From db69a51653271d8bf563cc2ef952064fa05bb825 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Dec 2020 16:25:38 +0200 Subject: [PATCH 1/8] Do not recommend usePrivilegedIntents for appservice-discord We're getting reports of it being broken and I can confirm that the bridge works well without it, so I don't see why we'd be asking people to enable it. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/751 --- ...configuring-playbook-bridge-appservice-discord.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 11be678e..f3efc555 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -14,20 +14,18 @@ Instructions loosely based on [this](https://github.com/Half-Shot/matrix-appserv 1. Create a Discord Application [here](https://discordapp.com/developers/applications). 2. Retrieve Client ID. 3. Create a bot from the Bot tab and retrieve the Bot token. -4. From the Bot tab, enable all checkboxes related to Privileged Gateway Intents (you can skip this step if you're not using `matrix_appservice_discord_auth_usePrivilegedIntents: true` below) -5. Enable the bridge with the following configuration in your `vars.yml` file: +4. Enable the bridge with the following configuration in your `vars.yml` file: ```yaml matrix_appservice_discord_enabled: true matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID" matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" -matrix_appservice_discord_auth_usePrivilegedIntents: true ``` -6. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -7. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). -8. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -9. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. +5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +6. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). +7. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. +8. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. From e2e6cfaa8b66a995aa4b4ef6b6409d071e648fe9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Dec 2020 18:14:52 +0200 Subject: [PATCH 2/8] Document Ansible's Python interpreter discovery some more Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/570 Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/641 --- docs/prerequisites.md | 2 +- examples/hosts | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index daf6ff80..488f6c6f 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -10,7 +10,7 @@ This playbook doesn't support running on ARM (see [this issue](https://github.co - `root` access to your server (or a user capable of elevating to `root` via `sudo`). -- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). +- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python3`). On some distros, Ansible may incorrectly [detect the Python version](https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html) (2 vs 3) and you may need to explicitly specify the interpreter path in `inventory/hosts` during installation (e.g. `ansible_python_interpreter=/usr/bin/python3`) - A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* diff --git a/examples/hosts b/examples/hosts index 3b14f09e..daf2cfc5 100644 --- a/examples/hosts +++ b/examples/hosts @@ -10,6 +10,9 @@ # # If you're running this Ansible playbook on the same server as the one you're installing to, # consider adding an additional `ansible_connection=local` argument below. +# +# Ansible may fail to discover which Python interpreter to use on the host for some distros (like Ubuntu 20.04). +# You may sometimes need to explicitly add `ansible_python_interpreter=/usr/bin/python3` to lines below. [matrix_servers] matrix. ansible_host= ansible_ssh_user=root From ed159cc7427c9e856b037864bb9e923f5b7fb2ca Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:33:18 +0200 Subject: [PATCH 3/8] Move matrix_architecture to matrix-base We were only defining this in `group_vars/matrix_servers`, which is inconsistent with how we normally do things. --- group_vars/matrix_servers | 14 -------------- roles/matrix-base/defaults/main.yml | 6 ++++++ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 78a03851..f5eb1cb8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -24,20 +24,6 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matri # ###################################################################### -###################################################################### -# -# matrix-architecture -# -###################################################################### - -matrix_architecture: "amd64" - -###################################################################### -# -# /matrix-architecture -# -###################################################################### - ###################################################################### # diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index e0522ba8..aabbbed8 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -23,6 +23,12 @@ matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" matrix_federation_public_port: 8448 +# The architecture that your server runs. +# Recognized values by us are 'amd64', 'arm32' and 'arm64'. +# Not all architectures support all services, so your experience (on non-amd64) may vary. +# See docs/alternative-architectures.md +matrix_architecture: amd64 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" From 55f252a6ed276d000e193158a4390b1315354cb2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:37:30 +0200 Subject: [PATCH 4/8] Do not hardcode amd64 in setup_debian.yml Until now, we've only supported non-amd64 on Raspbian. Seems like there are now people running Debian/Ubuntu on ARM, so we were forcing them into amd64 Docker packages. I've gotten a report that this change fixes support for Ubuntu Server 20.04 on RPi 4B. --- roles/matrix-base/defaults/main.yml | 5 +++++ roles/matrix-base/tasks/server_base/setup_debian.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index aabbbed8..2cc4b42f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -29,6 +29,11 @@ matrix_federation_public_port: 8448 # See docs/alternative-architectures.md matrix_architecture: amd64 +# The architecture for Debian packages. +# See: https://wiki.debian.org/SupportedArchitectures +# We just remap from our `matrix_architecture` values to what Debian and possibly other distros call things. +matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_architecture }}" + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index 6d8d18fa..e30d3b93 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -20,7 +20,7 @@ - name: Ensure Docker repository is enabled apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present update_cache: yes when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' From f545de53f742e4443bf26608e67da786b8d6dc16 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:39:18 +0200 Subject: [PATCH 5/8] Do not hardcode "ubuntu" for the Docker APT key URL Well, `ubuntu` or `debian`, the same key is served right now, so it doesn't really matter. This seems cleaner and less prone to breakage though. --- roles/matrix-base/tasks/server_base/setup_debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index e30d3b93..37706d1f 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -11,7 +11,7 @@ - name: Ensure Docker's APT key is trusted apt_key: - url: https://download.docker.com/linux/ubuntu/gpg + url: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg" id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 state: present register: add_repository_key From a09ed58892965241f0ee73b11139b5cfb5995cde Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:45:32 +0200 Subject: [PATCH 6/8] Ensure gnupg installed on Raspbian It's likely installed by default, but it doesn't hurt to specify it. It also makes us more the same with `setup_debian.yml`. --- roles/matrix-base/tasks/server_base/setup_raspbian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index a9a5d20a..a84228a5 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -5,6 +5,7 @@ name: - apt-transport-https - ca-certificates + - gnupg state: present update_cache: yes From 349fbb64343bc3a877db02948ef6e715fa8c0128 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:47:34 +0200 Subject: [PATCH 7/8] Do not hardcode armhf for Raspbian Raspbian doesn't seem to support arm64, so this is somewhat pointless right now. However, they might in the future. Doing this should also unify us some more with `setup_debian.yml` with the ultimate goal of eliminating `setup_raspbian.yml`. --- roles/matrix-base/tasks/server_base/setup_raspbian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index a84228a5..daf6c165 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -20,7 +20,7 @@ - name: Ensure Docker repository is enabled apt_repository: - repo: "deb [arch=armhf] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" + repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present update_cache: yes when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' From 8748f3d443d7b7388f41d06f2efab17f291735eb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Dec 2020 11:49:56 +0200 Subject: [PATCH 8/8] Move python{,3}-docker installation to another task This also adds support for installing python3-docker (not python-docker) in systems that run Python 3. --- roles/matrix-base/tasks/server_base/setup_raspbian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/tasks/server_base/setup_raspbian.yml b/roles/matrix-base/tasks/server_base/setup_raspbian.yml index daf6c165..421905a0 100644 --- a/roles/matrix-base/tasks/server_base/setup_raspbian.yml +++ b/roles/matrix-base/tasks/server_base/setup_raspbian.yml @@ -28,7 +28,6 @@ - name: Ensure APT packages are installed apt: name: - - python-docker - "{{ matrix_ntpd_package }}" - fuse state: latest @@ -38,5 +37,6 @@ apt: name: - "{{ matrix_docker_package_name }}" + - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" state: latest when: matrix_docker_installation_enabled|bool