From 8529efcd1ced476c06309f96219197846d80ab09 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jun 2019 10:30:51 +0300 Subject: [PATCH 01/10] Make Discord bridge configuration playbook-managed Well, `config.yaml` has been playbook-managed for a long time. It's now extended to match the default sample config of the Discord bridge. With this patch, we also make `registration.yaml` playbook-managed, which leads us to consistency with all other bridges. Along with that, we introduce `./config` and `./data` separation, like we do for the other bridges. --- CHANGELOG.md | 21 ++ ...ring-playbook-bridge-appservice-discord.md | 4 +- group_vars/matrix_servers | 7 + .../defaults/main.yml | 229 ++++++++++-------- .../tasks/init.yml | 10 +- .../tasks/setup_install.yml | 96 ++++---- .../tasks/validate_config.yml | 2 + .../matrix-appservice-discord.service.j2 | 6 +- .../tasks/setup_install.yml | 2 +- 9 files changed, 224 insertions(+), 153 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16801d24..4bc69fb0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,23 @@ +# 2019-06-26 + +## (BC Break) Discord bridge configuration is now entirely managed by the playbook + +Until now, the `config.yaml` file for the [Discord bridge](docs/configuring-playbook-bridge-appservice-discord.md) was managed by the playbook, but the `registration.yaml` file was not. + +From now on, the playbook will keep both configuration files sync for you. + +This means that if you were making manual changes to the `/matrix/appservice-discord/discord-registration.yaml` configuration file, those would be lost the next time you run the playbook. + +The bridge now stores configuration in a subdirectory (`/matrix/appservice-discord/config`). + +Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/data`). When you run the playbook with an existing database file (`/matrix/appservice-discord/discord.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`). + +The main directory (`/matrix/appservice-discord`) may contain some leftover files (`user-store.db`, `room-store.db`, `config.yaml`, `discord-registration.yaml`, `invite_link`). These are no longer necessary and can be deleted manually. + +We're now following the default sample configuration for the Discord bridge. +If you need to override some values, define them in `matrix_appservice_discord_configuration_extension_yaml`. + + # 2019-06-24 ## (BC Break) WhatsApp bridge configuration is now entirely managed by the playbook @@ -15,6 +35,7 @@ Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/d We're now following the default configuration for the WhatsApp bridge. + # 2019-06-20 ## (BC Break) IRC bridge configuration is now entirely managed by the playbook diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index 967a75cf..1db2aed6 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -19,8 +19,8 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -5. Retrieve Discord invitelink from the `{{ matrix_appservice_discord_base_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/invite_link`) +5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`) 6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: discordapp.com/channels/guild_id/channel_id +7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id` Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 356f6cf1..503a45be 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -39,6 +39,9 @@ matrix_appservice_discord_enabled: false # matrix-appservice-discord's client-server port to the local host. matrix_appservice_discord_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9005' }}" +# If the homeserver disables presence, it's likely better (less wasteful) to also disable presence on the bridge side. +matrix_appservice_discord_bridge_disablePresence: "{{ matrix_synapse_use_presence }}" + matrix_appservice_discord_systemd_required_services_list: | {{ ['docker.service'] @@ -46,6 +49,10 @@ matrix_appservice_discord_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} +matrix_appservice_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.as.token') | to_uuid }}" + +matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'discord.hs.token') | to_uuid }}" + ###################################################################### # # /matrix-bridge-appservice-discord diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index a415d255..61dc39bb 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -7,11 +7,16 @@ matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:late matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" +matrix_appservice_discord_config_path: "{{ matrix_base_data_path }}/appservice-discord/config" +matrix_appservice_discord_data_path: "{{ matrix_base_data_path }}/appservice-discord/data" # Get your own keys at https://discordapp.com/developers/applications/me/create matrix_appservice_discord_client_id: '' matrix_appservice_discord_bot_token: '' +matrix_appservice_discord_appservice_token: '' +matrix_appservice_discord_homeserver_token: '' + # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9005 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9005"), or empty string to not expose. @@ -26,109 +31,135 @@ matrix_appservice_discord_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-appservice-discord.service wants matrix_appservice_discord_systemd_wanted_services_list: [] +matrix_appservice_discord_appservice_url: 'http://matrix-appservice-discord:9005' + +matrix_appservice_discord_bridge_domain: "{{ matrix_domain }}" +# As of right now, the homeserver URL must be a public URL. See below. +matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" +matrix_appservice_discord_bridge_disablePresence: false + matrix_appservice_discord_configuration_yaml: | - bridge: - domain: "{{ matrix_domain }}" - homeserverUrl: "{{ matrix_homeserver_url }}" - auth: - clientID: "{{matrix_appservice_discord_client_id}}" - botToken: "{{matrix_appservice_discord_bot_token}}" - database: - filename: "/data/discord.db" - userStorePath: "/data/user-store.db" - roomStorePath: "/data/room-store.db" + #jinja2: lstrip_blocks: "True" + bridge: + # Domain part of the bridge, e.g. matrix.org + domain: {{ matrix_appservice_discord_bridge_domain }} + # This should be your publically facing URL because Discord may use it to + # fetch media from the media store. + homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }} + # Interval at which to process users in the 'presence queue'. If you have + # 5 users, one user will be processed every 500 milliseconds according to the + # value below. This has a minimum value of 250. + # WARNING: This has a high chance of spamming the homeserver with presence + # updates since it will send one each time somebody changes state or is online. + presenceInterval: 500 + # Disable setting presence for 'ghost users' which means Discord users on Matrix + # will not be shown as away or online. + disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} + # Disable sending typing notifications when somebody on Discord types. + disableTypingNotifications: false + # Disable deleting messages on Discord if a message is redacted on Matrix. + disableDeletionForwarding: false + # Enable users to bridge rooms using !discord commands. See + # https://t2bot.io/discord for instructions. + enableSelfServiceBridging: false + # Disable sending of read receipts for Matrix events which have been + # successfully bridged to Discord. + disableReadReceipts: false + # Disable Join Leave echos from matrix + disableJoinLeaveNotifications: false + # Authentication configuration for the discord bot. + auth: + clientID: {{ matrix_appservice_discord_client_id }} + botToken: {{ matrix_appservice_discord_bot_token }} + logging: + # What level should the logger output to the console at. + console: "warn" #silly, verbose, info, http, warn, error, silent + lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format + # files: + # - file: "debug.log" + # disable: + # - "PresenceHandler" # Will not capture presence logging + # - file: "warn.log" # Will capture warnings + # level: "warn" + # - file: "botlogs.log" # Will capture logs from DiscordBot + # level: "info" + # enable: + # - "DiscordBot" + database: + # You may either use SQLite or Postgresql for the bridge database, which contains + # important mappings for events and user puppeting configurations. + # Use the filename option for SQLite, or connString for Postgresql. + # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite + # WARNING: You will almost certainly be fine with sqlite unless your bridge + # is in heavy demand and you suffer from IO slowness. + filename: "/data/discord.db" + # connString: "postgresql://user:password@localhost/database_name" + room: + # Set the default visibility of alias rooms, defaults to "public". + # One of: "public", "private" + defaultVisibility: "public" + channel: + # Pattern of the name given to bridged rooms. + # Can use :guild for the guild name and :name for the channel name. + namePattern: "[Discord] :guild :name" + # Changes made to rooms when a channel is deleted. + deleteOptions: + # Prefix the room name with a string. + #namePrefix: "[Deleted]" + # Prefix the room topic with a string. + #topicPrefix: "This room has been deleted" + # Disable people from talking in the room by raising the event PL to 50 + disableMessaging: false + # Remove the discord alias from the room. + unsetRoomAlias: true + # Remove the room from the directory. + unlistFromDirectory: true + # Set the room to be unavaliable for joining without an invite. + setInviteOnly: true + # Make all the discord users leave the room. + ghostsLeave: true + limits: + # Delay in milliseconds between discord users joining a room. + roomGhostJoinDelay: 6000 + # Delay in milliseconds before sending messages to discord to avoid echos. + # (Copies of a sent message may arrive from discord before we've + # fininished handling it, causing us to echo it back to the room) + discordSendDelay: 750 + ghosts: + # Pattern for the ghosts nick, available is :nick, :username, :tag and :id + nickPattern: ":nick" + # Pattern for the ghosts username, available is :username, :tag and :id + usernamePattern: ":username#:tag" matrix_appservice_discord_configuration_extension_yaml: | - # This is a sample of the config file showing all avaliable options. - # Where possible we have documented what they do, and all values are the - # default values. - # - #bridge: - # # Domain part of the bridge, e.g. matrix.org - # domain: "localhost" - # # This should be your publically facing URL because Discord may use it to - # # fetch media from the media store. - # homeserverUrl: "http://localhost:8008" - # # Interval at which to process users in the 'presence queue'. If you have - # # 5 users, one user will be processed every 500 milliseconds according to the - # # value below. This has a minimum value of 250. - # # WARNING: This has a high chance of spamming the homeserver with presence - # # updates since it will send one each time somebody changes state or is online. - # presenceInterval: 500 - # # Disable setting presence for 'ghost users' which means Discord users on Matrix - # # will not be shown as away or online. - # disablePresence: false - # # Disable sending typing notifications when somebody on Discord types. - # disableTypingNotifications: false - # # Disable deleting messages on Discord if a message is redacted on Matrix. - # disableDeletionForwarding: false - # # Enable users to bridge rooms using !discord commands. See - # # https://t2bot.io/discord for instructions. - # enableSelfServiceBridging: false - # # Disable sending of read receipts for Matrix events which have been - # # successfully bridged to Discord. - # disableReadReceipts: false - # Authentication configuration for the discord bot. - #auth: - # clientID: "12345" - # botToken: "foobar" - #logging: - # # What level should the logger output to the console at. - # console: "warn" #silly, verbose, info, http, warn, error, silent - # lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format - # files: - # - file: "debug.log" - # disable: - # - "PresenceHandler" # Will not capture presence logging - # - file: "warn.log" # Will capture warnings - # level: "warn" - # - file: "botlogs.log" # Will capture logs from DiscordBot - # level: "info" - # enable: - # - "DiscordBot" - #database: - # userStorePath: "user-store.db" - # roomStorePath: "room-store.db" - # # You may either use SQLite or Postgresql for the bridge database, which contains - # # important mappings for events and user puppeting configurations. - # # Use the filename option for SQLite, or connString for Postgresql. - # # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite - # # WARNING: You will almost certainly be fine with sqlite unless your bridge - # # is in heavy demand and you suffer from IO slowness. - # filename: "discord.db" - # # connString: "postgresql://user:password@localhost/database_name" - #room: - # # Set the default visibility of alias rooms, defaults to "public". - # # One of: "public", "private" - # defaultVisibility: "public" - #channel: - # # Pattern of the name given to bridged rooms. - # # Can use :guild for the guild name and :name for the channel name. - # namePattern: "[Discord] :guild :name" - # # Changes made to rooms when a channel is deleted. - # deleteOptions: - # # Prefix the room name with a string. - # #namePrefix: "[Deleted]" - # # Prefix the room topic with a string. - # #topicPrefix: "This room has been deleted" - # # Disable people from talking in the room by raising the event PL to 50 - # disableMessaging: false - # # Remove the discord alias from the room. - # unsetRoomAlias: true - # # Remove the room from the directory. - # unlistFromDirectory: true - # # Set the room to be unavaliable for joining without an invite. - # setInviteOnly: true - # # Make all the discord users leave the room. - # ghostsLeave: true - #limits: - # # Delay in milliseconds between discord users joining a room. - # roomGhostJoinDelay: 6000 - # # Delay in milliseconds before sending messages to discord to avoid echos. - # # (Copies of a sent message may arrive from discord before we've - # # fininished handling it, causing us to echo it back to the room) - # discordSendDelay: 750 + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_discord_configuration_yaml`. matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml is mapping else {} }}" matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" + +matrix_appservice_discord_registration_yaml: | + #jinja2: lstrip_blocks: "True" + id: appservice-discord + as_token: "{{ matrix_appservice_discord_appservice_token }}" + hs_token: "{{ matrix_appservice_discord_homeserver_token }}" + namespaces: + users: + - exclusive: true + regex: '^@_discord_.*' + aliases: + - exclusive: true + regex: '^#_discord_.*' + url: {{ matrix_appservice_discord_appservice_url }} + sender_localpart: _discord_bot + rate_limited: false + protocols: + - discord + +matrix_appservice_discord_registration: "{{ matrix_appservice_discord_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index 7370b0bd..1d31bc84 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -1,3 +1,11 @@ +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. + when: "matrix_appservice_discord_enabled and matrix_synapse_role_executed|default(False)" + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord'] }}" when: matrix_appservice_discord_enabled|bool @@ -7,7 +15,7 @@ matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} + - {{ ["--mount type=bind,src={{ matrix_appservice_discord_base_path }}/discord-registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }} + {{ ["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ matrix_synapse_app_service_config_files|default([]) }} diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 3dc16839..384c1f3b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - - name: Ensure Appservice Discord image is pulled docker_image: name: "{{ matrix_appservice_discord_docker_image }}" @@ -15,22 +7,66 @@ force_source: "{{ matrix_appservice_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_discord_docker_image_force_pull }}" -- name: Ensure Appservice Discord base directory exists +- name: Ensure AppService Discord paths exist file: - path: "{{ matrix_appservice_discord_base_path }}" + path: "{{ item }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_appservice_discord_base_path }}" + - "{{ matrix_appservice_discord_config_path }}" + - "{{ matrix_appservice_discord_data_path }}" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_appservice_discord_base_path }}/discord.db" + register: matrix_appservice_discord_stat_db -- name: Ensure Matrix Appservice Discord config installed +- name: (Data relocation) Ensure matrix-appservice-discord.service is stopped + service: + name: matrix-appservice-discord + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_appservice_discord_stat_db.stat.exists" + +# In addition to this, there used to be some `user-store-db` and `room-store.db` files. +# They're no longer in use, so we're not relocating them in an effort to point them out as neither `./data`, nor `./config`. +- name: (Data relocation) Move AppService Discord discord.db file to ./data directory + command: "mv {{ matrix_appservice_discord_base_path }}/discord.db {{ matrix_appservice_discord_data_path }}/discord.db" + when: "matrix_appservice_discord_stat_db.stat.exists" + +- name: Ensure AppService Discord config.yaml installed copy: content: "{{ matrix_appservice_discord_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_discord_base_path }}/config.yaml" + dest: "{{ matrix_appservice_discord_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" +- name: Ensure AppService Discord registration.yaml installed + copy: + content: "{{ matrix_appservice_discord_registration|to_nice_yaml }}" + dest: "{{ matrix_appservice_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +# If `matrix_appservice_discord_client_id` hasn't changed, the same invite link would be generated. +# We intentionally suppress Ansible changes. +- name: Generate AppService Discord invite link + shell: >- + /usr/bin/docker run --rm --name matrix-appservice-discord-link-gen + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_appservice_discord_config_path }}:/cfg + -w /cfg + {{ matrix_appservice_discord_docker_image }} + /bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link" + changed_when: false + - name: Ensure matrix-appservice-discord.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" @@ -42,39 +78,3 @@ service: daemon_reload: yes when: "matrix_appservice_discord_systemd_service_result.changed" - -- name: Check if a matrix-appservice-discord registration file exists - stat: - path: "{{ matrix_appservice_discord_base_path }}/discord-registration.yaml" - register: appservice_discord_registration_file - -- name: Generate matrix-appservice-discord discord-registration.yaml if it doesn't exist - shell: >- - /usr/bin/docker run --rm --name matrix-appservice-discord-gen - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - -v {{ matrix_appservice_discord_base_path }}:/data:z - {{ matrix_appservice_discord_docker_image }} - node build/src/discordas.js - -r - -u "http://matrix-appservice-discord:9005" - -c /data/config.yaml - -f /data/discord-registration.yaml - -l discord_bot - when: "not appservice_discord_registration_file.stat.exists" - -- name: Check if a matrix-appservice-discord invite_link file exists - stat: - path: "{{ matrix_appservice_discord_base_path }}/invite_link" - register: appservice_discord_link_generated - -- name: Generate your discord invite link - shell: >- - /usr/bin/docker run --rm --name matrix-appservice-discord-link-gen - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - -v {{ matrix_appservice_discord_base_path }}:/data - -w /data - {{ matrix_appservice_discord_docker_image }} - /bin/sh -c "node .././build/tools/addbot.js > invite_link" - when: "not appservice_discord_link_generated.stat.exists" diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml index fc321237..46612ba5 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -8,6 +8,8 @@ with_items: - "matrix_appservice_discord_client_id" - "matrix_appservice_discord_bot_token" + - "matrix_appservice_discord_appservice_token" + - "matrix_appservice_discord_homeserver_token" - name: (Deprecation) Catch and report renamed appservice-discord variables fail: diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index f82c1284..9b0ac514 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -25,11 +25,13 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ {% if matrix_appservice_discord_container_http_host_bind_port %} -p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \ {% endif %} - -v {{ matrix_appservice_discord_base_path }}:/data \ + -v {{ matrix_appservice_discord_config_path }}:/cfg \ + -v {{ matrix_appservice_discord_data_path }}:/data \ {% for arg in matrix_appservice_discord_container_extra_arguments %} {{ arg }} \ {% endfor %} - {{ matrix_appservice_discord_docker_image }} + {{ matrix_appservice_discord_docker_image }} \ + node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml ExecStop=-/usr/bin/docker kill matrix-appservice-discord ExecStop=-/usr/bin/docker rm matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index a4601a60..059b9d36 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -36,7 +36,7 @@ command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" when: "matrix_appservice_irc_stat_passkey.stat.exists" -- name: (Data relocation) Move AppService database files to ./data directory +- name: (Data relocation) Move AppService IRC database files to ./data directory command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" with_items: - rooms.db From bccfd13c7ff3d9f4f8d2e31449da5206656f7bfc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jun 2019 10:48:19 +0300 Subject: [PATCH 02/10] Fix changelog entry typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bc69fb0..746c2f78 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ This means that if you were making manual changes to the `/matrix/appservice-dis The bridge now stores configuration in a subdirectory (`/matrix/appservice-discord/config`). -Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/data`). When you run the playbook with an existing database file (`/matrix/appservice-discord/discord.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`). +Likewise, data is now also stored in a subdirectory (`/matrix/appservice-discord/data`). When you run the playbook with an existing database file (`/matrix/appservice-discord/discord.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`). The main directory (`/matrix/appservice-discord`) may contain some leftover files (`user-store.db`, `room-store.db`, `config.yaml`, `discord-registration.yaml`, `invite_link`). These are no longer necessary and can be deleted manually. From 420b46ad2ee3292d1b3115d5aaee50138a866076 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 27 Jun 2019 09:34:08 +0300 Subject: [PATCH 03/10] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 746c2f78..36ba2762 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# 2019-06-26 +# 2019-06-27 ## (BC Break) Discord bridge configuration is now entirely managed by the playbook From 2b3865ceea5f5c6eefb702cd3b31a359319b68a2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 16:58:45 +0300 Subject: [PATCH 04/10] Upgrade Synapse (1.0.0 -> 1.1.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 105 +++++++++++++----- 2 files changed, 76 insertions(+), 31 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50301d5b..0658fac2 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -3,7 +3,7 @@ matrix_synapse_enabled: true -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.0.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.1.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 43ae99b6..35c3bbe0 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -14,29 +14,6 @@ server_name: "{{ matrix_domain }}" # pid_file: /homeserver.pid -# CPU affinity mask. Setting this restricts the CPUs on which the -# process will be scheduled. It is represented as a bitmask, with the -# lowest order bit corresponding to the first logical CPU and the -# highest order bit corresponding to the last logical CPU. Not all CPUs -# may exist on a given system but a mask may specify more CPUs than are -# present. -# -# For example: -# 0x00000001 is processor #0, -# 0x00000003 is processors #0 and #1, -# 0xFFFFFFFF is all processors (#0 through #31). -# -# Pinning a Python process to a single CPU is desirable, because Python -# is inherently single-threaded due to the GIL, and can suffer a -# 30-40% slowdown due to cache blow-out and thread context switching -# if the scheduler happens to schedule the underlying threads across -# different cores. See -# https://www.mirantis.com/blog/improve-performance-python-programs-restricting-single-cpu/. -# -# This setting requires the affinity package to be installed! -# -#cpu_affinity: 0xFFFFFFFF - # The path to the web client which will be served at /_matrix/client/ # if 'webclient' is configured under the 'listeners' configuration. # @@ -68,11 +45,15 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} # #require_auth_for_profile_requests: true -# If set to 'true', requires authentication to access the server's -# public rooms directory through the client API, and forbids any other -# homeserver to fetch it via federation. Defaults to 'false'. +# If set to 'false', requires authentication to access the server's public rooms +# directory through the client API. Defaults to 'true'. # -#restrict_public_rooms_to_local_users: true +#allow_public_rooms_without_auth: false + +# If set to 'false', forbids any other homeserver to fetch the server's public +# rooms directory via federation. Defaults to 'true'. +# +#allow_public_rooms_over_federation: false # The default room version for newly created rooms. # @@ -338,6 +319,15 @@ tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} # #federation_verify_certificates: false +# The minimum TLS version that will be used for outbound federation requests. +# +# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note +# that setting this value higher than `1.2` will prevent federation to most +# of the public Matrix network: only configure it to `1.3` if you have an +# entirely private federation setup and you can ensure TLS 1.3 support. +# +#federation_client_minimum_tls_version: 1.2 + # Skip federation certificate verification on the following whitelist # of domains. # @@ -427,6 +417,13 @@ acme: # #domain: matrix.example.com + # file to use for the account key. This will be generated if it doesn't + # exist. + # + # If unspecified, we will use CONFDIR/client.key. + # + account_key_file: /data/acme_account.key + # List of allowed TLS fingerprints for this server to publish along # with the signing keys for this server. Other matrix servers that # make HTTPS requests to this server will check that the TLS @@ -696,7 +693,7 @@ url_preview_ip_range_blacklist: # - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' # The largest allowed URL preview spidering size in bytes - +# max_spider_size: 10M @@ -1020,6 +1017,12 @@ signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key" # so it is not normally necessary to specify them unless you need to # override them. # +# Once SAML support is enabled, a metadata file will be exposed at +# https://:/_matrix/saml2/metadata.xml, which you may be able to +# use to configure your SAML IdP with. Alternatively, you can manually configure +# the IdP to use an ACS location of +# https://:/_matrix/saml2/authn_response. +# #saml2_config: # sp_config: # # point this to the IdP's metadata. You can use either a local file or @@ -1029,7 +1032,15 @@ signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key" # remote: # - url: https://our_idp/metadata.xml # -# # The rest of sp_config is just used to generate our metadata xml, and you +# # By default, the user has to go to our login page first. If you'd like to +# # allow IdP-initiated login, set 'allow_unsolicited: True' in a +# # 'service.sp' section: +# # +# #service: +# # sp: +# # allow_unsolicited: True +# +# # The examples below are just used to generate our metadata xml, and you # # may well not need it, depending on your setup. Alternatively you # # may need a whole lot more detail - see the pysaml2 docs! # @@ -1052,6 +1063,12 @@ signing_key_path: "/data/{{ matrix_server_fqn_matrix }}.signing.key" # # separate pysaml2 configuration file: # # # config_path: "/data/sp_conf.py" +# +# # the lifetime of a SAML session. This defines how long a user has to +# # complete the authentication process, if allow_unsolicited is unset. +# # The default is 5 minutes. +# # +# # saml_session_lifetime: 5m @@ -1078,6 +1095,12 @@ password_config: # #enabled: false + # Uncomment to disable authentication against the local password + # database. This is ignored if `enabled` is false, and is only useful + # if you have other password_providers. + # + #localdb_enabled: false + # Uncomment and change to a secret random string for extra security. # DO NOT CHANGE THIS AFTER INITIAL SETUP! # @@ -1102,11 +1125,13 @@ password_config: # app_name: Matrix # # # Enable email notifications by default +# # # notif_for_new_users: True # # # Defining a custom URL for Riot is only needed if email notifications # # should contain links to a self-hosted installation of Riot; when set # # the "app_name" setting is ignored +# # # riot_base_url: "http://localhost/riot" # # # Enable sending password reset emails via the configured, trusted @@ -1119,16 +1144,22 @@ password_config: # # # # If this option is set to false and SMTP options have not been # # configured, resetting user passwords via email will be disabled +# # # #trust_identity_server_for_password_resets: false # # # Configure the time that a validation email or text message code # # will expire after sending # # # # This is currently used for password resets +# # # #validation_token_lifetime: 1h # # # Template directory. All template files should be stored within this -# # directory +# # directory. If not set, default templates from within the Synapse +# # package will be used +# # +# # For the list of default templates, please see +# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # # # #template_dir: res/templates # @@ -1325,6 +1356,7 @@ push: # + # Local statistics collection. Used in populating the room directory. # # 'bucket_size' controls how large each statistics timeslice is. It can @@ -1429,3 +1461,16 @@ alias_creation_rules: {{ matrix_synapse_alias_creation_rules|to_json }} # action: allow room_list_publication_rules: {{ matrix_synapse_room_list_publication_rules|to_json }} + + +# Server admins can define a Python module that implements extra rules for +# allowing or denying incoming events. In order to work, this module needs to +# override the methods defined in synapse/events/third_party_rules.py. +# +# This feature is designed to be used in closed federations only, where each +# participating server enforces the same rules. +# +#third_party_event_rules: +# module: "my_custom_project.SuperRulesSet" +# config: +# example_option: 'things' From da6edc9cba781f03a424dd65c09a98bfcb4912aa Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 17:11:51 +0300 Subject: [PATCH 05/10] Add support for disabling Synapse's local database for user auth This is a new feature of Synapse v1.1.0. Discussed in #145 (Github Pull Request). --- docs/configuring-playbook-ldap-auth.md | 11 ++++++++++- docs/configuring-playbook-rest-auth.md | 9 +++++++++ docs/configuring-playbook-shared-secret-auth.md | 11 ++++++++++- roles/matrix-synapse/defaults/main.yml | 5 +++++ .../templates/synapse/homeserver.yaml.j2 | 2 +- 5 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-ldap-auth.md b/docs/configuring-playbook-ldap-auth.md index 5d63cf26..5658b8a9 100644 --- a/docs/configuring-playbook-ldap-auth.md +++ b/docs/configuring-playbook-ldap-auth.md @@ -17,4 +17,13 @@ matrix_synapse_ext_password_provider_ldap_attributes_name: "cn" matrix_synapse_ext_password_provider_ldap_bind_dn: "" matrix_synapse_ext_password_provider_ldap_bind_password: "" matrix_synapse_ext_password_provider_ldap_filter: "" -``` \ No newline at end of file +``` + + +## Authenticating only using a password provider + +If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it: + +```yaml +matrix_synapse_password_config_localdb_enabled: false +``` diff --git a/docs/configuring-playbook-rest-auth.md b/docs/configuring-playbook-rest-auth.md index 6c3e4189..f35c0f49 100644 --- a/docs/configuring-playbook-rest-auth.md +++ b/docs/configuring-playbook-rest-auth.md @@ -13,3 +13,12 @@ matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: f matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false ``` + + +## Authenticating only using a password provider + +If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it: + +```yaml +matrix_synapse_password_config_localdb_enabled: false +``` diff --git a/docs/configuring-playbook-shared-secret-auth.md b/docs/configuring-playbook-shared-secret-auth.md index 26675f4c..0ec60d2e 100644 --- a/docs/configuring-playbook-shared-secret-auth.md +++ b/docs/configuring-playbook-shared-secret-auth.md @@ -9,4 +9,13 @@ If you decide that you'd like to let this playbook install it for you, you need ```yaml matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE -``` \ No newline at end of file +``` + + +## Authenticating only using a password provider + +If you wish for users to **authenticate only against configured password providers** (like this one), **without consulting Synapse's local database**, feel free to disable it: + +```yaml +matrix_synapse_password_config_localdb_enabled: false +``` diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 0658fac2..30274f2f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -147,6 +147,11 @@ matrix_synapse_autocreate_auto_join_rooms: true # Controls password-peppering for Synapse. Not to be changed after initial setup. matrix_synapse_password_config_pepper: "" +# Controls if Synapse allows people to authenticate against its local database. +# It may be useful to disable this if you've configured additional password providers +# and only wish authentication to happen through them. +matrix_synapse_password_config_localdb_enabled: false + # Controls the number of events that Synapse caches in memory. matrix_synapse_event_cache_size: "100K" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 35c3bbe0..8100a1bb 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1099,7 +1099,7 @@ password_config: # database. This is ignored if `enabled` is false, and is only useful # if you have other password_providers. # - #localdb_enabled: false + localdb_enabled: {{ matrix_synapse_password_config_localdb_enabled|to_json }} # Uncomment and change to a secret random string for extra security. # DO NOT CHANGE THIS AFTER INITIAL SETUP! From 73158e6c2fa5f064546ad1157538c8c812b52e2a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 17:27:20 +0300 Subject: [PATCH 06/10] Fix unintentionally inverted boolean Fixes a problem introduced by da6edc9cba78. Related to #145 (Github Pull Request). --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 30274f2f..d530d758 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -150,7 +150,7 @@ matrix_synapse_password_config_pepper: "" # Controls if Synapse allows people to authenticate against its local database. # It may be useful to disable this if you've configured additional password providers # and only wish authentication to happen through them. -matrix_synapse_password_config_localdb_enabled: false +matrix_synapse_password_config_localdb_enabled: true # Controls the number of events that Synapse caches in memory. matrix_synapse_event_cache_size: "100K" From b84139088c0aed04243c29f14127268dd22b1689 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 17:28:38 +0300 Subject: [PATCH 07/10] Fix password providers not working on Synapse v1.1.0 Fixes a regression introduced during the upgrade to Synapse v1.1.0 (in 2b3865ceea5f5c6ee). Since Synapse v1.1.0 upgraded to Python 3.7 (https://github.com/matrix-org/synapse/pull/5546), we need to use a different modules directory when mounting password provider modules. --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d530d758..b1f498ab 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -49,7 +49,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-synapse.service wants matrix_synapse_systemd_wanted_services_list: [] -matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages" +matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.7/site-packages" # Specifies which template files to use when configuring Synapse. # If you'd like to have your own different configuration, feel free to copy and paste From ef5e4ad061073663f6a825a9a292e6b636d05bfc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 17:46:31 +0300 Subject: [PATCH 08/10] Make Synapse not log to text files Somewhat related to #213 (Github Pull Request). We've been moving in the opposite direction for quite a long time. All services should just leave logging to systemd's journald. --- CHANGELOG.md | 19 +++++++++++++++++++ docs/prerequisites.md | 2 ++ roles/matrix-synapse/defaults/main.yml | 2 -- .../templates/synapse/synapse.log.config.j2 | 12 ++---------- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 36ba2762..da757bb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 2019-07-04 + +## Synapse no longer logs to text files + +Following what the official Synapse Docker image is doing ([#5565](https://github.com/matrix-org/synapse/pull/5565)) and what we've been doing for mostly everything installed by this playbook, **Synapse no longer logs to text files** (`/matrix/synapse/run/homeserver.log*`). + +From now on, Synapse would only log to console, which goes to systemd's journald. +To see Synapse's logs, execute: `journalctl -fu matrix-synapse` + +Because of this, the following variables have become obsolete and were removed: + +- `matrix_synapse_max_log_file_size_mb` +- `matrix_synapse_max_log_files_count` + +To prevent confusion, it'd be better if you delete all old files manually after you've upgraded (`rm -f /matrix/synapse/run/homeserver.log*`). + +Because Synapse is incredibly chatty when it comes to logging (here's [one such issue](https://github.com/matrix-org/synapse/issues/4751) describing the problem), if you're running an ancient distribution (like CentOS 7.0), be advised that systemd's journald default logging restrictions may not be high enough to capture all log messages generated by Synapse. This is especially true if you've got a busy (Synapse) server. We advise that you manually add `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in the `/etc/systemd/journald.conf` file, followed by restarting the logging service (`systemctl restart systemd-journald`). + + # 2019-06-27 ## (BC Break) Discord bridge configuration is now entirely managed by the playbook diff --git a/docs/prerequisites.md b/docs/prerequisites.md index b3d4cf04..a111e7bd 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -2,6 +2,8 @@ - **CentOS** (7.0+), **Debian** (9/Stretch+) or **Ubuntu** (16.04+) server. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. + - for ancient distributions like **CentOS 7.0**, we recommend that you do a manual systemd-journald adjustment. Because the Synapse chat server is incredibly chatty when it comes to logging (here's [one such issue](https://github.com/matrix-org/synapse/issues/4751) describing the problem), be advised that systemd's journald default logging restrictions may not be high enough to capture all log messages generated by Synapse. This is especially true if you've got a busy (Synapse) server. We advise that you manually add `RateLimitInterval=0` and `RateLimitBurst=0` under `[Storage]` in the `/etc/systemd/journald.conf` file, followed by restarting the logging service (`systemctl restart systemd-journald`). + - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). - a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates. *This can be ignored if you use your own SSL certificates.* diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index b1f498ab..08a3e78f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -69,8 +69,6 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_public }}" matrix_synapse_max_upload_size_mb: 10 -matrix_synapse_max_log_file_size_mb: 100 -matrix_synapse_max_log_files_count: 10 # The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads. matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}" diff --git a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 b/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 index 732c4c1d..f470b6f5 100644 --- a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 +++ b/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 @@ -4,7 +4,7 @@ version: 1 formatters: precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' filters: context: @@ -12,14 +12,6 @@ filters: request: "" handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: precise - filename: /matrix-run/homeserver.log - maxBytes: {{ matrix_synapse_max_log_file_size_mb * 1024 * 1024 }} - backupCount: {{ matrix_synapse_max_log_files_count }} - filters: [context] - encoding: utf8 console: class: logging.StreamHandler formatter: precise @@ -41,4 +33,4 @@ loggers: root: level: {{ matrix_synapse_root_log_level }} - handlers: [file, console] + handlers: [console] From 17cd52ced6290df7abe1161a8772211972cbaacb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jul 2019 18:19:52 +0300 Subject: [PATCH 09/10] Make Synapse log messages a bit prettier ef5e4ad061073663f intentionally makes us conform to the logging format suggested by the official Docker image. Reverting this part, because it's uglier. This likely should be fixed upstream as well though. --- roles/matrix-synapse/templates/synapse/synapse.log.config.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 b/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 index f470b6f5..09f07a2e 100644 --- a/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 +++ b/roles/matrix-synapse/templates/synapse/synapse.log.config.j2 @@ -4,7 +4,7 @@ version: 1 formatters: precise: - format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s' filters: context: From f83bbf8525d5f08a17c785c4cdbf3cdaba82479e Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Thu, 4 Jul 2019 22:59:21 -0500 Subject: [PATCH 10/10] Bump nginx version --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index b4b181ff..366ad22e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.17.0-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.17.1-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"