Catalan Lover
601b67c02d
Update Draupnir Config
2 years ago
Slavi Pantaleev
6cdbde01d7
Fix various Traefik headers syntax
...
`always` is an nginx suffix, which shouldn't have been added to these.
2 years ago
Slavi Pantaleev
0da308e24d
Upgrade com.devture.ansible.role.traefik
2 years ago
Slavi Pantaleev
5df89a44b3
Add support for customizing Synapse templates
2 years ago
Slavi Pantaleev
9775218850
Add matrix_synapse_email_app_name variable
2 years ago
Slavi Pantaleev
632026513e
Add matrix_synapse_uid, matrix_synapse_gid and matrix_synapse_username
2 years ago
Slavi Pantaleev
990a6369e1
Switch to using an external Redis role
2 years ago
Slavi Pantaleev
519b32543c
Add matrix_synapse_container_network and matrix_synapse_container_additional_networks
2 years ago
Slavi Pantaleev
0ce2121d01
Fix variable typo in validation task
2 years ago
Slavi Pantaleev
b291459bf3
Fix syntax error
2 years ago
Slavi Pantaleev
964aa0e84d
Switch to using an external Ntfy role
...
The newly extracted role also has native Traefik support,
so we no longer need to rely on `matrix-nginx-proxy` for
reverse-proxying to Ntfy.
The new role uses port `80` inside the container (not `8080`, like
before), because that's the default assumption of the officially
published container image. Using a custom port (like `8080`), means the
default healthcheck command (which hardcodes port `80`) doesn't work.
Instead of fiddling to override the healthcheck command, we've decided
to stick to the default port instead. This only affects the
inside-the-container port, not any external ports.
The new role also supports adding the network ranges of the container's
multiple additional networks as "exempt hosts". Previously, only one
network's address range was added to "exempt hosts".
2 years ago
Slavi Pantaleev
38c4e464c1
Fix self-check for Hydrogen and Cinny when running under a subpath
2 years ago
Aine
954920dd4f
Update ntfy 1.31.0 -> 2.0.0
2 years ago
Slavi Pantaleev
8fd8f12a0d
Merge pull request #2493 from etkecc/patch-174
...
Update mautrix-whatsapp 0.8.1 -> 0.8.2
2 years ago
Aine
64ec1db077
Update mautrix-whatsapp 0.8.1 -> 0.8.2
2 years ago
Aine
649f6512ca
Update mautrix-discord 0.1.0 -> 0.1.1
2 years ago
Slavi Pantaleev
bb7895678c
Fix typo
2 years ago
Aine
4fe6015464
Update ntfy 1.30.1 -> 1.31.0
2 years ago
Slavi Pantaleev
7c5826f1c3
Break dependency between matrix-prometheus-nginxlog-exporter and the Grafana role
...
Wiring happens via `group_vars/matrix_servers` now.
2 years ago
Slavi Pantaleev
1006b8d899
Replace matrix-grafana with an external role
2 years ago
Slavi Pantaleev
94124263a7
Add matrix_prometheus_container_network/matrix_prometheus_container_additional_networks
2 years ago
Slavi Pantaleev
0b9dc56edf
Add type support to matrix_coturn_container_additional_volumes
...
.. and try to auto-switch between `bind` and `volume` depending on
whether there's a slash in the `src` path.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2482
2 years ago
Slavi Pantaleev
1f0da1103a
Merge pull request #2485 from etkecc/patch-171
...
update postmoogle 0.9.13 -> 0.9.14
2 years ago
Slavi Pantaleev
c85d48c45c
Remove Traefik labels for Hydrogen & Cinny from matrix-nginx-proxy
...
Related to 6a52be7987
and 28e7ef9c71f02
2 years ago
Aine
4045d72e7b
update postmoogle 0.9.13 -> 0.9.14
...
* make banlist consistent
* proper multi-error message
* ignore "." MX hosts
* try recipient domain directly, even when MX records found, but failed
2 years ago
Slavi Pantaleev
4d24e9bb7f
Merge pull request #2484 from etkecc/patch-170
...
Update synapse 1.76.0 -> 1.77.0
2 years ago
Aine
3570808633
Update synapse 1.76.0 -> 1.77.0
2 years ago
Aine
c98f40c836
Update hydrogen 0.3.7 -> 0.3.8
2 years ago
Slavi Pantaleev
51cfd7b777
Merge pull request #2481 from moan0s/update
...
Bump element version
2 years ago
Julian-Samuel Gebühr
6727aa55ec
Bump element version
...
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
2 years ago
Slavi Pantaleev
f28e7ef9c7
Add (native) Traefik support to matrix-client-cinny
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2 years ago
Slavi Pantaleev
3bace0c7b9
Add matrix_synapse_admin_hostname and rename matrix_synapse_admin_public_endpoint (to matrix_synapse_admin_path_prefix)
2 years ago
Slavi Pantaleev
2e74187050
Add matrix_client_element_hostname and matrix_client_element_path_prefix variables
2 years ago
Slavi Pantaleev
eb7292f274
Add matrix_client_hydrogen_hostname and fix Hydrogen serving at non-root-path
2 years ago
Slavi Pantaleev
6a52be7987
Add (native) Traefik support to matrix-client-hydrogen
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
Serving at a path other than `/` doesn't work well yet.
2 years ago
Slavi Pantaleev
64e2b26ed5
Fix Hydrogen failing to start
...
We were mounting our own configuration to
`/usr/share/nginx/html/config.json`, which is a symlink to
`/tmp/config.json`. So we effectively mount our file to
`/tmp/config.json`.
When starting:
- if Hydrogen sees a `CONFIG_OVERRIDE` environment variable,
it will try to save it into our read-only config file and fail.
- if Hydrogen doesn't see a `CONFIG_OVERRIDE` environment variable (the
path we go through, because we don't pass such a variable),
it will try to copy its bundled configuration (`/config.json.bundled`)
to `/tmp/config.json`. Because our configuration is mounted as read-only, it will
fail.
In both cases, it will fail with:
> cp: can't create '/tmp/config.json': File exists
Source: 3720de36bb/docker/dynamic-config.sh
We work around this by mounting our configuration on top of the bundled
one (`/config.json.bundled`). We then let Hydrogen's startup script copy
it to `/tmp/config.json` (a tmpfs we've mounted into the container) and use it from there.
2 years ago
Slavi Pantaleev
799cbb44fb
Add the ability to control (Traefik) routing priority for Element and synapse-admin
...
This may proof useful to someone in the future.
2 years ago
Slavi Pantaleev
5c7cd70684
Make use of the existing matrix_synapse_admin_public_endpoint variable
2 years ago
Slavi Pantaleev
c33ed94352
Add security headers to synapse-admin (on Traefik)
...
We've had it on `matrix-nginx-proxy` before, but
our initial support for Traefik did not include any of these security
headers.
2 years ago
Slavi Pantaleev
71597132e0
Move around some matrix-client-element variables
2 years ago
Slavi Pantaleev
5ab5f28d14
Add support for running synapse-admin (on Traefik) at the root path
...
Previously, we had to run it at a subpath, like `/synapse-admin`.
We can now dedicate a whole domain and the `/` path to it, should we
wish to do so.
2 years ago
Slavi Pantaleev
ff1338e003
Add support for hosting Element (on Traefik) at a subpath
2 years ago
Slavi Pantaleev
e34174b1b4
Add various security headers to matrix-client-element when behind Traefik
2 years ago
Slavi Pantaleev
e51e4eec09
Add (native) Traefik support to matrix-client-element
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now
2 years ago
Slavi Pantaleev
f2ed5e4b04
Delete /matrix/nginx-proxy/conf.d/matrix-client-element.conf if matrix_nginx_proxy_proxy_element_enabled not enabled
2 years ago
Aine
9f820a506a
Update postmoogle 0.9.12 -> 0.9.13
...
* live SSL certificates reload on file changes (e.g., on automatic certs renewal)
* print all errors when trying connection to an SMTP server
2 years ago
Slavi Pantaleev
31aa87fdb6
Merge pull request #2475 from etkecc/patch-167
...
Update coturn 4.6.1-r1 -> 4.6.1-r2
2 years ago
Slavi Pantaleev
3d9aa8387e
Add (native) Traefik support to synapse-admin
...
Previously, it had to go through matrix-nginx-proxy.
It's exposed to Traefik directly via container labels now.
2 years ago
Aine
f6f7bbd2a1
Update coturn 4.6.1-r1 -> 4.6.1-r2
2 years ago
Slavi Pantaleev
38904c08b0
Wire backup_borg_username
...
It's probably unnecessary, as this user is only used in the borg container
internally, but.. It doesn't hurt to set it to `matrix`.
2 years ago
Slavi Pantaleev
78c35136b2
Replace matrix-backup-borg with an external role
2 years ago
td
af10d350bc
fix: missing endif in client well-known
2 years ago
Jayesh Nirve
6939a3d6d3
fix: only add element related entries to client well-known if element is enabled ( #2453 )
...
* fix: only add element related entries to client well-known if element is enabled
* Fix matrix-base/defaults/main.yml syntax
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2 years ago
Array in a Matrix
79413e7717
updated dendrite
2 years ago
Slavi Pantaleev
f1a1ce8a91
Merge pull request #2464 from spantaleev/traefik
...
Reverse-proxy configuration changes and initial Traefik support
2 years ago
Catalan Lover
cba63bd4b9
Upgrade Drapunir from 1.8.0 Beta to 1.8.0 release.
2 years ago
Slavi Pantaleev
6b0650641b
Update matrix_playbook_reverse_proxy_type documentation
2 years ago
Slavi Pantaleev
8309a21303
Rename reverse proxy types and fix Hookshot http/https urlPrefix issue
2 years ago
Slavi Pantaleev
3f2cb840b9
Merge branch 'master' into traefik
2 years ago
Slavi Pantaleev
ad22bdb884
Do not run matrix-user-verification-service validation tasks unless the service is enabled
2 years ago
Slavi Pantaleev
7142ff422d
Ensure matrix_user_verification_service_uvs_access_token is always defined
...
The playbook tries to avoid such variables which are sometimes defined
and sometimes not. We'd rather not check for `is defined`.
2 years ago
Slavi Pantaleev
97f65e8dff
Minor fixes to allow for Traefik without SSL
2 years ago
Aine
a1ef28681a
Update Hydrogen 0.3.6 -> 0.3.7
2 years ago
Slavi Pantaleev
28d2eb593c
Add matrix_playbook_reverse_proxy_type variable which influences all other services
2 years ago
Slavi Pantaleev
06ccd71edc
Merge branch 'master' into traefik
2 years ago
Slavi Pantaleev
f6ab162fff
Remove systemd-reloading handler in matrix-user-verification-service
...
None of the other roles use handlers.
We rely on com.devture.ansible.role.systemd_service_manager to reload services when it's necessary to do so.
2 years ago
Slavi Pantaleev
e1bfa2a7d6
Fix ansible-lint-reported errors
2 years ago
Slavi Pantaleev
43a6a035a0
Skip removing /.well-known/element directory to suppress ansible-lint error
...
Leaving an orphan directory is okay and can be improved later on.
2 years ago
Slavi Pantaleev
01ccec2dbe
Merge branch 'master' into pr-jitsi-matrix-authentication
2 years ago
Slavi Pantaleev
7cdf59d79b
Merge pull request #2451 from FSG-Cat/draupnir
...
Add Draupnir support to the project.
2 years ago
Slavi Pantaleev
d6c8ea3742
Merge pull request #2452 from borisrunakov/update-matrix-chatgpt-bot
...
update matrix-chatgpt-bot
2 years ago
ntallasv
f71cd3a760
fix linting in validate_config.yml
2 years ago
ntallasv
b738486684
update validate_config.yml
2 years ago
Aine
d32f80bf29
Update postmoogle 0.9.11 -> 0.9.12
...
* fix uploads from incoming emails into matrix threads
* fix emails dequeue (account data cleanup)
* rewrite recipients handling (Cc, To, etc.)
2 years ago
ntallasv
9615855cfa
update matrix-chatgpt-bot
2 years ago
Catalan Lover
ddcb1735e2
Add draupnir as valid prefix to resolve a bug
...
Current draupnir does not listen to its name. This config change fixes this bug. This bodge is able to be removed once this is fixed upstream.
2 years ago
Catalan Lover
a717590aa5
Rename systemd service file from mjolnir to draupnir
2 years ago
Slavi Pantaleev
88a26758e1
Merge branch 'master' into traefik
2 years ago
Catalan Lover
9092d4bb6b
Push draupnir version from develop to v1.80.0-beta.0
2 years ago
Catalan Lover
78b1ebd5af
commit main.yml for draupnir and set target ver to develop
2 years ago
Catalan Lover
563cf1a4ba
Initial commit for draupnir.
...
main.yml is not included due to that its changed separately.
2 years ago
Slavi Pantaleev
49a1985750
Fix Postmoogle systemd service description
2 years ago
Slavi Pantaleev
d44d4b637f
Allow Coturn to work with SSL certificates extracted from Traefik
2 years ago
Aine
2eb2ad0ad7
Update heisenbridge 1.14.1 -> 1.14.2
2 years ago
Slavi Pantaleev
2b9061a5d3
Add support for reverse-proxying the base domain via Traefik
2 years ago
Slavi Pantaleev
6c17671abd
Upgrade synapse-admin (0.8.6 -> 0.8.7) and drop reverse-proxy workaround
...
Related to 6a31fba346
, 6a31fba346
.
Related to https://github.com/Awesome-Technologies/synapse-admin/issues/322
2 years ago
Slavi Pantaleev
66baef5bf6
Fix matrix-synapse-reverse-proxy-companion.service stopping during uninstallation
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2444
2 years ago
jakicoll
6a205a83f6
Change renamed variables matrix_systemd_path -> devture_systemd_docker_base_systemd_path
2 years ago
jakicoll
6cffec14ea
fixup! Remove the self-build stub, because self-build was not implemented
2 years ago
jakicoll
be634168ac
Make the linter happy.
2 years ago
jakicoll
f3ca4a0632
Remove unnecessary comment.
2 years ago
jakicoll
7848d865a5
Also define the vars to be overwritten in group vars within the role vars.
2 years ago
Paul N
70bea81df7
Introduced flags to (1) enable/disable Auth (2) enable/disable openid_server_name pinning. Updated validate_config.yml and added new checks to verify.
2 years ago
Paul N
96dd86d33b
Set default values where sensible and remove unnecessary conditionals in .env.j2.
...
Check for empty string instead of Null to verify if an openid_server_name is pinned.
2 years ago
jakicoll
6b206b3763
Move checks into validate_config.yml.
2 years ago
jakicoll
6499b6536a
Decoupling: Do not use variables user-verification-service role inside the jitsi role.
2 years ago
Paul N
50c1e9d695
Set matrix_user_verification_service_uvs_homeserver_url in the role defaults and updated docs accordingly.
2 years ago
jakicoll
0e0ae2f3e6
Assign default log level in role instead of matrix_servers file.
2 years ago
jakicoll
bf5e633656
Remove the self-build stub, because self-build was not implemented
2 years ago
Paul N
b89f5b7ff5
Clarify task name and add user and group to templated env file
...
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2 years ago
Jakob S
6913d368c8
Consolidate conditionals into a block, keep image
...
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2 years ago
Slavi Pantaleev
8155f780e5
Add support for reverse-proxying Matric (Client & Federation) via Traefik
2 years ago
Slavi Pantaleev
f983604695
Initial work on Traefik support
...
This gets us started on adding a Traefik role and hooking Traefik:
- directly to services which support Traefik - we only have a few of
these right now, but the list will grow
- to matrix-nginx-proxy for most services that integrate with
matrix-nginx-proxy right now
Traefik usage should be disabled by default for now and nothing should
change for people just yet.
Enabling these experiments requires additional configuration like this:
```yaml
devture_traefik_ssl_email_address: '.....'
matrix_playbook_traefik_role_enabled: true
matrix_playbook_traefik_labels_enabled: true
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
matrix_coturn_enabled: false
```
What currently works is:
reverse-proxying for all nginx-proxy based services **except** for the Matrix homeserver
(both Client-Server an Federation traffic for the homeserver don't work yet)
2 years ago
Slavi Pantaleev
4d6a8d049d
Add matrix_nginx_proxy_container_network variable
2 years ago
Slavi Pantaleev
e018663ba4
Attach ma1sd/nginx-proxy/synapse-reverse-proxy-companion to additional networks in a better way
...
Switching from doing "post-start" loop hacks to running the container
in 3 steps: `create` + potentially connect to additional networks + `start`.
This way, the container would be connected to all its networks even at
the very beginning of its life.
2 years ago
Slavi Pantaleev
be78b74fbd
Switch from matrix-prometheus-postgres-exporter to an external prometheus_postgres_exporter role
2 years ago
Slavi Pantaleev
2d7d5d4bab
Use new security-opt syntax (: -> =)
...
Related to https://docs.docker.com/engine/deprecated/#separator--of---security-opt-flag-on-docker-run
2 years ago
Catalan Lover
4d49f1f56e
Update Prometheus to v2.42.0 from v2.41.0
...
Docker images are released now so this change can now be pushed.
2 years ago
Aine
c11f772e78
Fix python packages path in synapse container
2 years ago
Slavi Pantaleev
7cb140b987
Downgrade Prometheus (v2.42.0 -> v2.41.0) until a container image gets published
...
Container image not published yet.
Reverts #2438
2 years ago
Slavi Pantaleev
d42ef7d243
Merge pull request #2439 from etkecc/patch-160
...
Update synapse 1.75.0 -> 1.76.0; default room version 9 -> 10
2 years ago
Slavi Pantaleev
c8ce83c725
Merge pull request #2438 from etkecc/patch-159
...
Update prometheus 2.41.0 -> 2.42.0
2 years ago
Aine
0f208ed053
Update synapse 1.75.0 -> 1.76.0; default room version 9 -> 10
2 years ago
Aine
82d870fddf
Update prometheus 2.41.0 -> 2.42.0
2 years ago
Aine
5300740f70
Update element 1.11.21 -> 1.11.22
2 years ago
Slavi Pantaleev
c7767e9bc8
Upgrade Coturn (4.6.1-r0 -> 4.6.1-r1)
2 years ago
Slavi Pantaleev
66bb2943b4
Merge pull request #2436 from etkecc/patch-157
...
Update jitsi stable-8218 -> stable-8252
2 years ago
Aine
68ca23d709
Update jitsi stable-8218 -> stable-8252
2 years ago
Aine
d70076c805
Update element 1.11.20 -> 1.11.21
2 years ago
Aine
8c2b77bf0c
Update cinny 2.2.3 -> 2.2.4
2 years ago
Slavi Pantaleev
611a74bde2
Use |to_json in mautrix metrics configuration
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427
2 years ago
Slavi Pantaleev
d82d0ad84b
Add _metrics_proxying_enabled variables to mautrix bridges
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427
`metrics_enabled` should only expose the metrics locally, on the
container network, so that a local Prometheus can consume them.
Exposing them publicly should be done via a separate toggle (`metrics_proxying_enabled`).
This is how all other roles work, so this makes these mautrix roles consistent with the rest.
2 years ago
Slavi Pantaleev
cad83ddca6
Merge pull request #2427 from alemairebe/mautrix-metrics
...
Mautrix metrics
2 years ago
Slavi Pantaleev
f9a496c29c
Merge pull request #2432 from shalzz/patch/slack
...
mautrix-slack: add team name in channel name template
2 years ago
Shaleen Jain
df9931f719
mautrix-slack: add team name in channel name template
2 years ago
Slavi Pantaleev
389d6c978f
Merge pull request #2431 from etkecc/patch-154
...
Update borgmatic 1.7.5 -> 1.7.6
2 years ago
Slavi Pantaleev
5482a9d5d0
Merge pull request #2429 from etkecc/patch-152
...
Update mautrix-discord latest -> 0.1.0
2 years ago
Aine
4f69b22a6e
Update borgmatic 1.7.5 -> 1.7.6
2 years ago
Aine
a9a17d803e
Update maubot 0.3.1 -> 0.4.0
2 years ago
Aine
111303208a
Update mautrix-discord latest -> 0.1.0
2 years ago
Adrien le Maire
9eaf6944e3
add nginx proxy connfig for mautrix metrics
2 years ago
Adrien le Maire
691ef13cab
template metric toggle for mautrix bridges supporting it
2 years ago
Slavi Pantaleev
e588c42088
Improve synapse-admin reverse-proxying fix
...
Fixup for 6a31fba346
2 years ago
Slavi Pantaleev
6a31fba346
Fix synapse-admin reverse-proxying regression caused by 0.8.6
...
Related to f165aa5d48
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2424
2 years ago
Aine
f165aa5d48
Update synapse-admin 0.8.5 -> 0.8.6
2 years ago
bertybuttface
7b5ced3037
Fix linting issue.
2 years ago
bertybuttface
d66a2949f6
Update env.j2
...
Use matrix_bot_chatgpt_context for CHATGPT_CONTEXT
2 years ago
bertybuttface
7e1408ea65
Bump ChatGPT version and add new config settings
...
matrix_bot_chatgpt_context=thread
2 years ago
Slavi Pantaleev
430a55902c
Merge pull request #2420 from bertybuttface/patch-1
...
Upgrade matrix-chatgpt-bot to latest
2 years ago
Slavi Pantaleev
784043cc5d
Ensure OPENAI_PRO is true/false (not True/False)
2 years ago
Slavi Pantaleev
867737fe0b
Upgrade Grafana (9.3.4 -> 9.3.6)
2 years ago
Slavi Pantaleev
aafa8f019c
Allow matrix_coturn_docker_network to be set to 'host' to use host-networking
...
This helps large deployments which need to open up thousands of ports
(matrix_coturn_turn_udp_min_port, matrix_coturn_turn_udp_min_port)
On a test VM, opening 1k ports takes 17 seconds for Docker to "publish"
all of these ports (setting up forwarding rules with the firewall, etc),
so service startup and shutdown take a long amount of time.
If host-networking is used, there's no need to open any ports at all
and startup/shutdown can be quick.
2 years ago
Slavi Pantaleev
bb0faa6bc3
Block various private network ranges via denied_peer_ips for Coturn by default
...
Inspired by: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2 years ago
Slavi Pantaleev
773cb7d37e
Make no-tcp-relay Coturn configuration property configurable
2 years ago
Slavi Pantaleev
bf23d63f82
Add matrix_coturn_additional_configuration
2 years ago
Slavi Pantaleev
4c9f96722f
Add no-multicast-peers to Coturn config by default
...
Part of a security hardening provoked by:
https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
2 years ago
bertybuttface
18c3903def
Update env.j2
...
Set OPEN_AI to matrix_bot_chatgpt_openai_pro
2 years ago
bertybuttface
ad58858a96
Upgrade matrix-chatgpt (1.2.3 -> 1.3.2)
...
Add support for OPENAI_PRO for ChatGPT pro subscriptions.
2 years ago
rhys
d01de9f33d
Fix lint errors
2 years ago
rhys
547b01d618
Added option to allow user to set jigasi user and password for AUTH
2 years ago