3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-26 01:53:24 +00:00
Commit Graph

91 Commits

Author SHA1 Message Date
Suguru Hirahara
3653f9f89b Run codespell --write-changes
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-06-03 10:36:00 +03:00
Slavi Pantaleev
51e961ce9f Add matrix_user_shell and default it to /sbin/nologin
This is a backward-incompatible change. By default, Ansible creates
users with (e.g.) `/bin/sh` on Linux, so changing to a no shell
leads to different behavior.

That said, it appears that using a shell-less user works OK with regard
to Ansible execution and starting the systemd services/containers later on.
2025-04-29 10:39:41 +03:00
Slavi Pantaleev
3ee7deb2d7 Rename variable (matrix_user_groupname -> matrix_group_name) 2025-04-29 10:39:41 +03:00
Slavi Pantaleev
9fc5cdab33 Rename variable (matrix_user_username -> matrix_user_name) 2025-04-29 10:39:41 +03:00
Slavi Pantaleev
a59383fcc7 Add matrix_group_system to configure whether the matrix group is also created as a system group
We create the `matrix` user as a system user (smaller uid), so it makes
sense to do the same for the `matrix` group.
2025-04-29 10:39:41 +03:00
Slavi Pantaleev
14aef55573 Add matrix_user_system variable for controlling if matrix user is created as a system user
This defaults to `true`, as before.
2025-04-29 10:39:41 +03:00
Virkkunen
bd405c410a Add continuwuity support (#4267)
* continuwuity support

* continuwuity support

* use main instead of commit tag

* fix docker image link

* migration from conduwuit

* fix yaml lint

* backup directories and linter fixes

* linter fixes
2025-04-26 09:12:53 +03:00
Onestacked
5eb247b5bf Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges. flag for using msc4190 on supported mautrix bridges. (#4258)
* Add matrix_bridges_msc4190_enabled flag for using msc4190 on supported mautrix bridges.

* Apply to_json to msc4190 in mautrix configs

* Add | to_json to mautrix bridge registration io.element.msc4190.

* require matrix_synapse_experimental_features_msc3202_device_masquerading_enabled for matrix_bridges_msc4190_enabled

* Also add msc4190 support for mautrix-telegram
2025-04-17 22:08:25 +03:00
Suguru Hirahara
c6babc1202 Add license information to files in matrix-base
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-03-03 17:57:17 +09:00
Suguru Hirahara
2a3fee7b80 Fix some of the spacing warnings with ansible-lint
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2025-02-25 03:48:09 +09:00
Slavi Pantaleev
b88b6ae7a3 Introduce a new matrix_container_global_registry_prefix_override variable and make all roles respect it
`matrix_container_global_registry_prefix_override` may look similar to
the old `matrix_container_global_registry_prefix` variable
(removed in d6bf789710), but it's different.

The old `matrix_container_global_registry_prefix` variable was just a hardcode of `docker.io/` and roles that
needed to refer to `docker.io/` could use it. However, this was:

- not used by all roles, because some need another registry (not `docker.io/`)
- used only by roles within the playbook (`roles/custom`), not external roles

Overriding the old `matrix_container_global_registry_prefix` variable was rather pointless,
as it didn't cover everything.

The new `matrix_container_global_registry_prefix_override` variable, on the other hand,
lets you override the registry prefix for all components, regardless of whether they
use `docker.io/` or another registry by default.

This is useful to people who have somehow mirrored all container images to their own registry,
as it provides them with a single variable they can flip to influence the whole playbook.
2025-02-24 11:38:47 +02:00
Slavi Pantaleev
d6bf789710 Remove matrix_container_global_registry_prefix variable
This is done for a few reasons:

- less globals and more indepdendence for each role is better. We rely
  on various externally-hosted roles and they don't rely on this global
  either.

- `matrix_container_global_registry_prefix` could make people think they
  could just override this variable and have all their images pull from
  elsewhere. This is rarely the case, unless you've taken special care
  to mirror all the various components (from their respective
  registries) to your own. In such a case, you probably know what you're
  mirroring and can adjust individual variables.

- nowadays, various components live on different registries.
  With Docker Inc tightening rate limits for Docker Hub, it's even more
  likely that we'll see increased diversity in where images are hosted
2025-02-23 10:15:41 +02:00
Aine
a2111dece7 add FluffyChat (#4068)
* add FluffyChat

* capitalization

* Update group_vars/matrix_servers

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* fix link in readme

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2025-02-17 11:15:15 +02:00
Slavi Pantaleev
0515787de2 Upgrade Traefik (v3.3.2-0 -> v3.3.2-1) and remove traefik_config_certificatesResolvers_acme_email references
Ref:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4014
- 21b36ce336

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/4014
2025-01-31 14:33:34 +02:00
Virkkunen
be586f0f30 initial conduwuit support 2025-01-19 16:06:37 +02:00
László Várady
bbb58c40b6 Fix docker networking when no reverse-proxy is used
For example, synapse-admin connects to additional networks here:
c0559870b5/roles/custom/matrix-synapse-admin/templates/systemd/matrix-synapse-admin.service.j2 (L39-L41)

This defaults to 'traefik' through
matrix_playbook_reverse_proxy_container_network, which is not correct in
case matrix_playbook_reverse_proxy_type is set to none.
2024-12-27 17:25:47 +01:00
Suguru Hirahara
f0cc5da229 Edit user identifier examples: to @alice and @bob
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-12-09 14:40:41 +09:00
Slavi Pantaleev
0c9fc4358d Fix variable name typos (matrix_playbook_reverse_proxy_traefik_middleware_compession_* -> matrix_playbook_reverse_proxy_traefik_middleware_compression_*)
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3803
2024-11-21 12:23:01 +02:00
Slavi Pantaleev
5cad571296 Add variables & wiring to support Traefik's compression middleware
This merely hooks the playbook to the Traefik role's compression
middleware configuration (`traefik_config_http_middlewares_compression_*`)

The Traefik role enables the `compression` middleware by default.

Actual usage will land in a future commit.
2024-11-14 15:54:10 +02:00
Slavi Pantaleev
4bb16fef54 Increase default Traefik readTimeout for web/web-secure/matrix-federation entrypoints (60s -> 300s) to accommodate large/slow file uploads 2024-11-14 15:54:10 +02:00
Suguru Hirahara
3c34418ebe Edit the note about "matrix_homeserver_implementation" variable
Since a casual user might want to try another homeserver than Synapse without thinking about its consequence, it is important to clarify that it is not possible to switch homeservers once specified.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-08 23:59:14 +09:00
Suguru Hirahara
b61d8f478f Fix capitalization: ids → IDs
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-08 20:31:07 +09:00
Suguru Hirahara
b04b658735 Add "Web" to Element and SchildiChat web application (#3755)
* Replace "Element" with "Element Web"

- If Element indicates the web application, then it is changed to Element Web.
- If it indicates clients branded with Element such as Element desktop, web, mobile clients, then it is changed to Element clients.
- If it is combined with location sharing functionality, it is not changed.

with other some changes, including:

- Change "app.element.io" anchor link to "https://github.com/element-hq/element-web" on README.md, following other documentation files

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Replace "SchildiChat" with "SchildiChat Web"

- If SchildiChat indicates the web application, then it is changed to SchildiChat Web.
- If it indicates clients branded with SchildiChat such as SchildiChat desktop, web, mobile clients, then it is changed to SchildiChat clients.
- If it is combined with location sharing functionality, it is not changed.

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Rename configuring-playbook-client-schildichat.md to configuring-playbook-client-schildichat-web.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

* Rename configuring-playbook-client-element.md to configuring-playbook-client-element-web.md

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>

---------

Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-11-07 16:31:26 +02:00
Suguru Hirahara
601406ddda Fix capitalization: buscarron → Buscarron
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-28 04:00:30 +09:00
Suguru Hirahara
55fcaac1f1 Fix capitalization: matrix → Matrix
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 23:35:10 +09:00
Suguru Hirahara
faa441029c Replace <matrix-domain> with example.com
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 04:02:18 +09:00
Suguru Hirahara
90cfdabb2b Replace DOMAIN with example.com
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-18 04:02:02 +09:00
Suguru Hirahara
844d8ef4c3 Fix capitalization: etherpad → Etherpad
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-17 02:25:35 +09:00
Suguru Hirahara
174b18be9a Fix capitalization: id → ID
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-16 02:25:03 +09:00
Suguru Hirahara
2a443046c8 Fix capitalization: schildichat → SchildiChat
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
2024-10-14 15:59:16 +09:00
Slavi Pantaleev
54b715e7fe Fix endpoint URL in comment 2024-09-27 10:15:49 +03:00
Slavi Pantaleev
f93101f791 Switch traefik/traefik-certs-dumper Ansible role sources and adjust variable names (devture_traefik_ -> traefik_) 2024-09-27 10:14:29 +03:00
Slavi Pantaleev
c87bb206da Fix ansible-lint-reported error 2024-07-06 11:15:38 +03:00
Slavi Pantaleev
9b5be6825d Enable HTTP/3 by default for web-secure and matrix-federation
HTTP/3 is no longer considered experimental in Traefik v3,
so it's a good time to enable it.
2024-07-06 11:05:19 +03:00
Slavi Pantaleev
7891268873 Do not hardcode https:// in all remaining places, refer to matrix_static_files_scheme
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3333
2024-05-25 16:14:26 +03:00
gardar
23aee07cf4 feat: global option to configure all bridges encryption default
Signed-off-by: gardar <gardar@users.noreply.github.com>
2024-03-24 02:58:03 +00:00
Slavi Pantaleev
aed641e694 Disable addons communicating with the homeserver via Traefik if there is no Traefik at all 2024-01-18 12:12:41 +02:00
Slavi Pantaleev
a4bea66553 Remove references to other-nginx-non-container/other-on-same-host/other-on-another-host reverse proxy types 2024-01-15 16:14:12 +02:00
Slavi Pantaleev
b91ad453be Adjust TLS variables for homeservers to follow devture_traefik_config_entrypoint_web_secure_enabled (via matrix_federation_traefik_entrypoint_tls) 2024-01-15 09:39:36 +02:00
Slavi Pantaleev
f4f3d57520 Remove all traces of matrix-nginx-proxy, add validation & uninstallation tasks 2024-01-14 18:42:14 +02:00
Slavi Pantaleev
c238978ac8 Add new global variable for controlling federation regardless of homeserver implementation
The old variables still work. The global lets us avoid
auto-detection logic like we're currently doing for
`matrix_nginx_proxy_proxy_matrix_federation_api_enabled`.

In the future, we'd just be able to reference
`matrix_homeserver_federation_enabled` and know the up-to-date value
regardless of homeserver.
2024-01-14 11:52:40 +02:00
Slavi Pantaleev
39bddefd39 Make addons communicate with the homeserver via a new internal Traefik entrypoint
This also adds labels for Synapse. Support for other homeservers and
components will be added later.
2024-01-14 10:48:54 +02:00
Slavi Pantaleev
533dc711ad Merge branch 'master' into bye-bye-nginx-proxy 2024-01-14 09:23:43 +02:00
Slavi Pantaleev
95e5a5c62e Deprecate direct usage of devture_traefik_additional_entrypoints_auto 2024-01-14 09:23:36 +02:00
Slavi Pantaleev
b9dfa87f9a Document difference between matrix_homeserver_container_url and matrix_addons_homeserver_client_api_url 2024-01-13 18:07:00 +02:00
Slavi Pantaleev
49066d41a9 Deprecate matrix_docker_network 2024-01-13 17:49:38 +02:00
Slavi Pantaleev
0ceea3895e Move all monitoring-related services to their own container network (matrix_monitoring_container_network) 2024-01-13 17:46:52 +02:00
Slavi Pantaleev
9488e3857a Put all homeservers in the matrix-homeserver container network 2024-01-05 16:49:48 +02:00
Slavi Pantaleev
3fb016cd6b Put bots and bridges in the same network and remove a few variables
Downsides: decreasing security slightly due to less networking isolation

Benefits:

- decreased complexity
- having a generically-named `matrix-addons` network we may use for other things now (client apps, etc.)
- not exhausting the container networks pool with 2 (or more) networks and using just 1
2024-01-05 06:13:12 +02:00
Slavi Pantaleev
da48a605bb More progress on matrix-static-files role and cleaning up of matrix-base and matrix-nginx-proxy 2024-01-03 13:46:25 +02:00