diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index facf1b84..6f104892 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -321,6 +321,13 @@ matrix_riot_web_self_check_validate_certificates: "{{ false if matrix_ssl_retrie matrix_riot_web_registration_enabled: "{{ matrix_synapse_enable_registration }}" +matrix_riot_web_enable_presence_by_hs_url: | + {{ + none + if matrix_synapse_use_presence + else {matrix_riot_web_default_hs_url: false} + }} + ###################################################################### # # /matrix-riot-web diff --git a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 index fc1ab5ba..9fad37d9 100644 --- a/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 +++ b/roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2 @@ -26,9 +26,9 @@ else echo "Remove every docker images" docker rmi $(docker images -aq) echo "Remove docker matrix network" - docker network rm matrix - echo "Remove /matrix directory" - rm -fr /matrix + docker network rm {{ matrix_docker_network }} + echo "Remove {{ matrix_base_data_path }} directory" + rm -fr "{{ matrix_base_data_path }}" exit 0 fi diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index cb83674c..caaccfd0 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -1,6 +1,6 @@ matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.3.1" +matrix_mxisd_docker_image: "kamax/mxisd:1.4.2" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index c32150c5..6798f841 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -87,12 +87,12 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: 25 matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048" matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:8048" -matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb * 3 }}" +matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem" # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. -matrix_nginx_proxy_tmp_directory_size_mb: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb * 50 }}" +matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}" # A list of strings containing additional configuration blocks to add to the matrix domain's server configuration. matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 771081b1..629f24c7 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -30,8 +30,8 @@ fail: msg: "Detected an undefined required variable" with_items: - - "{{ matrix_ssl_lets_encrypt_support_email }}" - when: "matrix_ssl_retrieval_method == 'lets-encrypt' and item is none" + - "matrix_ssl_lets_encrypt_support_email" + when: "matrix_ssl_retrieval_method == 'lets-encrypt' and vars[item] is none" - name: Ensure certbot Docker image is pulled docker_image: diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index b1112eee..e17663b0 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -31,3 +31,6 @@ matrix_riot_web_self_check_validate_certificates: true # don't show the registration button on welcome page matrix_riot_web_registration_enabled: false + +# Controls whether Riot shows the presence features +matrix_riot_web_enable_presence_by_hs_url: ~ diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index 9477e53c..477fe4da 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -14,6 +14,9 @@ "servers": {{ matrix_riot_web_roomdir_servers|to_json }} }, "welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }}, + {% if matrix_riot_web_enable_presence_by_hs_url is not none %} + "enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }}, + {% endif %} "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|to_json }} } diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 8edc6b62..ee454b5a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -167,6 +167,10 @@ matrix_synapse_password_providers_enabled: false # to load message content directly from the homeserver. matrix_synapse_push_include_content: true +# If url previews should be generated. This will cause a request from Synapse to +# URLs shared by users. +matrix_synapse_url_preview_enabled: true + # Enable exposure of metrics to Prometheus # See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.rst matrix_synapse_metrics_enabled: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 41649e5c..c5edf9b1 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -525,7 +525,7 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" # an explicit url_preview_ip_range_blacklist of IPs that the spider is # denied from accessing. # -#url_preview_enabled: false +url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }} # List of IP address CIDR ranges that the URL preview spider is denied # from accessing. There are no defaults: you must explicitly @@ -534,18 +534,18 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" # to connect to, otherwise anyone in any Matrix room could cause your # synapse to issue arbitrary GET requests to your internal services, # causing serious security issues. -# -#url_preview_ip_range_blacklist: -# - '127.0.0.0/8' -# - '10.0.0.0/8' -# - '172.16.0.0/12' -# - '192.168.0.0/16' -# - '100.64.0.0/10' -# - '169.254.0.0/16' -# - '::1/128' -# - 'fe80::/64' -# - 'fc00::/7' -# + +url_preview_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + # List of IP address CIDR ranges that the URL preview spider is allowed # to access even if they are specified in url_preview_ip_range_blacklist. # This is useful for specifying exceptions to wide-ranging blacklisted @@ -590,8 +590,8 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' # The largest allowed URL preview spidering size in bytes -# -#max_spider_size: 10M + +max_spider_size: 10M ## Captcha ## @@ -1169,4 +1169,4 @@ alias_creation_rules: {{ matrix_alias_creation_rules|to_json }} # room_id: "*" # action: allow -room_list_publication_rules: {{ matrix_room_list_publication_rules|to_json }} \ No newline at end of file +room_list_publication_rules: {{ matrix_room_list_publication_rules|to_json }}