3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 01:23:24 +00:00
Commit Graph

252 Commits

Author SHA1 Message Date
Borjan Tchakaloff
cbd629e7ea Specify that cron is likely required on the server
When using Let's Encrypt SSL certificates, a cronjob is set up to
automatically renew them. Though it does require a `cron`-compatible
program on the server.

This fixes the error that is caused by the `/etc/cron.d` directory
not existing and the `ansible-cron` module trying to write out a
file there -- without checking if the directory exists first.
2019-03-22 17:44:24 +01:00
Slavi Pantaleev
1939fc9113 Improve documentation a bit 2019-03-19 18:23:54 +02:00
Slavi Pantaleev
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
Slavi Pantaleev
10d9293121 Indicate that TURN ports are a range 2019-03-13 08:23:10 +02:00
Slavi Pantaleev
c545d3eb85 Add support for serving base domain via matrix-nginx-proxy 2019-03-12 23:01:16 +02:00
Slavi Pantaleev
1974935bc6 Update docs a bit 2019-03-12 11:38:59 +02:00
Slavi Pantaleev
54e79c10a1 Merge pull request #112 from NullIsNot0/master
Fix Dimension documentation
2019-03-10 21:53:33 +02:00
Slavi Pantaleev
52486356e5 Add some more links to Dimension's homepage 2019-03-10 21:43:03 +02:00
Edgars Voroboks
c49ba1c4ab Fix Dimension documentation 2019-03-10 21:41:31 +02:00
Slavi Pantaleev
a1f9869eb2 Improve documentation about getting the playbook 2019-03-10 17:02:20 +02:00
Edgars Voroboks
9f5215c95a Make some additions to Dimension documentation 2019-03-10 13:17:56 +02:00
Edgars Voroboks
1bff4893d9 Provide Dimension documentation 2019-03-10 10:12:31 +02:00
Slavi Pantaleev
ae7e17e64a Add information about mxisd email template customization
Related to #108 (Github Pull Request).
2019-03-08 12:06:50 +02:00
Slavi Pantaleev
401d7560e9 Make Discord bridging instructions more detailed
It didn't mention `matrix_appservice_discord_client_id` and
`matrix_appservice_discord_bot_token`, which makes it hard for
beginners.

Related to #105 (Github Pull Request).
2019-03-05 09:10:32 +02:00
Lionstiger
b5ae0254fd used ` backticks instead of double quotes 2019-03-04 14:41:58 +01:00
Lionstiger
faa16617da add documentation 2019-03-03 19:34:30 +01:00
Lionstiger
835c349275 Add matrix-appservice-discord bridge
Bridge is setup to work on the matrix side with this, but the discord invite link is not automatically generated.
2019-03-03 18:22:52 +01:00
Slavi Pantaleev
041a1947b3 Update Synapse (0.99.1.1 -> 0.99.2) 2019-03-02 10:03:09 +02:00
frlae
6b47ebeaa7 fixed a small path typo in playbook telemetry docs 2019-03-01 07:48:45 +01:00
Slavi Pantaleev
a43bcd81fe Rename some variables 2019-02-28 11:51:09 +02:00
Slavi Pantaleev
28bd6dc75b Improve Telegram/Whatsapp instructions 2019-02-22 14:50:07 +02:00
Slavi Pantaleev
747574ab56 Update Prerequisites a bit 2019-02-20 11:39:04 +02:00
Slavi Pantaleev
b79db89221 Improve wording a bit 2019-02-15 10:03:33 +02:00
Slavi Pantaleev
fcdc2a6c4f Fix incomplete sentence 2019-02-15 10:01:10 +02:00
Slavi Pantaleev
eb08e20418 Upgrade Synapse (0.99.0 -> 0.99.1) and sync config
`matrix_synapse_no_tls` is now implicit, so we've gotten rid of it.

The `homeserver.yaml.j2` template has been synchronized with the
configuration generated by Synapse v0.99.1 (some new options
are present, etc.)
2019-02-14 18:40:55 +02:00
Slavi Pantaleev
70b2f07fec Add PostgreSQL backup information 2019-02-09 14:36:47 +02:00
Slavi Pantaleev
46accfdb3c Add guide about certificates for other domains
We had something like that on the Server Delegation how-to page,
but it's better if we have it on the SSL certificates page.

Relocated there and improved linking.

Fixes #94 (Github Issue)
2019-02-08 11:59:00 +02:00
Slavi Pantaleev
f4fa03d4b9 Re-iterate where one can find the well-known files 2019-02-07 19:43:00 +02:00
Slavi Pantaleev
ef903fe544 Add some quick links 2019-02-06 13:30:24 +02:00
Slavi Pantaleev
e9cfcb8429 Fix another YAML indentation problem on documentation page 2019-02-06 13:04:19 +02:00
Slavi Pantaleev
92aa5bfa2d Fix YAML indentation on documentation page 2019-02-06 13:03:26 +02:00
Slavi Pantaleev
33726cdb08 Fix anchor 2019-02-06 13:02:17 +02:00
Slavi Pantaleev
5148f8edf4 Update docs 2019-02-06 09:36:03 +02:00
Slavi Pantaleev
91a757c581 Add support for reloading Synapse 2019-02-06 09:25:13 +02:00
Slavi Pantaleev
772154f3b9 Update Server Delegation docs a bit 2019-02-05 13:38:20 +02:00
Slavi Pantaleev
b540427974 Mention alternative ways to do Server Delegation 2019-02-05 13:02:15 +02:00
Slavi Pantaleev
f6ebd4ce62 Initial work on Synapse 0.99/1.0 preparation 2019-02-05 12:09:46 +02:00
Plailect
29b40b428a Database files must be stored on permanent storage 2019-02-01 11:44:06 -05:00
Slavi Pantaleev
5e8a7fd05b Update own-webserver guide and add sample Apache configuration
This supersedes #59 (Github Pull Request),
which was greatly beneficial in creating our sample Apache configuration.
2019-02-01 16:58:11 +02:00
Slavi Pantaleev
8681a5dc69 Add 'none' SSL certificate retrieval method 2019-02-01 16:50:25 +02:00
Slavi Pantaleev
e09b7435d1 Update documentation a bit 2019-02-01 12:26:43 +02:00
Slavi Pantaleev
cd332d9b4e Add TLS v1.3 support to matrix-nginx-proxy
This was mentioned in #27 (Github Pull Request),
but it's just now that the nginx Docker image actually supports
TLS v1.3 and we can enable it.
2019-02-01 11:49:22 +02:00
Slavi Pantaleev
a9fae8e3b1 Revert "Use native OpenSSL module to generate passkey.pem"
This reverts commit 0dac5ea508.

Relying on pyOpenSSL is the Ansible way of doing things, but is
impractical and annoying for users.

`openssl` is easily available on most servers, even by default.
We'd better use that.
2019-01-31 20:45:14 +02:00
Plailect
0dac5ea508 Use native OpenSSL module to generate passkey.pem 2019-01-31 11:38:54 -05:00
Plailect
0a2a8e118c Update example configuration and documentation 2019-01-31 11:05:27 -05:00
Plailect
1c057bf06d Correct variable name in documentation 2019-01-31 10:58:45 -05:00
Plailect
3a4a671dd7 Add support for matrix-appservice-irc 2019-01-31 00:37:23 -05:00
Slavi Pantaleev
299a8c4c7c Make (most) containers start as non-root
This makes all containers (except mautrix-telegram and
mautrix-whatsapp), start as a non-root user.

We do this, because we don't trust some of the images.
In any case, we'd rather not trust ALL images and avoid giving
`root` access at all. We can't be sure they would drop privileges
or what they might do before they do it.

Because Postfix doesn't support running as non-root,
it had to be replaced by an Exim mail server.

The matrix-nginx-proxy nginx container image is patched up
(by replacing its main configuration) so that it can work as non-root.
It seems like there's no other good image that we can use and that is up-to-date
(https://hub.docker.com/r/nginxinc/nginx-unprivileged is outdated).

Likewise for riot-web (https://hub.docker.com/r/bubuntux/riot-web/),
we patch it up ourselves when starting (replacing the main nginx
configuration).
Ideally, it would be fixed upstream so we can simplify.
2019-01-27 20:25:13 +02:00
Slavi Pantaleev
c10182e5a6 Make roles more independent of one another
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
2019-01-16 18:05:48 +02:00
Slavi Pantaleev
51312b8250 Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.
2019-01-12 18:01:10 +02:00