_wanted_services_list: [] | |||||||
| # | # | ||||||
| # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3000"), or empty string to not expose. | # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3000"), or empty string to not expose. | ||||||
| matrix_grafana_container_http_host_bind_port: '' | matrix_grafana_container_http_host_bind_port: '' | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,5 +1,5 @@ | |||||||
| matrix_nginx_proxy_enabled: true | matrix_nginx_proxy_enabled: true | ||||||
| matrix_nginx_proxy_version: 1.19.10-alpine | matrix_nginx_proxy_version: 1.20.0-alpine | ||||||
|  |  | ||||||
| # We use an official nginx image, which we fix-up to run unprivileged. | # We use an official nginx image, which we fix-up to run unprivileged. | ||||||
| # An alternative would be an `nginxinc/nginx-unprivileged` image, but | # An alternative would be an `nginxinc/nginx-unprivileged` image, but | ||||||
|   | |||||||
| @@ -11,7 +11,7 @@ | |||||||
| 	upstream generic_worker_upstream { | 	upstream generic_worker_upstream { | ||||||
| 		# ensures that requests from the same client will always be passed | 		# ensures that requests from the same client will always be passed | ||||||
| 		# to the same server (except when this server is unavailable) | 		# to the same server (except when this server is unavailable) | ||||||
| 		ip_hash; | 		hash $http_x_forwarded_for; | ||||||
|  |  | ||||||
| 		{% for worker in generic_workers %} | 		{% for worker in generic_workers %} | ||||||
| 			{% if matrix_nginx_proxy_enabled %} | 			{% if matrix_nginx_proxy_enabled %} | ||||||
|   | |||||||
| @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont | |||||||
| # amd64 gets released first. | # amd64 gets released first. | ||||||
| # arm32 relies on self-building, so the same version can be built immediately. | # arm32 relies on self-building, so the same version can be built immediately. | ||||||
| # arm64 users need to wait for a prebuilt image to become available. | # arm64 users need to wait for a prebuilt image to become available. | ||||||
| matrix_synapse_version: v1.32.2 | matrix_synapse_version: v1.33.1 | ||||||
| matrix_synapse_version_arm64: v1.32.2 | matrix_synapse_version_arm64: v1.33.1 | ||||||
| matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" | matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" | ||||||
| matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1178,69 +1178,6 @@ turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} | |||||||
| # | # | ||||||
| enable_registration: {{ matrix_synapse_enable_registration|to_json }} | enable_registration: {{ matrix_synapse_enable_registration|to_json }} | ||||||
|  |  | ||||||
| # Optional account validity configuration. This allows for accounts to be denied |  | ||||||
| # any request after a given period. |  | ||||||
| # |  | ||||||
| # Once this feature is enabled, Synapse will look for registered users without an |  | ||||||
| # expiration date at startup and will add one to every account it found using the |  | ||||||
| # current settings at that time. |  | ||||||
| # This means that, if a validity period is set, and Synapse is restarted (it will |  | ||||||
| # then derive an expiration date from the current validity period), and some time |  | ||||||
| # after that the validity period changes and Synapse is restarted, the users' |  | ||||||
| # expiration dates won't be updated unless their account is manually renewed. This |  | ||||||
| # date will be randomly selected within a range [now + period - d ; now + period], |  | ||||||
| # where d is equal to 10% of the validity period. |  | ||||||
| # |  | ||||||
| account_validity: |  | ||||||
|   # The account validity feature is disabled by default. Uncomment the |  | ||||||
|   # following line to enable it. |  | ||||||
|   # |  | ||||||
|   #enabled: true |  | ||||||
|  |  | ||||||
|   # The period after which an account is valid after its registration. When |  | ||||||
|   # renewing the account, its validity period will be extended by this amount |  | ||||||
|   # of time. This parameter is required when using the account validity |  | ||||||
|   # feature. |  | ||||||
|   # |  | ||||||
|   #period: 6w |  | ||||||
|  |  | ||||||
|   # The amount of time before an account's expiry date at which Synapse will |  | ||||||
|   # send an email to the account's email address with a renewal link. By |  | ||||||
|   # default, no such emails are sent. |  | ||||||
|   # |  | ||||||
|   # If you enable this setting, you will also need to fill out the 'email' and |  | ||||||
|   # 'public_baseurl' configuration sections. |  | ||||||
|   # |  | ||||||
|   #renew_at: 1w |  | ||||||
|  |  | ||||||
|   # The subject of the email sent out with the renewal link. '%(app)s' can be |  | ||||||
|   # used as a placeholder for the 'app_name' parameter from the 'email' |  | ||||||
|   # section. |  | ||||||
|   # |  | ||||||
|   # Note that the placeholder must be written '%(app)s', including the |  | ||||||
|   # trailing 's'. |  | ||||||
|   # |  | ||||||
|   # If this is not set, a default value is used. |  | ||||||
|   # |  | ||||||
|   #renew_email_subject: "Renew your %(app)s account" |  | ||||||
|  |  | ||||||
|   # Directory in which Synapse will try to find templates for the HTML files to |  | ||||||
|   # serve to the user when trying to renew an account. If not set, default |  | ||||||
|   # templates from within the Synapse package will be used. |  | ||||||
|   # |  | ||||||
|   #template_dir: "res/templates" |  | ||||||
|  |  | ||||||
|   # File within 'template_dir' giving the HTML to be displayed to the user after |  | ||||||
|   # they successfully renewed their account. If not set, default text is used. |  | ||||||
|   # |  | ||||||
|   #account_renewed_html_path: "account_renewed.html" |  | ||||||
|  |  | ||||||
|   # File within 'template_dir' giving the HTML to be displayed when the user |  | ||||||
|   # tries to renew an account with an invalid renewal token. If not set, |  | ||||||
|   # default text is used. |  | ||||||
|   # |  | ||||||
|   #invalid_token_html_path: "invalid_token.html" |  | ||||||
|  |  | ||||||
| # Time that a user's session remains valid for, after they log in. | # Time that a user's session remains valid for, after they log in. | ||||||
| # | # | ||||||
| # Note that this is not currently compatible with guest logins. | # Note that this is not currently compatible with guest logins. | ||||||
| @@ -1445,13 +1382,97 @@ autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json | |||||||
| #auto_join_rooms_for_guests: false | #auto_join_rooms_for_guests: false | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ## Account Validity ## | ||||||
|  |  | ||||||
|  | # Optional account validity configuration. This allows for accounts to be denied | ||||||
|  | # any request after a given period. | ||||||
|  | # | ||||||
|  | # Once this feature is enabled, Synapse will look for registered users without an | ||||||
|  | # expiration date at startup and will add one to every account it found using the | ||||||
|  | # current settings at that time. | ||||||
|  | # This means that, if a validity period is set, and Synapse is restarted (it will | ||||||
|  | # then derive an expiration date from the current validity period), and some time | ||||||
|  | # after that the validity period changes and Synapse is restarted, the users' | ||||||
|  | # expiration dates won't be updated unless their account is manually renewed. This | ||||||
|  | # date will be randomly selected within a range [now + period - d ; now + period], | ||||||
|  | # where d is equal to 10% of the validity period. | ||||||
|  | # | ||||||
|  | account_validity: | ||||||
|  |   # The account validity feature is disabled by default. Uncomment the | ||||||
|  |   # following line to enable it. | ||||||
|  |   # | ||||||
|  |   #enabled: true | ||||||
|  |  | ||||||
|  |   # The period after which an account is valid after its registration. When | ||||||
|  |   # renewing the account, its validity period will be extended by this amount | ||||||
|  |   # of time. This parameter is required when using the account validity | ||||||
|  |   # feature. | ||||||
|  |   # | ||||||
|  |   #period: 6w | ||||||
|  |  | ||||||
|  |   # The amount of time before an account's expiry date at which Synapse will | ||||||
|  |   # send an email to the account's email address with a renewal link. By | ||||||
|  |   # default, no such emails are sent. | ||||||
|  |   # | ||||||
|  |   # If you enable this setting, you will also need to fill out the 'email' and | ||||||
|  |   # 'public_baseurl' configuration sections. | ||||||
|  |   # | ||||||
|  |   #renew_at: 1w | ||||||
|  |  | ||||||
|  |   # The subject of the email sent out with the renewal link. '%(app)s' can be | ||||||
|  |   # used as a placeholder for the 'app_name' parameter from the 'email' | ||||||
|  |   # section. | ||||||
|  |   # | ||||||
|  |   # Note that the placeholder must be written '%(app)s', including the | ||||||
|  |   # trailing 's'. | ||||||
|  |   # | ||||||
|  |   # If this is not set, a default value is used. | ||||||
|  |   # | ||||||
|  |   #renew_email_subject: "Renew your %(app)s account" | ||||||
|  |  | ||||||
|  |   # Directory in which Synapse will try to find templates for the HTML files to | ||||||
|  |   # serve to the user when trying to renew an account. If not set, default | ||||||
|  |   # templates from within the Synapse package will be used. | ||||||
|  |   # | ||||||
|  |   # The currently available templates are: | ||||||
|  |   # | ||||||
|  |   # * account_renewed.html: Displayed to the user after they have successfully | ||||||
|  |   #       renewed their account. | ||||||
|  |   # | ||||||
|  |   # * account_previously_renewed.html: Displayed to the user if they attempt to | ||||||
|  |   #       renew their account with a token that is valid, but that has already | ||||||
|  |   #       been used. In this case the account is not renewed again. | ||||||
|  |   # | ||||||
|  |   # * invalid_token.html: Displayed to the user when they try to renew an account | ||||||
|  |   #       with an unknown or invalid renewal token. | ||||||
|  |   # | ||||||
|  |   # See https://github.com/matrix-org/synapse/tree/master/synapse/res/templates for | ||||||
|  |   # default template contents. | ||||||
|  |   # | ||||||
|  |   # The file name of some of these templates can be configured below for legacy | ||||||
|  |   # reasons. | ||||||
|  |   # | ||||||
|  |   #template_dir: "res/templates" | ||||||
|  |  | ||||||
|  |   # A custom file name for the 'account_renewed.html' template. | ||||||
|  |   # | ||||||
|  |   # If not set, the file is assumed to be named "account_renewed.html". | ||||||
|  |   # | ||||||
|  |   #account_renewed_html_path: "account_renewed.html" | ||||||
|  |  | ||||||
|  |   # A custom file name for the 'invalid_token.html' template. | ||||||
|  |   # | ||||||
|  |   # If not set, the file is assumed to be named "invalid_token.html". | ||||||
|  |   # | ||||||
|  |   #invalid_token_html_path: "invalid_token.html" | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Metrics ### | ## Metrics ### | ||||||
|  |  | ||||||
| # Enable collection and rendering of performance metrics | # Enable collection and rendering of performance metrics | ||||||
| # | # | ||||||
| enable_metrics: {{ matrix_synapse_metrics_enabled|to_json  }} | enable_metrics: {{ matrix_synapse_metrics_enabled|to_json  }} | ||||||
|  |  | ||||||
|  |  | ||||||
| # Enable sentry integration | # Enable sentry integration | ||||||
| # NOTE: While attempts are made to ensure that the logs don't contain | # NOTE: While attempts are made to ensure that the logs don't contain | ||||||
| # any sensitive information, this cannot be guaranteed. By enabling | # any sensitive information, this cannot be guaranteed. By enabling | ||||||
| @@ -1892,7 +1913,7 @@ saml2_config: | |||||||
| #       sub-properties: | #       sub-properties: | ||||||
| # | # | ||||||
| #       module: The class name of a custom mapping module. Default is | #       module: The class name of a custom mapping module. Default is | ||||||
| #           'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. | #           'synapse.handlers.oidc.JinjaOidcMappingProvider'. | ||||||
| #           See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers | #           See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers | ||||||
| #           for information on implementing a custom mapping provider. | #           for information on implementing a custom mapping provider. | ||||||
| # | # | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user