3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-26 10:03:25 +00:00
Commit Graph

5356 Commits

Author SHA1 Message Date
Slavi Pantaleev
b1c77f9bf2 Add comment to matrix-backup-borg.service
Related to 8005557061
2022-12-05 15:45:33 +02:00
Slavi Pantaleev
8005557061 Give backup-borg container more permissions to perform the backup
Running with a user (like `matrix:matrix`) fails if Etherpad is enabled,
because `/matrix/etherpad` is owned by `matrix_etherpad_user_uid`/`matrix_etherpad_user_gid` (`5001:5001`).

The `matrix` user can't acccess the Etherpad directory for this reason
and Borgmatic fails when trying to make a backup.

There may be other things under `/matrix` which similarly use
non-`matrix:matrix` permissions.

Another workaround might have been to add `/matrix/etherpad` (and
potentially other things) to `matrix_backup_borg_location_exclude_patterns`, but:

- that means Etherpad won't be backed up - not great
- only excluding Etherpad may not be enough. There may be other files we
  need to exclude as well

---

Running with `root` is still not enough though.

We need at least the `CAP_DAC_OVERRIDE` capability, or we won't be able to read the
`/etc/borgmatic.d/config.yaml` configuration file (owned by
`matrix:matrix` with `0640` permissions).

---

Additionally, it seems like the backup process tries to write to at least a few directories:
- `/root/.borgmatic`
- `/root/.ssh`
- `/root/.config`

> [Errno 30] Read-only file system: '/root/.borgmatic'
> Error while creating a backup.
> /etc/borgmatic.d/config.yaml: Error running configuration file

We either need to stop mounting the container filesystem as readonly
(remove `--read-only`) or to allow writing via a `tmpfs`.

I've gone the `tmpfs` route which seems to work.

In any case, the mounted source directories (`matrix_backup_borg_location_source_directories`)
are read-only regardless, so our actual source files are protected from unintentional changes.
2022-12-05 15:42:57 +02:00
Slavi Pantaleev
7b123907e0 Fix borg repository URL format
Reference: https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls

Otherwise, we'd get:

> /etc/borgmatic.d/config.yaml: Remote repository paths without ssh:// syntax are deprecated. Interpreting "user@hostname:matrix" as "ssh://user@hostname/./matrix"
2022-12-05 15:15:47 +02:00
Slavi Pantaleev
64b03c2dfd Fix backup-borg repository initialization for borgmatic 1.7+ (or borg 2.0) 2022-12-05 15:00:11 +02:00
Slavi Pantaleev
1f1a3dfc38 Ensure database port is passed to Borg as an integer
Without this, it's a string and borg says:

> At 'hooks.postgresql_databases[INDEX_HERE].port': '5432' is not of type 'integer'
> /etc/borgmatic/config.yaml /etc/borgmatic.d /tmp/.config/borgmatic/config.yaml /tmp/.config/borgmatic.d: No valid configuration files found

.. and fails to do anything.
2022-12-05 14:42:02 +02:00
Slavi Pantaleev
d8df03dfc9 Mark Postgres v15 as supported for borg backup
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2257

Fixed in d134cd7c4c
(thanks to `alpine:latest` now being `alpine:3.17.0`, which includes
Postgres v15)
2022-12-05 11:46:49 +02:00
Slavi Pantaleev
b2a40effaf Fix Element self-building by switching to docker-buildx
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2318
2022-12-05 10:02:54 +02:00
Slavi Pantaleev
6414599079 Upgrade Coturn (4.6.0 -> 4.6.1) 2022-12-05 09:46:11 +02:00
Slavi Pantaleev
9b47a85322 Merge pull request #2316 from qlyoung/fix-s3-ensure-data-directory
fix s3 storage provider not ensuring data dir
2022-12-04 10:20:27 +02:00
Slavi Pantaleev
7464604ddd Make use of matrix_synapse_ext_s3_storage_provider_data_path in a few more places 2022-12-04 10:17:55 +02:00
Quentin Young
b31731ebf8 fix s3 storage provider not ensuring data dir
This path is accessed by the s3 storage provider stuff and needs to be
ensured.

Broken by 7c5c3aedc
2022-12-04 01:16:58 -05:00
Slavi Pantaleev
ceb2c30277 Upgrade mautrix-signal (v0.4.1 -> v0.4.2) 2022-12-03 15:37:17 +02:00
Slavi Pantaleev
4589f94053 Upgrade Postgres (minor versions upgrade) 2022-12-02 19:17:35 +02:00
Slavi Pantaleev
d59bbfdfc9 Upgrade Hookshot (2.4.0 -> 2.5.0) 2022-12-02 19:15:04 +02:00
Slavi Pantaleev
a353bda7a1 Upgrade appservice-slack (2.0.1 -> 2.0.2) 2022-12-01 23:30:09 +02:00
Slavi Pantaleev
9e93030159 Upgrade Grafana (9.3.0 -> 9.3.1) 2022-12-01 23:29:33 +02:00
Slavi Pantaleev
7dc612743d Merge pull request #2311 from etkecc/patch-131
Update prometheus 2.40.4 -> 2.40.5
2022-12-01 17:40:03 +02:00
Aine
ea401170e1 Update prometheus 2.40.4 -> 2.40.5 2022-12-01 15:16:33 +00:00
Slavi Pantaleev
5e595611fe Merge pull request #2309 from etkecc/patch-130
fix hookshot role
2022-11-30 14:33:40 +02:00
Aine
8ca6cdd016 fix hookshot role 2022-11-30 12:25:51 +00:00
Slavi Pantaleev
e3d21e8096 Rename some default Hookshot variables
Fixup for 7e2e2626a0

Some references were left unrenamed which caused `validate_config.yml`
to trigger.
2022-11-30 11:55:23 +02:00
Slavi Pantaleev
dc817f30ce Upgrade Grafana (9.2.7 -> 9.3.0) 2022-11-30 11:50:21 +02:00
Slavi Pantaleev
9d5b5d7a01 Merge pull request #2308 from etkecc/patch-129
Update grafana 9.2.6 -> 9.2.7
2022-11-30 11:28:39 +02:00
Slavi Pantaleev
0a018ac22b Add internal Postgres instance (if enabled) to postgres-backup dependencies 2022-11-30 11:22:00 +02:00
Slavi Pantaleev
d5ea17d66f Make postgres-backup priority start later 2022-11-30 11:18:39 +02:00
Slavi Pantaleev
4eed49f931 Replace custom/matrix-postgres-backup role with galaxy/com.devture.ansible.role.postgres_backup
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.

This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
2022-11-30 11:01:19 +02:00
Aine
d37adfba4e Update grafana 9.2.6 -> 9.2.7 2022-11-30 08:48:07 +00:00
Slavi Pantaleev
a365e54f4d Merge pull request #2307 from etkecc/patch-128
Update prometheus 2.40.2 -> 2.40.4
2022-11-30 10:34:20 +02:00
Aine
65019a5774 Update prometheus 2.40.2 -> 2.40.4 2022-11-30 08:30:50 +00:00
Slavi Pantaleev
de979bc6a2 Upgrade com.devture.ansible.role.postgres 2022-11-30 09:42:06 +02:00
Slavi Pantaleev
bc64d8ed9a Upgrade prometheus-node-exporter (v1.4.0 -> v1.5.0) 2022-11-30 08:32:29 +02:00
Slavi Pantaleev
4a62df2ea3 Make Hookshot logging-level configurable 2022-11-30 08:18:41 +02:00
Slavi Pantaleev
84f306b236 Add support for enableHttpGet and waitForComplete Hookshot options
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2256
2022-11-30 08:16:58 +02:00
Slavi Pantaleev
7e2e2626a0 Make hookshot variable names consistent with the rest of the playbook
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2256
2022-11-30 08:13:39 +02:00
Slavi Pantaleev
a2f0bcc4a3 Merge pull request #2306 from MrAnno/faq-docker-install-typo
Fix Docker installation typo in FAQ
2022-11-30 07:46:42 +02:00
László Várady
3424a1169d Fix Docker installation typo in FAQ 2022-11-30 02:45:00 +01:00
Slavi Pantaleev
b25385dffd Upgrade com.devture.ansible.role.postgres 2022-11-29 20:16:29 +02:00
Slavi Pantaleev
d40d303cc5 Merge pull request #2304 from array-in-a-matrix/patch-10
update dendrite to v0.10.8
2022-11-29 19:46:54 +02:00
Array in a Matrix
d5e8d2a939 update dendrite 2022-11-29 11:58:00 -05:00
Slavi Pantaleev
8c5e34b37f Upgrade ddclient (v3.10.0-ls105 -> v3.10.0-ls106) 2022-11-29 08:20:36 +02:00
Slavi Pantaleev
4b2d30a474 Fix matrix_dendrite_client_api_turn_shared_secret not being defined
Regression since https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2290
2022-11-28 18:33:18 +02:00
Slavi Pantaleev
5b26647127 Upgrade Certbot (v1.31.0 -> v2.0.0) and switch to new default key type (ecdsa)
More details about the new key type can be found here:
https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys

Existing RSA-based keys will continue to renew as RSA until manual
action is taken. Example from the documentation above:
> certbot renew --key-type ecdsa --cert-name example.com --force-renewal

In the future, we may add a command which does this automatically for
all domains.
2022-11-28 09:24:25 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
0d322a5c86 Announce matrix-postgres replacement and /usr/local/bin cleanup 2022-11-28 08:09:57 +02:00
Slavi Pantaleev
4b111d05d5 Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
Slavi Pantaleev
910cd9adf0 Replace import_role calls with include_role calls 2022-11-27 11:27:01 +02:00
Slavi Pantaleev
4bb3a38de6 Upgrade com.devture.ansible.role.postgres 2022-11-27 11:24:53 +02:00
Slavi Pantaleev
3d1ea3e79e Auto-delete old matrix scripts from /usr/local/bin 2022-11-27 10:10:00 +02:00
Slavi Pantaleev
d1b2fd50be Remove manual service enablement/start for backup-borg
This is done via devture_systemd_service_manager_services_list_auto
already.
2022-11-27 10:04:03 +02:00
Slavi Pantaleev
2688e8bfc3 Optimize initial installation by not reloading systemd after each .service install
We expect `--tags=start` to handle systemd reloading, so we don't need
to do it manually each time we install/uninstall a .service file.
2022-11-27 10:02:45 +02:00