From 5be131054102398e20b7a825dd26d6de0021ef3e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Dec 2021 16:54:35 +0200 Subject: [PATCH 01/19] Upgrade Synapse (1.48.0 -> 1.49.0) --- roles/matrix-synapse/defaults/main.yml | 4 +- .../templates/synapse/homeserver.yaml.j2 | 40 +++++++++++++++++++ roles/matrix-synapse/vars/workers.yml | 4 +- 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e888ac92..d1d049d5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.48.0 -matrix_synapse_version_arm64: v1.48.0 +matrix_synapse_version: v1.49.0 +matrix_synapse_version_arm64: v1.49.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 3e289b0c..1361eb9e 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1227,6 +1227,46 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # #session_lifetime: 24h +# Time that an access token remains valid for, if the session is +# using refresh tokens. +# For more information about refresh tokens, please see the manual. +# Note that this only applies to clients which advertise support for +# refresh tokens. +# +# Note also that this is calculated at login time and refresh time: +# changes are not applied to existing sessions until they are refreshed. +# +# By default, this is 5 minutes. +# +#refreshable_access_token_lifetime: 5m + +# Time that a refresh token remains valid for (provided that it is not +# exchanged for another one first). +# This option can be used to automatically log-out inactive sessions. +# Please see the manual for more information. +# +# Note also that this is calculated at login time and refresh time: +# changes are not applied to existing sessions until they are refreshed. +# +# By default, this is infinite. +# +#refresh_token_lifetime: 24h + +# Time that an access token remains valid for, if the session is NOT +# using refresh tokens. +# Please note that not all clients support refresh tokens, so setting +# this to a short value may be inconvenient for some users who will +# then be logged out frequently. +# +# Note also that this is calculated at login time: changes are not applied +# retrospectively to existing sessions for users that have already logged in. +# +# By default, this is infinite. +# +#nonrefreshable_access_token_lifetime: 24h + +# The user must provide all of the below types of 3PID when registering. + # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index def223f8..1a279ad6 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -33,7 +33,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/federation/v1/get_groups_publicised$ - ^/_matrix/key/v2/query - ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/ - - ^/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/ + - ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/ # Inbound federation transaction request - ^/_matrix/federation/v1/send/ @@ -46,7 +46,7 @@ matrix_synapse_workers_generic_worker_endpoints: - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ - - ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$ + - ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$ - ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ - ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ From aef9a1ea1f5e08119b8434b8630212d3d36ae1d2 Mon Sep 17 00:00:00 2001 From: PC-Admin Date: Mon, 6 Dec 2021 11:54:31 +0800 Subject: [PATCH 02/19] GoMatrixHosting v0.6.7 --- roles/matrix-awx/tasks/purge_database_main.yml | 4 ++-- roles/matrix-awx/tasks/purge_media_main.yml | 4 ++-- roles/matrix-awx/tasks/self_check.yml | 2 ++ .../tasks/set_variables_dimension.yml | 4 ++-- roles/matrix-common-after/tasks/awx_post.yml | 18 +++++++++--------- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/roles/matrix-awx/tasks/purge_database_main.yml b/roles/matrix-awx/tasks/purge_database_main.yml index 1e16c4ad..f29061fb 100644 --- a/roles/matrix-awx/tasks/purge_database_main.yml +++ b/roles/matrix-awx/tasks/purge_database_main.yml @@ -29,9 +29,9 @@ when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_synapse_container_ip -- name: Collect access token for @_janitor user +- name: Collect access token for @admin-janitor user shell: | - curl -X POST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' + curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) register: awx_janitors_token no_log: True diff --git a/roles/matrix-awx/tasks/purge_media_main.yml b/roles/matrix-awx/tasks/purge_media_main.yml index 59e0d89c..c836d16c 100644 --- a/roles/matrix-awx/tasks/purge_media_main.yml +++ b/roles/matrix-awx/tasks/purge_media_main.yml @@ -21,9 +21,9 @@ shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" register: awx_synapse_container_ip -- name: Collect access token for @_janitor user +- name: Collect access token for @admin-janitor user shell: | - curl -XPOST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' + curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' register: awx_janitors_token no_log: True diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index 510b9f9e..a7b0cb3a 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -50,12 +50,14 @@ - name: Calculate size of local media repository shell: du -sh /matrix/synapse/storage/media-store/local* register: awx_local_media_size_stat + async: 600 ignore_errors: yes no_log: True - name: Calculate size of remote media repository shell: du -sh /matrix/synapse/storage/media-store/remote* register: awx_remote_media_size_stat + async: 600 ignore_errors: yes no_log: True diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index 0db01c57..eee4e6f2 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -12,9 +12,9 @@ - curl state: present -- name: Collect access token of @_dimension user +- name: Collect access token of @admin-dimension user shell: | - curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "_dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' + curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' register: awx_dimension_user_access_token - name: Record Synapse variables locally on AWX diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 278855fb..9c472ca3 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -1,11 +1,11 @@ --- -- name: Create user account @_janitor +- name: Create user account @admin-janitor command: | - /usr/local/bin/matrix-synapse-register-user _janitor {{ awx_janitor_user_password | quote }} 1 + /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1 register: cmd when: not awx_janitor_user_created|bool - no_log: True + no_log: false - name: Update AWX janitor user created variable delegate_to: 127.0.0.1 @@ -18,12 +18,12 @@ 'awx_janitor_user_created': 'true' when: not awx_janitor_user_created|bool -- name: Create user account @_dimension +- name: Create user account @admin-dimension command: | - /usr/local/bin/matrix-synapse-register-user _dimension {{ awx_dimension_user_password | quote }} 0 + /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0 register: cmd when: not awx_dimension_user_created|bool - no_log: True + no_log: false - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 @@ -36,12 +36,12 @@ 'awx_dimension_user_created': 'true' when: not awx_dimension_user_created|bool -- name: Create user account @_mjolnir +- name: Create user account @admin-mjolnir command: | - /usr/local/bin/matrix-synapse-register-user _mjolnir {{ awx_mjolnir_user_password | quote }} 0 + /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0 register: cmd when: not awx_mjolnir_user_created|bool - no_log: True + no_log: false - name: Update AWX dimension user created variable delegate_to: 127.0.0.1 From 12832d8a686ec4283d62e62241f03d3c6b3553f7 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Wed, 15 Dec 2021 18:05:52 +0530 Subject: [PATCH 03/19] jitsi update --- roles/matrix-jitsi/defaults/main.yml | 4 +- roles/matrix-jitsi/templates/jicofo/env.j2 | 4 ++ roles/matrix-jitsi/templates/jvb/env.j2 | 20 +++--- roles/matrix-jitsi/templates/prosody/env.j2 | 65 ++++++++++--------- roles/matrix-jitsi/templates/web/env.j2 | 58 ++++++++++------- .../templates/web/matrix-jitsi-web.service.j2 | 1 + 6 files changed, 90 insertions(+), 62 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index b1002a7f..3f61f4ff 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -8,6 +8,7 @@ matrix_jitsi_enable_recording: false matrix_jitsi_enable_transcriptions: false matrix_jitsi_enable_p2p: true matrix_jitsi_enable_av_moderation: true +matrix_jitsi_enable_breakout_rooms: true # Authentication type, must be one of internal, jwt or ldap. # Currently only internal and ldap mechanisms are supported by this playbook. @@ -67,7 +68,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-6726 +matrix_jitsi_version: stable-6726-1 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" @@ -76,6 +77,7 @@ matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.ends matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config" matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts" +matrix_jitsi_web_crontabs_path: "{{ matrix_jitsi_web_base_path }}/crontabs" matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" diff --git a/roles/matrix-jitsi/templates/jicofo/env.j2 b/roles/matrix-jitsi/templates/jicofo/env.j2 index 687df714..1f2cb68c 100644 --- a/roles/matrix-jitsi/templates/jicofo/env.j2 +++ b/roles/matrix-jitsi/templates/jicofo/env.j2 @@ -9,6 +9,7 @@ ENABLE_CODEC_H264 ENABLE_OCTO ENABLE_RECORDING ENABLE_SCTP +ENABLE_AUTO_LOGIN JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS @@ -26,6 +27,9 @@ JIGASI_SIP_URI JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} MAX_BRIDGE_PARTICIPANTS OCTO_BRIDGE_SELECTION_STRATEGY +SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}" +SENTRY_ENVIRONMENT +SENTRY_RELEASE TZ={{ matrix_jitsi_timezone }} XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 index 6edae6d4..43569268 100644 --- a/roles/matrix-jitsi/templates/jvb/env.j2 +++ b/roles/matrix-jitsi/templates/jvb/env.j2 @@ -1,9 +1,6 @@ +DOCKER_HOST_ADDRESS ENABLE_COLIBRI_WEBSOCKET ENABLE_OCTO -DOCKER_HOST_ADDRESS -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_SERVER={{ matrix_jitsi_xmpp_server }} JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }} @@ -14,14 +11,21 @@ JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }} {% if matrix_jitsi_jvb_stun_servers|length > 0 %} JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }} {% endif %} -JVB_ENABLE_APIS -JVB_WS_DOMAIN -JVB_WS_SERVER_ID -PUBLIC_URL={{ matrix_jitsi_web_public_url }} JVB_OCTO_BIND_ADDRESS JVB_OCTO_PUBLIC_ADDRESS JVB_OCTO_BIND_PORT JVB_OCTO_REGION +JVB_WS_DOMAIN +JVB_WS_SERVER_ID +PUBLIC_URL={{ matrix_jitsi_web_public_url }} +SENTRY_DSN="${JVB_SENTRY_DSN:-0}" +SENTRY_ENVIRONMENT +SENTRY_RELEASE +COLIBRI_REST_ENABLED +SHUTDOWN_REST_ENABLED TZ={{ matrix_jitsi_timezone }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_INTERNAL_MUC_DOMAIN= {{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_SERVER={{ matrix_jitsi_xmpp_server }} {{ matrix_jitsi_jvb_environment_variables_extension }} diff --git a/roles/matrix-jitsi/templates/prosody/env.j2 b/roles/matrix-jitsi/templates/prosody/env.j2 index 70feda6e..941f2c25 100644 --- a/roles/matrix-jitsi/templates/prosody/env.j2 +++ b/roles/matrix-jitsi/templates/prosody/env.j2 @@ -1,44 +1,24 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }} +DISABLE_POLLS ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} +ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}} ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }} -ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} ENABLE_XMPP_WEBSOCKET -GLOBAL_MODULES GLOBAL_CONFIG -LDAP_URL={{ matrix_jitsi_ldap_url }} -LDAP_BASE={{ matrix_jitsi_ldap_base }} -LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }} -LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }} -LDAP_FILTER={{ matrix_jitsi_ldap_filter }} -LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }} -LDAP_VERSION={{ matrix_jitsi_ldap_version }} -LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }} -LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }} -LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }} -LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }} -LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }} -LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }} -XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} -XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} -XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} -XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} -XMPP_MODULES={{ matrix_jitsi_xmpp_modules }} -XMPP_MUC_MODULES= -XMPP_INTERNAL_MUC_MODULES= -XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} -XMPP_CROSS_DOMAIN=true +GLOBAL_MODULES +JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} +JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} +JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} +JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }} -JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} -JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} +JICOFO_COMPONENT_SECRET JIGASI_XMPP_USER= JIGASI_XMPP_PASSWORD= -JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }} -JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }} -JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }} -JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }} +JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }} +JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }} JWT_APP_ID JWT_APP_SECRET JWT_ACCEPTED_ISSUERS @@ -48,6 +28,19 @@ JWT_ALLOW_EMPTY JWT_AUTH_TYPE JWT_TOKEN_AUTH_MODULE LOG_LEVEL +LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }} +LDAP_BASE={{ matrix_jitsi_ldap_base }} +LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }} +LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }} +LDAP_FILTER={{ matrix_jitsi_ldap_filter }} +LDAP_VERSION={{ matrix_jitsi_ldap_version }} +LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }} +LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }} +LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }} +LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }} +LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }} +LDAP_URL={{ matrix_jitsi_ldap_url }} +LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }} PUBLIC_URL={{ matrix_jitsi_web_public_url }} TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }} TURN_HOST={{ matrix_jitsi_turn_host }} @@ -55,3 +48,13 @@ TURNS_HOST={{ matrix_jitsi_turns_host }} TURN_PORT={{ matrix_jitsi_turn_port }} TURNS_PORT={{ matrix_jitsi_turns_port }} TZ={{ matrix_jitsi_timezone }} +XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} +XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} +XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} +XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_MODULES={{ matrix_jitsi_xmpp_modules }} +XMPP_MUC_MODULES= +XMPP_INTERNAL_MUC_MODULES= +XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} +XMPP_CROSS_DOMAIN=true diff --git a/roles/matrix-jitsi/templates/web/env.j2 b/roles/matrix-jitsi/templates/web/env.j2 index 2ff6befc..ac15c087 100644 --- a/roles/matrix-jitsi/templates/web/env.j2 +++ b/roles/matrix-jitsi/templates/web/env.j2 @@ -1,16 +1,3 @@ -ENABLE_COLIBRI_WEBSOCKET -ENABLE_FLOC=0 -ENABLE_LETSENCRYPT=0 -ENABLE_HTTP_REDIRECT=0 -ENABLE_HSTS=0 -ENABLE_XMPP_WEBSOCKET -DISABLE_HTTPS=0 -DISABLE_DEEP_LINKING -LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }} -LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }} -LETSENCRYPT_USE_STAGING=0 -PUBLIC_URL={{ matrix_jitsi_web_public_url }} -TZ={{ matrix_jitsi_timezone }} AMPLITUDE_ID ANALYTICS_SCRIPT_URLS ANALYTICS_WHITELISTED_EVENTS @@ -26,23 +13,37 @@ DEPLOYMENTINFO_ENVIRONMENT_TYPE DEPLOYMENTINFO_REGION DEPLOYMENTINFO_SHARD DEPLOYMENTINFO_USERREGION +DESKTOP_SHARING_FRAMERATE_MIN +DESKTOP_SHARING_FRAMERATE_MAX DIALIN_NUMBERS_URL DIALOUT_AUTH_URL DIALOUT_CODES_URL +DISABLE_AUDIO_LEVELS +DISABLE_DEEP_LINKING +DISABLE_HTTPS=0 +DISABLE_POLLS +DISABLE_REACTIONS DROPBOX_APPKEY DROPBOX_REDIRECT_URI DYNAMIC_BRANDING_URL ENABLE_AUDIO_PROCESSING ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} +ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}} ENABLE_CALENDAR +ENABLE_COLIBRI_WEBSOCKET ENABLE_FILE_RECORDING_SERVICE ENABLE_FILE_RECORDING_SERVICE_SHARING +ENABLE_FLOC=0 ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} +ENABLE_HSTS=0 +ENABLE_HTTP_REDIRECT=0 ENABLE_IPV6 +ENABLE_LETSENCRYPT=0 ENABLE_LIPSYNC ENABLE_NO_AUDIO_DETECTION -ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }} +ENABLE_NOISY_MIC_DETECTION ENABLE_PREJOIN_PAGE +ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }} ENABLE_WELCOME_PAGE ENABLE_CLOSE_PAGE ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }} @@ -55,12 +56,16 @@ ENABLE_SUBDOMAINS ENABLE_TALK_WHILE_MUTED ENABLE_TCC ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }} +ENABLE_XMPP_WEBSOCKET ETHERPAD_PUBLIC_URL ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}} GOOGLE_ANALYTICS_ID GOOGLE_API_APP_CLIENT_ID INVITE_SERVICE_URL JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }} +LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }} +LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }} +LETSENCRYPT_USE_STAGING=0 MATOMO_ENDPOINT MATOMO_SITE_ID MICROSOFT_API_APP_CLIENT_ID @@ -68,29 +73,38 @@ NGINX_RESOLVER NGINX_WORKER_PROCESSES NGINX_WORKER_CONNECTIONS PEOPLE_SEARCH_URL +PUBLIC_URL={{ matrix_jitsi_web_public_url }} RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }} RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }} RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }} RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }} -START_AUDIO_ONLY START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }} -START_WITH_AUDIO_MUTED -START_SILENT -DISABLE_AUDIO_LEVELS -ENABLE_NOISY_MIC_DETECTION +START_AUDIO_ONLY START_BITRATE -DESKTOP_SHARING_FRAMERATE_MIN -DESKTOP_SHARING_FRAMERATE_MAX +START_SILENT +START_WITH_AUDIO_MUTED START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }} START_WITH_VIDEO_MUTED TESTING_CAP_SCREENSHARE_BITRATE TESTING_OCTO_PROBABILITY +TOKEN_AUTH_URL +TZ={{ matrix_jitsi_timezone }} +VIDEOQUALITY_BITRATE_H264_LOW +VIDEOQUALITY_BITRATE_H264_STANDARD +VIDEOQUALITY_BITRATE_H264_HIGH +VIDEOQUALITY_BITRATE_VP8_LOW +VIDEOQUALITY_BITRATE_VP8_STANDARD +VIDEOQUALITY_BITRATE_VP8_HIGH +VIDEOQUALITY_BITRATE_VP9_LOW +VIDEOQUALITY_BITRATE_VP9_STANDARD +VIDEOQUALITY_BITRATE_VP9_HIGH +VIDEOQUALITY_ENFORCE_PREFERRED_CODEC +VIDEOQUALITY_PREFERRED_CODEC XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }} XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }} XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }} XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }} XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }} -TOKEN_AUTH_URL {{ matrix_jitsi_web_environment_variables_extension }} diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index 5d386361..35bfca67 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -23,6 +23,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ {% endif %} --mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \ --mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \ + --mount type=bind,src={{ matrix_jitsi_web_crontabs_path }},dst=/var/spool/cron/crontabs \ {% for arg in matrix_jitsi_web_container_extra_arguments %} {{ arg }} \ {% endfor %} From 55860bf38fae7604468b60e1c87dfd4669e3047f Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Wed, 15 Dec 2021 18:23:29 +0530 Subject: [PATCH 04/19] Jitsi update - sentry logging added --- roles/matrix-jitsi/templates/jicofo/logging.properties.j2 | 5 +++++ roles/matrix-jitsi/templates/jvb/logging.properties.j2 | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 index 7eba95af..3d1014a1 100644 --- a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 +++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 @@ -1,4 +1,8 @@ +{{ if .Env.SENTRY_DSN | default "0" | toBool }} +handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler +{{ else }} handlers= java.util.logging.ConsoleHandler +{{ end }} java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter @@ -10,6 +14,7 @@ net.sf.level=SEVERE net.java.sip.communicator.plugin.reconnectplugin.level=FINE org.ice4j.level=SEVERE org.jitsi.impl.neomedia.level=SEVERE +io.sentry.jul.SentryHandler.level=WARNING # Do not worry about missing strings net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 index 48c1e9fa..97ac21f0 100644 --- a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 +++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 @@ -1,4 +1,8 @@ +{{ if .Env.SENTRY_DSN | default "0" | toBool }} +handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler +{{ else }} handlers= java.util.logging.ConsoleHandler +{{ end }} java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter @@ -8,6 +12,7 @@ net.java.sip.communicator.util.ScLogFormatter.programname=JVB .level=INFO org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE +io.sentry.jul.SentryHandler.level=WARNING # All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING From 8a0c7913be00c962be814bab46eac96047a87c42 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 15 Dec 2021 18:33:09 +0530 Subject: [PATCH 05/19] Grafana Updata (8.3.1 -> 8.3.3) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 37202d6d..f802d2e5 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 8.3.1 +matrix_grafana_version: 8.3.3 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 980c2b9a801ae93a90496135450fc27fe506c00a Mon Sep 17 00:00:00 2001 From: sakkiii Date: Wed, 15 Dec 2021 18:35:13 +0530 Subject: [PATCH 06/19] Update coturn (4.5.2-r4 -> 4.5.2-r8) --- roles/matrix-coturn/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index b845e9ee..4d7ccf6b 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" -matrix_coturn_version: 4.5.2-r4 +matrix_coturn_version: 4.5.2-r8 matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" From 42cd4d2c8d18bcd1b29b91935e8471321d56e2a6 Mon Sep 17 00:00:00 2001 From: sakkiii <11132948+sakkiii@users.noreply.github.com> Date: Wed, 15 Dec 2021 20:14:47 +0530 Subject: [PATCH 07/19] crontab mount dir should exists --- roles/matrix-jitsi/tasks/setup_jitsi_web.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml index 4fdcc67b..d734be08 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_web.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_web.yml @@ -15,6 +15,7 @@ - { path: "{{ matrix_jitsi_web_base_path }}", when: true } - { path: "{{ matrix_jitsi_web_config_path }}", when: true } - { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true } + - { path: "{{ matrix_jitsi_web_crontabs_path }}", when: true } when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-web Docker image is pulled From 60592fd6a8c3d12878e058299850124c6e05689a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 Dec 2021 21:22:29 +0200 Subject: [PATCH 08/19] Fix Jitsi logging.properties conditional being interpreted as Jinja code Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1464 --- roles/matrix-jitsi/templates/jicofo/logging.properties.j2 | 2 ++ roles/matrix-jitsi/templates/jvb/logging.properties.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 index 3d1014a1..f69d7848 100644 --- a/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 +++ b/roles/matrix-jitsi/templates/jicofo/logging.properties.j2 @@ -1,8 +1,10 @@ +{% raw %} {{ if .Env.SENTRY_DSN | default "0" | toBool }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers= java.util.logging.ConsoleHandler {{ end }} +{% endraw %} java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter diff --git a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 index 97ac21f0..ff1d30a6 100644 --- a/roles/matrix-jitsi/templates/jvb/logging.properties.j2 +++ b/roles/matrix-jitsi/templates/jvb/logging.properties.j2 @@ -1,8 +1,10 @@ +{% raw %} {{ if .Env.SENTRY_DSN | default "0" | toBool }} handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler {{ else }} handlers= java.util.logging.ConsoleHandler {{ end }} +{% endraw %} java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter From 2579f6f49b7847a5ff1c54964e0343d050e4bdd4 Mon Sep 17 00:00:00 2001 From: PC-Admin Date: Thu, 16 Dec 2021 07:51:27 +0800 Subject: [PATCH 09/19] add new defaults for AWX section --- roles/matrix-awx/defaults/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-awx/defaults/main.yml b/roles/matrix-awx/defaults/main.yml index fb9f56ae..1b61797e 100755 --- a/roles/matrix-awx/defaults/main.yml +++ b/roles/matrix-awx/defaults/main.yml @@ -1 +1,6 @@ matrix_awx_enabled: true + +# Defaults for 'Customise Website + Access Export' template +awx_sftp_auth_method: 'Disabled' +awx_sftp_password: '' +awx_sftp_public_key: '' From 2430c14869697148ebfc3b4442b77677b78cbe57 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Thu, 16 Dec 2021 22:33:23 +0530 Subject: [PATCH 10/19] Create ansible-lint.yml avoiding common pitfalls that can easily lead to bugs or make code harder to maintain --- .github/workflows/ansible-lint.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/ansible-lint.yml diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 00000000..ec7fddef --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,19 @@ +name: Ansible Lint + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Lint Ansible Playbook + uses: ansible/ansible-lint-action@master + with: + # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) + targets: "./" + + args: "-x metadata, formatting" From 45119ea9dfbba2df79c01ec0d2ba09f001c0e23d Mon Sep 17 00:00:00 2001 From: Alexander Bersenev Date: Fri, 17 Dec 2021 05:47:47 +0500 Subject: [PATCH 11/19] Remove a space from XMPP_INTERNAL_MUC_DOMAIN The domain is invalid with space, so it shouldn't be here --- roles/matrix-jitsi/templates/jvb/env.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-jitsi/templates/jvb/env.j2 b/roles/matrix-jitsi/templates/jvb/env.j2 index 43569268..41d343b3 100644 --- a/roles/matrix-jitsi/templates/jvb/env.j2 +++ b/roles/matrix-jitsi/templates/jvb/env.j2 @@ -25,7 +25,7 @@ COLIBRI_REST_ENABLED SHUTDOWN_REST_ENABLED TZ={{ matrix_jitsi_timezone }} XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} -XMPP_INTERNAL_MUC_DOMAIN= {{ matrix_jitsi_xmpp_internal_muc_domain }} +XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }} XMPP_SERVER={{ matrix_jitsi_xmpp_server }} {{ matrix_jitsi_jvb_environment_variables_extension }} From 4625b34acca15f1403709e9e203802d57e49f92c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Dec 2021 17:18:18 +0200 Subject: [PATCH 12/19] Fix failure trying to stop orphaned systemd services Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 --- roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml index 4a90bfa6..d0440d22 100644 --- a/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml +++ b/roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml @@ -8,6 +8,7 @@ name: "{{ item.key }}" state: stopped with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" + when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461 - name: Find worker configs to be cleaned find: From fa704f104bf9c9f0df07fd3297e371d030c58dfb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Dec 2021 17:30:21 +0200 Subject: [PATCH 13/19] Add support for using custom ACME CA servers (other than Let's Encrypt') Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1468 --- roles/matrix-nginx-proxy/defaults/main.yml | 7 +++++++ .../tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 2 ++ 2 files changed, 9 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index a2a2a6b9..a2584ec7 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -442,7 +442,14 @@ matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. +# If you'd like to use another ACME certificate server (not Let's Encrypt), see `matrix_ssl_lets_encrypt_server` matrix_ssl_lets_encrypt_staging: false + +# Controls the server used to retrieve the SSL certificates (passed as a `--server` flag to Certbot). +# By default, we use the Let's Encrypt production environment (see `matrix_ssl_lets_encrypt_staging` for using the staging environment). +# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server +matrix_ssl_lets_encrypt_server: '' + matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 4639f122..d4aab6e4 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -42,6 +42,7 @@ --non-interactive --work-dir=/tmp --http-01-port 8080 + {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} --standalone --preferred-challenges http @@ -70,6 +71,7 @@ --non-interactive --work-dir=/tmp --http-01-port 8080 + {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} --standalone --preferred-challenges http From afd7f03bb5f541e1e63d48b1ce66e9183b257eca Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Dec 2021 17:30:40 +0200 Subject: [PATCH 14/19] Minor comment changes --- roles/matrix-nginx-proxy/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index a2584ec7..7eeb39ff 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -442,11 +442,11 @@ matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains matrix_ssl_additional_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. -# If you'd like to use another ACME certificate server (not Let's Encrypt), see `matrix_ssl_lets_encrypt_server` +# If you'd like to use another ACME Certificate Authority server (not Let's Encrypt), use `matrix_ssl_lets_encrypt_server` matrix_ssl_lets_encrypt_staging: false -# Controls the server used to retrieve the SSL certificates (passed as a `--server` flag to Certbot). -# By default, we use the Let's Encrypt production environment (see `matrix_ssl_lets_encrypt_staging` for using the staging environment). +# Controls from which Certificate Authority server to retrieve the SSL certificates (passed as a `--server` flag to Certbot). +# By default, we use the Let's Encrypt production environment (use `matrix_ssl_lets_encrypt_staging` for using the staging environment). # Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server matrix_ssl_lets_encrypt_server: '' From 0080e4e40944d251c1613c4636a710fdd9ffe2ef Mon Sep 17 00:00:00 2001 From: sakkiii Date: Fri, 17 Dec 2021 21:03:20 +0530 Subject: [PATCH 15/19] Update ansible-lint version to 5.3.1 --- .github/workflows/ansible-lint.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index ec7fddef..32b1b977 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,9 +11,12 @@ jobs: - uses: actions/checkout@v2 - name: Lint Ansible Playbook - uses: ansible/ansible-lint-action@master + uses: ansible/ansible-lint-action@c37fb7b4bda2c8cb18f4942716bae9f11b0dc9bc with: # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) targets: "./" + override-deps: | + ansible-lint==5.3.1 + args: "-x metadata, formatting" From e8237ea37e8e51ae19c07b2577647d948ede29eb Mon Sep 17 00:00:00 2001 From: SkepticalWaves Date: Fri, 17 Dec 2021 15:23:44 -0500 Subject: [PATCH 16/19] Update synapse-admin to newest tagged release --- roles/matrix-synapse-admin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index 069b6279..6d20d20f 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -8,7 +8,7 @@ matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Tech matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_version: 0.8.1 +matrix_synapse_admin_version: 0.8.4 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" From 01b6bba9d7196701c42562e6525518613db55efc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 18 Dec 2021 14:52:06 +0200 Subject: [PATCH 17/19] Make Synapse's url_preview_accept_language default to 'en-US, en' Related to https://github.com/matrix-org/synapse/issues/11604 Getting an upstream fix is preferable. In any case, it's probably nice to have this defined explicitly in our configuration. This way, people can more easily discover that they can override the URL preview language. --- roles/matrix-synapse/defaults/main.yml | 3 +++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d1d049d5..d2d04841 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -321,6 +321,9 @@ matrix_synapse_push_include_content: true # URLs shared by users. matrix_synapse_url_preview_enabled: true +# A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation +matrix_url_preview_accept_language: ['en-US', 'en'] + # Enable exposure of metrics to Prometheus # See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md matrix_synapse_metrics_enabled: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1361eb9e..e384853c 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1149,8 +1149,7 @@ max_spider_size: 10M # - fr;q=0.8 # - *;q=0.7 # -url_preview_accept_language: -# - en +url_preview_accept_language: {{ matrix_url_preview_accept_language|to_json }} ## Captcha ## From dad1a23aa85fe11f89d16de6aec7f83a1985d134 Mon Sep 17 00:00:00 2001 From: WobbelTheBear Date: Mon, 20 Dec 2021 17:44:08 +0100 Subject: [PATCH 18/19] Update Element version (v1.9.7 -> v1.9.8) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 28412a26..7853292a 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.9.7 +matrix_client_element_version: v1.9.8 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 06f3b813d617c17d1d93e96dab4ed94ffc5f298d Mon Sep 17 00:00:00 2001 From: Wm Salt Hale Date: Mon, 20 Dec 2021 10:50:05 -0800 Subject: [PATCH 19/19] added .well-known path to Caddy2 example, closes #1442 --- examples/caddy2/Caddyfile | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index c6d2841b..6370cb01 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -27,6 +27,10 @@ matrix.DOMAIN.tld { not path /matrix/static-files/* } + @wellknown { + path /.well-known/matrix/* + } + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -69,6 +73,15 @@ matrix.DOMAIN.tld { } } + handle @wellknown { + encode zstd gzip + root * /matrix/static-files + header Cache-Control max-age=14400 + header Content-Type application/json + header Access-Control-Allow-Origin * + file_server + } + handle { encode zstd gzip @@ -102,17 +115,17 @@ element.DOMAIN.tld { # tls your@email.com header { - # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS - Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - # Enable cross-site filter (XSS) and tell browser to block detected attacks - X-XSS-Protection "1; mode=block" - # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type - X-Content-Type-Options "nosniff" - # Disallow the site to be rendered within a frame (clickjacking protection) - X-Frame-Options "DENY" - # X-Robots-Tag - X-Robots-Tag "noindex, noarchive, nofollow" - } + # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + # X-Robots-Tag + X-Robots-Tag "noindex, noarchive, nofollow" + } handle { encode zstd gzip