From 25d3b315de6fff3411f3e05d66e03b4079357e95 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Tue, 14 May 2019 22:38:21 +0200 Subject: [PATCH 1/7] Fix case of the mxisd ldap.connection.baseDNs option in comment --- roles/matrix-mxisd/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index cabf5baa..df2cc78b 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -152,7 +152,7 @@ matrix_mxisd_configuration_extension_yaml: | # host: ldapHostnameOrIp # tls: false # port: 389 - # baseDns: ['OU=Users,DC=example,DC=org'] + # baseDNs: ['OU=Users,DC=example,DC=org'] # bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org # bindPassword: TheUserPassword From 5aa7f637d8b111f012cfaffa3c915ec262023212 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Tue, 14 May 2019 23:09:59 +0200 Subject: [PATCH 2/7] Fix matrix_synapse_ext_password_provider_ldap_start_tls (it's boolean) --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index acc4f94b..0755fb40 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -977,7 +977,7 @@ password_providers: config: enabled: true uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }} - start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|string|to_json }} + start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }} attributes: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} From 66388c1f5beb8e92a864850e517a54e8425dd586 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Wed, 15 May 2019 01:46:22 +0200 Subject: [PATCH 3/7] Provide a sample rest_auth_endpoint close to actual setup --- docs/configuring-playbook-rest-auth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-rest-auth.md b/docs/configuring-playbook-rest-auth.md index c2363ff4..6c3e4189 100644 --- a/docs/configuring-playbook-rest-auth.md +++ b/docs/configuring-playbook-rest-auth.md @@ -8,8 +8,8 @@ If you decide that you'd like to let this playbook install it for you, you need ```yaml matrix_synapse_ext_password_provider_rest_auth_enabled: true -matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://change.me.example.com:12345" +matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-mxisd:8090" matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false -``` \ No newline at end of file +``` From 854cf84aa3329b055d57e86c2aa049cb030df0b8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 May 2019 09:50:25 +0900 Subject: [PATCH 4/7] Upgrade riot-web (1.1.0 -> 1.1.1) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index f38fb98c..629f4649 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.0" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.1" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 6db10ed6f31bea11c40cadf80db9f77069807b75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:09:42 +0900 Subject: [PATCH 5/7] Upgrade riot-web (1.1.1 -> 1.1.2) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 629f4649..7208d1b3 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.1" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.2" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From cf3117011bdf0170bdbbcb892ac2949fa7e4e5f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:20:43 +0900 Subject: [PATCH 6/7] Upgrade Synapse (0.99.3.2 -> 0.99.4) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 66 ++++++++++++++++++- 2 files changed, 64 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e6b70219..5ae62767 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,4 +1,4 @@ -matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2" +matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.4" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 0755fb40..1c889671 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -60,6 +60,20 @@ public_baseurl: https://{{ matrix_server_fqn_matrix }}/ # use_presence: {{ matrix_synapse_use_presence|to_json }} +# Whether to require authentication to retrieve profile data (avatars, +# display names) of other users through the client API. Defaults to +# 'false'. Note that profile data is also available via the federation +# API, so this setting is of limited value if federation is enabled on +# the server. +# +#require_auth_for_profile_requests: true + +# If set to 'true', requires authentication to access the server's +# public rooms directory through the client API, and forbids any other +# homeserver to fetch it via federation. Defaults to 'false'. +# +#restrict_public_rooms_to_local_users: true + # The GC threshold parameters to pass to `gc.set_threshold`, if defined # #gc_thresholds: [700, 10, 10] @@ -131,8 +145,8 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # # Valid resource names are: # -# client: the client-server API (/_matrix/client). Also implies 'media' and -# 'static'. +# client: the client-server API (/_matrix/client), and the synapse admin +# API (/_synapse/admin). Also implies 'media' and 'static'. # # consent: user consent forms (/_matrix/consent). See # docs/consent_tracking.md. @@ -241,6 +255,11 @@ listeners: # - medium: 'email' # address: 'reserved_user@example.com' +# Whether to require a user to be in the room to add an alias to it. +# Defaults to 'true'. +# +#require_membership_for_aliases: false + ## TLS ## @@ -262,6 +281,40 @@ tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }} # tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} +# Whether to verify TLS certificates when sending federation traffic. +# +# This currently defaults to `false`, however this will change in +# Synapse 1.0 when valid federation certificates will be required. +# +#federation_verify_certificates: true + +# Skip federation certificate verification on the following whitelist +# of domains. +# +# This setting should only be used in very specific cases, such as +# federation over Tor hidden services and similar. For private networks +# of homeservers, you likely want to use a private CA instead. +# +# Only effective if federation_verify_certicates is `true`. +# +#federation_certificate_verification_whitelist: +# - lon.example.com +# - *.domain.com +# - *.onion + +# List of custom certificate authorities for federation traffic. +# +# This setting should only normally be used within a private network of +# homeservers. +# +# Note that this list will replace those that are provided by your +# operating environment. Certificates must be in PEM format. +# +#federation_custom_ca_list: +# - myCA1.pem +# - myCA2.pem +# - myCA3.pem + # ACME support: This will configure Synapse to request a valid TLS certificate # for your configured `server_name` via Let's Encrypt. # @@ -691,6 +744,10 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json # - medium: msisdn # pattern: '\+44' +# Enable 3PIDs lookup requests to identity servers from this server. +# +#enable_3pid_lookup: true + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # @@ -914,7 +971,7 @@ password_config: -# Enable sending emails for notification events +# Enable sending emails for notification events or expiry notices # Defining a custom URL for Riot is only needed if email notifications # should contain links to a self-hosted installation of Riot; when set # the "app_name" setting is ignored. @@ -932,6 +989,9 @@ email: app_name: Matrix notif_template_html: notif_mail.html notif_template_text: notif_mail.txt + # Templates for account expiry notices. + expiry_template_html: notice_expiry.html + expiry_template_text: notice_expiry.txt notif_for_new_users: True riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }} {% endif %} From ae7c8d15240c537cf571fb060bd8e2ff6757e302 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:41:45 +0900 Subject: [PATCH 7/7] Use SyslogIdentifier to improve logging Reasoning is the same as for matrix-org/synapse#5023. For us, the journal used to contain `docker` for all services, which is not very helpful when looking at them all together (`journalctl -f`). --- .../templates/systemd/matrix-corporal.service.j2 | 3 +++ .../matrix-coturn/templates/systemd/matrix-coturn.service.j2 | 1 + .../templates/systemd/matrix-dimension.service.j2 | 3 +++ .../matrix-mailer/templates/systemd/matrix-mailer.service.j2 | 3 +++ roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 | 1 + .../templates/systemd/matrix-nginx-proxy.service.j2 | 1 + .../templates/systemd/matrix-postgres.service.j2 | 3 +++ .../templates/systemd/matrix-riot-web.service.j2 | 3 +++ .../systemd/matrix-appservice-discord.service.j2 | 5 +++-- .../appservice-irc/systemd/matrix-appservice-irc.service.j2 | 3 +++ .../systemd/matrix-mautrix-facebook.service.j2 | 3 +++ .../systemd/matrix-mautrix-telegram.service.j2 | 3 +++ .../systemd/matrix-mautrix-whatsapp.service.j2 | 3 +++ .../templates/goofys/systemd/matrix-goofys.service.j2 | 3 +++ .../templates/synapse/systemd/matrix-synapse.service.j2 | 1 + 15 files changed, 37 insertions(+), 2 deletions(-) diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 74de9680..4979166e 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,6 +10,7 @@ After={{ service }} Type=simple ExecStartPre=-/usr/bin/docker kill matrix-corporal ExecStartPre=-/usr/bin/docker rm matrix-corporal + ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -28,10 +29,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ {% endfor %} {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json + ExecStop=-/usr/bin/docker kill matrix-corporal ExecStop=-/usr/bin/docker rm matrix-corporal Restart=always RestartSec=30 +SyslogIdentifier=matrix-corporal [Install] WantedBy=multi-user.target diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index e288c0e5..aebaa197 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -43,6 +43,7 @@ ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1 Restart=always RestartSec=30 +SyslogIdentifier=matrix-coturn [Install] WantedBy=multi-user.target diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index bd04be18..a95e1ca0 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-dimension ExecStartPre=-/usr/bin/docker rm matrix-dimension + ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ --log-driver=none \ --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ @@ -24,10 +25,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ {{ arg }} \ {% endfor %} {{ matrix_dimension_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-dimension ExecStop=-/usr/bin/docker rm matrix-dimension Restart=always RestartSec=30 +SyslogIdentifier=matrix-dimension [Install] WantedBy=multi-user.target diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 9b07f6c7..f71c065b 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-mailer ExecStartPre=-/usr/bin/docker rm matrix-mailer + ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ --log-driver=none \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ @@ -21,10 +22,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ {{ arg }} \ {% endfor %} {{ matrix_mailer_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-mailer ExecStop=-/usr/bin/docker rm matrix-mailer Restart=always RestartSec=30 +SyslogIdentifier=matrix-mailer [Install] WantedBy=multi-user.target diff --git a/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 index d30ba718..892e565c 100644 --- a/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 +++ b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 @@ -37,6 +37,7 @@ ExecStop=-/usr/bin/docker kill matrix-mxisd ExecStop=-/usr/bin/docker rm matrix-mxisd Restart=always RestartSec=30 +SyslogIdentifier=matrix-mxisd [Install] WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 1a154c0d..6d30322a 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -44,6 +44,7 @@ ExecStop=-/usr/bin/docker rm matrix-nginx-proxy ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 +SyslogIdentifier=matrix-nginx-proxy [Install] WantedBy=multi-user.target diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 2d1c9118..52fefa8c 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker stop matrix-postgres ExecStartPre=-/usr/bin/docker rm matrix-postgres + ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -23,10 +24,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ {{ arg }} \ {% endfor %} {{ matrix_postgres_docker_image_to_use }} + ExecStop=-/usr/bin/docker stop matrix-postgres ExecStop=-/usr/bin/docker rm matrix-postgres Restart=always RestartSec=30 +SyslogIdentifier=matrix-postgres [Install] WantedBy=multi-user.target diff --git a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 index 63a6c7a6..59bcf340 100644 --- a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 @@ -10,6 +10,7 @@ After={{ service }} Type=simple ExecStartPre=-/usr/bin/docker kill matrix-riot-web ExecStartPre=-/usr/bin/docker rm matrix-riot-web + ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -31,10 +32,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ {{ arg }} \ {% endfor %} {{ matrix_riot_web_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-riot-web ExecStop=-/usr/bin/docker rm matrix-riot-web Restart=always RestartSec=30 +SyslogIdentifier=matrix-riot-web [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 index d34385ab..93449132 100644 --- a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord + ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -20,12 +21,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ {% endif %} -v {{ matrix_appservice_discord_base_path }}:/data \ {{ matrix_appservice_discord_docker_image }} - - + ExecStop=-/usr/bin/docker kill matrix-appservice-discord ExecStop=-/usr/bin/docker rm matrix-appservice-discord Restart=always RestartSec=30 +SyslogIdentifier=matrix-appservice-discord [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 index 5e5e7cd5..897a0fe6 100644 --- a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc + ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -21,10 +22,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ -v {{ matrix_appservice_irc_base_path }}:/data:z \ {{ matrix_appservice_irc_docker_image }} \ -c /data/config.yaml -f /data/registration.yaml -p 9999 + ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc Restart=always RestartSec=30 +SyslogIdentifier=matrix-appservice-irc [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 index ec5ffadb..5d16b2a4 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 @@ -17,6 +17,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -25,10 +26,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-facebook [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 index 8b162f8c..6cd9743f 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 @@ -17,6 +17,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -28,10 +29,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-telegram [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 index d05f73e2..6003e868 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -19,10 +20,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --workdir=/data \ {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp + ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-whatsapp [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index 0ed1220e..d2cc0b87 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n + ExecStart=/usr/bin/docker run --rm --name %n \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -22,6 +23,7 @@ ExecStart=/usr/bin/docker run --rm --name %n \ --entrypoint /bin/sh \ {{ matrix_s3_goofys_docker_image }} \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' + TimeoutStartSec=5min ExecStop=-/usr/bin/docker stop %n ExecStop=-/usr/bin/docker kill %n @@ -29,6 +31,7 @@ ExecStop=-/usr/bin/docker rm %n ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }} Restart=always RestartSec=5 +SyslogIdentifier=matrix-goofys [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 987e657e..f0ea3d06 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -58,6 +58,7 @@ ExecStop=-/usr/bin/docker rm matrix-synapse ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1 Restart=always RestartSec=30 +SyslogIdentifier=matrix-synapse [Install] WantedBy=multi-user.target