From 384da4f34f5257b761013878c1836f383358f170 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Sun, 30 Oct 2022 19:01:49 -0400 Subject: [PATCH 001/143] Add S3 SSE-C support to synapse-s3-storage-provider --- roles/custom/matrix-synapse/defaults/main.yml | 3 +++ .../templates/synapse/ext/s3-storage-provider/env.j2 | 6 ++++++ .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 6 ++++++ .../matrix-synapse-s3-storage-provider-migrate.j2 | 6 +++++- 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 54351256..372ed1cf 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -810,6 +810,9 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: '' matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: '' matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: '' matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: '' +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: 'AES256' matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40 # matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command. diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 index 6dfcbe41..58d26255 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -4,6 +4,12 @@ AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_regi ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }} BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }} + +{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} +SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }} +SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }} +{% endif %} + STORAGE_CLASS={{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class }} MEDIA_PATH=/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index 97b0f5f2..a602b6f9 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -9,6 +9,12 @@ config: access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }} secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} + + {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} + sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }} + sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }} + {% endif %} + storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }} threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 index d48ae122..031c0ea0 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 @@ -10,4 +10,8 @@ --network={{ matrix_docker_network }} \ --entrypoint=/bin/bash \ {{ matrix_synapse_docker_image_final }} \ - -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT' + {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} + -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT --sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY' + {% else %} + -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT + {% endif %} From a7320e02ff0e208d9e31f11a2dedfae619abcf13 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Sun, 13 Nov 2022 03:18:53 -0500 Subject: [PATCH 002/143] Adjust sse-c template formatting --- .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 5 ++--- .../matrix-synapse-s3-storage-provider-migrate.j2 | 5 +---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index a602b6f9..e888e3c5 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -9,12 +9,11 @@ config: access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }} secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} - - {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} +{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }} sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }} - {% endif %} +{% endif %} storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }} threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 index 031c0ea0..4b2386b1 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 @@ -11,7 +11,4 @@ --entrypoint=/bin/bash \ {{ matrix_synapse_docker_image_final }} \ {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} - -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT --sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY' - {% else %} - -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT - {% endif %} + -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}' From b6bb5731cd2f2da466ea066ca0d6101d8f23d119 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Sun, 13 Nov 2022 03:20:30 -0500 Subject: [PATCH 003/143] Remove leftover sse-c enabled cmd check --- .../usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 index 4b2386b1..2f0cd0e5 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/usr-local-bin/matrix-synapse-s3-storage-provider-migrate.j2 @@ -10,5 +10,4 @@ --network={{ matrix_docker_network }} \ --entrypoint=/bin/bash \ {{ matrix_synapse_docker_image_final }} \ - {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} -c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}' From 784e5492d558f40ea990f3f8c27c8bdc8658c143 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Wed, 2 Nov 2022 18:11:32 -0400 Subject: [PATCH 004/143] Add matrix-bridge-mautrix-slack role --- ...nfiguring-playbook-bridge-mautrix-slack.md | 78 ++++++ group_vars/matrix_servers | 6 + .../defaults/main.yml | 138 +++++++++++ .../tasks/init.yml | 21 ++ .../tasks/main.yml | 22 ++ .../tasks/setup_install.yml | 121 +++++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 10 + .../templates/config.yaml.j2 | 231 ++++++++++++++++++ .../systemd/matrix-mautrix-slack.service.j2 | 43 ++++ setup.yml | 0 11 files changed, 695 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mautrix-slack.md create mode 100644 roles/matrix-bridge-mautrix-slack/defaults/main.yml create mode 100644 roles/matrix-bridge-mautrix-slack/tasks/init.yml create mode 100644 roles/matrix-bridge-mautrix-slack/tasks/main.yml create mode 100644 roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 mode change 120000 => 100755 setup.yml diff --git a/docs/configuring-playbook-bridge-mautrix-slack.md b/docs/configuring-playbook-bridge-mautrix-slack.md new file mode 100644 index 00000000..e941b346 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-slack.md @@ -0,0 +1,78 @@ +# Setting up Mautrix Slack (optional) + +**Note**: bridging to [Slack](https://slack.com/) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. +- For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook. +The `mautrix-slack` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Slack bridges supported by the playbook, so it's the one we recommend. + +The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you. + +Note that as of Oct 2022, support for multiple Matrix users using the bot is incomplete. Different users do not yet share the bridged channels. Everyone gets their own copy. + +See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information. + + +## Prerequisites + +For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html). + +Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only Slack officially supported method for bridging a channel. + + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_mautrix_slack_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/matrix-bridge-mautrix-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_slack_configuration_extension_yaml` variable + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Slack` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +1. Start a chat with `@slackbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +2. If you would like to login to Slack using a token, send the `login-token` command, otherwise, send the `login-password` command. +3. The bot should respond with "Successfully logged into for team " +4. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to. +5. Slack channels should automatically begin bridging if you authenticated using a token. Otherwise, you must wait to receive a message in the channel if you used password authentication. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2a9e0414..9178314e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2444,6 +2444,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_mautrix_discord_database_password, }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_mautrix_slack_database_name, + 'username': matrix_mautrix_slack_database_username, + 'password': matrix_mautrix_slack_database_password, + }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, diff --git a/roles/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/matrix-bridge-mautrix-slack/defaults/main.yml new file mode 100644 index 00000000..c2b5a159 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/defaults/main.yml @@ -0,0 +1,138 @@ +--- +# mautrix-slack is a Matrix <-> Slack bridge +# Project source code URL: https://github.com/mautrix/slack + +matrix_mautrix_slack_enabled: true + +matrix_mautrix_slack_container_image_self_build: false +matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/slack.git" +matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}" + +matrix_mautrix_slack_version: latest +# See: https://mau.dev/mautrix/slack/container_registry +matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}" +matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_slack_docker_image_force_pull: "{{ matrix_mautrix_slack_docker_image.endswith(':latest') }}" + +matrix_mautrix_slack_base_path: "{{ matrix_base_data_path }}/mautrix-slack" +matrix_mautrix_slack_config_path: "{{ matrix_mautrix_slack_base_path }}/config" +matrix_mautrix_slack_data_path: "{{ matrix_mautrix_slack_base_path }}/data" +matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path }}/docker-src" + +matrix_mautrix_slack_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080" + +matrix_mautrix_slack_command_prefix: "!slack" + +matrix_mautrix_slack_bridge_permissions: | + {{ + {matrix_mautrix_slack_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# A list of extra arguments to pass to the container +matrix_mautrix_slack_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-slack.service depends on. +matrix_mautrix_slack_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-slack.service wants +matrix_mautrix_slack_systemd_wanted_services_list: [] + +matrix_mautrix_slack_appservice_token: '' +matrix_mautrix_slack_homeserver_token: '' + +matrix_mautrix_slack_appservice_bot_username: slackbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_slack_logging_level: 'warn' + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_slack_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_slack_database_*` variables +matrix_mautrix_slack_database_engine: 'sqlite' + +matrix_mautrix_slack_sqlite_database_path_local: "{{ matrix_mautrix_slack_data_path }}/mautrix-slack.db" +matrix_mautrix_slack_sqlite_database_path_in_container: "/data/mautrix-slack.db" + +matrix_mautrix_slack_database_username: 'matrix_mautrix_slack' +matrix_mautrix_slack_database_password: 'some-password' +matrix_mautrix_slack_database_hostname: 'matrix-postgres' +matrix_mautrix_slack_database_port: 5432 +matrix_mautrix_slack_database_name: 'matrix_mautrix_slack' + +matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable' + +matrix_mautrix_slack_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_slack_database_engine] +}}" + +matrix_mautrix_slack_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_slack_database_connection_string, + }[matrix_mautrix_slack_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_slack_login_shared_secret: '' +matrix_mautrix_slack_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_slack_homeserver_domain: matrix_mautrix_slack_login_shared_secret} if matrix_mautrix_slack_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_mautrix_slack_bridge_double_puppet_server_map: + "{{ matrix_mautrix_slack_homeserver_domain : matrix_mautrix_slack_homeserver_address }}" + +# Default mautrix-slack configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_slack_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_slack_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_slack_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_slack_configuration_yaml`. + +matrix_mautrix_slack_configuration_extension: "{{ matrix_mautrix_slack_configuration_extension_yaml | from_yaml if matrix_mautrix_slack_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_slack_configuration_yaml`. +matrix_mautrix_slack_configuration: "{{ matrix_mautrix_slack_configuration_yaml | from_yaml | combine(matrix_mautrix_slack_configuration_extension, recursive=True) }}" + +matrix_mautrix_slack_registration_yaml: | + id: slack + url: {{ matrix_mautrix_slack_appservice_address }} + as_token: "{{ matrix_mautrix_slack_appservice_token }}" + hs_token: "{{ matrix_mautrix_slack_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_slack_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@slack_[0-9]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_slack_bridge_encryption_allow: false +matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" +matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-slack/tasks/init.yml b/roles/matrix-bridge-mautrix-slack/tasks/init.yml new file mode 100644 index 00000000..0ea03f5b --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-slack.service'] }}" + when: matrix_mautrix_slack_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_homeserver_container_runtime_injected_arguments: > + {{ + matrix_homeserver_container_runtime_injected_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_slack_config_path }}/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro"] + }} + + matrix_homeserver_app_service_runtime_injected_config_files: > + {{ + matrix_homeserver_app_service_runtime_injected_config_files | default([]) + + + ["/matrix-mautrix-slack-registration.yaml"] + }} + when: matrix_mautrix_slack_enabled | bool diff --git a/roles/matrix-bridge-mautrix-slack/tasks/main.yml b/roles/matrix-bridge-mautrix-slack/tasks/main.yml new file mode 100644 index 00000000..d7fc0202 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_slack_enabled | bool" + tags: + - setup-all + - setup-mautrix-slack + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_mautrix_slack_enabled" + tags: + - setup-all + - setup-mautrix-slack + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_mautrix_slack_enabled" + tags: + - setup-all + - setup-mautrix-slack diff --git a/roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml new file mode 100644 index 00000000..3c9306a5 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -0,0 +1,121 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-slack role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_slack_requires_restart: false + +- when: "matrix_mautrix_slack_database_engine == 'postgres'" + block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_slack_sqlite_database_path_local }}" + register: matrix_mautrix_slack_sqlite_database_path_local_stat_result + + - when: "matrix_mautrix_slack_sqlite_database_path_local_stat_result.stat.exists | bool" + block: + - ansible.builtin.set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_slack_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_slack_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-slack.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres + + - ansible.builtin.set_fact: + matrix_mautrix_slack_requires_restart: true + +- name: Ensure Mautrix Slack paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_slack_base_path }}", when: true} + - {path: "{{ matrix_mautrix_slack_config_path }}", when: true} + - {path: "{{ matrix_mautrix_slack_data_path }}", when: true} + - {path: "{{ matrix_mautrix_slack_docker_src_files_path }}", when: "{{ matrix_mautrix_slack_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix Slack image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_slack_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_docker_image_force_pull }}" + when: not matrix_mautrix_slack_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix slack repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_slack_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_slack_docker_src_files_path }}" + version: "{{ matrix_mautrix_slack_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_slack_git_pull_results + when: "matrix_mautrix_slack_container_image_self_build | bool" + +- name: Ensure Mautrix slack Docker image is built + community.docker.docker_image: + name: "{{ matrix_mautrix_slack_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_slack_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_slack_container_image_self_build | bool" + +- name: Ensure mautrix-slack config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_slack_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_slack_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-slack registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_slack_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_slack_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-slack.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-slack.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + mode: 0644 + register: matrix_mautrix_slack_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-slack.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_slack_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-slack.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-slack.service" + state: restarted + when: "matrix_mautrix_slack_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml new file mode 100644 index 00000000..7ce6e840 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-mautrix-slack service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + register: matrix_mautrix_slack_service_stat + +- name: Ensure matrix-mautrix-slack is stopped + ansible.builtin.service: + name: matrix-mautrix-slack + state: stopped + enabled: false + daemon_reload: true + when: "matrix_mautrix_slack_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-slack.service doesn't exist + ansible.builtin.file: + path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + state: absent + when: "matrix_mautrix_slack_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-slack.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml new file mode 100644 index 00000000..ebe36e92 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_slack_appservice_token" + - "matrix_mautrix_slack_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 new file mode 100644 index 00000000..da589f05 --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -0,0 +1,231 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_slack_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_slack_homeserver_domain | to_json }} + # Is the homeserver actually mautrix-asmux? + asmux: false + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_slack_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_mautrix_slack_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_slack_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: slack + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_slack_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Slack bridge bot + avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_mautrix_slack_appservice_token | to_json }} + hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }} + +# Bridge config +bridge: + # Localpart template of MXIDs for Slack users. + # {{ '{{.}}' }} is replaced with the internal ID of the Slack user. + username_template: "{{ 'slack_{{.}}' }}" + # Displayname template for Slack users. + # TODO: document variables + displayname_template: "{{ '{{.RealName}} (S)' }}" + bot_displayname_template: "{{ '{{.Name}} (bot)' }}" + channel_name_template: "{{ '#{{.Name}}' }}" + + portal_message_buffer: 128 + + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack? + delivery_receipts: true + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + + # Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices. + sync_with_custom_puppets: false + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_slack_homeserver_domain }}": {{ matrix_mautrix_slack_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_slack_bridge_login_shared_secret_map|to_json }} + + message_handling_timeout: + # Send an error message after this timeout, but keep waiting for the response until the deadline. + # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay. + # If the message is older than this when it reaches the bridge, the message won't be handled at all. + error_after: 10s + # Drop messages after this timeout. They may still go through if the message got sent to the servers. + # This is counted from the time the bridge starts handling the message. + deadline: 60s + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "{{ matrix_mautrix_slack_command_prefix }}" + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Slack bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + backfill: + # Allow backfilling at all? Requires MSC2716 support on homeserver. + enable: false + + # If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack. + # Set to -1 to let any chat be unread. + unread_hours_threshold: 720 + + # Number of messages to immediately backfill when creating a portal. + immediate_messages: 10 + + # Settings for incremental backfill of history. + incremental: + # Maximum number of messages to backfill per batch. + messages_per_batch: 100 + # The number of seconds to wait after backfilling the batch of messages. + post_batch_delay: 20 + # The maximum number of messages to backfill per portal, split by the chat type. + # If set to -1, all messages in the chat will eventually be backfilled. + max_messages: + # Channels + channel: -1 + # Group direct messages + group_dm: -1 + # 1:1 direct messages + dm: -1 + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_slack_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_slack_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Slack account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_mautrix_slack_bridge_permissions|to_json }} + +logging: + directory: ./logs + file_name_format: '' + file_date_format: "2006-01-02" + file_mode: 384 + timestamp_format: Jan _2, 2006 15:04:05 + print_level: {{ matrix_mautrix_slack_logging_level | to_json }} + print_json: false + file_json: false diff --git a/roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 b/roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 new file mode 100644 index 00000000..f75090fb --- /dev/null +++ b/roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Slack bridge +{% for service in matrix_mautrix_slack_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_slack_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-slack \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \ + --workdir=/data \ + {% for arg in matrix_mautrix_slack_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_slack_docker_image }} \ + /usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-slack + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml deleted file mode 120000 index 7acc4c4c..00000000 --- a/setup.yml +++ /dev/null @@ -1 +0,0 @@ -playbooks/matrix.yml \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100755 index 00000000..7acc4c4c --- /dev/null +++ b/setup.yml @@ -0,0 +1 @@ +playbooks/matrix.yml \ No newline at end of file From 6fb0f26b30d7639794dd79435b8b8d93e0ce814a Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Fri, 4 Nov 2022 17:47:46 -0400 Subject: [PATCH 005/143] Add mautrix/appservice slack bridge bot username checks --- .../tasks/validate_config.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml index ebe36e92..363bbacf 100644 --- a/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml @@ -8,3 +8,12 @@ with_items: - "matrix_mautrix_slack_appservice_token" - "matrix_mautrix_slack_homeserver_token" + +- name: Fail if appservice-slack and mautrix-slack have conflicting bot usernames + when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('') + ansible.builtin.fail: + msg: | + The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit. + To resolve the conflict, make one of these components use a different username. + Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component). + We recommend that you change the username for the newly-added (and yet unused) component. From d6022d851e07c9f6a7ba98c615d4f5264fb476a3 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Fri, 4 Nov 2022 17:51:10 -0400 Subject: [PATCH 006/143] Move mautrix-sack role files to new roles/custom path --- roles/{ => custom}/matrix-bridge-mautrix-slack/defaults/main.yml | 0 roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/init.yml | 0 roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/main.yml | 0 .../matrix-bridge-mautrix-slack/tasks/setup_install.yml | 0 .../matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml | 0 .../matrix-bridge-mautrix-slack/tasks/validate_config.yml | 0 .../matrix-bridge-mautrix-slack/templates/config.yaml.j2 | 0 .../templates/systemd/matrix-mautrix-slack.service.j2 | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename roles/{ => custom}/matrix-bridge-mautrix-slack/defaults/main.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/init.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/main.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/setup_install.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/tasks/validate_config.yml (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/templates/config.yaml.j2 (100%) rename roles/{ => custom}/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 (100%) diff --git a/roles/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/defaults/main.yml rename to roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml diff --git a/roles/matrix-bridge-mautrix-slack/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/tasks/init.yml rename to roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml diff --git a/roles/matrix-bridge-mautrix-slack/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/tasks/main.yml rename to roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml diff --git a/roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/tasks/setup_install.yml rename to roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml diff --git a/roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml rename to roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml similarity index 100% rename from roles/matrix-bridge-mautrix-slack/tasks/validate_config.yml rename to roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml diff --git a/roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2 rename to roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 diff --git a/roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 similarity index 100% rename from roles/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 rename to roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 From 97c45676def6754e5a14ec4afd31219acc297ccf Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Fri, 4 Nov 2022 17:56:04 -0400 Subject: [PATCH 007/143] Update paths and vars for mautrix-slack to roles/custom --- .../tasks/setup_install.yml | 8 ++++---- .../tasks/setup_uninstall.yml | 4 ++-- .../systemd/matrix-mautrix-slack.service.j2 | 12 ++++++------ 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index 3c9306a5..c9406f14 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -31,7 +31,7 @@ pgloader_options: ['--with "quote identifiers"'] - ansible.builtin.import_role: - name: matrix-postgres + name: custom/matrix-postgres tasks_from: migrate_db_to_postgres - ansible.builtin.set_fact: @@ -59,8 +59,8 @@ force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_docker_image_force_pull }}" when: not matrix_mautrix_slack_container_image_self_build register: result - retries: "{{ matrix_container_retries_count }}" - delay: "{{ matrix_container_retries_delay }}" + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" until: result is not failed - name: Ensure Mautrix slack repository is present on self-build @@ -105,7 +105,7 @@ - name: Ensure matrix-mautrix-slack.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-mautrix-slack.service.j2" - dest: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" mode: 0644 register: matrix_mautrix_slack_systemd_service_result diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml index 7ce6e840..671fa529 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml @@ -2,7 +2,7 @@ - name: Check existence of matrix-mautrix-slack service ansible.builtin.stat: - path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" register: matrix_mautrix_slack_service_stat - name: Ensure matrix-mautrix-slack is stopped @@ -15,7 +15,7 @@ - name: Ensure matrix-mautrix-slack.service doesn't exist ansible.builtin.file: - path: "{{ matrix_systemd_path }}/matrix-mautrix-slack.service" + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" state: absent when: "matrix_mautrix_slack_service_stat.stat.exists" diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 index f75090fb..af5f3c03 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 @@ -12,14 +12,14 @@ DefaultDependencies=no [Service] Type=simple -Environment="HOME={{ matrix_systemd_unit_home_path }}" -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' -ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-slack \ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-slack {{ matrix_mautrix_slack_docker_image }} \ /usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' -ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-slack From d07480a883aa2878a3313e369b4c071ca36df764 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 19:23:14 -0500 Subject: [PATCH 008/143] Remove hardcoded matrix-postgres references --- .../matrix-bridge-mautrix-slack/defaults/main.yml | 2 +- .../tasks/validate_config.yml | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index c2b5a159..ae03943a 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -63,7 +63,7 @@ matrix_mautrix_slack_sqlite_database_path_in_container: "/data/mautrix-slack.db" matrix_mautrix_slack_database_username: 'matrix_mautrix_slack' matrix_mautrix_slack_database_password: 'some-password' -matrix_mautrix_slack_database_hostname: 'matrix-postgres' +matrix_mautrix_slack_database_hostname: '' matrix_mautrix_slack_database_port: 5432 matrix_mautrix_slack_database_name: 'matrix_mautrix_slack' diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml index 363bbacf..3c764a4e 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml @@ -1,13 +1,14 @@ --- -- name: Fail if required settings not defined +- name: Fail if required mautrix-slack settings not defined ansible.builtin.fail: msg: >- - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" with_items: - - "matrix_mautrix_slack_appservice_token" - - "matrix_mautrix_slack_homeserver_token" + - {'name': 'matrix_mautrix_slack_appservice_token', when: true} + - {'name': 'matrix_mautrix_slack_homeserver_token', when: true} + - {'name': 'matrix_mautrix_slack_database_hostname', when: "{{ matrix_mautrix_slack_database_engine == 'postgres' }}"} - name: Fail if appservice-slack and mautrix-slack have conflicting bot usernames when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('') From 2e0dfb2dc1ecc754bac770b9ec3377f4f82a2cde Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 20:07:04 -0500 Subject: [PATCH 009/143] Update slack bridge implementation --- group_vars/matrix_servers | 48 ++++++++++++++++++- .../tasks/init.yml | 21 -------- .../tasks/main.yml | 22 ++++----- .../tasks/setup_install.yml | 25 +++------- .../tasks/setup_uninstall.yml | 29 +++++------ 5 files changed, 75 insertions(+), 70 deletions(-) delete mode 100644 roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9178314e..2ace75d1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -53,6 +53,8 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else []) + (['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else []) @@ -108,6 +110,8 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else []) + + (['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else []) + + (['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else []) + (['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else []) @@ -209,6 +213,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else []) + + ([{'name': 'matrix-mautrix-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-slack']}] if matrix_mautrix_slack_enabled else []) + + ([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else []) + ([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else []) @@ -725,6 +731,46 @@ matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_ge ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-slack +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_slack_enabled: false + +matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_slack_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.as.tok', rounds=655555) | to_uuid }}" + +matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}" + +matrix_mautrix_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-slack +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-facebook @@ -2448,7 +2494,7 @@ devture_postgres_managed_databases_auto: | 'name': matrix_mautrix_slack_database_name, 'username': matrix_mautrix_slack_database_username, 'password': matrix_mautrix_slack_database_password, - }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == 'matrix-postgres') else []) + }] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else []) + ([{ 'name': matrix_mx_puppet_slack_database_name, diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml deleted file mode 100644 index 0ea03f5b..00000000 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/init.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- ansible.builtin.set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-slack.service'] }}" - when: matrix_mautrix_slack_enabled | bool - -# If the matrix-synapse role is not used, these variables may not exist. -- ansible.builtin.set_fact: - matrix_homeserver_container_runtime_injected_arguments: > - {{ - matrix_homeserver_container_runtime_injected_arguments | default([]) - + - ["--mount type=bind,src={{ matrix_mautrix_slack_config_path }}/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro"] - }} - - matrix_homeserver_app_service_runtime_injected_config_files: > - {{ - matrix_homeserver_app_service_runtime_injected_config_files | default([]) - + - ["/matrix-mautrix-slack-registration.yaml"] - }} - when: matrix_mautrix_slack_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml index d7fc0202..bff90549 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml @@ -1,22 +1,20 @@ --- -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" - tags: - - always -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup | bool and matrix_mautrix_slack_enabled | bool" - tags: - - setup-all - - setup-mautrix-slack +- block: + - when: matrix_mautrix_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_slack_enabled" + - when: matrix_mautrix_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" tags: - setup-all - setup-mautrix-slack + - install-all + - install-mautrix-slack -- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_slack_enabled" +- block: + - when: not matrix_mautrix_slack_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" tags: - setup-all - setup-mautrix-slack diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml index c9406f14..f266f026 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - ansible.builtin.fail: - msg: >- - The matrix-bridge-mautrix-slack role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed | default(False)" - - ansible.builtin.set_fact: matrix_mautrix_slack_requires_restart: false @@ -20,8 +12,11 @@ - when: "matrix_mautrix_slack_sqlite_database_path_local_stat_result.stat.exists | bool" block: - - ansible.builtin.set_fact: - matrix_postgres_db_migration_request: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}" dst: "{{ matrix_mautrix_slack_database_connection_string }}" caller: "{{ role_path | basename }}" @@ -30,10 +25,6 @@ systemd_services_to_stop: ['matrix-mautrix-slack.service'] pgloader_options: ['--with "quote identifiers"'] - - ansible.builtin.import_role: - name: custom/matrix-postgres - tasks_from: migrate_db_to_postgres - - ansible.builtin.set_fact: matrix_mautrix_slack_requires_restart: true @@ -109,13 +100,9 @@ mode: 0644 register: matrix_mautrix_slack_systemd_service_result -- name: Ensure systemd reloaded after matrix-mautrix-slack.service installation - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_slack_systemd_service_result.changed" - - name: Ensure matrix-mautrix-slack.service restarted, if necessary ansible.builtin.service: name: "matrix-mautrix-slack.service" state: restarted + daemon_reload: true when: "matrix_mautrix_slack_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml index 671fa529..19350b44 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml @@ -5,21 +5,16 @@ path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" register: matrix_mautrix_slack_service_stat -- name: Ensure matrix-mautrix-slack is stopped - ansible.builtin.service: - name: matrix-mautrix-slack - state: stopped - enabled: false - daemon_reload: true - when: "matrix_mautrix_slack_service_stat.stat.exists" +- when: matrix_mautrix_slack_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-slack is stopped + ansible.builtin.service: + name: matrix-mautrix-slack + state: stopped + enabled: false + daemon_reload: true -- name: Ensure matrix-mautrix-slack.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" - state: absent - when: "matrix_mautrix_slack_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-mautrix-slack.service removal - ansible.builtin.service: - daemon_reload: true - when: "matrix_mautrix_slack_service_stat.stat.exists" + - name: Ensure matrix-mautrix-slack.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service" + state: absent From c925b517e79d377f1d7cca78f3302c444df4b6de Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 21:09:23 -0500 Subject: [PATCH 010/143] Include mautrix-slack in setup --- playbooks/matrix.yml | 1 + setup.yml | 0 2 files changed, 1 insertion(+) mode change 100755 => 120000 setup.yml diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 088ea640..45cb9052 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -61,6 +61,7 @@ - custom/matrix-bridge-mautrix-telegram - custom/matrix-bridge-mautrix-whatsapp - custom/matrix-bridge-mautrix-discord + - custom/matrix-bridge-mautrix-slack - custom/matrix-bridge-mx-puppet-discord - custom/matrix-bridge-mx-puppet-groupme - custom/matrix-bridge-mx-puppet-steam diff --git a/setup.yml b/setup.yml deleted file mode 100755 index 7acc4c4c..00000000 --- a/setup.yml +++ /dev/null @@ -1 +0,0 @@ -playbooks/matrix.yml \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 120000 index 00000000..7acc4c4c --- /dev/null +++ b/setup.yml @@ -0,0 +1 @@ +playbooks/matrix.yml \ No newline at end of file From f4874d2e4a8af587cc0aecb87049f054dfe70a8b Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 21:09:40 -0500 Subject: [PATCH 011/143] Pull upstream mautrix-slack config defaults --- .../templates/config.yaml.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index da589f05..b7919ec2 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -28,10 +28,11 @@ appservice: # Database config. database: - # The database type. "sqlite3" and "postgres" are supported. + # The database type. "sqlite3-fk-wal" and "postgres" are supported. type: {{ matrix_mautrix_slack_appservice_database_type|to_json }} # The database URI. - # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql uri: {{ matrix_mautrix_slack_appservice_database_uri|to_json }} @@ -57,6 +58,11 @@ appservice: # Requires MSC2409 support (i.e. Synapse 1.22+). ephemeral_events: true + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. as_token: {{ matrix_mautrix_slack_appservice_token | to_json }} hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }} From e9772420226f8796276537161a7cc883f42bdaf2 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 21:31:04 -0500 Subject: [PATCH 012/143] Pull more mautrix-slack defaults from upstream --- .../matrix-bridge-mautrix-slack/templates/config.yaml.j2 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index b7919ec2..1c7a1dff 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -5,8 +5,10 @@ homeserver: address: {{ matrix_mautrix_slack_homeserver_address | to_json }} # The domain of the homeserver (for MXIDs, etc). domain: {{ matrix_mautrix_slack_homeserver_domain | to_json }} - # Is the homeserver actually mautrix-asmux? - asmux: false + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard # The URL to push real-time bridge status to. # If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes. # The bridge will use the appservice as_token to authorize requests. @@ -56,6 +58,7 @@ appservice: avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. ephemeral_events: true # Should incoming events be handled asynchronously? From 12b8cb3aab14c76ed6801d5f41f36283d2c05c90 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 2 Jan 2023 21:58:52 -0500 Subject: [PATCH 013/143] Fix localpart slack id regex for mautrix-slack --- roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index ae03943a..4d8e3f2f 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -124,7 +124,7 @@ matrix_mautrix_slack_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@slack_[0-9]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' + - regex: '^@slack_[a-z-A-Z0-9\-]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' exclusive: true - exclusive: true regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$' From 1c6ab4a1bcfa896571cbd2d0ad1e42acbd7b5727 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 12:33:09 -0500 Subject: [PATCH 014/143] Update documentation for mautrix slack --- README.md | 3 ++- docs/configuring-playbook-bridge-mautrix-slack.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 177c2a0d..92a46107 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,8 @@ Bridges can be used to connect your matrix installation with third-party communi | Name | Default? | Description | Documentation | | ---- | -------- | ----------- | ------------- | -[mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | +| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | +| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) | | [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | | [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | | [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | diff --git a/docs/configuring-playbook-bridge-mautrix-slack.md b/docs/configuring-playbook-bridge-mautrix-slack.md index e941b346..4ec28e97 100644 --- a/docs/configuring-playbook-bridge-mautrix-slack.md +++ b/docs/configuring-playbook-bridge-mautrix-slack.md @@ -42,8 +42,8 @@ There are some additional things you may wish to configure about the bridge. Take a look at: -- `roles/matrix-bridge-mautrix-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file -- `roles/matrix-bridge-mautrix-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_slack_configuration_extension_yaml` variable +- `roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_slack_configuration_extension_yaml` variable ### Set up Double Puppeting From 94474e387ab502779876143207782acf1b48db32 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 12:53:57 -0500 Subject: [PATCH 015/143] Fix mautrix slack doc typos and clarifications --- docs/configuring-playbook-bridge-mautrix-slack.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-slack.md b/docs/configuring-playbook-bridge-mautrix-slack.md index 4ec28e97..d0a60aa7 100644 --- a/docs/configuring-playbook-bridge-mautrix-slack.md +++ b/docs/configuring-playbook-bridge-mautrix-slack.md @@ -3,7 +3,6 @@ **Note**: bridging to [Slack](https://slack.com/) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridges supported by the playbook. - For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing. - For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook. -The `mautrix-slack` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Slack bridges supported by the playbook, so it's the one we recommend. The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you. @@ -18,7 +17,7 @@ See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMA For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html). -Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only Slack officially supported method for bridging a channel. +Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel. ## Installing @@ -38,7 +37,7 @@ To make use of the bridge, see [Usage](#usage) below. ### Additional configuration -There are some additional things you may wish to configure about the bridge. +There are some additional options you may wish to configure with the bridge. Take a look at: @@ -72,7 +71,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee ## Usage 1. Start a chat with `@slackbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). -2. If you would like to login to Slack using a token, send the `login-token` command, otherwise, send the `login-password` command. +2. If you would like to login to Slack using a token, send the `login-token` command, otherwise, send the `login-password` command. Read [here](https://docs.mau.fi/bridges/go/slack/authentication.html) on how to retrieve your token and cookie token. 3. The bot should respond with "Successfully logged into for team " 4. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to. 5. Slack channels should automatically begin bridging if you authenticated using a token. Otherwise, you must wait to receive a message in the channel if you used password authentication. From 533e47e9b98f94fc9dc9a0ca3166fe28cc924520 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 15:16:55 -0500 Subject: [PATCH 016/143] Add documentation on using s3 sse-c --- docs/configuring-playbook-synapse-s3-storage-provider.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 6022eaad..f029b3f3 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -39,6 +39,13 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key- matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc. +# S3 Server Side Encryption with a Customer provided key (SSE-C) can also be configured as follows +# This is not recommended unless you understand what you are doing, and may make restoring from backups additionally challenging +# You can read more about SSE-C here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | head -c 32 | base64 - +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 + # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` ``` From 4d44f7b49ed750d97e413f2b4b156048e8608bbf Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 15:18:09 -0500 Subject: [PATCH 017/143] Use base64 encoded string for sse-c key --- .../templates/synapse/ext/s3-storage-provider/env.j2 | 2 +- .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 index 58d26255..6cc7753f 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -6,7 +6,7 @@ ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url } BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }} {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} -SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }} +SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode }} SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }} {% endif %} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index e888e3c5..988ad002 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -10,7 +10,7 @@ config: secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} - sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }} + sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode | to_json }} sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }} {% endif %} From 6d96bcee1da1a306aaeab101026a7a08702f417a Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 15:18:49 -0500 Subject: [PATCH 018/143] Allow 'git' as a version for s3 storage provider --- .../templates/synapse/customizations/Dockerfile.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 index 3919e955..b77dbc23 100644 --- a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 @@ -1,7 +1,11 @@ FROM {{ matrix_synapse_docker_image }} {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %} + {% if matrix_synapse_ext_synapse_s3_storage_provider_version == 'git' %} +RUN apt-get update -yq && apt-get install -yq git && pip install git+https://github.com/matrix-org/synapse-s3-storage-provider.git + {% else %} RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }} + {% endif %} {% endif %} {{ matrix_synapse_container_image_customizations_dockerfile_body_custom }} From b9604da9d9b861b5d156581ce46b16b7a757e119 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 15:26:06 -0500 Subject: [PATCH 019/143] Add note on using synapse s3 provider git version for sse-c support --- docs/configuring-playbook-synapse-s3-storage-provider.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index f029b3f3..a4ee7063 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -45,6 +45,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | head -c 32 | base64 - matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 +# Using the git version is also required until > v1.1.2 is released +matrix_synapse_ext_synapse_s3_storage_provider_version: git # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` ``` From f5390562ed5a9df7cf254e783d41fe260c643931 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 16:13:09 -0500 Subject: [PATCH 020/143] Fix synapse s3 storage provider container indentation --- .../templates/synapse/customizations/Dockerfile.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 index b77dbc23..65375aee 100644 --- a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 @@ -1,11 +1,11 @@ FROM {{ matrix_synapse_docker_image }} {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %} - {% if matrix_synapse_ext_synapse_s3_storage_provider_version == 'git' %} +{% if matrix_synapse_ext_synapse_s3_storage_provider_version == 'git' %} RUN apt-get update -yq && apt-get install -yq git && pip install git+https://github.com/matrix-org/synapse-s3-storage-provider.git - {% else %} +{% else %} RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }} - {% endif %} +{% endif %} {% endif %} {{ matrix_synapse_container_image_customizations_dockerfile_body_custom }} From 7e5e1712f5e15f59d3598367f4128ed5d6135382 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 17:53:33 -0500 Subject: [PATCH 021/143] Encode s3 sse-c key for utf-8 --- docs/configuring-playbook-synapse-s3-storage-provider.md | 2 +- .../templates/synapse/ext/s3-storage-provider/env.j2 | 2 +- .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index a4ee7063..25d9a54a 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -43,7 +43,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # # This is not recommended unless you understand what you are doing, and may make restoring from backups additionally challenging # You can read more about SSE-C here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true -matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | head -c 32 | base64 - +matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | base64 | head -c 32 matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 # Using the git version is also required until > v1.1.2 is released matrix_synapse_ext_synapse_s3_storage_provider_version: git diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 index 6cc7753f..58d26255 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 @@ -6,7 +6,7 @@ ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url } BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }} {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} -SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode }} +SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }} SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }} {% endif %} diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index 988ad002..e888e3c5 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -10,7 +10,7 @@ config: secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }} {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} - sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode | to_json }} + sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }} sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }} {% endif %} From 3a28b7e332e06188b9533d1521888d2f7e0af513 Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Tue, 3 Jan 2023 18:01:15 -0500 Subject: [PATCH 022/143] Specify version requirement for sse-c in s3 storage provider --- docs/configuring-playbook-synapse-s3-storage-provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 25d9a54a..4b077027 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -45,7 +45,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | base64 | head -c 32 matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 -# Using the git version is also required until > v1.1.2 is released +# Using the git version is also required for SSE-C until > v1.1.2 is released matrix_synapse_ext_synapse_s3_storage_provider_version: git # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` From c86720eeaee2fad2c598431309e409839049ae3b Mon Sep 17 00:00:00 2001 From: Thomas Baer Date: Thu, 5 Jan 2023 14:10:06 +0100 Subject: [PATCH 023/143] convert to list from generator selectattr() returns a generator object, an iterator. This leads to an exception later, lists can't concated to iterators, only to other lists. So '| list' converts the iterator to a list and the script runs happily. --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2a9e0414..33c12401 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -283,7 +283,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else []) + - (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable')) + (matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable') | list ) + ([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else []) + From 36d8ea281cc4721d8b9c5d6b6793a2ee92b47f08 Mon Sep 17 00:00:00 2001 From: James Collier <26444312+MaybeJustJames@users.noreply.github.com> Date: Fri, 6 Jan 2023 20:09:07 +1100 Subject: [PATCH 024/143] Allow the mautrix whatsapp relaybot to be enabled with a variable (#2381) * Allow the mautrix whatsapp relaybot to be enable with a variable This allows a user to enable the relaybot by setting a variable in `vars.yml` in the same way that the mautrix signal relaybot is configured. * Correct default values for mautrix whatsapp relaybot variables * Add documentation for using the relaybot with mautrix whatsapp * Adjust variable names to better reflect what they do * Set default variables properly and use to_json in template --- .../configuring-playbook-bridge-mautrix-whatsapp.md | 13 +++++++++++++ .../defaults/main.yml | 6 ++++++ .../templates/config.yaml.j2 | 4 ++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-whatsapp.md b/docs/configuring-playbook-bridge-mautrix-whatsapp.md index 8ae6e5a0..b08556fe 100644 --- a/docs/configuring-playbook-bridge-mautrix-whatsapp.md +++ b/docs/configuring-playbook-bridge-mautrix-whatsapp.md @@ -11,6 +11,19 @@ matrix_mautrix_whatsapp_enabled: true ``` Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks. +The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_whatsapp_bridge_relay_enabled: true +``` + +By default, only admins are allowed to set themselves as relay users. To allow anyone on your homeserver to set themselves as relay users add this to your `vars.yml` file: +```yaml +matrix_mautrix_whatsapp_bridge_relay_admin_only: false +``` + +If you want to activate the relay bot in a room, use `!whatsapp set-relay`. +Use `!whatsapp unset-relay` to deactivate. + ## Enable backfilling history This requires a server with MSC2716 support, which is currently an experimental feature in synapse. Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers. diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 1307d09e..3a722eeb 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -102,6 +102,12 @@ matrix_mautrix_whatsapp_bridge_permissions: | | combine({matrix_admin: 'admin'} if matrix_admin else {}) }} +# Enable bridge relay functionality +matrix_mautrix_whatsapp_bridge_relay_enabled: false + +# Only allow admins on this home server to set themselves as a relay user +matrix_mautrix_whatsapp_bridge_relay_admin_only: true + # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 4b5af2e9..0962ac4d 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -396,9 +396,9 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_mautrix_whatsapp_bridge_relay_enabled | to_json }} # Should only admins be allowed to set themselves as relay users? - admin_only: true + admin_only: {{ matrix_mautrix_whatsapp_bridge_relay_admin_only | to_json }} # The formats to use when sending messages to WhatsApp via the relaybot. message_formats: m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" From 38151c9fd327f3533271b8dcd561c7c6e810c142 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 6 Jan 2023 11:03:18 +0000 Subject: [PATCH 025/143] Update heisenbridge 1.14.0 -> 1.14.1 --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 48101db1..d51bb913 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.0 +matrix_heisenbridge_version: 1.14.1 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From b487bb67498fca22b266f83aab446a7a8a4a0cd2 Mon Sep 17 00:00:00 2001 From: Aine Date: Sun, 8 Jan 2023 22:05:43 +0200 Subject: [PATCH 026/143] unify image prefixes --- roles/custom/matrix-bot-buscarron/defaults/main.yml | 4 ++-- roles/custom/matrix-bot-honoroit/defaults/main.yml | 4 ++-- roles/custom/matrix-bot-postmoogle/defaults/main.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 290248e0..60ed165c 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -10,8 +10,8 @@ matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" matrix_bot_buscarron_version: v1.3.0 -matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}" -matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etke.cc/buscarron:{{ matrix_bot_buscarron_version }}" +matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron" diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 186ef3f4..e880df4f 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -10,8 +10,8 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" matrix_bot_honoroit_version: v0.9.16 -matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" -matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" +matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit" diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 14795d1f..b8e42828 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -10,8 +10,8 @@ matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_v matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" matrix_bot_postmoogle_version: v0.9.10 -matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}" -matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" +matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" +matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle" From 1d1fd7053cf141d0ce9b92f55974e382f09f0831 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 9 Jan 2023 18:55:13 +0200 Subject: [PATCH 027/143] ewoutp/goofys:latest -> docker.io/ewoutp/goofys:latest --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 07eb803e..ba6c265e 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -815,7 +815,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false -matrix_s3_goofys_docker_image: "ewoutp/goofys:latest" +matrix_s3_goofys_docker_image: "docker.io/ewoutp/goofys:latest" matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}" matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" matrix_s3_media_store_bucket_name: "your-bucket-name" From 6bd909bbb7f2578777eb126a5cb9f6ad4628cc89 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 9 Jan 2023 22:18:37 +0200 Subject: [PATCH 028/143] add mode var for synapse ext ldap auth --- roles/custom/matrix-synapse/defaults/main.yml | 1 + roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ba6c265e..d2e5d641 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -725,6 +725,7 @@ matrix_synapse_ext_password_provider_shared_secret_config_yaml: | matrix_synapse_ext_password_provider_ldap_enabled: false matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389" matrix_synapse_ext_password_provider_ldap_start_tls: true +matrix_synapse_ext_password_provider_ldap_mode: "search" matrix_synapse_ext_password_provider_ldap_base: "" matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid" matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail" diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d2dd1c74..1885aeef 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2511,6 +2511,7 @@ password_providers: - module: "ldap_auth_provider.LdapAuthProvider" config: enabled: true + mode: {{ matrix_synapse_ext_password_provider_ldap_mode | string | to_json }} uri: {{ matrix_synapse_ext_password_provider_ldap_uri | string|to_json }} start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base | string|to_json }} From fc9eaa6ec5ebb87d00d6224a686c0dcf25266dda Mon Sep 17 00:00:00 2001 From: Cody Wyatt Neiman Date: Mon, 9 Jan 2023 15:52:38 -0500 Subject: [PATCH 029/143] Remove git version for s3 storage provider --- docs/configuring-playbook-synapse-s3-storage-provider.md | 2 -- roles/custom/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/customizations/Dockerfile.j2 | 4 ---- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 4b077027..4f6314e4 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -45,8 +45,6 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | base64 | head -c 32 matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 -# Using the git version is also required for SSE-C until > v1.1.2 is released -matrix_synapse_ext_synapse_s3_storage_provider_version: git # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` ``` diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 4da590a5..51927919 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -791,7 +791,7 @@ matrix_synapse_ext_encryption_config_yaml: | # Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`). # Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider. matrix_synapse_ext_synapse_s3_storage_provider_enabled: false -matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2 +matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.0 # Controls whether media from this (local) server is stored in s3-storage-provider matrix_synapse_ext_synapse_s3_storage_provider_store_local: true # Controls whether media from remote servers is stored in s3-storage-provider diff --git a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 index 65375aee..3919e955 100644 --- a/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/customizations/Dockerfile.j2 @@ -1,11 +1,7 @@ FROM {{ matrix_synapse_docker_image }} {% if matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled %} -{% if matrix_synapse_ext_synapse_s3_storage_provider_version == 'git' %} -RUN apt-get update -yq && apt-get install -yq git && pip install git+https://github.com/matrix-org/synapse-s3-storage-provider.git -{% else %} RUN pip install synapse-s3-storage-provider=={{ matrix_synapse_ext_synapse_s3_storage_provider_version }} {% endif %} -{% endif %} {{ matrix_synapse_container_image_customizations_dockerfile_body_custom }} From f0d1e23c9d3891524e89bee72a8202c500661850 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 09:22:55 +0200 Subject: [PATCH 030/143] Move around whitelines --- .../ext/s3-storage-provider/media_storage_provider.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 index e888e3c5..ac2b58db 100644 --- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 @@ -12,8 +12,8 @@ config: {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %} sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }} sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }} - {% endif %} + storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }} threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }} From 0ec1868b951b4632767f7065277def9011918abc Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Mon, 2 Jan 2023 18:16:38 +0000 Subject: [PATCH 031/143] Add matrix-bot-chatgpt. Co-Authored-By: Slavi Pantaleev --- README.md | 1 + docs/configuring-playbook-bot-chatgpt.md | 69 ++++++++++++++++ group_vars/matrix_servers | 2 + playbooks/matrix.yml | 1 + .../matrix-bot-chatgpt/defaults/main.yml | 78 +++++++++++++++++++ .../custom/matrix-bot-chatgpt/tasks/main.yml | 20 +++++ .../tasks/setup_install.yml | 63 +++++++++++++++ .../tasks/setup_uninstall.yml | 25 ++++++ .../tasks/validate_config.yml | 12 +++ .../matrix-bot-chatgpt/templates/env.j2 | 25 ++++++ .../systemd/matrix-bot-chatgpt.service.j2 | 40 ++++++++++ 11 files changed, 336 insertions(+) create mode 100644 docs/configuring-playbook-bot-chatgpt.md create mode 100644 roles/custom/matrix-bot-chatgpt/defaults/main.yml create mode 100644 roles/custom/matrix-bot-chatgpt/tasks/main.yml create mode 100644 roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bot-chatgpt/templates/env.j2 create mode 100644 roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 diff --git a/README.md b/README.md index 177c2a0d..2a09ef41 100644 --- a/README.md +++ b/README.md @@ -130,6 +130,7 @@ Bots provide various additional functionality to your installation. | [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) | | [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) | | [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) | +| [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) | x | ChatGPT from matrix | [Link](docs/configuring-playbook-bot-chatgpt.md) | ### Administration diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md new file mode 100644 index 00000000..49b3fdde --- /dev/null +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -0,0 +1,69 @@ +# Setting up ChatGPT (optional) + +The playbook can install and configure [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) for you. + +Talk to ChatGPT via your favourite Matrix client! + + +## 1. Register the bot account + +The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. + +You **need to register the bot user manually** before setting up the bot. + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + + +## 2. Get an access token + +Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). + + +## 3. Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +matrix_bot_chatgpt_enabled: true +# See instructions on +# https://www.npmjs.com/package/chatgpt +matrix_bot_chatgpt_openai_email: '' +matrix_bot_chatgpt_openai_password: '' +matrix_bot_chatgpt_openai_login_type: google +# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN +matrix_bot_chatgpt_matrix_bot_username: '@bot.chatgpt:{{ matrix_domain }}' +# Matrix access token (from bot user above) +# see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix +matrix_bot_chatgpt_matrix_access_token: '' +matrix_bot_chatgpt_matrix_default_prefix: '!chatgpt ' +matrix_bot_chatgpt_matrix_default_prefix_reply: false +matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}' +``` + +You will need to get tokens for ChatGPT. + + +## 4. Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +```sh +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + +**Notes**: + +- if you change the bot password (`matrix_bot_chatgpt_matrix_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_chatgpt_matrix_password` to let the bot know its new password + + +## Usage + +To use the bot, invite the `@bot.chatgpt:DOMAIN` to the room you specified in a config, after that start speaking to it, use the prefix if you configured one or mention the bot. + +You can also refer to the upstream [documentation](https://github.com/matrixgpt/matrix-chatgpt-bot). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 33c12401..6b8efb33 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -187,6 +187,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else []) + + ([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt']}] if matrix_bot_chatgpt_enabled else []) + + ([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else []) + ([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else []) diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 088ea640..b0b83109 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -78,6 +78,7 @@ - custom/matrix-bot-postmoogle - custom/matrix-bot-go-neb - custom/matrix-bot-mjolnir + - custom/matrix-bot-chatgpt - custom/matrix-cactus-comments - custom/matrix-synapse - custom/matrix-synapse-reverse-proxy-companion diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml new file mode 100644 index 00000000..002ebabd --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -0,0 +1,78 @@ +--- +# chatgpt is a bot for chatting to openAI chatgpt matrix bot +# Project source code URL: https://github.com/matrixgpt/matrix-chatgpt-bot + +matrix_bot_chatgpt_enabled: true + +matrix_bot_chatgpt_container_image_self_build: false +matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot" +matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" +matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" + +matrix_bot_chatgpt_version: 1.1.1 +matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" +matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" +matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" + +matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt" +matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config" +matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data" + +# A list of extra arguments to pass to the container +matrix_bot_chatgpt_container_extra_arguments: [] + +# List of systemd services that matrix-bot-chatgpt.service depends on +matrix_bot_chatgpt_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-chatgpt.service wants +matrix_bot_chatgpt_systemd_wanted_services_list: [] + +# ChatGPT Settings +matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL= +matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD= +matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" + +# Matrix Static Settings (required, see notes) +# Defaults to "https://matrix.org" +matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL= +# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN, needs to be set, created manually beforehand. +matrix_bot_chatgpt_matrix_bot_username: '@bot.chatgpt:{{ matrix_domain }}' # MATRIX_BOT_USERNAME= +# Set `MATRIX_BOT_PASSWORD` the bot will print an `MATRIX_ACCESS_TOKEN` to the terminal +# or https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix +matrix_bot_chatgpt_matrix_access_token: '' # MATRIX_ACCESS_TOKEN= +# Once `MATRIX_BOT_ACCESS_TOKEN` is set this is no longer used. +matrix_bot_chatgpt_matrix_bot_password: '' # MATRIX_BOT_PASSWORD= + +# Matrix Configurable Settings Defaults (optional) +matrix_bot_chatgpt_matrix_default_prefix: "!chatgpt " # MATRIX_DEFAULT_PREFIX= Leave prefix blank to reply to all messages, trailing space matters +matrix_bot_chatgpt_matrix_default_prefix_reply: false # MATRIX_DEFAULT_PREFIX_REPLY= + +# Matrix Access Control (optional) +matrix_bot_chatgpt_matrix_blacklist: '' +matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}' + +# Matrix Feature Flags (optional) +matrix_bot_chatgpt_matrix_autojoin: true # MATRIX_AUTOJOIN=true +matrix_bot_chatgpt_matrix_encryption: true # MATRIX_ENCRYPTION=true +matrix_bot_chatgpt_matrix_threads: true # MATRIX_THREADS=true +matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true + + +# A list of admins +# Example set of rules: +# matrix_bot_chatgpt_admins: +# - @someone:example.com +# - @another:example.com +# - @bot.*:example.com +# - @*:another.com +# matrix_bot_chatgpt_admins: "{{ [matrix_admin] if matrix_admin else [] }}" + +# Log level +# matrix_bot_chatgpt_loglevel: 'INFO' + +# Additional environment variables to pass to the chatgpt container +# +# Example: +# matrix_bot_chatgpt_environment_variables_extension: | +# chatgpt_TEXT_DONE=Done +matrix_bot_chatgpt_environment_variables_extension: '' diff --git a/roles/custom/matrix-bot-chatgpt/tasks/main.yml b/roles/custom/matrix-bot-chatgpt/tasks/main.yml new file mode 100644 index 00000000..c5487fb8 --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- block: + - when: matrix_bot_chatgpt_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_bot_chatgpt_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-bot-chatgpt + - install-all + - install-bot-chatgpt + +- block: + - when: not matrix_bot_chatgpt_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + tags: + - setup-all + - setup-bot-chatgpt diff --git a/roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml b/roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml new file mode 100644 index 00000000..5ae5ea95 --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml @@ -0,0 +1,63 @@ +--- +- name: Ensure chatgpt paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_chatgpt_config_path }}", when: true} + - {path: "{{ matrix_bot_chatgpt_data_path }}", when: true} + - {path: "{{ matrix_bot_chatgpt_docker_src_files_path }}", when: matrix_bot_chatgpt_container_image_self_build} + when: "item.when | bool" + +- name: Ensure chatgpt environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_bot_chatgpt_config_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0640 + +- name: Ensure chatgpt image is pulled + community.docker.docker_image: + name: "{{ matrix_bot_chatgpt_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_chatgpt_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_docker_image_force_pull }}" + when: "not matrix_bot_chatgpt_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure chatgpt repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_bot_chatgpt_docker_repo }}" + version: "{{ matrix_bot_chatgpt_docker_repo_version }}" + dest: "{{ matrix_bot_chatgpt_docker_src_files_path }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_chatgpt_git_pull_results + when: "matrix_bot_chatgpt_container_image_self_build | bool" + +- name: Ensure chatgpt image is built + community.docker.docker_image: + name: "{{ matrix_bot_chatgpt_docker_image }}" + source: build + force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_chatgpt_docker_src_files_path }}" + pull: true + when: "matrix_bot_chatgpt_container_image_self_build | bool" + +- name: Ensure matrix-bot-chatgpt.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service" + mode: 0644 + register: matrix_bot_chatgpt_systemd_service_result diff --git a/roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml new file mode 100644 index 00000000..4a50d733 --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-chatgpt service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service" + register: matrix_bot_chatgpt_service_stat + +- when: matrix_bot_chatgpt_service_stat.stat.exists | bool + block: + - name: Ensure matrix-chatgpt is stopped + ansible.builtin.service: + name: matrix-bot-chatgpt + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-bot-chatgpt.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service" + state: absent + + - name: Ensure Matrix chatgpt paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_chatgpt_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml new file mode 100644 index 00000000..f68d0e5c --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml @@ -0,0 +1,12 @@ +--- + +- name: Fail if required Chatgpt settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_bot_chatgpt_openai_email', when: true} + - {'name': 'matrix_bot_chatgpt_openai_password', when: true} + - {'name': 'matrix_bot_chatgpt_openai_login_type', when: true} + - {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true} diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 new file mode 100644 index 00000000..8837fe3e --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -0,0 +1,25 @@ +MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }} +MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }} + +OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }} +OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }} +OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }} + +# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN +MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }} +MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }} + +MATRIX_DEFAULT_PREFIX={{ matrix_bot_chatgpt_matrix_default_prefix }} +MATRIX_DEFAULT_PREFIX_REPLY={{ matrix_bot_chatgpt_matrix_default_prefix_reply|lower }} + +MATRIX_BLACKLIST={{ matrix_bot_chatgpt_matrix_blacklist }} +MATRIX_WHITELIST={{ matrix_bot_chatgpt_matrix_whitelist }} + +MATRIX_AUTOJOIN={{ matrix_bot_chatgpt_matrix_autojoin|lower }} +MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }} +MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }} +MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }} + +DATA_PATH=/data/ + +{{ matrix_bot_chatgpt_environment_variables_extension }} diff --git a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 new file mode 100644 index 00000000..4a528126 --- /dev/null +++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix chatgpt bot +{% for service in matrix_bot_chatgpt_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_chatgpt_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-chatgpt \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --tmpfs /tmp \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_bot_chatgpt_config_path }}/env \ + --mount type=bind,src={{ matrix_bot_chatgpt_data_path }},dst=/data \ + {% for arg in matrix_bot_chatgpt_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_chatgpt_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-chatgpt + +[Install] +WantedBy=multi-user.target From 0b8829339360342e584836c4f251f150771824fd Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Tue, 10 Jan 2023 14:09:08 +0000 Subject: [PATCH 032/143] Bump ChatGPT version. --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 002ebabd..f85fc8f5 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.1.1 +matrix_bot_chatgpt_version: 1.2.1 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" From 8d3ce50d1bb0d2d364ba32e0b7100579f98afff4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 17:20:33 +0200 Subject: [PATCH 033/143] Disable chatgpt from group_vars/matrix_servers by default --- group_vars/matrix_servers | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6b8efb33..5e1f0123 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1616,6 +1616,22 @@ matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_gen ###################################################################### +###################################################################### +# +# matrix-bot-chatgpt +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_chatgpt_enabled: false + +###################################################################### +# +# /matrix-bot-chatgpt +# +###################################################################### + + ###################################################################### # # matrix-bot-go-neb From ddfab6042797311d8c87a2abda2c58ed95800f60 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 17:20:50 +0200 Subject: [PATCH 034/143] Enable self-building for chatgpt for arm32 --- group_vars/matrix_servers | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5e1f0123..78c45d0b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1625,6 +1625,8 @@ matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_gen # We don't enable bots by default. matrix_bot_chatgpt_enabled: false +matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" + ###################################################################### # # /matrix-bot-chatgpt From 9ecca2cbb9a3785046e5d79d560ab540ce0000a5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 17:22:54 +0200 Subject: [PATCH 035/143] Update documentation with more chatgpt mentions --- docs/configuring-playbook-bot-chatgpt.md | 2 +- docs/configuring-playbook.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index 49b3fdde..1856fb35 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -2,7 +2,7 @@ The playbook can install and configure [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) for you. -Talk to ChatGPT via your favourite Matrix client! +Talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client! ## 1. Register the bot account diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index fa00c858..27ff1bae 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -161,6 +161,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bots +- [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) - talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client (optional) + - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) - [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional) From a96a22c925051866a41cfbae4e4ca9d4452b7442 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 17:26:59 +0200 Subject: [PATCH 036/143] chatgpt docs updates --- docs/configuring-playbook-bot-chatgpt.md | 16 ++++++---------- .../custom/matrix-bot-chatgpt/defaults/main.yml | 3 ++- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index 1856fb35..eb0c7596 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -31,19 +31,19 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_chatgpt_enabled: true + # See instructions on # https://www.npmjs.com/package/chatgpt matrix_bot_chatgpt_openai_email: '' matrix_bot_chatgpt_openai_password: '' matrix_bot_chatgpt_openai_login_type: google -# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN -matrix_bot_chatgpt_matrix_bot_username: '@bot.chatgpt:{{ matrix_domain }}' + +# This is the default username +# matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt' + # Matrix access token (from bot user above) # see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix matrix_bot_chatgpt_matrix_access_token: '' -matrix_bot_chatgpt_matrix_default_prefix: '!chatgpt ' -matrix_bot_chatgpt_matrix_default_prefix_reply: false -matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}' ``` You will need to get tokens for ChatGPT. @@ -54,13 +54,9 @@ You will need to get tokens for ChatGPT. After configuring the playbook, run the [installation](installing.md) command again: ```sh -ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start ``` -**Notes**: - -- if you change the bot password (`matrix_bot_chatgpt_matrix_password` in your `vars.yml` file) subsequently, the bot user's credentials on the homeserver won't be updated automatically. If you'd like to change the bot user's password, use a tool like [synapse-admin](configuring-playbook-synapse-admin.md) to change it, and then update `matrix_bot_chatgpt_matrix_password` to let the bot know its new password - ## Usage diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index f85fc8f5..361aa351 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -36,7 +36,8 @@ matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" # Defaults to "https://matrix.org" matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL= # With the @ and :DOMAIN, ie @SOMETHING:DOMAIN, needs to be set, created manually beforehand. -matrix_bot_chatgpt_matrix_bot_username: '@bot.chatgpt:{{ matrix_domain }}' # MATRIX_BOT_USERNAME= +matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt' +matrix_bot_chatgpt_matrix_bot_username: "@{{ matrix_bot_chatgpt_matrix_bot_username_localpart }}:{{ matrix_domain }}" # MATRIX_BOT_USERNAME= # Set `MATRIX_BOT_PASSWORD` the bot will print an `MATRIX_ACCESS_TOKEN` to the terminal # or https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix matrix_bot_chatgpt_matrix_access_token: '' # MATRIX_ACCESS_TOKEN= From 20558589cba14e294bd28262479c01d7d49465ce Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 10 Jan 2023 17:31:21 +0200 Subject: [PATCH 037/143] Announce matrix-bot-chatgpt Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2386 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook.md | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3be19f00..11b5d39a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-01-10 + +## ChatGPT support + +Thanks to [@bertybuttface](https://github.com/bertybuttface), the playbook can now help you set up [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) - a bot through which you can talk to the [ChatGPT](https://openai.com/blog/chatgpt/) model. + +See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md) documentation to get started. + + # 2022-11-30 ## matrix-postgres-backup has been replaced by the com.devture.ansible.role.postgres_backup external role diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 27ff1bae..f9af7c6b 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -161,7 +161,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bots -- [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) - talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client (optional) +- [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) - a bot through which you can talk to the [ChatGPT](https://openai.com/blog/chatgpt/) model(optional) - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional) From 275a739b22d7375e3e07b3d91785e1fe5b2e4597 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 10:38:54 +0200 Subject: [PATCH 038/143] Announce maurtix-slack Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2227 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-bridge-appservice-slack.md | 2 +- docs/configuring-playbook-bridge-mx-puppet-slack.md | 3 +-- docs/configuring-playbook.md | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11b5d39a..daf3e97b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-01-11 + +## mautrix-slack support + +Thanks to [Cody Neiman](https://github.com/xangelix)'s efforts, the playbook now supports bridging to [Slack](https://slack.com/) via the [mautrix-slack](https://mau.dev/mautrix/slack) bridge. See our [Setting up Mautrix Slack bridging](docs/configuring-playbook-bridge-mautrix-slack.md) documentation page for getting started. + +**Note**: this is a new Slack bridge. The playbook still retains Slack bridging via [matrix-appservice-slack](docs/configuring-playbook-bridge-appservice-slack.md) and [mx-puppet-slack](docs/configuring-playbook-bridge-mx-puppet-slack.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). + + # 2023-01-10 ## ChatGPT support diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index fc2bf166..3e6f798e 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -1,6 +1,6 @@ # Setting up Appservice Slack (optional) -**Note**: bridging to [Slack](https://slack.com) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) bridge supported by the playbook. +**Note**: bridging to [Slack](https://slack.com) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook. The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index 8db159d7..c195b8b5 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -1,8 +1,7 @@ # Setting up MX Puppet Slack (optional) **Note**: bridging to [Slack](https://slack.com) can also happen via the -[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) -bridge supported by the playbook. +[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook. The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of [mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index f9af7c6b..b2724598 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -106,6 +106,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional) +- [Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md) (optional) + - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional) From ecb5c077f6d5eb4fb0ee6a2a7de42abde84c9629 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 10:41:09 +0200 Subject: [PATCH 039/143] Fix typo (too -> to) --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index daf3e97b..e01d69d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Thanks to [Cody Neiman](https://github.com/xangelix)'s efforts, the playbook now supports bridging to [Slack](https://slack.com/) via the [mautrix-slack](https://mau.dev/mautrix/slack) bridge. See our [Setting up Mautrix Slack bridging](docs/configuring-playbook-bridge-mautrix-slack.md) documentation page for getting started. -**Note**: this is a new Slack bridge. The playbook still retains Slack bridging via [matrix-appservice-slack](docs/configuring-playbook-bridge-appservice-slack.md) and [mx-puppet-slack](docs/configuring-playbook-bridge-mx-puppet-slack.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). +**Note**: this is a new Slack bridge. The playbook still retains Slack bridging via [matrix-appservice-slack](docs/configuring-playbook-bridge-appservice-slack.md) and [mx-puppet-slack](docs/configuring-playbook-bridge-mx-puppet-slack.md). You're free to use the bridge that serves you better, or even all three of them (for different users and use-cases). # 2023-01-10 @@ -371,7 +371,7 @@ matrix_homeserver_implementation: conduit Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started. -**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free to use the bridge that serves you better, or even all three of them (for different users and use-cases). # 2022-07-27 From 0c472c172ec5636b3e7e8ee6abd1c81c74bd47da Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 13:51:35 +0200 Subject: [PATCH 040/143] Upgrade mjolnir (v1.6.1 -> v1.6.3) --- roles/custom/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index b17f2f4b..e6e0fab5 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.6.1" +matrix_bot_mjolnir_version: "v1.6.3" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From a529bca7566710675cbe5f743a1dd8eba7854cf7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 15:05:49 +0200 Subject: [PATCH 041/143] Add justfile We keep the Makefile for now, but don't mention it to new users anymore. --- docs/installing.md | 6 ++-- docs/maintenance-upgrading-services.md | 4 +-- docs/prerequisites.md | 2 +- docs/registering-users.md | 10 +++++- justfile | 44 ++++++++++++++++++++++++++ playbooks/matrix.yml | 2 +- 6 files changed, 61 insertions(+), 7 deletions(-) create mode 100644 justfile diff --git a/docs/installing.md b/docs/installing.md index 3bbc9a44..7e2edf6c 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -2,7 +2,7 @@ If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure. -**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the `roles` commands seen in the `Makefile`. +**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`. ## Playbook tags introduction @@ -57,7 +57,7 @@ Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-t If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet. Starting its services or messing with its database now will affect your data import later on. -To do the installation **without** starting services, run only the `setup-all` tag: +To do the installation **without** starting services, run only the `install-all` tag: ```sh ansible-playbook -i inventory/hosts setup.yml --tags=install-all @@ -88,6 +88,8 @@ Feel free to **re-run the setup command any time** you think something is off wi Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction) +A way to invoke these `ansible-playbook` commands with less typing in the future is to use [just](https://github.com/casey/just) to run them: `just install-all` or `just setup-all`. See [our `justfile`](../../justfile) for more information. + ## 3. Finalize the installation diff --git a/docs/maintenance-upgrading-services.md b/docs/maintenance-upgrading-services.md index d1c707fd..b65eadd7 100644 --- a/docs/maintenance-upgrading-services.md +++ b/docs/maintenance-upgrading-services.md @@ -10,8 +10,8 @@ To upgrade services: - take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of -- download the upstream Ansible roles used by the playbook by running `make roles` +- download the upstream Ansible roles used by the playbook by running `just roles` -- re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start` +- re-run the [playbook setup](installing.md) and restart all services: `just setup-all` **Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). diff --git a/docs/prerequisites.md b/docs/prerequisites.md index c0a90640..83ae42da 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -22,7 +22,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you - [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components. -- [`make`](https://www.gnu.org/software/make/) for running `make roles`, etc. (see [`Makefile`](../Makefile)), although you can also run these commands manually (without `make`) +- [`just`](https://github.com/casey/just) for running `just roles`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually - An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). diff --git a/docs/registering-users.md b/docs/registering-users.md index 321346b6..51fdef34 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -16,13 +16,21 @@ Table of contents: You can do it via this Ansible playbook (make sure to edit the `` and `` part below): +```sh +just register-user + +# Example: `just register-user john secret-password yes` ``` + +**or** by invoking `ansible-playbook` manually: + +```sh ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password= admin=' --tags=register-user ``` **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)): -``` +```sh /matrix/synapse/bin/register-user ``` diff --git a/justfile b/justfile new file mode 100644 index 00000000..4b6dfbfb --- /dev/null +++ b/justfile @@ -0,0 +1,44 @@ +# Shows help +default: + @just --list --justfile {{ justfile() }} + +# Pulls external Ansible roles +roles: + rm -rf roles/galaxy + ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force + +# Runs ansible-lint against all roles in the playbook +lint: + ansible-lint + +# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments +install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args) + +# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments +setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args) + +# Runs the playbook with the given list of arguments +run +extra_args: + time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }} + +# Runs the playbook with the given list of comma-separated tags and optional arguments +run-tags tags *extra_args: + just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }} + +# Runs the playbook in user-registration mode +register-user username password admin_yes_or_no *extra_args: + time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }} + +# Starts all services +start-all *extra_args: (run-tags "start-all" extra_args) + +# Starts a specific service group +start-group group *extra_args: + @just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }} + +# Stops all services +stop-all *extra_args: (run-tags "stop-all" extra_args) + +# Stops a specific service group +stop-group group *extra_args: + @just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }} diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 1723d8af..409328ae 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -4,7 +4,7 @@ become: true roles: - # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`). + # Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`). - role: galaxy/com.devture.ansible.role.playbook_help - role: galaxy/com.devture.ansible.role.systemd_docker_base From 17438bd0dd9aba21841820877b107e753a0de134 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 19:24:35 +0200 Subject: [PATCH 042/143] Upgrade mjolnir (v1.6.3 -> v1.6.4) --- roles/custom/matrix-bot-mjolnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-mjolnir/defaults/main.yml b/roles/custom/matrix-bot-mjolnir/defaults/main.yml index e6e0fab5..ecbbdb88 100644 --- a/roles/custom/matrix-bot-mjolnir/defaults/main.yml +++ b/roles/custom/matrix-bot-mjolnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_mjolnir_enabled: true -matrix_bot_mjolnir_version: "v1.6.3" +matrix_bot_mjolnir_version: "v1.6.4" matrix_bot_mjolnir_container_image_self_build: false matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" From ab8cb21a45b316ea4d8307a5548606de80651c07 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 11 Jan 2023 19:25:07 +0200 Subject: [PATCH 043/143] Upgrade matrix-chatgpt (1.2.1 -> 1.2.2) --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 361aa351..3efb0030 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.2.1 +matrix_bot_chatgpt_version: 1.2.2 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" From 673ee508dcc4612b5466e569744803bf1f03f5c0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 12 Jan 2023 11:25:00 +0200 Subject: [PATCH 044/143] Upgrade matrix-chatgpt (1.2.2 -> 1.2.3) --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 3efb0030..d6119ca6 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.2.2 +matrix_bot_chatgpt_version: 1.2.3 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" From fb60ba67f646288b40818a555bb716405e144956 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 13 Jan 2023 09:18:27 +0200 Subject: [PATCH 045/143] Announce just --- CHANGELOG.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e01d69d6..b66cc8ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,26 @@ +# 2023-01-13 + +## Support for running commands via just + +We've previously used [make](https://www.gnu.org/software/make/) for easily running some playbook commands (e.g. `make roles` which triggers `ansible-galaxy`, see [Makefile](Makefile)). +Our `Makefile` is still around and you can still run these commands. + +In addition, we've added support for running commands via [just](https://github.com/casey/just) - a more modern command-runner alternative to `make`. Instead of `make roles`, you can now run `just roles` to accomplish the same. + +Our [justfile](justfile) already defines some additional helpful **shortcut** commands that weren't part of our `Makefile`. Here are some examples: + +- `just install-all` to trigger the much longer `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start` command +- `just install-all --ask-vault-pass` - commands also support additional arguments (`--ask-vault-pass` will be appended to the above installation command) +- `just run-tags install-mautrix-slack,start` - to run specific playbook tags +- `just start-all` - (re-)starts all services +- `just stop-group postgres` - to stop only the Postgres service +- `just register-user john secret-password yes` - registers a `john` user with the `secret-password` password and admin access (admin = `yes`) + +Additional helpful commands and shortcuts may be defined in the future. + +This is all completely optional. If you find it difficult to [install `just`](https://github.com/casey/just#installation) or don't find any of this convenient, feel free to run all commands manually. + + # 2023-01-11 ## mautrix-slack support From c874830de36fb9f47ee5333213a160023306bd4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 13 Jan 2023 09:42:04 +0200 Subject: [PATCH 046/143] Upgrade com.devture.ansible.role.postgres The new version uses the corresponding container image when running vacuum, not the latest Postgres version. --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 93c80215..e52cec11 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,7 +19,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: e75973e3a4edc12dfc3e880e43b12ebecbf82c61 + version: 867b5b083f48d75c2fb64eb20c9d65e119d02cfd - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b From 4c5d945ad3d10d8394c8f284b78cfc86458137d5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 13 Jan 2023 18:12:22 +0200 Subject: [PATCH 047/143] Upgrade com.devture.ansible.role.postgres --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index e52cec11..6006ebbf 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,7 +19,7 @@ version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 - src: git+https://github.com/devture/com.devture.ansible.role.postgres.git - version: 867b5b083f48d75c2fb64eb20c9d65e119d02cfd + version: a1bb78d194434b38005f3a9e623bfa4b2c06c7bc - src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b From ae1ad3baf6aa20ad353920d05b2dcbba0a9d3ff3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 13 Jan 2023 18:17:52 +0200 Subject: [PATCH 048/143] Improve block tasks indentation to make yamllint happy Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2392 --- .../tasks/setup_install.yml | 32 +++++++-------- .../tasks/prepare_themes.yml | 40 +++++++++---------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml index 647aabf4..307542f7 100644 --- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml @@ -2,25 +2,25 @@ - when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == '' block: - - name: Fail with matrix_backup_borg_version advice if Postgres not enabled - ansible.builtin.fail: - msg: >- - You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. - Consider setting `matrix_backup_borg_version` to your Postgres version manually. - when: not devture_postgres_enabled + - name: Fail with matrix_backup_borg_version advice if Postgres not enabled + ansible.builtin.fail: + msg: >- + You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. + Consider setting `matrix_backup_borg_version` to your Postgres version manually. + when: not devture_postgres_enabled - - ansible.builtin.include_role: - name: galaxy/com.devture.ansible.role.postgres - tasks_from: detect_existing_postgres_version + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: detect_existing_postgres_version - - name: Fail if detected Postgres version is unsupported - ansible.builtin.fail: - msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" - when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" + - name: Fail if detected Postgres version is unsupported + ansible.builtin.fail: + msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql" + when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions" - - name: Set the correct borg backup version to use - ansible.builtin.set_fact: - matrix_backup_borg_version: "{{ devture_postgres_detected_version }}" + - name: Set the correct borg backup version to use + ansible.builtin.set_fact: + matrix_backup_borg_version: "{{ devture_postgres_detected_version }}" - name: Ensure borg paths exist ansible.builtin.file: diff --git a/roles/custom/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml index 3f5c9783..70646c94 100644 --- a/roles/custom/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -9,29 +9,29 @@ delegate_to: 127.0.0.1 become: false block: - - name: Ensure Element themes repository is pulled - ansible.builtin.git: - repo: "{{ matrix_client_element_themes_repository_url }}" - version: "{{ matrix_client_element_themes_repository_version }}" - dest: "{{ role_path }}/files/scratchpad/themes" + - name: Ensure Element themes repository is pulled + ansible.builtin.git: + repo: "{{ matrix_client_element_themes_repository_url }}" + version: "{{ matrix_client_element_themes_repository_version }}" + dest: "{{ role_path }}/files/scratchpad/themes" - - name: Find all Element theme files - ansible.builtin.find: - paths: "{{ role_path }}/files/scratchpad/themes" - patterns: "*.json" - recurse: true - register: matrix_client_element_theme_file_list + - name: Find all Element theme files + ansible.builtin.find: + paths: "{{ role_path }}/files/scratchpad/themes" + patterns: "*.json" + recurse: true + register: matrix_client_element_theme_file_list - - name: Read Element theme - ansible.builtin.slurp: - path: "{{ item.path }}" - register: "matrix_client_element_theme_file_contents" - with_items: "{{ matrix_client_element_theme_file_list.files }}" + - name: Read Element theme + ansible.builtin.slurp: + path: "{{ item.path }}" + register: "matrix_client_element_theme_file_contents" + with_items: "{{ matrix_client_element_theme_file_list.files }}" - - name: Load Element theme - ansible.builtin.set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming - with_items: "{{ matrix_client_element_theme_file_contents.results }}" + - name: Load Element theme + ansible.builtin.set_fact: + matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming + with_items: "{{ matrix_client_element_theme_file_contents.results }}" # # Tasks related to getting rid of Element themes (if it was previously enabled) From ada582bc9fc68686bbf50fac78255b67ced05946 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Jan 2023 16:25:02 +0000 Subject: [PATCH 049/143] Bump frenck/action-yamllint from 1.3.1 to 1.4.0 Bumps [frenck/action-yamllint](https://github.com/frenck/action-yamllint) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/frenck/action-yamllint/releases) - [Commits](https://github.com/frenck/action-yamllint/compare/v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: frenck/action-yamllint dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 281b1496..8fd82142 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run yamllint - uses: frenck/action-yamllint@v1.3.1 + uses: frenck/action-yamllint@v1.4.0 ansible-lint: name: ansible-lint runs-on: ubuntu-latest From e8c6267e9a9be2caa3ca3ad17e1bd845b7a15dda Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 13 Jan 2023 16:30:18 +0000 Subject: [PATCH 050/143] Update jitsi stable-8138-1 -> stable-8218 --- roles/custom/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml index ce4d19cc..da166cd8 100644 --- a/roles/custom/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-8138-1 +matrix_jitsi_version: stable-8218 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From 627d8557ae77158087d841aa649a7c55a5242e6a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 13 Jan 2023 16:31:19 +0000 Subject: [PATCH 051/143] Update hookshot 2.5.0 -> 2.6.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 14c0e6df..505e4251 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.5.0 +matrix_hookshot_version: 2.6.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From d1b4a6ebe1e868c4665f7d8fd077ecf8618fab7a Mon Sep 17 00:00:00 2001 From: Aine Date: Sat, 14 Jan 2023 15:26:58 +0200 Subject: [PATCH 052/143] unify docker images urls --- roles/custom/matrix-bot-maubot/defaults/main.yml | 3 ++- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 6 ++++-- .../custom/matrix-bridge-mautrix-telegram/defaults/main.yml | 6 ++++-- .../matrix-prometheus-postgres-exporter/defaults/main.yml | 3 ++- roles/custom/matrix-synapse/defaults/main.yml | 6 ++++-- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 71353914..525b5e9e 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -11,7 +11,8 @@ matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version matrix_bot_maubot_version: v0.3.1 -matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}" +matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" +matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot" diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 3bdb02c8..953d1707 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -12,7 +12,8 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautri matrix_mautrix_signal_version: v0.4.2 matrix_mautrix_signal_daemon_version: 0.23.1 # See: https://mau.dev/mautrix/signal/container_registry -matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}" +matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}" +matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_daemon_container_image_self_build: false @@ -20,7 +21,8 @@ matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald" matrix_mautrix_signal_daemon_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_daemon_version == 'latest' else matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src" -matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image: "{{ matrix_mautrix_signal_daemon_docker_image_name_prefix }}signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}" +matrix_mautrix_signal_daemon_docker_image_name_prefix: "docker.io/" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}" matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}" diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml index 5d2c0c88..1221da84 100644 --- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -9,7 +9,8 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git" matrix_telegram_lottieconverter_docker_repo_version: "master" matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src" -matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image: "{{ matrix_telegram_lottieconverter_docker_image_name_prefix }}tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram +matrix_telegram_lottieconverter_docker_image_name_prefix: "{{ 'localhost/' if matrix_telegram_lottieconverter_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_telegram_container_image_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" @@ -18,7 +19,8 @@ matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/maut matrix_mautrix_telegram_version: v0.12.2 # See: https://mau.dev/mautrix/telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" +matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}" +matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" diff --git a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml index 5fc8e919..78481a32 100644 --- a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -7,7 +7,8 @@ matrix_prometheus_postgres_exporter_enabled: false matrix_prometheus_postgres_exporter_version: v0.11.1 matrix_prometheus_postgres_exporter_port: 9187 -matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" +matrix_prometheus_postgres_exporter_docker_image: "{{ matrix_prometheus_postgres_exporter_docker_image_name_prefix }}prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" +matrix_prometheus_postgres_exporter_docker_image_name_prefix: "quay.io/" matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_prometheus_postgres_exporter_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index b0661521..a58d1333 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -819,7 +819,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0 matrix_s3_media_store_enabled: false matrix_s3_media_store_custom_endpoint_enabled: false -matrix_s3_goofys_docker_image: "docker.io/ewoutp/goofys:latest" +matrix_s3_goofys_docker_image: "{{ matrix_s3_goofys_docker_image_name_prefix }}ewoutp/goofys:latest" +matrix_s3_goofys_docker_image_name_prefix: "docker.io/" matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}" matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" matrix_s3_media_store_bucket_name: "your-bucket-name" @@ -895,7 +896,8 @@ matrix_synapse_redaction_retention_period: 7d matrix_synapse_user_ips_max_age: 28d -matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest" +matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest" +matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/" matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}" matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state" From 34c448c3bbb88948878a365c2893d8aa64ffc369 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 15 Jan 2023 11:07:19 +0200 Subject: [PATCH 053/143] Upgrade Cinny (2.2.2 -> 2.2.3) --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index de974eb1..98c32745 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.2.2 +matrix_client_cinny_version: v2.2.3 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From 5c8bad60914f08ac4715085c87fa631e1b551d11 Mon Sep 17 00:00:00 2001 From: Aine Date: Mon, 16 Jan 2023 12:11:01 +0200 Subject: [PATCH 054/143] update borg image tag --- roles/custom/matrix-backup-borg/defaults/main.yml | 5 ++++- roles/custom/matrix-backup-borg/tasks/setup_install.yml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml index 472abe97..b8796c92 100644 --- a/roles/custom/matrix-backup-borg/defaults/main.yml +++ b/roles/custom/matrix-backup-borg/defaults/main.yml @@ -11,8 +11,11 @@ matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic" matrix_backup_borg_docker_repo_version: main matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src" -# version determined automatically, based on postgres server version (if enabled), otherwise latest is used +# image and postgres version determined automatically, based on detected postgres server version (if enabled), otherwise latest is used matrix_backup_borg_version: "" +matrix_backup_borg_postgres_version: "" +matrix_backup_borg_borg_version: 1.2.3 +matrix_backup_borg_borgmatic_version: 1.7.5 matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}" diff --git a/roles/custom/matrix-backup-borg/tasks/setup_install.yml b/roles/custom/matrix-backup-borg/tasks/setup_install.yml index 307542f7..41d95371 100644 --- a/roles/custom/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/custom/matrix-backup-borg/tasks/setup_install.yml @@ -20,7 +20,7 @@ - name: Set the correct borg backup version to use ansible.builtin.set_fact: - matrix_backup_borg_version: "{{ devture_postgres_detected_version }}" + matrix_backup_borg_version: "{{ devture_postgres_detected_version }}-{{ matrix_backup_borg_borg_version }}-{{ matrix_backup_borg_borgmatic_version }}" - name: Ensure borg paths exist ansible.builtin.file: From e053b2b0fcfe187f7729561bcf852d5d2ca1ac28 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 16 Jan 2023 13:17:02 +0000 Subject: [PATCH 055/143] update mautrix-whatsapp 0.8.0 -> 0.8.1 --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 3a722eeb..449ace05 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.8.0 +matrix_mautrix_whatsapp_version: v0.8.1 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From 3ff6e755a9d315e7d183cbc61d7b73c8b474015f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 16 Jan 2023 18:52:22 +0200 Subject: [PATCH 056/143] Upgrade Hookshot (2.6.0 -> 2.6.1) --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 505e4251..4c38ec22 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.6.0 +matrix_hookshot_version: 2.6.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From f64745c6ace555b113c0af84a61b20e9a35c4cfb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Jan 2023 14:47:53 +0200 Subject: [PATCH 057/143] Upgrade com.devture.ansible.role.timesync Related to https://github.com/devture/com.devture.ansible.role.timesync --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 6006ebbf..00f80fad 100644 --- a/requirements.yml +++ b/requirements.yml @@ -13,7 +13,7 @@ version: 327d2e17f5189ac2480d6012f58cf64a2b46efba - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - version: 660f384f176a9ea3b5cc702bde39e7dc10bf6186 + version: 16c8a8995ee442dd1e2afb1880bec1c38994bc12 - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 From c27021b29b0f2987dd651bf448c2f782d6190d15 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Jan 2023 14:51:00 +0200 Subject: [PATCH 058/143] Upgrade com.devture.ansible.role.timesync --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 00f80fad..03eed35d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -13,7 +13,7 @@ version: 327d2e17f5189ac2480d6012f58cf64a2b46efba - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git - version: 16c8a8995ee442dd1e2afb1880bec1c38994bc12 + version: 3d5bb2976815958cdce3f368fa34fb51554f899b - src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16 From 34745b5206247b795f89fd3a04224aafda432c88 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Jan 2023 15:53:26 +0200 Subject: [PATCH 059/143] Upgrade Synapse (v1.74.0 -> v1.75.0) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index a58d1333..7c5496fa 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: '' matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.74.0 +matrix_synapse_version: v1.75.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 424f79df3a071328b6e2ddc5dab29cdf854c678e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 17 Jan 2023 15:55:49 +0200 Subject: [PATCH 060/143] Replace synapse.app.pusher and synapse.app.federation_sender with synapse.app.generic_worker Related to https://github.com/matrix-org/synapse/commit/3479599387164aca2613e88d169719 --- roles/custom/matrix-synapse/tasks/synapse/workers/init.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml index d88884d0..359fe031 100644 --- a/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml +++ b/roles/custom/matrix-synapse/tasks/synapse/workers/init.yml @@ -46,7 +46,7 @@ id: "federation-sender-{{ item }}" name: "matrix-synapse-worker-federation-sender-{{ item }}" type: 'federation_sender' - app: 'federation_sender' + app: 'generic_worker' webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}" @@ -58,14 +58,13 @@ matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}" with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}" -# This type of worker can only have a count of 1, at most - name: Build pusher workers ansible.builtin.set_fact: worker: id: "pusher-{{ item }}" name: "matrix-synapse-worker-pusher-{{ item }}" type: 'pusher' - app: 'pusher' + app: 'generic_worker' webserving: false port: 0 metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}" From 903db549590222206058f9f3154680d44932e13a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 Jan 2023 13:37:03 +0000 Subject: [PATCH 061/143] Update postmoogle 0.9.10 -> 0.9.11 --- roles/custom/matrix-bot-postmoogle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index b8e42828..48a2b45c 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.10 +matrix_bot_postmoogle_version: v0.9.11 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" From 2fc02abfdc57fafa57344b5b464db52a77adf379 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 Jan 2023 13:52:44 +0000 Subject: [PATCH 062/143] Update buscarron v1.3.0 -> v1.3.1 --- roles/custom/matrix-bot-buscarron/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 60ed165c..f887e262 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git" matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src" -matrix_bot_buscarron_version: v1.3.0 +matrix_bot_buscarron_version: v1.3.1 matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etke.cc/buscarron:{{ matrix_bot_buscarron_version }}" matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}" From ecb173c8d4b71252a2d50f80c67f4b633a1925c0 Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Wed, 18 Jan 2023 10:30:09 -0500 Subject: [PATCH 063/143] Update installing.md --- docs/installing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/installing.md b/docs/installing.md index 7e2edf6c..fccc1caf 100644 --- a/docs/installing.md +++ b/docs/installing.md @@ -2,7 +2,7 @@ If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure. -**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`. +**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](../justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`. ## Playbook tags introduction @@ -88,7 +88,7 @@ Feel free to **re-run the setup command any time** you think something is off wi Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction) -A way to invoke these `ansible-playbook` commands with less typing in the future is to use [just](https://github.com/casey/just) to run them: `just install-all` or `just setup-all`. See [our `justfile`](../../justfile) for more information. +A way to invoke these `ansible-playbook` commands with less typing in the future is to use [just](https://github.com/casey/just) to run them: `just install-all` or `just setup-all`. See [our `justfile`](../justfile) for more information. ## 3. Finalize the installation From 63a3764f51d67947ba84330895da5aad6616b318 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 18 Jan 2023 15:45:04 +0000 Subject: [PATCH 064/143] Update element 1.11.17 -> 1.11.18 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index d359108c..551ee766 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.17 +matrix_client_element_version: v1.11.18 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 6c332da7d3c275a043d3a977983984daf162067d Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Thu, 19 Jan 2023 01:21:14 +0000 Subject: [PATCH 065/143] Fix ChatGPT container This container needs a writable $HOME, and will fail at startup if there isn't one. Provide one by pointing HOME to a path under the mounted /data directory. --- .../templates/systemd/matrix-bot-chatgpt.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 index 4a528126..8e4a5020 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 @@ -25,6 +25,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --network={{ matrix_docker_network }} \ --env-file={{ matrix_bot_chatgpt_config_path }}/env \ --mount type=bind,src={{ matrix_bot_chatgpt_data_path }},dst=/data \ + --env HOME=/data/home \ {% for arg in matrix_bot_chatgpt_container_extra_arguments %} {{ arg }} \ {% endfor %} From 8804a158216d535772fd5d8687f4434e60211b39 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 19 Jan 2023 05:10:49 +0000 Subject: [PATCH 066/143] Update element 1.11.18 -> 1.11.19 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 551ee766..f45b6166 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.18 +matrix_client_element_version: v1.11.19 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 36ef2c6131ae355e341c8d9b3f77949bcc8bf68d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Jan 2023 16:59:37 +0200 Subject: [PATCH 067/143] Do not recommend SSE-C in default s3-storage-provider config This is an advanced feature with dubious usefulness. Putting it in the default config just confuses people. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2220 --- docs/configuring-playbook-synapse-s3-storage-provider.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 4f6314e4..6022eaad 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -39,13 +39,6 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key- matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc. -# S3 Server Side Encryption with a Customer provided key (SSE-C) can also be configured as follows -# This is not recommended unless you understand what you are doing, and may make restoring from backups additionally challenging -# You can read more about SSE-C here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html -matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true -matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | base64 | head -c 32 -matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256 - # For additional advanced settings, take a look at `roles/custom/matrix-synapse/defaults/main.yml` ``` From 910c99d03ddbde556130744c0d9a4dd41f6d317c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Jan 2023 17:13:36 +0200 Subject: [PATCH 068/143] Improve "Copying data to Amazon S3" documentation for synapse-s3-storage-provider --- ...uring-playbook-synapse-s3-storage-provider.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 6022eaad..2647a77b 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -93,13 +93,21 @@ To migrate your existing local data to S3, we recommend to: #### Copying data to Amazon S3 -Generally, you need to use the `aws s3` tool. +To copy to AWS S3, start a container on the Matrix server like this: -This documentation section could use an improvement. Ideally, we'd come up with a guide like the one used in [Copying data to Backblaze B2](#copying-data-to-backblaze-b2) - running `aws s3` in a container, etc. +```sh +docker run -it --rm \ +-w /work \ +--env-file=/matrix/synapse/ext/s3-storage-provider/env \ +--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ +--entrypoint=/bin/sh \ +docker.io/amazon/aws-cli:2.9.16 \ +-c 'aws s3 sync /work/. s3://$BUCKET/' +``` #### Copying data to Backblaze B2 -To copy to Backblaze B2, start a container like this: +To copy to Backblaze B2, start a container on the Matrix server like this: ```sh docker run -it --rm \ @@ -109,7 +117,7 @@ docker run -it --rm \ --env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \ --mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \ --entrypoint=/bin/sh \ -tianon/backblaze-b2:3.6.0 \ +docker.io/tianon/backblaze-b2:3.6.0 \ -c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer' ``` From 4ec602983fca72979503980784456e5221fb0b6a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Jan 2023 17:13:55 +0200 Subject: [PATCH 069/143] Remove scary synapse-s3-storage-provider warning --- docs/configuring-playbook-synapse-s3-storage-provider.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index 2647a77b..c42df7a6 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -3,8 +3,6 @@ If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service), you can use the [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) media provider module for Synapse. -**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.** - An alternative (which has worse performance) is to use [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md). From b7b5c7edb77c5d1243656b62d1d59ed694252d8a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 19 Jan 2023 17:16:21 +0200 Subject: [PATCH 070/143] Improve s3-storage-provider migration steps visibility --- docs/configuring-playbook-synapse-s3-storage-provider.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md index c42df7a6..d5d5ca5e 100644 --- a/docs/configuring-playbook-synapse-s3-storage-provider.md +++ b/docs/configuring-playbook-synapse-s3-storage-provider.md @@ -66,11 +66,11 @@ This launches a Synapse container, which has access to the local media store, Po Then use the following commands (`$` values come from environment variables - they're **not placeholders** that you need to substitute): -- `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on +1. `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on - `$UPDATE_DB_DURATION` is influenced by the `matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count` variable (defaults to `0`) - `$UPDATE_DB_DURATION` defaults to `0d` (0 days), which means **include files which haven't been accessed for more than 0 days** (that is, **all files will be included**). -- `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory -- `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory +2. `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory +3. `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory The `s3_media_upload upload` command may take a lot of time to complete. From b4c36eb8cac7807223bb86a40280609897aeb9b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Jan 2023 16:03:54 +0000 Subject: [PATCH 071/143] Bump ansible-community/ansible-lint-action from 6.10.2 to 6.11.0 Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.10.2 to 6.11.0. - [Release notes](https://github.com/ansible-community/ansible-lint-action/releases) - [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.10.2...v6.11.0) --- updated-dependencies: - dependency-name: ansible-community/ansible-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/matrix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 8fd82142..2f9e7953 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -21,6 +21,6 @@ jobs: - name: Check out uses: actions/checkout@v3 - name: Run ansible-lint - uses: ansible-community/ansible-lint-action@v6.10.2 + uses: ansible-community/ansible-lint-action@v6.11.0 with: path: roles/custom From b71e26722155c47fc847ea6fef08ef8b1d04525d Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 20 Jan 2023 18:38:14 +0000 Subject: [PATCH 072/143] Update element 1.11.19 -> 1.11.20 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f45b6166..f13ad035 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.19 +matrix_client_element_version: v1.11.20 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 32292b1f02bbf4dcd2cdb7fa76196d367dae1733 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 20 Jan 2023 18:39:05 +0000 Subject: [PATCH 073/143] Update hookshot 2.6.1 -> 2.7.0 --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 4c38ec22..aa4ae45c 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 2.6.1 +matrix_hookshot_version: 2.7.0 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From 9ed2e04d808593c146d81b361baa57c078364dfd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 21 Jan 2023 11:07:04 +0200 Subject: [PATCH 074/143] Switch from matrix-prometheus-node-exporter to an external prometheus_node_exporter role --- CHANGELOG.md | 15 +++++ ...configuring-playbook-prometheus-grafana.md | 10 +-- group_vars/matrix_servers | 27 ++++++-- playbooks/matrix.yml | 3 +- requirements.yml | 3 + .../defaults/main.yml | 67 ------------------- .../tasks/main.yml | 26 ------- .../tasks/setup_install.yml | 19 ------ .../tasks/setup_uninstall.yml | 20 ------ ...matrix-prometheus-node-exporter.service.j2 | 44 ------------ .../vars/main.yml | 5 -- .../defaults/main.yml | 15 +++++ .../tasks/main.yml | 19 ++++++ .../inject_into_nginx_proxy.yml | 19 ++---- .../defaults/main.yml | 4 ++ .../tasks/validate_config.yml | 16 +++++ 16 files changed, 104 insertions(+), 208 deletions(-) delete mode 100644 roles/custom/matrix-prometheus-node-exporter/defaults/main.yml delete mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/main.yml delete mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml delete mode 100644 roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml delete mode 100644 roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 delete mode 100644 roles/custom/matrix-prometheus-node-exporter/vars/main.yml create mode 100644 roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml create mode 100644 roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml rename roles/custom/{matrix-prometheus-node-exporter/tasks => matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter}/inject_into_nginx_proxy.yml (51%) create mode 100644 roles/custom/matrix_playbook_migration/defaults/main.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index b66cc8ba..e4607148 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2023-01-21 + +## The matrix-prometheus-node-exporter role lives independently now + +**TLDR**: the `matrix-prometheus-node-exporter` role is now included from another repository. Some variables have been renamed. All functionality remains intact. + +The `matrix-prometheus-node-exporter` role (which configures [Prometheus node exporter](https://github.com/prometheus/node_exporter)) has been extracted from the playbook and now lives in its own repository at https://gitlab.com/etke.cc/roles/prometheus_node_exporter. + +It's still part of the playbook, but is now installed via `ansible-galaxy` (by running `just roles` / `make roles`). Some variables have been renamed (`matrix_prometheus_node_exporter_` -> `prometheus_node_exporter_`, etc.). The playbook will report all variables that you need to rename to get upgraded. All functionality remains intact. + +A new `matrix-prometheus-services-proxy-connect` role was added to the playbook to help integrate the new `prometheus_node_exporter` role with our own services (`matrix-nginx-proxy`) + +Other roles which aren't strictly related to Matrix are likely to follow this fate of moving to their own repositories. Extracting them out allows other Ansible playbooks to make use of these roles easily. + + # 2023-01-13 ## Support for running commands via just diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 0b785c35..703c03b2 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -10,7 +10,7 @@ Remember to add `stats.` to DNS as described in [Configuring DNS](c matrix_prometheus_enabled: true # You can remove this, if unnecessary. -matrix_prometheus_node_exporter_enabled: true +prometheus_node_exporter_enabled: true # You can remove this, if unnecessary. matrix_prometheus_postgres_exporter_enabled: true @@ -40,7 +40,7 @@ The retention policy of Prometheus metrics is [15 days by default](https://prome Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. -`matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures +`prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures `matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in @@ -52,7 +52,7 @@ Name | Description Metrics and resulting graphs can contain a lot of information. This includes system specs but also usage patterns. This applies especially to small personal/family scale homeservers. Someone might be able to figure out when you wake up and go to sleep by looking at the graphs over time. Think about this before enabling anonymous access. And you should really not forget to change your Grafana password. -Most of our docker containers run with limited system access, but the `prometheus-node-exporter` has access to the host network stack and (readonly) root filesystem. This is required to report on them. If you don't like that, you can set `matrix_prometheus_node_exporter_enabled: false` (which is actually the default). You will still get Synapse metrics with this container disabled. Both of the dashboards will always be enabled, so you can still look at historical data after disabling either source. +Most of our docker containers run with limited system access, but the `prometheus-node-exporter` has access to the host network stack and (readonly) root filesystem. This is required to report on them. If you don't like that, you can set `prometheus_node_exporter_enabled: false` (which is actually the default). You will still get Synapse metrics with this container disabled. Both of the dashboards will always be enabled, so you can still look at historical data after disabling either source. ## Collecting metrics to an external Prometheus server @@ -74,8 +74,8 @@ Name | Description `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) `matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). -`matrix_prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) -`matrix_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) +`matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0e6e3691..70abde3a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -301,7 +301,7 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else []) + - ([{'name': 'matrix-prometheus-node-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_node_exporter_enabled else []) + ([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if prometheus_node_exporter_enabled else []) + ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else []) + @@ -2927,15 +2927,28 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture not in ###################################################################### # -# matrix-prometheus-node-exporter +# etke/prometheus_node_exporter # ###################################################################### -matrix_prometheus_node_exporter_enabled: false +prometheus_node_exporter_enabled: false + +prometheus_node_exporter_identifier: matrix-prometheus-node-exporter + +prometheus_node_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-node-exporter" + +prometheus_node_exporter_uid: "{{ matrix_user_uid }}" +prometheus_node_exporter_gid: "{{ matrix_user_gid }}" + +prometheus_node_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}" + +prometheus_node_exporter_container_network: "{{ matrix_docker_network }}" + +prometheus_node_exporter_container_labels_traefik_enabled: false ###################################################################### # -# /matrix-prometheus-node-exporter +# /etke/prometheus_node_exporter # ###################################################################### @@ -2971,8 +2984,8 @@ matrix_prometheus_scraper_synapse_targets: ['matrix-synapse:{{ matrix_synapse_me matrix_prometheus_scraper_synapse_workers_enabled_list: "{{ matrix_synapse_workers_enabled_list }}" matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_image_tag }}" -matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enabled }}" -matrix_prometheus_scraper_node_targets: "{{ ['matrix-prometheus-node-exporter:9100'] if matrix_prometheus_node_exporter_enabled else [] }}" +matrix_prometheus_scraper_node_enabled: "{{ prometheus_node_exporter_enabled }}" +matrix_prometheus_scraper_node_targets: "{{ [prometheus_node_exporter_identifier + ':9100'] if prometheus_node_exporter_enabled else [] }}" matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}" @@ -3030,7 +3043,7 @@ matrix_grafana_dashboard_download_urls: | {{ (matrix_synapse_grafana_dashboard_urls if matrix_homeserver_implementation == 'synapse' and matrix_synapse_metrics_enabled else []) + - (matrix_prometheus_node_exporter_dashboard_urls if matrix_prometheus_node_exporter_enabled else []) + (prometheus_node_exporter_dashboard_urls if prometheus_node_exporter_enabled else []) + (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else []) + diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 409328ae..5190521e 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -86,11 +86,12 @@ - custom/matrix-dendrite - custom/matrix-conduit - custom/matrix-synapse-admin - - custom/matrix-prometheus-node-exporter + - galaxy/prometheus_node_exporter - custom/matrix-prometheus-postgres-exporter - custom/matrix-prometheus-nginxlog-exporter - custom/matrix-prometheus - custom/matrix-grafana + - custom/matrix-prometheus-services-proxy-connect - custom/matrix-registration - custom/matrix-client-element - custom/matrix-client-hydrogen diff --git a/requirements.yml b/requirements.yml index 03eed35d..07cab197 100644 --- a/requirements.yml +++ b/requirements.yml @@ -29,3 +29,6 @@ - src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 + +- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git + version: v1.5.0-0 diff --git a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml deleted file mode 100644 index 070e8616..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/defaults/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics -# See: https://prometheus.io/docs/guides/node-exporter/ -# Project source code URL: https://github.com/prometheus/node_exporter - -matrix_prometheus_node_exporter_enabled: false - -matrix_prometheus_node_exporter_version: v1.5.0 -matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" -matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_prometheus_node_exporter_container_extra_arguments: [] - -# A list of extra arguments to pass to the node_exporter process -# -# Example: -# matrix_prometheus_node_exporter_process_extra_arguments: -# - "--collector.systemd" -# - "--collector.logind" -# -# Note: the above is just an example. Various collectors may require various tweaks to be able to run. -# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`: -# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`) -# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`) -matrix_prometheus_node_exporter_process_extra_arguments: [] - -# List of systemd services that matrix-prometheus.service depends on -matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-prometheus.service wants -matrix_prometheus_node_exporter_systemd_wanted_services_list: [] - -# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. -matrix_prometheus_node_exporter_metrics_proxying_enabled: false - -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). -# -# Takes an ":" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose. -# -# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. -# -# Official recommendations are to run this container with `--net=host`, -# but we don't do that, since it: -# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`) -# -# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, -# but that's trickier to accomplish and won't necessarily work (hasn't been tested). -# -# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate), -# because node-exporter can't see all interfaces, etc. -# For now, we'll live with that, until someone develops a better solution. -matrix_prometheus_node_exporter_container_http_host_bind_port: '' - -# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. -# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" -# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used -# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) -matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" - -# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. -# If the Grafana role is enabled, these dashboards will be downloaded. -matrix_prometheus_node_exporter_dashboard_urls: - - https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml deleted file mode 100644 index 6a0cd830..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- block: - - when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" - tags: - - setup-all - - setup-nginx-proxy - - install-all - - install-nginx-proxy - -- block: - - when: matrix_prometheus_node_exporter_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" - tags: - - setup-all - - setup-prometheus-node-exporter - - install-all - - install-prometheus-node-exporter - -- block: - - when: not matrix_prometheus_node_exporter_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - tags: - - setup-all - - setup-prometheus-node-exporter diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml deleted file mode 100644 index 3c0af96b..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Ensure matrix-prometheus-node-exporter image is pulled - community.docker.docker_image: - name: "{{ matrix_prometheus_node_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-prometheus-node-exporter.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - mode: 0644 - register: matrix_prometheus_node_exporter_systemd_service_result diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml deleted file mode 100644 index b5ef4f0f..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Check existence of matrix-prometheus-node-exporter service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - register: matrix_prometheus_node_exporter_service_stat - -- when: matrix_prometheus_node_exporter_service_stat.stat.exists | bool - block: - - name: Ensure matrix-prometheus-node-exporter is stopped - ansible.builtin.service: - name: matrix-prometheus-node-exporter - state: stopped - enabled: false - daemon_reload: true - - - name: Ensure matrix-prometheus-node-exporter.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service" - state: absent diff --git a/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 b/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 deleted file mode 100644 index 82aca453..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 +++ /dev/null @@ -1,44 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-prometheus-node-exporter -{% for service in matrix_prometheus_node_exporter_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_prometheus_node_exporter_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' - - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_prometheus_node_exporter_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_prometheus_node_exporter_container_http_host_bind_port %} - -p {{ matrix_prometheus_node_exporter_container_http_host_bind_port }}:9100 \ - {% endif %} - --pid=host \ - --mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \ - {{ matrix_prometheus_node_exporter_docker_image }} \ - --path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }} - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-prometheus-node-exporter - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix-prometheus-node-exporter/vars/main.yml b/roles/custom/matrix-prometheus-node-exporter/vars/main.yml deleted file mode 100644 index 952dc205..00000000 --- a/roles/custom/matrix-prometheus-node-exporter/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`, -# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') -matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}" diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml new file mode 100644 index 00000000..5799d053 --- /dev/null +++ b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# matrix-prometheus-services-proxy-connect is a role which helps integrate +# the various Prometheus roles, which may live outside this Matrix playbook, into it. + + +# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled: false + +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_node_exporter_container_http_host_bind_port else (prometheus_node_exporter_container_http_host_bind_port if prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml new file mode 100644 index 00000000..7f35a318 --- /dev/null +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml @@ -0,0 +1,19 @@ +--- + +- name: Fail if matrix-nginx-proxy role executed before matrix-prometheus-services-proxy-connect + ansible.builtin.fail: + msg: >- + Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-prometheus-services-proxy-connect role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- block: + - when: prometheus_node_exporter_enabled | bool and matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy diff --git a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml similarity index 51% rename from roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml rename to roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml index 24e05ed8..4c86e8aa 100644 --- a/roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml @@ -1,25 +1,16 @@ --- -- name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) ansible.builtin.set_fact: - matrix_prometheus_node_exporter_nginx_metrics_configuration_block: | + matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block: | location /metrics/node-exporter { {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-node-exporter:9100"; + set $backend "{{ prometheus_node_exporter_identifier }}:9100"; proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% elif matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} @@ -31,5 +22,5 @@ {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + - [matrix_prometheus_node_exporter_nginx_metrics_configuration_block] + [matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block] }} diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml new file mode 100644 index 00000000..b553160a --- /dev/null +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +# Controls if (`matrix_prometheus_node_exporter` -> `prometheus_node_exporter`) validation will run. +matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled: true diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index f4ce2bdc..5d22e4bf 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -34,6 +34,7 @@ - {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'} - {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'} - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'} + - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'} - name: (Deprecation) Catch and report matrix_postgres variables ansible.builtin.fail: @@ -48,3 +49,18 @@ The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }} when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict" + +- when: matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled | bool + block: + - ansible.builtin.set_fact: + matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars: |- + {{ vars | dict2items | selectattr('key', 'match', 'matrix_prometheus_node_exporter_.*') | list | items2dict }} + + - name: (Deprecation) Catch and report matrix_prometheus_node_exporter variables + ansible.builtin.fail: + msg: >- + The matrix-prometheus-node-exporter role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/prometheus_node_exporter. + The new role is compatible with the old one, but uses different names for its variables. + Please change your configuration (vars.yml) to rename all variables (`matrix_prometheus_node_exporter_` -> `prometheus_node_exporter_`). + We found usage of the following variables: {{ matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars.keys() | join(', ') }} + when: "matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars | length > 0" From 18d8d41e1454680b404e4aa92609d0cf82f1074d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Sat, 21 Jan 2023 20:54:12 +0100 Subject: [PATCH 075/143] Fix client js and css download (load compiled version) --- .../matrix-cactus-comments/defaults/main.yml | 6 ++-- .../tasks/setup_install.yml | 31 +++---------------- 2 files changed, 9 insertions(+), 28 deletions(-) diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml index 224a5348..7b12b9f1 100644 --- a/roles/custom/matrix-cactus-comments/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -31,10 +31,12 @@ matrix_cactus_comments_version: 0.9.0 matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" -# matrix_cactus_comments_client_version specifies the version of the cactus-client release to use. +# The released&compiled client ist uploaded to URL that changes per commit. Therefore it is necessary to check the +# available versions and adjust the url manually. # For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases # Also see: `matrix_cactus_comments_client_local_dir` -matrix_cactus_comments_client_version: "0.13.0" +matrix_cactus_comments_webclient_js_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/cactus.js" +matrix_cactus_comments_webclient_css_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/style.css" # matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use. # This is an alternative to `matrix_cactus_comments_client_version`, to be used when you'd like to diff --git a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml index 8a8bf326..03b97d0a 100644 --- a/roles/custom/matrix-cactus-comments/tasks/setup_install.yml +++ b/roles/custom/matrix-cactus-comments/tasks/setup_install.yml @@ -67,37 +67,16 @@ - when: matrix_cactus_comments_client_local_dir | length == 0 block: - - name: Download client binary to local folder + - name: Download web client js ansible.builtin.get_url: - url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz" - dest: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" - mode: '0644' - register: _download_client - until: _download_client is succeeded - retries: 5 - delay: 2 - check_mode: false - - - name: Unpack client - ansible.builtin.unarchive: - src: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz" - dest: "/tmp/" - remote_src: true - mode: 0600 - check_mode: false - - - name: Propagate client javascript file - ansible.builtin.copy: - src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/cactus.js" - remote_src: true + url: "{{ matrix_cactus_comments_webclient_js_url }}" dest: "{{ matrix_cactus_comments_client_path }}/cactus.js" mode: "{{ matrix_cactus_comments_client_file_permissions }}" owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - - name: Propagate client style file - ansible.builtin.copy: - src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/style.css" - remote_src: true + - name: Download web client css + ansible.builtin.get_url: + url: "{{ matrix_cactus_comments_webclient_css_url }}" dest: "{{ matrix_cactus_comments_client_path }}/style.css" mode: "{{ matrix_cactus_comments_client_file_permissions }}" owner: "{{ matrix_user_username }}" From c4d1347466d793874383abcee3c5bbb35b0be154 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 22 Jan 2023 09:08:47 +0200 Subject: [PATCH 076/143] Fix typos --- roles/custom/matrix-cactus-comments/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-cactus-comments/defaults/main.yml b/roles/custom/matrix-cactus-comments/defaults/main.yml index 7b12b9f1..80f8c15e 100644 --- a/roles/custom/matrix-cactus-comments/defaults/main.yml +++ b/roles/custom/matrix-cactus-comments/defaults/main.yml @@ -31,7 +31,7 @@ matrix_cactus_comments_version: 0.9.0 matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}" matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}" -# The released&compiled client ist uploaded to URL that changes per commit. Therefore it is necessary to check the +# The released & compiled client is uploaded to a URL that changes per commit. Therefore it is necessary to check the # available versions and adjust the url manually. # For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases # Also see: `matrix_cactus_comments_client_local_dir` From 47165e890272f0e6763d7c6c0c68d624377313a8 Mon Sep 17 00:00:00 2001 From: Array in a Matrix Date: Tue, 24 Jan 2023 15:50:06 -0500 Subject: [PATCH 077/143] updated dendrite version --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 32f262ad..6a495f8f 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.10.8" +matrix_dendrite_docker_image_tag: "v0.11.0" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 6afd3c59eb617d2781581578048fb403bd42fd32 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 25 Jan 2023 08:39:47 +0000 Subject: [PATCH 078/143] Update grafana 9.3.2 -> 9.3.4 --- roles/custom/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml index 44821b57..9920572d 100644 --- a/roles/custom/matrix-grafana/defaults/main.yml +++ b/roles/custom/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: true -matrix_grafana_version: 9.3.2 +matrix_grafana_version: 9.3.4 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 547b01d618aad45abcc438a21632b9a9892d6f80 Mon Sep 17 00:00:00 2001 From: rhys Date: Wed, 25 Jan 2023 12:02:40 +0000 Subject: [PATCH 079/143] Added option to allow user to set jigasi user and password for AUTH --- roles/custom/matrix-jitsi/defaults/main.yml | 5 +++++ roles/custom/matrix-jitsi/templates/prosody/env.j2 | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml index da166cd8..6b0e7e96 100644 --- a/roles/custom/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -283,3 +283,8 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: '' # # The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference. matrix_prosody_jitsi_max_participants: '' + +# Allows abailty to set XMPP AUTH user if using JIGASI +matrix_jitsi_jigasi_xmpp_user: '' +# Allows abailty to set XMPP AUTH pasword if using JIGASI +matrix_jitsi_jigasi_xmpp_password: '' \ No newline at end of file diff --git a/roles/custom/matrix-jitsi/templates/prosody/env.j2 b/roles/custom/matrix-jitsi/templates/prosody/env.j2 index b0ebbefc..72b23e3c 100644 --- a/roles/custom/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/custom/matrix-jitsi/templates/prosody/env.j2 @@ -15,8 +15,8 @@ JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} JICOFO_COMPONENT_SECRET -JIGASI_XMPP_USER= -JIGASI_XMPP_PASSWORD= +JIGASI_XMPP_USER={{ matrix_jitsi_jigasi_xmpp_user }} +JIGASI_XMPP_PASSWORD={{ matrix_jitsi_jigasi_xmpp_password }} JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} JWT_APP_ID From d01de9f33dfbf47c636bd796b3a71a9f08a73390 Mon Sep 17 00:00:00 2001 From: rhys Date: Wed, 25 Jan 2023 12:07:00 +0000 Subject: [PATCH 080/143] Fix lint errors --- roles/custom/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml index 6b0e7e96..538d8e4e 100644 --- a/roles/custom/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -287,4 +287,4 @@ matrix_prosody_jitsi_max_participants: '' # Allows abailty to set XMPP AUTH user if using JIGASI matrix_jitsi_jigasi_xmpp_user: '' # Allows abailty to set XMPP AUTH pasword if using JIGASI -matrix_jitsi_jigasi_xmpp_password: '' \ No newline at end of file +matrix_jitsi_jigasi_xmpp_password: '' From ad58858a965896a27967d086315d5d20c1d8b30e Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Thu, 26 Jan 2023 15:09:24 +0000 Subject: [PATCH 081/143] Upgrade matrix-chatgpt (1.2.3 -> 1.3.2) Add support for OPENAI_PRO for ChatGPT pro subscriptions. --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index d6119ca6..86d185b7 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.2.3 +matrix_bot_chatgpt_version: 1.3.2 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" @@ -31,6 +31,7 @@ matrix_bot_chatgpt_systemd_wanted_services_list: [] matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL= matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD= matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" +matrix_bot_chatgpt_openai_pro: false # OPENAI_PRO # Matrix Static Settings (required, see notes) # Defaults to "https://matrix.org" From 18c3903defbf28a753d4bfebbbe94725a2510f21 Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Thu, 26 Jan 2023 15:12:36 +0000 Subject: [PATCH 082/143] Update env.j2 Set OPEN_AI to matrix_bot_chatgpt_openai_pro --- roles/custom/matrix-bot-chatgpt/templates/env.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index 8837fe3e..bf2dafbf 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -4,6 +4,7 @@ MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }} OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }} OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }} OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }} +OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro }} # With the @ and :DOMAIN, ie @SOMETHING:DOMAIN MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }} From 4c9f96722f3f6ed56e73cfeecbbeb6fd88ab2faf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:04:04 +0200 Subject: [PATCH 083/143] Add no-multicast-peers to Coturn config by default Part of a security hardening provoked by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/ --- roles/custom/matrix-coturn/defaults/main.yml | 3 +++ roles/custom/matrix-coturn/templates/turnserver.conf.j2 | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 3a125de4..22ad48d6 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: [] matrix_coturn_user_quota: null matrix_coturn_total_quota: null +# Controls whether `no-multicast-peers` is added to the configuration +matrix_coturn_no_multicast_peers_enabled: true + # To enable TLS, you need to provide paths to certificates. # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths. # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`. diff --git a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 index 1bdf310a..dc8d96ee 100644 --- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 @@ -39,6 +39,10 @@ user-quota={{ matrix_coturn_user_quota }} total-quota={{ matrix_coturn_total_quota }} {% endif %} +{% if matrix_coturn_no_multicast_peers_enabled %} +no-multicast-peers +{% endif %} + {% for ip_range in matrix_coturn_denied_peer_ips %} denied-peer-ip={{ ip_range }} {% endfor %} From bf23d63f8211135ad38288978d0fbf38d193b5df Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:07:36 +0200 Subject: [PATCH 084/143] Add matrix_coturn_additional_configuration --- roles/custom/matrix-coturn/defaults/main.yml | 8 ++++++++ roles/custom/matrix-coturn/templates/turnserver.conf.j2 | 2 ++ 2 files changed, 10 insertions(+) diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 22ad48d6..0d5d15dc 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -76,6 +76,14 @@ matrix_coturn_total_quota: null # Controls whether `no-multicast-peers` is added to the configuration matrix_coturn_no_multicast_peers_enabled: true +# Additional configuration to be passed to turnserver.conf +# Example: +# matrix_coturn_additional_configuration: | +# simple-log +# aux-server=1.2.3.4 +# relay-ip=4.3.2.1 +matrix_coturn_additional_configuration: '' + # To enable TLS, you need to provide paths to certificates. # Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths. # Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`. diff --git a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 index dc8d96ee..47fa5b86 100644 --- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 @@ -49,3 +49,5 @@ denied-peer-ip={{ ip_range }} {% for ip_range in matrix_coturn_allowed_peer_ips %} allowed-peer-ip={{ ip_range }} {% endfor %} + +{{ matrix_coturn_additional_configuration }} From 773cb7d37e018ad462d4229bf58ecbe569c918be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:08:05 +0200 Subject: [PATCH 085/143] Make no-tcp-relay Coturn configuration property configurable --- roles/custom/matrix-coturn/defaults/main.yml | 3 +++ roles/custom/matrix-coturn/templates/turnserver.conf.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 0d5d15dc..71c97b25 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -73,6 +73,9 @@ matrix_coturn_denied_peer_ips: [] matrix_coturn_user_quota: null matrix_coturn_total_quota: null +# Controls whether `no-tcp-relay` is added to the configuration +matrix_coturn_no_tcp_relay_enabled: true + # Controls whether `no-multicast-peers` is added to the configuration matrix_coturn_no_multicast_peers_enabled: true diff --git a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 index 47fa5b86..dfc3a87d 100644 --- a/roles/custom/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/custom/matrix-coturn/templates/turnserver.conf.j2 @@ -30,7 +30,10 @@ no-dtls {% endif %} prod + +{% if matrix_coturn_no_tcp_relay_enabled %} no-tcp-relay +{% endif %} {% if matrix_coturn_user_quota != None %} user-quota={{ matrix_coturn_user_quota }} From bb0faa6bc37be94f443fa9730f9af726f9ba1486 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:15:44 +0200 Subject: [PATCH 086/143] Block various private network ranges via denied_peer_ips for Coturn by default Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/ --- CHANGELOG.md | 11 +++++++ roles/custom/matrix-coturn/defaults/main.yml | 32 +++++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4607148..b32958ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-01-26 + +## (Backward Compatibility) Tightening Coturn security can lead to connectivity issues + +**TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default Coturn blocklists. They may need to override `matrix_coturn_denied_peer_ips` and remove some IP ranges from it. + +Inspired by [this security article](https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/), we've decided to make use of Coturn's `denied-peer-ip` functionality to prevent relaying network traffic to certain private IP subnets. This ensures that your Coturn server won't accidentally try to forward traffic to certain services running on your local networks. We run Coturn in a container and in a private container network by default, which should prevent such access anyway, but having additional block layers in place is better. + +If you access your Matrix server from a local network and need Coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `matrix_coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it. + + # 2023-01-21 ## The matrix-prometheus-node-exporter role lives independently now diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 71c97b25..223d0d04 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -69,7 +69,37 @@ matrix_coturn_turn_external_ip_address: '' matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"] matrix_coturn_allowed_peer_ips: [] -matrix_coturn_denied_peer_ips: [] + +# We block loopback interfaces and private networks by default to prevent private resources from being accessible. +# This is especially important when Coturn does not run within a container network (e.g. `matrix_coturn_docker_network: host`). +# +# Learn more: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/ +# +# If you're running Coturn for local network peers, you may wish to override these rules. +matrix_coturn_denied_peer_ips: + - 0.0.0.0-0.255.255.255 + - 10.0.0.0-10.255.255.255 + - 100.64.0.0-100.127.255.255 + - 127.0.0.0-127.255.255.255 + - 169.254.0.0-169.254.255.255 + - 172.16.0.0-172.31.255.255 + - 192.0.0.0-192.0.0.255 + - 192.0.2.0-192.0.2.255 + - 192.88.99.0-192.88.99.255 + - 192.168.0.0-192.168.255.255 + - 198.18.0.0-198.19.255.255 + - 198.51.100.0-198.51.100.255 + - 203.0.113.0-203.0.113.255 + - 240.0.0.0-255.255.255.255 + - ::1 + - 64:ff9b::-64:ff9b::ffff:ffff + - ::ffff:0.0.0.0-::ffff:255.255.255.255 + - 100::-100::ffff:ffff:ffff:ffff + - 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff + - 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff + - fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + - fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff + matrix_coturn_user_quota: null matrix_coturn_total_quota: null From aafa8f019cbc3535cc90eb285e5126ccaf415aa4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:16:20 +0200 Subject: [PATCH 087/143] Allow matrix_coturn_docker_network to be set to 'host' to use host-networking This helps large deployments which need to open up thousands of ports (matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port) On a test VM, opening 1k ports takes 17 seconds for Docker to "publish" all of these ports (setting up forwarding rules with the firewall, etc), so service startup and shutdown take a long amount of time. If host-networking is used, there's no need to open any ports at all and startup/shutdown can be quick. --- CHANGELOG.md | 16 ++++++++++++++++ roles/custom/matrix-coturn/defaults/main.yml | 15 +++++++++++---- .../custom/matrix-coturn/tasks/setup_install.yml | 3 ++- .../templates/systemd/matrix-coturn.service.j2 | 2 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b32958ca..030fbbdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,21 @@ # 2023-01-26 +## Coturn can now use host-networking + +Large Coturn deployments (with a huge range of ports specified via `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`) experience a huge slowdown with how Docker publishes all these ports (setting up firewall forwarding rules), which leads to a very slow Coturn service startup and shutdown. + +Such deployments don't need to run Coturn within a private container network anymore. Coturn can now run with host-networking by using configuration like this: + +```yaml +matrix_coturn_docker_network: host +``` + +With such a configuration, Docker no longer needs to configure thousands of firewall forwarding rules each time Coturn starts and stops. +You may, however, need to allow these ports in your firewall configuration yourself. + +Thanks to us [tightening Coturn security](#backward-compatibility-tightening-coturn-security-can-lead-to-connectivity-issues), running Coturn with host-networking should be safe and not expose neither other services running on the host, nor other services running on the local network. + + ## (Backward Compatibility) Tightening Coturn security can lead to connectivity issues **TLDR**: users who run and access their Matrix server on a private network (likely a small minority of users) may experience connectivity issues with our new default Coturn blocklists. They may need to override `matrix_coturn_denied_peer_ips` and remove some IP ranges from it. diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 223d0d04..9f7ff2ba 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -20,6 +20,13 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(' # # Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also # possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking. +# +# Setting `matrix_coturn_docker_network` to 'host' will run the container with host networking, +# which will drastically improve performance when thousands of ports are opened due to Docker not having to set up forwarding rules for each port. +# Running with host networking can be dangerous, as it potentially exposes your local network and its services to Coturn peers. +# Regardless of the networking mode, we apply a deny list which via `matrix_coturn_denied_peer_ips`, +# which hopefully prevents access to such private network ranges. +# When running in host-networking mode, you need to adjust the firewall yourself, so that ports are opened. matrix_coturn_docker_network: "matrix-coturn" matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn" @@ -41,20 +48,20 @@ matrix_coturn_container_extra_arguments: [] # Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:3478"), or empty string to not expose. -matrix_coturn_container_stun_plain_host_bind_port: '3478' +matrix_coturn_container_stun_plain_host_bind_port: "{{ '3478' if matrix_coturn_docker_network != 'host' else '' }}" # Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:5349"), or empty string to not expose. -matrix_coturn_container_stun_tls_host_bind_port: '5349' +matrix_coturn_container_stun_tls_host_bind_port: "{{ '5349' if matrix_coturn_docker_network != 'host' else '' }}" # Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on. # # Takes an interface "" (e.g. "127.0.0.1"), or empty string to listen on all interfaces. -# Takes a null/none value (`~`) to prevent listening. +# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening. # # The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`. -matrix_coturn_container_turn_range_listen_interface: '' +matrix_coturn_container_turn_range_listen_interface: "{{ '' if matrix_coturn_docker_network != 'host' else 'none' }}" # UDP port-range to use for TURN matrix_coturn_turn_udp_min_port: 49152 diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index ab94db27..44325f46 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -62,7 +62,8 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" -- name: Ensure Coturn network is created in Docker +- when: matrix_coturn_docker_network not in ['', 'host'] + name: Ensure Coturn network is created in Docker community.docker.docker_network: name: "{{ matrix_coturn_docker_network }}" driver: bridge diff --git a/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 3a0782bf..8c0272cf 100644 --- a/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name -p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349 \ -p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349/udp \ {% endif %} - {% if matrix_coturn_container_turn_range_listen_interface is not none %} + {% if matrix_coturn_container_turn_range_listen_interface is not in [none, 'none'] %} -p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \ {% endif %} --mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \ From 867737fe0b5bd9201c0d85ad3bcf3f4614823a50 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:42:03 +0200 Subject: [PATCH 088/143] Upgrade Grafana (9.3.4 -> 9.3.6) --- roles/custom/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-grafana/defaults/main.yml b/roles/custom/matrix-grafana/defaults/main.yml index 9920572d..5b730480 100644 --- a/roles/custom/matrix-grafana/defaults/main.yml +++ b/roles/custom/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: true -matrix_grafana_version: 9.3.4 +matrix_grafana_version: 9.3.6 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From f1c9052fe530c41dcd24284765329f32029df221 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 17:59:56 +0200 Subject: [PATCH 089/143] Make it obvious that running Coturn in host-networking mode requires manual firewall changes --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 030fbbdb..23275a14 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,8 +10,8 @@ Such deployments don't need to run Coturn within a private container network any matrix_coturn_docker_network: host ``` -With such a configuration, Docker no longer needs to configure thousands of firewall forwarding rules each time Coturn starts and stops. -You may, however, need to allow these ports in your firewall configuration yourself. +With such a configuration, **Docker no longer needs to configure thousands of firewall forwarding rules** each time Coturn starts and stops. +This, however, means that **you will need to ensure these ports are open** in your firewall yourself. Thanks to us [tightening Coturn security](#backward-compatibility-tightening-coturn-security-can-lead-to-connectivity-issues), running Coturn with host-networking should be safe and not expose neither other services running on the host, nor other services running on the local network. From 864b64d0157f01e5240f1e6ea9de4c4215139c1d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 26 Jan 2023 20:01:38 +0200 Subject: [PATCH 090/143] Mention the new no-multicast-peers default in Coturn config Related to 4c9f96722f3f6ed56 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23275a14..edb4dba9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,8 @@ Inspired by [this security article](https://www.rtcsec.com/article/cve-2020-2626 If you access your Matrix server from a local network and need Coturn to relay to private IP addresses, you may observe that relaying is now blocked due to our new default `denied-peer-ip` lists (specified in `matrix_coturn_denied_peer_ips`). If you experience such connectivity problems, consider overriding this setting in your `vars.yml` file and removing certain networks from it. +We've also added `no-multicast-peers` to the default Coturn configuration, but we don't expect this to cause trouble for most people. + # 2023-01-21 From e43ba65dd334fb9aadc74b94e4337080751a7fe7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 27 Jan 2023 08:46:16 +0200 Subject: [PATCH 091/143] Upgrade prometheus_node_exporter (v1.5.0-0 -> v1.5.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 07cab197..8ffa99d5 100644 --- a/requirements.yml +++ b/requirements.yml @@ -31,4 +31,4 @@ version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git - version: v1.5.0-0 + version: v1.5.0-1 From 784043cc5dd0f6fef50004d40236ece31c7a4fa2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 27 Jan 2023 08:55:38 +0200 Subject: [PATCH 092/143] Ensure OPENAI_PRO is true/false (not True/False) --- roles/custom/matrix-bot-chatgpt/templates/env.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index bf2dafbf..1315ddf5 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -4,7 +4,7 @@ MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }} OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }} OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }} OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }} -OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro }} +OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro | to_json }} # With the @ and :DOMAIN, ie @SOMETHING:DOMAIN MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }} From 7e1408ea65c2aaf162c887087c9ed403d615fcde Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Fri, 27 Jan 2023 18:55:13 +0000 Subject: [PATCH 093/143] Bump ChatGPT version and add new config settings matrix_bot_chatgpt_context=thread --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 86d185b7..3ba8ba7a 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.3.2 +matrix_bot_chatgpt_version: 1.4.1 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" @@ -33,6 +33,8 @@ matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD= matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" matrix_bot_chatgpt_openai_pro: false # OPENAI_PRO +matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread" + # Matrix Static Settings (required, see notes) # Defaults to "https://matrix.org" matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL= From d66a2949f6b6a3e09a50f4da45f0d832b898d205 Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Fri, 27 Jan 2023 18:57:24 +0000 Subject: [PATCH 094/143] Update env.j2 Use matrix_bot_chatgpt_context for CHATGPT_CONTEXT --- roles/custom/matrix-bot-chatgpt/templates/env.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index 1315ddf5..faf6be71 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -6,6 +6,8 @@ OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }} OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }} OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro | to_json }} +CHATGPT_CONTEXT={{ matrix_bot_chatgpt_context }} + # With the @ and :DOMAIN, ie @SOMETHING:DOMAIN MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }} MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }} From 7b5ced3037e16613f040d1044cf93a964eb3c439 Mon Sep 17 00:00:00 2001 From: bertybuttface <110790513+bertybuttface@users.noreply.github.com> Date: Fri, 27 Jan 2023 19:02:14 +0000 Subject: [PATCH 095/143] Fix linting issue. --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 3ba8ba7a..324e64ab 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -33,7 +33,7 @@ matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD= matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" matrix_bot_chatgpt_openai_pro: false # OPENAI_PRO -matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread" +matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread" # Matrix Static Settings (required, see notes) # Defaults to "https://matrix.org" From f165aa5d481e048089cb0b367ef61036dd893643 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 28 Jan 2023 07:54:52 +0000 Subject: [PATCH 096/143] Update synapse-admin 0.8.5 -> 0.8.6 --- roles/custom/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 9f4510b6..ae77a570 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.5 +matrix_synapse_admin_version: 0.8.6 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" From 6a31fba346d9da434a3d7cfd2d342658d002cc2e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 28 Jan 2023 17:04:55 +0200 Subject: [PATCH 097/143] Fix synapse-admin reverse-proxying regression caused by 0.8.6 Related to f165aa5d481e048089cb0b367ef61036dd893643 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2424 --- .../tasks/inject_into_nginx_proxy.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml index 6a4af859..b082190d 100644 --- a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml @@ -24,6 +24,14 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:8766/$1; {% endif %} + + {# + Workaround synapse-admin serving all assets at /static. + See: https://github.com/Awesome-Technologies/synapse-admin/issues/322 + #} + sub_filter_once off; + sub_filter_types text/css; + sub_filter "/static/" "{{ matrix_synapse_admin_public_endpoint }}/static/"; } - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy From e588c42088c6fc5f94bb14d2473074294decc3b2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 28 Jan 2023 17:09:20 +0200 Subject: [PATCH 098/143] Improve synapse-admin reverse-proxying fix Fixup for 6a31fba346d9da434a3d7cf --- .../matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml index b082190d..2c25ff47 100644 --- a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml @@ -30,8 +30,9 @@ See: https://github.com/Awesome-Technologies/synapse-admin/issues/322 #} sub_filter_once off; - sub_filter_types text/css; sub_filter "/static/" "{{ matrix_synapse_admin_public_endpoint }}/static/"; + sub_filter "/favicon.ico" "{{ matrix_synapse_admin_public_endpoint }}/favicon.ico"; + sub_filter "/manifest.json" "{{ matrix_synapse_admin_public_endpoint }}/manifest.json"; } - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy From 691ef13cabd18c3f45f57ec6741a994fa62457ee Mon Sep 17 00:00:00 2001 From: Adrien le Maire <1832823+alemairebe@users.noreply.github.com> Date: Sun, 29 Jan 2023 09:45:52 +0100 Subject: [PATCH 099/143] template metric toggle for mautrix bridges supporting it --- roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../custom/matrix-bridge-mautrix-instagram/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 4 ++++ .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 4 ++-- 10 files changed, 22 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 98972014..7863270b 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -46,6 +46,9 @@ matrix_mautrix_facebook_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_facebook_federate_rooms: true +# Whether or not metrics endpoint should be enabled. +matrix_mautrix_facebook_metrics_enabled: false + matrix_mautrix_facebook_bridge_permissions: | {{ {matrix_mautrix_facebook_homeserver_domain: 'user'} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index b8e25fee..ce9aaea3 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -62,7 +62,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: false + enabled: {{ matrix_mautrix_facebook_metrics_enabled }} listen_port: 8000 # Bridge config diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 0e726aa8..e9b6991b 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -47,6 +47,9 @@ matrix_mautrix_instagram_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_instagram_federate_rooms: true +# Whether or not metrics endpoint should be enabled. +matrix_mautrix_instagram_metrics_enabled: false + # Database-related configuration fields. # # To use Postgres: diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 039b9bfe..70065785 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -57,7 +57,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: false + enabled: {{ matrix_mautrix_instagram_metrics_enabled }} listen_port: 8000 instagram: diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 953d1707..fb5e49b1 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -70,6 +70,9 @@ matrix_mautrix_signal_logging_level: WARNING # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true +# Whether or not metrics endpoint should be enabled. +matrix_mautrix_signal_metrics_enabled: false + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 796a6e41..fbe2f4f3 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -67,7 +67,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: false + enabled: {{ matrix_mautrix_signal_metrics_enabled }} listen_port: 8000 # Manhole config. diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 22475596..372dd4b6 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot # Specifies the default log level for all bridge loggers. matrix_mautrix_twitter_logging_level: WARNING +# Whether or not metrics endpoint should be enabled. +matrix_mautrix_twitter_metrics_enabled: false + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index da823d1e..5b79a073 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -65,7 +65,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: false + enabled: {{ matrix_mautrix_twitter_metrics_enabled }} listen_port: 8000 # Bridge config diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 449ace05..91e27dc0 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -47,6 +47,10 @@ matrix_mautrix_whatsapp_logging_level: 'warn' # If false, created portal rooms will never be federated. matrix_mautrix_whatsapp_federate_rooms: true +# Whether or not metrics endpoint should be enabled. +matrix_mautrix_whatsapp_metrics_enabled: false + + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 0962ac4d..1c6b59d4 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -67,9 +67,9 @@ segment_key: null # Prometheus config. metrics: # Enable prometheus metrics? - enabled: false + enabled: {{ matrix_mautrix_whatsapp_metrics_enabled }} # IP and port where the metrics listener should be. The path is always /metrics - listen: 127.0.0.1:8001 + listen: 0.0.0.0:8001 # Config for things that are directly sent to WhatsApp. whatsapp: From 9eaf6944e3c6d8ea8f1094dc515713053e190573 Mon Sep 17 00:00:00 2001 From: Adrien le Maire <1832823+alemairebe@users.noreply.github.com> Date: Sun, 29 Jan 2023 15:13:42 +0100 Subject: [PATCH 100/143] add nginx proxy connfig for mautrix metrics --- .../tasks/inject_into_nginx_proxy.yml | 25 ++++++++++++++ .../tasks/inject_into_nginx_proxy.yml | 33 +++++++++++++++++++ .../tasks/main.yml | 9 +++++ .../tasks/inject_into_nginx_proxy.yml | 33 +++++++++++++++++++ .../tasks/main.yml | 9 +++++ .../tasks/inject_into_nginx_proxy.yml | 33 +++++++++++++++++++ .../tasks/main.yml | 9 +++++ .../defaults/main.yml | 1 - .../tasks/inject_into_nginx_proxy.yml | 33 +++++++++++++++++++ .../tasks/main.yml | 9 +++++ 10 files changed, 193 insertions(+), 1 deletion(-) create mode 100644 roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml index b9f95cb7..db4d906f 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml @@ -42,3 +42,28 @@ URL endpoint to the matrix-mautrix-facebook container. You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" + +- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_mautrix_facebook_nginx_metrics_configuration_block: | + location /metrics/mautrix-facebook { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + when: matrix_mautrix_facebook_metrics_enabled | bool + +- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_facebook_nginx_metrics_configuration_block] + }} + when: matrix_mautrix_facebook_metrics_enabled | bool diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..90d91c6d --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,33 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_mautrix_instagram_nginx_metrics_configuration_block: | + location /metrics/mautrix-instagram { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-instagram:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_instagram_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml index 2bd0417e..0b3a722d 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml @@ -1,5 +1,14 @@ --- +- block: + - when: matrix_mautrix_instagram_enabled | bool and matrix_mautrix_instagram_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + - block: - when: matrix_mautrix_instagram_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..4bb6f6bd --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,33 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_mautrix_signal_nginx_metrics_configuration_block: | + location /metrics/mautrix-signal { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-signal:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_signal_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml index 0c0a1239..9473344b 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml @@ -1,5 +1,14 @@ --- +- block: + - when: matrix_mautrix_signal_enabled | bool and matrix_mautrix_signal_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + - block: - when: matrix_mautrix_signal_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..df296dc6 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,33 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_mautrix_twitter_nginx_metrics_configuration_block: | + location /metrics/mautrix-twitter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-twitter:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_twitter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml index f8dbc28b..9eb444a7 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml @@ -1,5 +1,14 @@ --- +- block: + - when: matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + - block: - when: matrix_mautrix_twitter_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 91e27dc0..6e85599a 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -50,7 +50,6 @@ matrix_mautrix_whatsapp_federate_rooms: true # Whether or not metrics endpoint should be enabled. matrix_mautrix_whatsapp_metrics_enabled: false - # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..e3fc3d16 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,33 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_mautrix_whatsapp_nginx_metrics_configuration_block: | + location /metrics/mautrix-whatsapp { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-whatsapp:8001"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + +- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_whatsapp_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml index fdb65431..b49a1300 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -1,5 +1,14 @@ --- +- block: + - when: matrix_mautrix_whatsapp_enabled | bool and matrix_mautrix_whatsapp_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + - block: - when: matrix_mautrix_whatsapp_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" From 111303208a94131e285bbeda43befde2bdfc41df Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 Jan 2023 18:11:33 +0000 Subject: [PATCH 101/143] Update mautrix-discord latest -> 0.1.0 --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index a66d5c6a..0211f8f3 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: latest +matrix_mautrix_discord_version: v0.1.0 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From a9a17d803e2436b64b95ba5c70029b37a9e957f1 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 Jan 2023 18:12:26 +0000 Subject: [PATCH 102/143] Update maubot 0.3.1 -> 0.4.0 --- roles/custom/matrix-bot-maubot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index 525b5e9e..caee9b13 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}" -matrix_bot_maubot_version: v0.3.1 +matrix_bot_maubot_version: v0.4.0 matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}" matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}" matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}" From 4f69b22a6ec72b06e004f33936c21945dad3b2ae Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sun, 29 Jan 2023 18:14:41 +0000 Subject: [PATCH 103/143] Update borgmatic 1.7.5 -> 1.7.6 --- roles/custom/matrix-backup-borg/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-backup-borg/defaults/main.yml b/roles/custom/matrix-backup-borg/defaults/main.yml index b8796c92..ad5a0281 100644 --- a/roles/custom/matrix-backup-borg/defaults/main.yml +++ b/roles/custom/matrix-backup-borg/defaults/main.yml @@ -15,7 +15,7 @@ matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/do matrix_backup_borg_version: "" matrix_backup_borg_postgres_version: "" matrix_backup_borg_borg_version: 1.2.3 -matrix_backup_borg_borgmatic_version: 1.7.5 +matrix_backup_borg_borgmatic_version: 1.7.6 matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}" matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}" matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}" From df9931f719e3e8252a2c399ba9062d0ec952371f Mon Sep 17 00:00:00 2001 From: Shaleen Jain Date: Mon, 30 Jan 2023 04:45:31 +0000 Subject: [PATCH 104/143] mautrix-slack: add team name in channel name template --- .../custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 index 1c7a1dff..5c60c66f 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 @@ -79,7 +79,7 @@ bridge: # TODO: document variables displayname_template: "{{ '{{.RealName}} (S)' }}" bot_displayname_template: "{{ '{{.Name}} (bot)' }}" - channel_name_template: "{{ '#{{.Name}}' }}" + channel_name_template: "{{ '#{{.Name}} ({{.TeamName}})' }}" portal_message_buffer: 128 From d82d0ad84bb4cf63bb0bb04fa769d57d0f831eb5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 30 Jan 2023 08:50:57 +0200 Subject: [PATCH 105/143] Add _metrics_proxying_enabled variables to mautrix bridges Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427 `metrics_enabled` should only expose the metrics locally, on the container network, so that a local Prometheus can consume them. Exposing them publicly should be done via a separate toggle (`metrics_proxying_enabled`). This is how all other roles work, so this makes these mautrix roles consistent with the rest. --- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 46 +++++++++---------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- 10 files changed, 150 insertions(+), 107 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 7863270b..8c19139a 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -47,8 +47,15 @@ matrix_mautrix_facebook_homeserver_token: '' matrix_mautrix_facebook_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_facebook_metrics_proxying_enabled`. matrix_mautrix_facebook_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-facebook`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_facebook_metrics_proxying_enabled: false + matrix_mautrix_facebook_bridge_permissions: | {{ {matrix_mautrix_facebook_homeserver_domain: 'user'} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml index db4d906f..17e2b138 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml @@ -43,27 +43,27 @@ You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" -- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) - ansible.builtin.set_fact: - matrix_mautrix_facebook_nginx_metrics_configuration_block: | - location /metrics/mautrix-facebook { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-facebook:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - when: matrix_mautrix_facebook_metrics_enabled | bool +- when: matrix_mautrix_facebook_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_mautrix_facebook_nginx_metrics_configuration_block: | + location /metrics/mautrix-facebook { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_facebook_nginx_metrics_configuration_block] - }} - when: matrix_mautrix_facebook_metrics_enabled | bool + - name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_facebook_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index e9b6991b..80d59162 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -48,8 +48,15 @@ matrix_mautrix_instagram_homeserver_token: '' matrix_mautrix_instagram_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_instagram_metrics_proxying_enabled`. matrix_mautrix_instagram_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-instagram`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_instagram_metrics_proxying_enabled: false + # Database-related configuration fields. # # To use Postgres: diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml index 90d91c6d..99a36c14 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) - ansible.builtin.set_fact: - matrix_mautrix_instagram_nginx_metrics_configuration_block: | - location /metrics/mautrix-instagram { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-instagram:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_instagram_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_mautrix_instagram_nginx_metrics_configuration_block: | + location /metrics/mautrix-instagram { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-instagram:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_instagram_nginx_metrics_configuration_block] - }} + - name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_instagram_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index fb5e49b1..8cd285ca 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -71,8 +71,15 @@ matrix_mautrix_signal_logging_level: WARNING matrix_mautrix_signal_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`. matrix_mautrix_signal_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_signal_metrics_proxying_enabled: false + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml index 4bb6f6bd..fe85254b 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) - ansible.builtin.set_fact: - matrix_mautrix_signal_nginx_metrics_configuration_block: | - location /metrics/mautrix-signal { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-signal:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_signal_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_mautrix_signal_nginx_metrics_configuration_block: | + location /metrics/mautrix-signal { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-signal:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_signal_nginx_metrics_configuration_block] - }} + - name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_signal_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 372dd4b6..8f38bb00 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -79,8 +79,15 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot matrix_mautrix_twitter_logging_level: WARNING # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`. matrix_mautrix_twitter_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_twitter_metrics_proxying_enabled: false + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml index df296dc6..2efad7cd 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) - ansible.builtin.set_fact: - matrix_mautrix_twitter_nginx_metrics_configuration_block: | - location /metrics/mautrix-twitter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-twitter:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_twitter_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_mautrix_twitter_nginx_metrics_configuration_block: | + location /metrics/mautrix-twitter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-twitter:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_twitter_nginx_metrics_configuration_block] - }} + - name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_twitter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e85599a..dd628162 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -48,8 +48,15 @@ matrix_mautrix_whatsapp_logging_level: 'warn' matrix_mautrix_whatsapp_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_whatsapp_metrics_proxying_enabled`. matrix_mautrix_whatsapp_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-whatsapp`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_whatsapp_metrics_proxying_enabled: false + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml index e3fc3d16..03113dcc 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) - ansible.builtin.set_fact: - matrix_mautrix_whatsapp_nginx_metrics_configuration_block: | - location /metrics/mautrix-whatsapp { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-whatsapp:8001"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_whatsapp_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_mautrix_whatsapp_nginx_metrics_configuration_block: | + location /metrics/mautrix-whatsapp { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-whatsapp:8001"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_whatsapp_nginx_metrics_configuration_block] - }} + - name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_whatsapp_nginx_metrics_configuration_block] + }} From d7c0239e40f8a6b0bec1266055cf02dcca29d98f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 30 Jan 2023 08:53:28 +0200 Subject: [PATCH 106/143] Enable metrics endpoint for mautrix bridges by default when Prometheus is enabled Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427 This just enables the endpoint, which is somewhat helpful, but not really enough to scrape them. Ideally, we'd be injecting these targets into the Prometheus scrape config too. For now, registering targets with Prometheus is very manual (`matrix_prometheus_scraper_postgres_enabled`, `matrix_prometheus_scraper_hookshot_enabled`, ..). This should be redone - e.g. a new `matrix_prometheus_scrape_config_jobs_auto` variable, which is dynamically built in `group_vars/matrix_servers`. --- group_vars/matrix_servers | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 70abde3a..2a8b2443 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -807,6 +807,12 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_facebook_metrics_enabled` +# - `matrix_mautrix_facebook_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_facebook_metrics_enabled: "{{ matrix_prometheus_enabled }}" + # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. matrix_mautrix_facebook_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" @@ -934,6 +940,12 @@ matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_pr matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_instagram_metrics_enabled` +# - `matrix_mautrix_instagram_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_instagram_metrics_enabled: "{{ matrix_prometheus_enabled }}" + # We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain # and point them to a migration path. matrix_mautrix_instagram_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" @@ -979,6 +991,12 @@ matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_gene matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_signal_metrics_enabled` +# - `matrix_mautrix_signal_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_signal_metrics_enabled: "{{ matrix_prometheus_enabled }}" + matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}" @@ -1103,6 +1121,12 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_twitter_metrics_enabled` +# - `matrix_mautrix_twitter_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_twitter_metrics_enabled: "{{ matrix_prometheus_enabled }}" + # Postgres is the default, except if not using internal Postgres server matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" matrix_mautrix_whatsapp_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" From 611a74bde2414cb95171d4833c926a5427c08c21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 30 Jan 2023 08:59:35 +0200 Subject: [PATCH 107/143] Use |to_json in mautrix metrics configuration Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427 --- .../matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- .../matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index ce9aaea3..184ea780 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -62,7 +62,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: {{ matrix_mautrix_facebook_metrics_enabled }} + enabled: {{ matrix_mautrix_facebook_metrics_enabled | to_json }} listen_port: 8000 # Bridge config diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 70065785..93bbfe39 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -57,7 +57,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: {{ matrix_mautrix_instagram_metrics_enabled }} + enabled: {{ matrix_mautrix_instagram_metrics_enabled | to_json }} listen_port: 8000 instagram: diff --git a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index fbe2f4f3..828ff940 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -67,7 +67,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: {{ matrix_mautrix_signal_metrics_enabled }} + enabled: {{ matrix_mautrix_signal_metrics_enabled | to_json }} listen_port: 8000 # Manhole config. diff --git a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 5b79a073..6e12a755 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -65,7 +65,7 @@ appservice: # Prometheus telemetry config. Requires prometheus-client to be installed. metrics: - enabled: {{ matrix_mautrix_twitter_metrics_enabled }} + enabled: {{ matrix_mautrix_twitter_metrics_enabled | to_json }} listen_port: 8000 # Bridge config diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 1c6b59d4..ad381f6a 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -67,7 +67,7 @@ segment_key: null # Prometheus config. metrics: # Enable prometheus metrics? - enabled: {{ matrix_mautrix_whatsapp_metrics_enabled }} + enabled: {{ matrix_mautrix_whatsapp_metrics_enabled | to_json }} # IP and port where the metrics listener should be. The path is always /metrics listen: 0.0.0.0:8001 From 8c2b77bf0cf5400f6234a3adcf97758f1bc62d93 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Mon, 30 Jan 2023 07:07:09 +0000 Subject: [PATCH 108/143] Update cinny 2.2.3 -> 2.2.4 --- roles/custom/matrix-client-cinny/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 98c32745..5b15b42c 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.2.3 +matrix_client_cinny_version: v2.2.4 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" From d70076c805bd30f7e69a35115d7e6ccdb772d88b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 14:01:11 +0000 Subject: [PATCH 109/143] Update element 1.11.20 -> 1.11.21 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f13ad035..ea88e58f 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.20 +matrix_client_element_version: v1.11.21 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 68ca23d709c6025ade132466158715f87952debd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 14:02:50 +0000 Subject: [PATCH 110/143] Update jitsi stable-8218 -> stable-8252 --- roles/custom/matrix-jitsi/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-jitsi/defaults/main.yml b/roles/custom/matrix-jitsi/defaults/main.yml index 538d8e4e..8ccd6793 100644 --- a/roles/custom/matrix-jitsi/defaults/main.yml +++ b/roles/custom/matrix-jitsi/defaults/main.yml @@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-8218 +matrix_jitsi_version: stable-8252 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" From c7767e9bc80e0e94801560d2d661d466d0024175 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Jan 2023 20:25:59 +0200 Subject: [PATCH 111/143] Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1) --- roles/custom/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-coturn/defaults/main.yml b/roles/custom/matrix-coturn/defaults/main.yml index 9f7ff2ba..78efc73c 100644 --- a/roles/custom/matrix-coturn/defaults/main.yml +++ b/roles/custom/matrix-coturn/defaults/main.yml @@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.6.1-r0 +matrix_coturn_version: 4.6.1-r1 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 5300740f703e040bb3dab81fbcb98a5e3ab05a9e Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 19:11:07 +0000 Subject: [PATCH 112/143] Update element 1.11.21 -> 1.11.22 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index ea88e58f..85d8d6cf 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.21 +matrix_client_element_version: v1.11.22 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 82d870fddf6c658df41128a705a5157e4a586aca Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 19:16:52 +0000 Subject: [PATCH 113/143] Update prometheus 2.41.0 -> 2.42.0 --- roles/custom/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml index 5216ccd7..956faf46 100644 --- a/roles/custom/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.41.0 +matrix_prometheus_version: v2.42.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 0f208ed053bc33dd451da9c4b6ed9a08b30a908b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 19:19:43 +0000 Subject: [PATCH 114/143] Update synapse 1.75.0 -> 1.76.0; default room version 9 -> 10 --- roles/custom/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 7c5496fa..b5a214ed 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: '' matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.75.0 +matrix_synapse_version: v1.76.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" @@ -849,7 +849,7 @@ matrix_synapse_room_list_publication_rules: room_id: "*" action: allow -matrix_synapse_default_room_version: "9" +matrix_synapse_default_room_version: "10" # Controls the Synapse `spam_checker` setting. # From 7cb140b98744890adbdb148b2b68f51594c33d98 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 31 Jan 2023 23:24:20 +0200 Subject: [PATCH 115/143] Downgrade Prometheus (v2.42.0 -> v2.41.0) until a container image gets published Container image not published yet. Reverts #2438 --- roles/custom/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml index 956faf46..5216ccd7 100644 --- a/roles/custom/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.42.0 +matrix_prometheus_version: v2.41.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From c11f772e781c762f69810e374ac3a4aaf5ff8362 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 31 Jan 2023 21:34:25 +0000 Subject: [PATCH 116/143] Fix python packages path in synapse container --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index b5a214ed..18165dd9 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -123,7 +123,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-synapse.service wants matrix_synapse_systemd_wanted_services_list: [] -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages" +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages" # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste From 4d49f1f56ecd5feddc83bc704ac950161dabe6dc Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Thu, 2 Feb 2023 16:00:07 +0100 Subject: [PATCH 117/143] Update Prometheus to v2.42.0 from v2.41.0 Docker images are released now so this change can now be pushed. --- roles/custom/matrix-prometheus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-prometheus/defaults/main.yml b/roles/custom/matrix-prometheus/defaults/main.yml index 5216ccd7..956faf46 100644 --- a/roles/custom/matrix-prometheus/defaults/main.yml +++ b/roles/custom/matrix-prometheus/defaults/main.yml @@ -5,7 +5,7 @@ matrix_prometheus_enabled: false -matrix_prometheus_version: v2.41.0 +matrix_prometheus_version: v2.42.0 matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" From 2d7d5d4babd11d7ed70060b4d8d06b6113dc519a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 3 Feb 2023 20:36:19 +0200 Subject: [PATCH 118/143] Use new security-opt syntax (: -> =) Related to https://docs.docker.com/engine/deprecated/#separator--of---security-opt-flag-on-docker-run --- .../templates/goofys/systemd/matrix-goofys.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index a1174bce..a968965b 100644 --- a/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -17,7 +17,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name --mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \ --mount type=bind,src=/etc/group,dst=/etc/group,ro \ --mount type=bind,src={{ matrix_s3_media_store_path }},dst=/s3,bind-propagation=shared \ - --security-opt apparmor:unconfined \ + --security-opt apparmor=unconfined \ --cap-add mknod \ --cap-add sys_admin \ --device=/dev/fuse \ From be78b74fbdd00ab89b0827f7ddec91ac7e21aeb9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 5 Feb 2023 10:32:09 +0200 Subject: [PATCH 119/143] Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role --- CHANGELOG.md | 17 +++- ...configuring-playbook-prometheus-grafana.md | 8 +- ...onfiguring-playbook-prometheus-postgres.md | 10 +-- group_vars/matrix_servers | 89 ++++++++++--------- playbooks/matrix.yml | 2 +- requirements.yml | 3 + .../defaults/main.yml | 65 -------------- .../tasks/main.yml | 29 ------ .../tasks/setup_install.yml | 19 ---- .../tasks/setup_uninstall.yml | 20 ----- .../tasks/validate_config.yml | 9 -- ...ix-prometheus-postgres-exporter.service.j2 | 42 --------- .../vars/main.yml | 5 -- .../defaults/main.yml | 12 +++ .../tasks/main.yml | 9 ++ .../inject_into_nginx_proxy.yml | 19 ++-- .../defaults/main.yml | 3 + .../tasks/validate_config.yml | 16 ++++ 18 files changed, 123 insertions(+), 254 deletions(-) delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 delete mode 100644 roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml rename roles/custom/{matrix-prometheus-postgres-exporter/tasks => matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter}/inject_into_nginx_proxy.yml (51%) diff --git a/CHANGELOG.md b/CHANGELOG.md index edb4dba9..bb62d8dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2023-02-05 + +## The matrix-prometheus-postgres-exporter role lives independently now + +**TLDR**: the `matrix-prometheus-postgres-exporter` role is now included from another repository. Some variables have been renamed. All functionality remains intact. + +The `matrix-prometheus-postgres-exporter` role (which configures [Prometheus Postgres Exporter](https://github.com/prometheus-community/postgres_exporter)) has been extracted from the playbook and now lives in its own repository at https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter. + +It's still part of the playbook, but is now installed via `ansible-galaxy` (by running `just roles` / `make roles`). Some variables have been renamed (`matrix_prometheus_postgres_exporter_` -> `prometheus_postgres_exporter_`, etc.). The playbook will report all variables that you need to rename to get upgraded. All functionality remains intact. + +The `matrix-prometheus-services-proxy-connect` role has bee adjusted to help integrate the new `prometheus_postgres_exporter` role with our own services (`matrix-nginx-proxy`) + +Other roles which aren't strictly related to Matrix are likely to follow this fate of moving to their own repositories. Extracting them out allows other Ansible playbooks to make use of these roles easily. + + # 2023-01-26 ## Coturn can now use host-networking @@ -519,7 +534,7 @@ See our [Setting up the ntfy push notifications server](docs/configuring-playboo **If you're using node-exporter** (`matrix_prometheus_node_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_node_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/node-exporter`. -**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`matrix_prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. +**If you're using [postgres-exporter](docs/configuring-playbook-prometheus-postgres.md)** (`prometheus_postgres_exporter_enabled: true`) and would like to collect its metrics from an external Prometheus server, see `matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled` described in our [Collecting metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) documentation. You will be able to collect its metrics from `https://matrix.DOMAIN/metrics/postgres-exporter`. **If you're using Synapse** and would like to collect its metrics from an external Prometheus server, you may find that: diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 703c03b2..956b0573 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -13,7 +13,7 @@ matrix_prometheus_enabled: true prometheus_node_exporter_enabled: true # You can remove this, if unnecessary. -matrix_prometheus_postgres_exporter_enabled: true +prometheus_postgres_exporter_enabled: true # You can remove this, if unnecessary. matrix_prometheus_nginxlog_exporter_enabled: true @@ -41,7 +41,7 @@ Name | Description -----|---------- `matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about. `prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures -`matrix_prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. +`prometheus_postgres_exporter_enabled`|[Postgres Exporter](configuring-playbook-prometheus-postgres.md) is an addon of sorts to expose Postgres database metrics to Prometheus. `matrix_prometheus_nginxlog_exporter_enabled`|[NGINX Log Exporter](configuring-playbook-prometheus-nginxlog.md) is an addon of sorts to expose NGINX logs to Prometheus. `matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.` subdomain) the dashboards with the graphs that we're interested in `matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option. @@ -76,9 +76,9 @@ Name | Description `matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) `matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) -`matrix_prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) +`prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) -`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index 6fd13a9e..c3c8e0bf 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -6,17 +6,17 @@ You can enable this with the following settings in your configuration file (`inv ```yaml -matrix_prometheus_postgres_exporter_enabled: true +prometheus_postgres_exporter_enabled: true ``` ## What does it do? Name | Description -----|---------- -`matrix_prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' -`matrix_prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' -`matrix_prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook -`matrix_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' +`prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' +`prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook +`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2a8b2443..6d096dea 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -301,11 +301,11 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-prometheus.service', 'priority': 4000, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-core']}] if matrix_prometheus_enabled else []) + - ([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if prometheus_node_exporter_enabled else []) + ([{'name': (prometheus_node_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if prometheus_node_exporter_enabled else []) + - ([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else []) + ([{'name': (prometheus_postgres_exporter_identifier + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if prometheus_postgres_exporter_enabled else []) + - ([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else []) + ([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else []) + ([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else []) + @@ -2589,10 +2589,10 @@ devture_postgres_managed_databases_auto: | }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == devture_postgres_connection_hostname) else []) + ([{ - 'name': matrix_prometheus_postgres_exporter_database_name, - 'username': matrix_prometheus_postgres_exporter_database_username, - 'password': matrix_prometheus_postgres_exporter_database_password, - }] if (matrix_prometheus_postgres_exporter_enabled and matrix_prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) + 'name': prometheus_postgres_exporter_database_name, + 'username': prometheus_postgres_exporter_database_username, + 'password': prometheus_postgres_exporter_database_password, + }] if (prometheus_postgres_exporter_enabled and prometheus_postgres_exporter_database_hostname == devture_postgres_connection_hostname) else []) }} @@ -2976,6 +2976,45 @@ prometheus_node_exporter_container_labels_traefik_enabled: false # ###################################################################### +###################################################################### +# +# etke/prometheus_postgres_exporter +# +###################################################################### + +prometheus_postgres_exporter_enabled: false + +prometheus_postgres_exporter_identifier: matrix-prometheus-postgres-exporter + +prometheus_postgres_exporter_base_path: "{{ matrix_base_data_path }}/prometheus-postgres-exporter" + +prometheus_postgres_exporter_uid: "{{ matrix_user_uid }}" +prometheus_postgres_exporter_gid: "{{ matrix_user_gid }}" + +prometheus_postgres_exporter_server_fqn: "{{ matrix_server_fqn_matrix }}" + +prometheus_postgres_exporter_container_network: "{{ matrix_docker_network }}" + +prometheus_postgres_exporter_container_labels_traefik_enabled: false + +prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +prometheus_postgres_exporter_database_username: matrix_prometheus_postgres_exporter +prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}" +prometheus_postgres_exporter_database_name: matrix_prometheus_postgres_exporter + +prometheus_postgres_exporter_systemd_required_services_list: | + {{ + ['docker.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + }} + +###################################################################### +# +# /etke/prometheus_postgres_exporter +# +###################################################################### + ###################################################################### # # matrix-prometheus-nginxlog-exporter @@ -3011,8 +3050,8 @@ matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_i matrix_prometheus_scraper_node_enabled: "{{ prometheus_node_exporter_enabled }}" matrix_prometheus_scraper_node_targets: "{{ [prometheus_node_exporter_identifier + ':9100'] if prometheus_node_exporter_enabled else [] }}" -matrix_prometheus_scraper_postgres_enabled: "{{ matrix_prometheus_postgres_exporter_enabled }}" -matrix_prometheus_scraper_postgres_targets: "{{ ['matrix-prometheus-postgres-exporter:'+ matrix_prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}" +matrix_prometheus_scraper_postgres_enabled: "{{ prometheus_postgres_exporter_enabled }}" +matrix_prometheus_scraper_postgres_targets: "{{ [prometheus_postgres_exporter_identifier + ':' + prometheus_postgres_exporter_port | string] if matrix_prometheus_scraper_postgres_enabled else [] }}" matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|default(false) }}" matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}" @@ -3027,29 +3066,6 @@ matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_ # ###################################################################### -###################################################################### -# -# matrix-prometheus-postgres-exporter -# -###################################################################### - -matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" -matrix_prometheus_postgres_exporter_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'prometheus.pg.db', rounds=655555) | to_uuid }}" - -matrix_prometheus_postgres_exporter_systemd_required_services_list: | - {{ - ['docker.service'] - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - }} - -###################################################################### -# -# /matrix-prometheus-postgres-exporter -# -###################################################################### - ###################################################################### # # matrix-grafana @@ -3069,7 +3085,7 @@ matrix_grafana_dashboard_download_urls: | + (prometheus_node_exporter_dashboard_urls if prometheus_node_exporter_enabled else []) + - (matrix_prometheus_postgres_exporter_dashboard_urls if matrix_prometheus_postgres_exporter_enabled else []) + (prometheus_postgres_exporter_dashboard_urls if prometheus_postgres_exporter_enabled else []) + (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else []) }} @@ -3083,13 +3099,6 @@ matrix_grafana_default_home_dashboard_path: |- }[matrix_homeserver_implementation] }} -matrix_grafana_systemd_wanted_services_list: | - {{ - [] - + - (['matrix-prometheus-postgres-exporter.service'] if matrix_prometheus_postgres_exporter_enabled else []) - }} - ###################################################################### # # /matrix-grafana diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 5190521e..7be0d629 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -87,7 +87,7 @@ - custom/matrix-conduit - custom/matrix-synapse-admin - galaxy/prometheus_node_exporter - - custom/matrix-prometheus-postgres-exporter + - galaxy/prometheus_postgres_exporter - custom/matrix-prometheus-nginxlog-exporter - custom/matrix-prometheus - custom/matrix-grafana diff --git a/requirements.yml b/requirements.yml index 8ffa99d5..69b09cac 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,3 +32,6 @@ - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.5.0-1 + +- src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git + version: v0.11.1-0 diff --git a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml deleted file mode 100644 index 78481a32..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics -# Project source code URL: https://github.com/prometheus-community/postgres_exporter - -matrix_prometheus_postgres_exporter_enabled: false - -matrix_prometheus_postgres_exporter_version: v0.11.1 -matrix_prometheus_postgres_exporter_port: 9187 - -matrix_prometheus_postgres_exporter_docker_image: "{{ matrix_prometheus_postgres_exporter_docker_image_name_prefix }}prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" -matrix_prometheus_postgres_exporter_docker_image_name_prefix: "quay.io/" -matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_prometheus_postgres_exporter_docker_image.endswith(':latest') }}" - -# A list of extra arguments to pass to the container -matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true", - "-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{ matrix_prometheus_postgres_exporter_port }}\"", - "-e DATA_SOURCE_NAME=\"postgresql://{{ matrix_prometheus_postgres_exporter_database_username }}:{{ matrix_prometheus_postgres_exporter_database_password }}@{{ matrix_prometheus_postgres_exporter_database_hostname }}:5432/{{ matrix_prometheus_postgres_exporter_database_name }}?sslmode=disable\""] - -# List of systemd services that matrix-prometheus-postgres-exporter.service depends on -matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service'] - -# List of systemd services that matrix-prometheus-postgres-exporter.service wants -matrix_prometheus_postgres_exporter_systemd_wanted_services_list: [] - -# details for connecting to the database -matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter' -matrix_prometheus_postgres_exporter_database_password: 'some-password' -matrix_prometheus_postgres_exporter_database_hostname: '' -matrix_prometheus_postgres_exporter_database_port: 5432 -matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter' - -# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. -matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false - -# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). -# -# Takes an ":" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose. -# -# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. -# -# Official recommendations are to run this container with `--net=host`, -# but we don't do that, since it: -# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008) -# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`) -# -# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both, -# but that's trickier to accomplish and won't necessarily work (hasn't been tested). -# -# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate), -# because node-exporter can't see all interfaces, etc. -# For now, we'll live with that, until someone develops a better solution. -matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' - -# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. -# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" -# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used -# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) -matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" - -# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. -# If the Grafana role is enabled, these dashboards will be downloaded. -matrix_prometheus_postgres_exporter_dashboard_urls: - - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml deleted file mode 100644 index 7ff6d15a..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- - -- block: - - when: matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_metrics_proxying_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" - tags: - - setup-all - - setup-nginx-proxy - - install-all - - install-nginx-proxy - -- block: - - when: matrix_prometheus_postgres_exporter_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" - - - when: matrix_prometheus_postgres_exporter_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" - tags: - - setup-all - - setup-prometheus-postgres-exporter - - install-all - - install-prometheus-postgres-exporter - -- block: - - when: not matrix_prometheus_postgres_exporter_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - tags: - - setup-all - - setup-prometheus-postgres-exporter diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml deleted file mode 100644 index ee0f9bef..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Ensure matrix-prometheus-postgres-exporter image is pulled - community.docker.docker_image: - name: "{{ matrix_prometheus_postgres_exporter_docker_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - -- name: Ensure matrix-prometheus-postgres-exporter.service installed - ansible.builtin.template: - src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2" - dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - mode: 0644 - register: matrix_prometheus_postgres_exporter_systemd_service_result diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml deleted file mode 100644 index bdf72042..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Check existence of matrix-prometheus-postgres-exporter service - ansible.builtin.stat: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - register: matrix_prometheus_postgres_exporter_service_stat - -- when: matrix_prometheus_postgres_exporter_service_stat.stat.exists | bool - block: - - name: Ensure matrix-prometheus-postgres-exporter is stopped - ansible.builtin.service: - name: matrix-prometheus-postgres-exporter - state: stopped - enabled: false - daemon_reload: true - - - name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist - ansible.builtin.file: - path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service" - state: absent diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml deleted file mode 100644 index 6acf784f..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Fail if required prometheus-postgres-exporter settings not defined - ansible.builtin.fail: - msg: > - You need to define a required configuration setting (`{{ item }}`). - when: "vars[item] == ''" - with_items: - - matrix_prometheus_postgres_exporter_database_hostname diff --git a/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 b/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 deleted file mode 100644 index 5c3fbac6..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: "True" -[Unit] -Description=matrix-prometheus-postgres-exporter -{% for service in matrix_prometheus_postgres_exporter_systemd_required_services_list %} -Requires={{ service }} -After={{ service }} -{% endfor %} -{% for service in matrix_prometheus_postgres_exporter_systemd_wanted_services_list %} -Wants={{ service }} -{% endfor %} -DefaultDependencies=no - -[Service] -Type=simple -Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' - - -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --read-only \ - {% for arg in matrix_prometheus_postgres_exporter_container_extra_arguments %} - {{ arg }} \ - {% endfor %} - --network={{ matrix_docker_network }} \ - {% if matrix_prometheus_postgres_exporter_container_http_host_bind_port %} - -p {{ matrix_prometheus_postgres_exporter_container_http_host_bind_port }}:{{matrix_prometheus_postgres_exporter_port}} \ - {% endif %} - --pid=host \ - {{ matrix_prometheus_postgres_exporter_docker_image }} - -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true' -ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true' -Restart=always -RestartSec=30 -SyslogIdentifier=matrix-prometheus-postgres-exporter - -[Install] -WantedBy=multi-user.target diff --git a/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml b/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml deleted file mode 100644 index aed3b216..00000000 --- a/roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`, -# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') -matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}" diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml index 5799d053..30ef2c13 100644 --- a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml @@ -13,3 +13,15 @@ matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxyi # If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used # Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_node_exporter_container_http_host_bind_port else (prometheus_node_exporter_container_http_host_bind_port if prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + + +# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled: false + +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_postgres_exporter_container_http_host_bind_port else (prometheus_postgres_exporter_container_http_host_bind_port if prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml index 7f35a318..e5654688 100644 --- a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml @@ -17,3 +17,12 @@ - setup-nginx-proxy - install-all - install-nginx-proxy + +- block: + - when: prometheus_node_exporter_enabled | bool and matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml" + tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy diff --git a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml similarity index 51% rename from roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml rename to roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml index 121efc17..34796081 100644 --- a/roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml @@ -1,25 +1,16 @@ --- -- name: Fail if matrix-nginx-proxy role already executed - ansible.builtin.fail: - msg: >- - Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy, - but it's pointless since the matrix-nginx-proxy role had already executed. - To fix this, please change the order of roles in your playbook, - so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role. - when: matrix_nginx_proxy_role_executed | default(False) | bool - - name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) ansible.builtin.set_fact: - matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: | + matrix_prometheus_services_proxy_connect_postgres_exporter_nginx_metrics_configuration_block: | location /metrics/postgres-exporter { {% if matrix_nginx_proxy_enabled | default(False) %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; - set $backend "matrix-prometheus-postgres-exporter:9187"; + set $backend "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port }}"; proxy_pass http://$backend/metrics; - {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} - proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; + {% elif matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} @@ -31,5 +22,5 @@ {{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + - [matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block] + [matrix_prometheus_services_proxy_connect_postgres_exporter_nginx_metrics_configuration_block] }} diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml index b553160a..496c4c75 100644 --- a/roles/custom/matrix_playbook_migration/defaults/main.yml +++ b/roles/custom/matrix_playbook_migration/defaults/main.yml @@ -2,3 +2,6 @@ # Controls if (`matrix_prometheus_node_exporter` -> `prometheus_node_exporter`) validation will run. matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled: true + +# Controls if (`matrix_prometheus_postgres_exporter` -> `prometheus_postgres_exporter`) validation will run. +matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_validation_enabled: true diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 5d22e4bf..b04c9e0e 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -35,6 +35,7 @@ - {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'} - {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'} - {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'} + - {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'} - name: (Deprecation) Catch and report matrix_postgres variables ansible.builtin.fail: @@ -64,3 +65,18 @@ Please change your configuration (vars.yml) to rename all variables (`matrix_prometheus_node_exporter_` -> `prometheus_node_exporter_`). We found usage of the following variables: {{ matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars.keys() | join(', ') }} when: "matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars | length > 0" + +- when: matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_validation_enabled | bool + block: + - ansible.builtin.set_fact: + matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars: |- + {{ vars | dict2items | selectattr('key', 'match', 'matrix_prometheus_postgres_exporter_.*') | list | items2dict }} + + - name: (Deprecation) Catch and report matrix_prometheus_postgres_exporter variables + ansible.builtin.fail: + msg: >- + The matrix-prometheus-postgres-exporter role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter. + The new role is compatible with the old one, but uses different names for its variables. + Please change your configuration (vars.yml) to rename all variables (`matrix_prometheus_postgres_exporter_` -> `prometheus_postgres_exporter_`). + We found usage of the following variables: {{ matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars.keys() | join(', ') }} + when: "matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars | length > 0" From 045ed94d43fbaa63befc3f2a863311b86b02c56c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 5 Feb 2023 10:54:51 +0200 Subject: [PATCH 120/143] Upgrade prometheus_postgres_exporter (v0.11.1-0 -> v0.11.1-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 69b09cac..02521cbc 100644 --- a/requirements.yml +++ b/requirements.yml @@ -34,4 +34,4 @@ version: v1.5.0-1 - src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git - version: v0.11.1-0 + version: v0.11.1-1 From e018663ba4f2721f58dacad58a23da9b776c5fff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Feb 2023 08:38:43 +0200 Subject: [PATCH 121/143] Attach ma1sd/nginx-proxy/synapse-reverse-proxy-companion to additional networks in a better way Switching from doing "post-start" loop hacks to running the container in 3 steps: `create` + potentially connect to additional networks + `start`. This way, the container would be connected to all its networks even at the very beginning of its life. --- .../templates/systemd/matrix-ma1sd.service.j2 | 8 ++++++-- .../templates/systemd/matrix-nginx-proxy.service.j2 | 8 ++++++-- .../matrix-synapse-reverse-proxy-companion.service.j2 | 6 ++++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index 19bd5720..55505ab6 100644 --- a/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -18,7 +18,9 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ma1sd \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-ma1sd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -39,9 +41,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_ma1sd_docker_image }} {% for network in matrix_ma1sd_container_additional_networks %} -ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-ma1sd; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd {% endfor %} +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ma1sd + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 0a7e9052..e6c94132 100755 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -16,7 +16,9 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-nginx-proxy \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ + --rm \ + --name=matrix-nginx-proxy \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -48,9 +50,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_nginx_proxy_docker_image }} {% for network in matrix_nginx_proxy_container_additional_networks %} -ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-nginx-proxy; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy {% endfor %} +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-nginx-proxy + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 index 2b548ef8..125d7f49 100755 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2 @@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ --name=matrix-synapse-reverse-proxy-companion \ --log-driver=none \ @@ -39,9 +39,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ {{ matrix_synapse_reverse_proxy_companion_container_image }} {% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %} -ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-synapse-reverse-proxy-companion; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name' +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-reverse-proxy-companion {% endfor %} +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-reverse-proxy-companion + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true' ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload From 4d6a8d049d7436a8c487661f67f57c6b92da0e21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Feb 2023 08:48:11 +0200 Subject: [PATCH 122/143] Add matrix_nginx_proxy_container_network variable --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 4 ++++ .../templates/bin/lets-encrypt-certificates-renew.j2 | 2 +- .../templates/systemd/matrix-nginx-proxy.service.j2 | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 6fbc019e..2861084d 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -21,6 +21,10 @@ matrix_nginx_proxy_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-nginx-proxy.service wants matrix_nginx_proxy_systemd_wanted_services_list: [] +# The base container network. +# Also see: matrix_nginx_proxy_container_additional_networks +matrix_nginx_proxy_container_network: "{{ matrix_docker_network }}" + # A list of additional container networks that matrix-nginx-proxy would be connected to. # The playbook does not create these networks, so make sure they already exist. # diff --git a/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 index 89113629..5f235ea2 100644 --- a/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 @@ -12,7 +12,7 @@ docker run \ --name=matrix-certbot \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ - --network="{{ matrix_docker_network }}" \ + --network="{{ matrix_nginx_proxy_container_network }}" \ -p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \ --mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \ --mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \ diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index e6c94132..301eb9d5 100755 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -24,7 +24,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_nginx_proxy_container_network }} \ {% if matrix_nginx_proxy_container_http_host_bind_port %} -p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \ {% endif %} From 5de5b5c62c5efe9e71e225e673c72932177f95f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Feb 2023 09:49:15 +0200 Subject: [PATCH 123/143] Upgrade prometheus_postgres_exporter (v0.11.1-1 -> v0.11.1-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 02521cbc..d580dbde 100644 --- a/requirements.yml +++ b/requirements.yml @@ -34,4 +34,4 @@ version: v1.5.0-1 - src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git - version: v0.11.1-1 + version: v0.11.1-2 From 946bbe9734a0b045285e738d5ab52a44d061ab71 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 6 Feb 2023 09:54:34 +0200 Subject: [PATCH 124/143] Upgrade prometheus_node_exporter (v1.5.0-1 -> v1.5.0-2) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index d580dbde..4797423d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -31,7 +31,7 @@ version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6 - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git - version: v1.5.0-1 + version: v1.5.0-2 - src: git+https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.git version: v0.11.1-2 From 66baef5bf6c1dc89580204f5e5368b346e0c80c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 7 Feb 2023 08:48:50 +0200 Subject: [PATCH 125/143] Fix matrix-synapse-reverse-proxy-companion.service stopping during uninstallation Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2444 --- .../tasks/setup_uninstall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml index bb1b534c..7b820b35 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml @@ -9,7 +9,7 @@ block: - name: Ensure matrix-synapse-reverse-proxy-companion.service is stopped ansible.builtin.service: - name: matrix_synapse_reverse_proxy_companion_service_stat + name: matrix-synapse-reverse-proxy-companion state: stopped enabled: false daemon_reload: true From 6c17671abd3e152300609a6abf5851d421637aa1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 7 Feb 2023 10:45:19 +0200 Subject: [PATCH 126/143] Upgrade synapse-admin (0.8.6 -> 0.8.7) and drop reverse-proxy workaround Related to 6a31fba346d9da434, 6a31fba346d9d. Related to https://github.com/Awesome-Technologies/synapse-admin/issues/322 --- roles/custom/matrix-synapse-admin/defaults/main.yml | 2 +- .../tasks/inject_into_nginx_proxy.yml | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index ae77a570..0f5c7af6 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.6 +matrix_synapse_admin_version: 0.8.7 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" diff --git a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml index 2c25ff47..6a4af859 100644 --- a/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-synapse-admin/tasks/inject_into_nginx_proxy.yml @@ -24,15 +24,6 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:8766/$1; {% endif %} - - {# - Workaround synapse-admin serving all assets at /static. - See: https://github.com/Awesome-Technologies/synapse-admin/issues/322 - #} - sub_filter_once off; - sub_filter "/static/" "{{ matrix_synapse_admin_public_endpoint }}/static/"; - sub_filter "/favicon.ico" "{{ matrix_synapse_admin_public_endpoint }}/favicon.ico"; - sub_filter "/manifest.json" "{{ matrix_synapse_admin_public_endpoint }}/manifest.json"; } - name: Register Synapse Admin proxying configuration with matrix-nginx-proxy From 2eb2ad0ad72780883e0c57ade07bbe5ea9d44f05 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 7 Feb 2023 09:06:00 +0000 Subject: [PATCH 127/143] Update heisenbridge 1.14.1 -> 1.14.2 --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index d51bb913..ba5471cc 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.1 +matrix_heisenbridge_version: 1.14.2 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 49a1985750aa38786935ec4a70d504199e7831ce Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Feb 2023 16:45:52 +0200 Subject: [PATCH 128/143] Fix Postmoogle systemd service description --- .../templates/systemd/matrix-bot-postmoogle.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 index f2610600..ab1177f6 100644 --- a/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 +++ b/roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix helpdesk bot +Description=Matrix Postmoogle bot {% for service in matrix_bot_postmoogle_systemd_required_services_list %} Requires={{ service }} After={{ service }} From 563cf1a4bafcfe84d3166133e6ed41140949d050 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 16:44:12 +0100 Subject: [PATCH 129/143] Initial commit for draupnir. main.yml is not included due to that its changed separately. --- .../custom/matrix-bot-draupnir/tasks/main.yml | 20 ++ .../tasks/setup_install.yml | 74 ++++++ .../tasks/setup_uninstall.yml | 25 ++ .../tasks/validate_config.yml | 9 + .../templates/production.yaml.j2 | 246 ++++++++++++++++++ .../systemd/matrix-bot-mjolnir.service.j2 | 42 +++ 6 files changed, 416 insertions(+) create mode 100644 roles/custom/matrix-bot-draupnir/tasks/main.yml create mode 100644 roles/custom/matrix-bot-draupnir/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bot-draupnir/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 create mode 100644 roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 diff --git a/roles/custom/matrix-bot-draupnir/tasks/main.yml b/roles/custom/matrix-bot-draupnir/tasks/main.yml new file mode 100644 index 00000000..686fe298 --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- block: + - when: matrix_bot_draupnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_bot_draupnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + tags: + - setup-all + - setup-bot-draupnir + - install-all + - install-bot-draupnir + +- block: + - when: not matrix_bot_draupnir_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + tags: + - setup-all + - setup-bot-draupnir diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml new file mode 100644 index 00000000..4808f71f --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_install.yml @@ -0,0 +1,74 @@ +--- + +- ansible.builtin.set_fact: + matrix_bot_draupnir_requires_restart: false + +- name: Ensure matrix-bot-draupnir paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_bot_draupnir_base_path }}", when: true} + - {path: "{{ matrix_bot_draupnir_config_path }}", when: true} + - {path: "{{ matrix_bot_draupnir_data_path }}", when: true} + - {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"} + when: "item.when | bool" + +- name: Ensure draupnir Docker image is pulled + community.docker.docker_image: + name: "{{ matrix_bot_draupnir_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}" + when: "not matrix_bot_draupnir_container_image_self_build | bool" + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure draupnir repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}" + dest: "{{ matrix_bot_draupnir_docker_src_files_path }}" + version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_bot_draupnir_git_pull_results + when: "matrix_bot_draupnir_container_image_self_build | bool" + +- name: Ensure draupnir Docker image is built + community.docker.docker_image: + name: "{{ matrix_bot_draupnir_docker_image }}" + source: build + force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_bot_draupnir_docker_src_files_path }}" + pull: true + when: "matrix_bot_draupnir_container_image_self_build | bool" + +- name: Ensure matrix-bot-draupnir config installed + ansible.builtin.copy: + content: "{{ matrix_bot_draupnir_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_bot_draupnir_config_path }}/production.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-bot-draupnir.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-bot-draupnir.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service" + mode: 0644 + register: matrix_bot_draupnir_systemd_service_result + +- name: Ensure matrix-bot-draupnir.service restarted, if necessary + ansible.builtin.service: + name: "matrix-bot-draupnir.service" + state: restarted + daemon_reload: true + when: "matrix_bot_draupnir_requires_restart | bool" diff --git a/roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml b/roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml new file mode 100644 index 00000000..10583a0b --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-bot-draupnir service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service" + register: matrix_bot_draupnir_service_stat + +- when: matrix_bot_draupnir_service_stat.stat.exists | bool + block: + - name: Ensure matrix-bot-draupnir is stopped + ansible.builtin.service: + name: matrix-bot-draupnir + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-bot-draupnir.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service" + state: absent + + - name: Ensure matrix-bot-draupnir paths don't exist + ansible.builtin.file: + path: "{{ matrix_bot_draupnir_base_path }}" + state: absent diff --git a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml new file mode 100644 index 00000000..b3828189 --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml @@ -0,0 +1,9 @@ +--- + +- name: Fail if required variables are undefined + ansible.builtin.fail: + msg: "The `{{ item }}` variable must be defined and have a non-null value." + with_items: + - "matrix_bot_draupnir_access_token" + - "matrix_bot_draupnir_management_room" + when: "vars[item] == '' or vars[item] is none" diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 new file mode 100644 index 00000000..06d88f48 --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -0,0 +1,246 @@ +# Endpoint URL that draupnir uses to interact with the matrix homeserver (client-server API), +# set this to the pantalaimon URL if you're using that. +homeserverUrl: "{{ matrix_homeserver_url }}" + +# Endpoint URL that draupnir could use to fetch events related to reports (client-server API and /_synapse/), +# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL. +rawHomeserverUrl: "{{ matrix_homeserver_url }}" + +# Matrix Access Token to use, draupnir will only use this if pantalaimon.use is false. +accessToken: "{{ matrix_bot_draupnir_access_token }}" + +# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon) +#pantalaimon: +# # Whether or not draupnir will use pantalaimon to access the matrix homeserver, +# # set to `true` if you're using pantalaimon. +# # +# # Be sure to point homeserverUrl to the pantalaimon instance. +# # +# # draupnir will log in using the given username and password once, +# # then store the resulting access token in a file under dataPath. +# use: false +# +# # The username to login with. +# username: draupnir +# +# # The password draupnir will login with. +# # +# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup. +# password: your_password + +# The path draupnir will store its state/data in, leave default ("/data/storage") when using containers. +dataPath: "/data" + +# If true (the default), draupnir will only accept invites from users present in managementRoom. +autojoinOnlyIfManager: true + +# If `autojoinOnlyIfManager` is false, only the members in this space can invite +# the bot to new rooms. +#acceptInvitesFromSpace: "!example:example.org" + +# Whether draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true). +recordIgnoredInvites: false + +# The room ID (or room alias) of the management room, anyone in this room can issue commands to draupnir. +# +# draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it! +# +# This should be a room alias or room ID - not a matrix.to URL. +# +# Note: By default, draupnir is fairly verbose - expect a lot of messages in this room. +# (see verboseLogging to adjust this a bit.) +managementRoom: "{{ matrix_bot_draupnir_management_room }}" + +# Whether draupnir should log a lot more messages in the room, +# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room. +verboseLogging: false + +# The log level of terminal (or container) output, +# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity. +# +# This should be at INFO or DEBUG in order to get support for draupnir problems. +logLevel: "INFO" + +# Whether or not draupnir should synchronize policy lists immediately after startup. +# Equivalent to running '!draupnir sync'. +syncOnStartup: true + +# Whether or not draupnir should check moderation permissions in all protected rooms on startup. +# Equivalent to running `!draupnir verify`. +verifyPermissionsOnStartup: true + +# Whether or not draupnir should actually apply bans and policy lists, +# turn on to trial some untrusted configuration or lists. +noop: false + +# Whether draupnir should check member lists quicker (by using a different endpoint), +# keep in mind that enabling this will miss invited (but not joined) users. +# +# Turn on if your bot is in (very) large rooms, or in large amounts of rooms. +fasterMembershipChecks: false + +# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for. +# +# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list, +# it will also remove the user's messages automatically. +# +# Typically this is useful to avoid having to give two commands to the bot. +# Advanced: Use asterisks to have the reason match using "globs" +# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting"). +# +# See here for more info: https://www.digitalocean.com/community/tools/glob +# Note: Keep in mind that glob is NOT regex! +automaticallyRedactForReasons: + - "spam" + - "advertising" + +# A list of rooms to protect. draupnir will add this to the list it knows from its account data. +# +# It won't, however, add it to the account data. +# Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes. +# +# Note: These must be matrix.to URLs +#protectedRooms: +# - "https://matrix.to/#/#yourroom:example.org" + +# Whether or not to add all joined rooms to the "protected rooms" list +# (excluding the management room and watched policy list rooms, see below). +# +# Note that this effectively makes the protectedRooms and associated commands useless +# for regular rooms. +# +# Note: the management room is *excluded* from this condition. +# Explicitly add it as a protected room to protect it. +# +# Note: Ban list rooms the bot is watching but didn't create will not be protected. +# Explicitly add these rooms as a protected room list if you want them protected. +protectAllJoinedRooms: false + +# Increase this delay to have Mjölnir wait longer between two consecutive backgrounded +# operations. The total duration of operations will be longer, but the homeserver won't +# be affected as much. Conversely, decrease this delay to have Mjölnir chain operations +# faster. The total duration of operations will generally be shorter, but the performance +# of the homeserver may be more impacted. +backgroundDelayMS: 500 + +# Server administration commands, these commands will only work if draupnir is +# a global server administrator, and the bot's server is a Synapse instance. +#admin: +# # Whether or not draupnir can temporarily take control of any eligible account from the local homeserver who's in the room +# # (with enough permissions) to "make" a user an admin. +# # +# # This only works if a local user with enough admin permissions is present in the room. +# enableMakeRoomAdminCommand: false + +# Misc options for command handling and commands +commands: + # Whether or not the `!draupnir` prefix is necessary to submit commands. + # + # If `true`, will allow commands like `!ban`, `!help`, etc. + # + # Note: draupnir can also be pinged by display name instead of having to use + # the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org" + # will address only my_moderator_bot. + allowNoPrefix: false + + # Any additional bot prefixes that draupnir will listen to. i.e. adding `mod` will allow `!mod help`. + additionalPrefixes: + - "draupnir_bot" + + # Whether or not commands with a wildcard (*) will require an additional `--force` argument + # in the command to be able to be submitted. + confirmWildcardBan: true + +# Configuration specific to certain toggle-able protections +#protections: +# # Configuration for the wordlist plugin, which can ban users based if they say certain +# # blocked words shortly after joining. +# wordlist: +# # A list of case-insensitive keywords that the WordList protection will watch for from new users. +# # +# # WordList will ban users who use these words when first joining a room, so take caution when selecting them. +# # +# # For advanced usage, regex can also be used, see the following links for more information; +# # - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions +# # - https://regexr.com/ +# # - https://regexone.com/ +# words: +# - "LoReM" +# - "IpSuM" +# - "DoLoR" +# - "aMeT" +# +# # For how long (in minutes) the user is "new" to the WordList plugin. +# # +# # After this time, the user will no longer be banned for using a word in the above wordlist. +# # +# # Set to zero to disable the timeout and make users *always* appear "new". +# # (users will always be banned if they say a bad word) +# minutesBeforeTrusting: 20 + +# Options for advanced monitoring of the health of the bot. +health: + # healthz options. These options are best for use in container environments + # like Kubernetes to detect how healthy the service is. The bot will report + # that it is unhealthy until it is able to process user requests. Typically + # this means that it'll flag itself as unhealthy for a number of minutes + # before saying "Now monitoring rooms" and flagging itself healthy. + # + # Health is flagged through HTTP status codes, defined below. + healthz: + # Whether the healthz integration should be enabled (default false) + enabled: false + + # The port to expose the webserver on. Defaults to 8080. + port: 8080 + + # The address to listen for requests on. Defaults to all addresses. + address: "0.0.0.0" + + # The path to expose the monitoring endpoint at. Defaults to `/healthz` + endpoint: "/healthz" + + # The HTTP status code which reports that the bot is healthy/ready to + # process requests. Typically this should not be changed. Defaults to + # 200. + healthyStatus: 200 + + # The HTTP status code which reports that the bot is not healthy/ready. + # Defaults to 418. + unhealthyStatus: 418 + +# Options for exposing web APIs. +#web: +# # Whether to enable web APIs. +# enabled: false +# +# # The port to expose the webserver on. Defaults to 8080. +# port: 8080 +# +# # The address to listen for requests on. Defaults to only the current +# # computer. +# address: localhost +# +# # Alternative setting to open to the entire web. Be careful, +# # as this will increase your security perimeter: +# # +# # address: "0.0.0.0" +# +# # A web API designed to intercept Matrix API +# # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId} +# # and display readable abuse reports in the moderation room. +# # +# # If you wish to take advantage of this feature, you will need +# # to configure a reverse proxy, see e.g. test/nginx.conf +# abuseReporting: +# # Whether to enable this feature. +# enabled: false + +# Whether or not to actively poll synapse for abuse reports, to be used +# instead of intercepting client calls to synapse's abuse endpoint, when that +# isn't possible/practical. +pollReports: false + +# Whether or not new reports, received either by webapi or polling, +# should be printed to our managementRoom. +displayReports: false diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 new file mode 100644 index 00000000..6995bcc3 --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Draupnir bot +{% for service in matrix_bot_draupnir_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_draupnir_systemd_required_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-draupnir \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \ + --mount type=bind,src={{ matrix_bot_draupnir_data_path }},dst=/data \ + {% for arg in matrix_bot_draupnir_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_draupnir_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-draupnir + +[Install] +WantedBy=multi-user.target From 78b1ebd5af15d4acdc3e69a9cf3539cb3452a49c Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 16:44:30 +0100 Subject: [PATCH 130/143] commit main.yml for draupnir and set target ver to develop --- .../matrix-bot-draupnir/defaults/main.yml | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 roles/custom/matrix-bot-draupnir/defaults/main.yml diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml new file mode 100644 index 00000000..cafba72d --- /dev/null +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -0,0 +1,59 @@ +--- +# A moderation tool for Matrix +# Project source code URL: https://github.com/Gnuxie/Draupnir + +matrix_bot_draupnir_enabled: true + +matrix_bot_draupnir_version: "develop" + +matrix_bot_draupnir_container_image_self_build: false +matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" + +matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}" +matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}" + +matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir" +matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config" +matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data" +matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src" + +# A list of extra arguments to pass to the container +matrix_bot_draupnir_container_extra_arguments: [] + +# List of systemd services that matrix-bot-draupnir.service depends on +matrix_bot_draupnir_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-draupnir.service wants +matrix_bot_draupnir_systemd_wanted_services_list: [] + +# The access token for the bot user +matrix_bot_draupnir_access_token: "" + +# The room ID where people can use the bot. The bot has no access controls, so +# anyone in this room can use the bot - secure your room! +# This should be a room alias or room ID - not a matrix.to URL. +# Note: draupnir is fairly verbose - expect a lot of messages from it. +matrix_bot_draupnir_management_room: "" + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_bot_draupnir_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_bot_draupnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}" + +matrix_bot_draupnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_draupnir_configuration_yaml`. + +matrix_bot_draupnir_configuration_extension: "{{ matrix_bot_draupnir_configuration_extension_yaml | from_yaml if matrix_bot_draupnir_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_bot_draupnir_configuration_yaml`. +matrix_bot_draupnir_configuration: "{{ matrix_bot_draupnir_configuration_yaml | from_yaml | combine(matrix_bot_draupnir_configuration_extension, recursive=True) }}" From 9092d4bb6b6348b9c7ad068f308f52392ba0e104 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 17:02:59 +0100 Subject: [PATCH 131/143] Push draupnir version from develop to v1.80.0-beta.0 --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index cafba72d..f0aa4da8 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "develop" +matrix_bot_draupnir_version: "v1.80.0-beta.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" From c71567477a0fb762dae6e56938c682b21e25e99e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Feb 2023 18:48:01 +0200 Subject: [PATCH 132/143] Stop using deprecated matrix_bot_postmoogle_domain variable in group vars --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6d096dea..162d6ccc 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2306,7 +2306,7 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + - ([matrix_bot_postmoogle_domain] if matrix_bot_postmoogle_enabled else []) + (matrix_bot_postmoogle_domains if matrix_bot_postmoogle_enabled else []) + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + From 7b42ff4b759afc031cce73218d7199573483e87c Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 18:55:08 +0100 Subject: [PATCH 133/143] Finalise moving draupnir to a fully testable state. --- group_vars/matrix_servers | 30 ++++++++++++++++++++++++++++++ playbooks/matrix.yml | 1 + 2 files changed, 31 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6d096dea..1c0a14e4 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -189,6 +189,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-bot-mjolnir.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'mjolnir']}] if matrix_bot_mjolnir_enabled else []) + + ([{'name': 'matrix-bot-draupnir.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'draupnir']}] if matrix_bot_draupnir_enabled else []) + + ([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else []) + ([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt']}] if matrix_bot_chatgpt_enabled else []) @@ -1759,6 +1761,34 @@ matrix_bot_mjolnir_systemd_required_services_list: | # ###################################################################### +###################################################################### +# +# matrix-bot-draupnir +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_draupnir_enabled: false + +matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" + +matrix_bot_draupnir_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +###################################################################### +# +# /matrix-bot-draupnir +# +###################################################################### + ###################################################################### # # matrix-backup-borg diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 7be0d629..90678454 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -79,6 +79,7 @@ - custom/matrix-bot-postmoogle - custom/matrix-bot-go-neb - custom/matrix-bot-mjolnir + - custom/matrix-bot-draupnir - custom/matrix-bot-chatgpt - custom/matrix-cactus-comments - custom/matrix-synapse From 79a4e57fbdf9d900e3753bc0cea595c2a5e02bfc Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 18:55:27 +0100 Subject: [PATCH 134/143] Add draupnir docs. --- docs/configuring-playbook-bot-draupnir.md | 114 ++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 docs/configuring-playbook-bot-draupnir.md diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md new file mode 100644 index 00000000..cbec1c4f --- /dev/null +++ b/docs/configuring-playbook-bot-draupnir.md @@ -0,0 +1,114 @@ +# Setting up draupnir (optional) + +The playbook can install and configure the [draupnir](https://github.com/Gnuxie/Draupnir) moderation bot for you. + +See the project's [documentation](https://github.com/Gnuxie/Draupnir) to learn what it does and why it might be useful to you. + +If your migrating from Mjolnir skip to step 5b. + +## 1. Register the bot account + +The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver. + +You **need to register the bot user manually** before setting up the bot. + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.draupnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +If you would like draupnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above. + + +## 2. Get an access token + +Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). + + +## 3. Make sure the account is free from rate limiting + +You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. + +1. Copy the statement below into a text editor. + + ``` + INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0); + ``` + +1. Change the username (`@bot.draupnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain. + +1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal) + +1. Connect to Synapse's database by typing `\connect synapse` into the database terminal + +1. Paste in the `INSERT INTO` command that you edited and press enter. + +You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this: + +``` + user_id | messages_per_second | burst_count +-----------------------+---------------------+------------- + @bot.draupnir:raim.ist | 0 | 0` +``` +then you did it correctly. + + +## 4. Create a management room + +Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet. + +Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`. + +Finally invite the `@bot.draupnir:DOMAIN` account you created earlier into the room. + + +## 5a. Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values. + +```yaml +matrix_bot_draupnir_enabled: true + +matrix_bot_draupnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE" + +matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" +``` + +## 5b. Migrating from Mjolnir (Only required if migrating.) + +Replace your matrix_bot_mjolnir config with matrix_bot_draupnir config. Also disable mjolnir if your doing migration. +That is all you need to do due to that Draupnir can complete migration on its own. + +## 6. Installing + +After configuring the playbook, run the [installation](installing.md) command: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +You can refer to the upstream [documentation](https://github.com/Gnuxie/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/matrix-org/draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot. + +You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file. + +For example to change draupnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file. + +```yaml +matrix_bot_draupnir_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_draupnir_configuration_yaml`. + recordIgnoredInvites: true +``` From a717590aa5e00e988d1c6db0b72b45a0decf3c31 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 19:53:35 +0100 Subject: [PATCH 135/143] Rename systemd service file from mjolnir to draupnir --- ...trix-bot-mjolnir.service.j2 => matrix-bot-draupnir.service.j2} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/custom/matrix-bot-draupnir/templates/systemd/{matrix-bot-mjolnir.service.j2 => matrix-bot-draupnir.service.j2} (100%) diff --git a/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 b/roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 similarity index 100% rename from roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-mjolnir.service.j2 rename to roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2 From ddcb1735e2671344dec7742b6d5726edfaeeecba Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Wed, 8 Feb 2023 20:05:47 +0100 Subject: [PATCH 136/143] Add draupnir as valid prefix to resolve a bug Current draupnir does not listen to its name. This config change fixes this bug. This bodge is able to be removed once this is fixed upstream. --- roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 index 06d88f48..dcc61b1b 100644 --- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 +++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 @@ -146,6 +146,7 @@ commands: # Any additional bot prefixes that draupnir will listen to. i.e. adding `mod` will allow `!mod help`. additionalPrefixes: - "draupnir_bot" + - "draupnir" # Whether or not commands with a wildcard (*) will require an additional `--force` argument # in the command to be able to be submitted. From 9615855cfa7e86bb3843f5fa2db90a9b3b9a5fc4 Mon Sep 17 00:00:00 2001 From: ntallasv Date: Thu, 9 Feb 2023 14:53:56 +0200 Subject: [PATCH 137/143] update matrix-chatgpt-bot --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 13 +++++++------ .../matrix-bot-chatgpt/tasks/validate_config.yml | 4 +--- roles/custom/matrix-bot-chatgpt/templates/env.j2 | 11 ++++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 324e64ab..489b22c4 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src" -matrix_bot_chatgpt_version: 1.4.1 +matrix_bot_chatgpt_version: 2.2.1 matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}" matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}" matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}" @@ -28,13 +28,14 @@ matrix_bot_chatgpt_systemd_required_services_list: ['docker.service'] matrix_bot_chatgpt_systemd_wanted_services_list: [] # ChatGPT Settings -matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL= -matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD= -matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google" -matrix_bot_chatgpt_openai_pro: false # OPENAI_PRO - +matrix_bot_chatgpt_openai_api_key: '' matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread" +matrix_bot_chatgpt_keyv_backend: 'file' +matrix_bot_chatgpt_keyv_url: '' +matrix_bot_chatgpt_keyv_bot_encryption: false +matrix_bot_chatgpt_keyv_bot_storage: true + # Matrix Static Settings (required, see notes) # Defaults to "https://matrix.org" matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL= diff --git a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml index f68d0e5c..3d30994c 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml @@ -6,7 +6,5 @@ You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] == ''" with_items: - - {'name': 'matrix_bot_chatgpt_openai_email', when: true} - - {'name': 'matrix_bot_chatgpt_openai_password', when: true} - - {'name': 'matrix_bot_chatgpt_openai_login_type', when: true} + - {'name': 'matrix_bot_chatgpt_openai_api_key', when: true} - {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true} diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index faf6be71..40b2f9ff 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -1,13 +1,14 @@ MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }} MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }} -OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }} -OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }} -OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }} -OPENAI_PRO={{ matrix_bot_chatgpt_openai_pro | to_json }} - +OPENAI_API_KEY={{ matrix_bot_chatgpt_openai_api_key }} CHATGPT_CONTEXT={{ matrix_bot_chatgpt_context }} +KEYV_BACKEND={{ matrix_bot_chatgpt_keyv_backend }} +KEYV_URL={{ matrix_bot_chatgpt_keyv_url }} +KEYV_BOT_ENCRYPTION={{ matrix_bot_chatgpt_keyv_bot_encryption|lower }} +KEYV_BOT_STORAGE={{ matrix_bot_chatgpt_keyv_bot_storage|lower }} + # With the @ and :DOMAIN, ie @SOMETHING:DOMAIN MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }} MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }} From d32f80bf29c8fe3750534e0bf14970c3e1160576 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Thu, 9 Feb 2023 17:43:35 +0000 Subject: [PATCH 138/143] Update postmoogle 0.9.11 -> 0.9.12 * fix uploads from incoming emails into matrix threads * fix emails dequeue (account data cleanup) * rewrite recipients handling (Cc, To, etc.) --- roles/custom/matrix-bot-postmoogle/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 48a2b45c..9f3dad24 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git" matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src" -matrix_bot_postmoogle_version: v0.9.11 +matrix_bot_postmoogle_version: v0.9.12 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}" matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}" From b7384866844545756ee356ab0a7706b1a6196891 Mon Sep 17 00:00:00 2001 From: ntallasv Date: Fri, 10 Feb 2023 00:13:31 +0200 Subject: [PATCH 139/143] update validate_config.yml --- .../matrix-bot-chatgpt/tasks/validate_config.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml index 3d30994c..fcf77a8e 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml @@ -6,5 +6,17 @@ You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] == ''" with_items: - - {'name': 'matrix_bot_chatgpt_openai_api_key', when: true} - - {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true} + - { 'name': 'matrix_bot_chatgpt_openai_api_key', when: true } + - { 'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true } + + +- name: Fail if OpenAI configuration not up-to-date. + ansible.builtin.fail: + msg: >- + Your configuration contains a varible that is no longer used. + Please change your configuration to remove the variable (`{{ item.name }}`). + when: "item.name in vars" + with_items: + - { 'name': 'matrix_bot_chatgpt_openai_email' } + - { 'name': 'matrix_bot_chatgpt_openai_password' } + - { 'name': 'matrix_bot_chatgpt_openai_login_type' } From 4221b64a9805a8c9da3a3dc83b5f87a0bf9fe0f3 Mon Sep 17 00:00:00 2001 From: ntallasv Date: Fri, 10 Feb 2023 00:14:09 +0200 Subject: [PATCH 140/143] update configuring-playbook-bot-chatgpt.md --- docs/configuring-playbook-bot-chatgpt.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index eb0c7596..7a006816 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -32,11 +32,8 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. ```yaml matrix_bot_chatgpt_enabled: true -# See instructions on -# https://www.npmjs.com/package/chatgpt -matrix_bot_chatgpt_openai_email: '' -matrix_bot_chatgpt_openai_password: '' -matrix_bot_chatgpt_openai_login_type: google +# Obtain a new API key from https://platform.openai.com/account/api-keys +matrix_bot_chatgpt_openai_api_key: '' # This is the default username # matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt' From f71cd3a760657bff3b89ebf172f83c26f94e5834 Mon Sep 17 00:00:00 2001 From: ntallasv Date: Fri, 10 Feb 2023 00:34:07 +0200 Subject: [PATCH 141/143] fix linting in validate_config.yml --- .../matrix-bot-chatgpt/tasks/validate_config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml index fcf77a8e..ecc2b8d2 100644 --- a/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml @@ -6,8 +6,8 @@ You need to define a required configuration setting (`{{ item.name }}`). when: "item.when | bool and vars[item.name] == ''" with_items: - - { 'name': 'matrix_bot_chatgpt_openai_api_key', when: true } - - { 'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true } + - {'name': 'matrix_bot_chatgpt_openai_api_key', when: true} + - {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true} - name: Fail if OpenAI configuration not up-to-date. @@ -17,6 +17,6 @@ Please change your configuration to remove the variable (`{{ item.name }}`). when: "item.name in vars" with_items: - - { 'name': 'matrix_bot_chatgpt_openai_email' } - - { 'name': 'matrix_bot_chatgpt_openai_password' } - - { 'name': 'matrix_bot_chatgpt_openai_login_type' } + - {'name': 'matrix_bot_chatgpt_openai_email'} + - {'name': 'matrix_bot_chatgpt_openai_password'} + - {'name': 'matrix_bot_chatgpt_openai_login_type'} From 0a15e56641b81801fc72c8aab7da0ca4282447fe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 10 Feb 2023 11:41:44 +0200 Subject: [PATCH 142/143] Fix typo --- docs/configuring-playbook-bot-draupnir.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index cbec1c4f..7626db24 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -81,7 +81,7 @@ matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ## 5b. Migrating from Mjolnir (Only required if migrating.) -Replace your matrix_bot_mjolnir config with matrix_bot_draupnir config. Also disable mjolnir if your doing migration. +Replace your matrix_bot_mjolnir config with matrix_bot_draupnir config. Also disable mjolnir if you're doing migration. That is all you need to do due to that Draupnir can complete migration on its own. ## 6. Installing From 600aaa0bc7db67eff0777d3707f199461d80e749 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 10 Feb 2023 11:52:25 +0200 Subject: [PATCH 143/143] Announce Draupnir support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2451 --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-bot-draupnir.md | 6 +++--- docs/configuring-playbook.md | 2 ++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bb62d8dd..69e932a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-02-10 + +## Draupnir moderation tool (bot) support + +Thanks to [FSG-Cat](https://github.com/FSG-Cat), the playbook can now install and configure the [Draupnir](https://github.com/Gnuxie/Draupnir) moderation tool (bot). Draupnir is a fork of [Mjolnir](docs/configuring-playbook-bot-mjolnir.md) (which the playbook has supported for a long time) maintained by Mjolnir's former lead developer. + +Additional details are available in [Setting up Draupnir](docs/configuring-playbook-bot-draupnir.md). + + # 2023-02-05 ## The matrix-prometheus-postgres-exporter role lives independently now diff --git a/docs/configuring-playbook-bot-draupnir.md b/docs/configuring-playbook-bot-draupnir.md index 7626db24..6704ad65 100644 --- a/docs/configuring-playbook-bot-draupnir.md +++ b/docs/configuring-playbook-bot-draupnir.md @@ -32,7 +32,7 @@ Refer to the documentation on [how to obtain an access token](obtaining-access-t You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step draupnir will crash. This can be done using Synapse's [admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#override-ratelimiting-for-users). This can also be manually done by editing the Synapse database. Manually editing the Synapse database is rarely a good idea. Please ask for help if you are uncomfortable with these steps. -1. Copy the statement below into a text editor. +1. Copy the statement below into a text editor. ``` INSERT INTO ratelimit_override VALUES ('@bot.draupnir:DOMAIN', 0, 0); @@ -81,8 +81,8 @@ matrix_bot_draupnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE" ## 5b. Migrating from Mjolnir (Only required if migrating.) -Replace your matrix_bot_mjolnir config with matrix_bot_draupnir config. Also disable mjolnir if you're doing migration. -That is all you need to do due to that Draupnir can complete migration on its own. +Replace your matrix_bot_mjolnir config with matrix_bot_draupnir config. Also disable mjolnir if you're doing migration. +That is all you need to do due to that Draupnir can complete migration on its own. ## 6. Installing diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index b2724598..9ab50763 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -177,6 +177,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional) +- [Setting up Draupnir](configuring-playbook-bot-draupnir.md) - a moderation tool/bot (optional), forked from Mjolnir and maintained by its former leader developer + - [Setting up Buscarron](configuring-playbook-bot-buscarron.md) - a bot you can use to send any form (HTTP POST, HTML) to a (encrypted) Matrix room (optional)