sak
d0cd709c08
security** node-exporter data & port publicly exposed
4 years ago
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
4 years ago
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
4 years ago
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
4 years ago
Slavi Pantaleev
68ca81c8c2
Attempt to fix docker_network result discrepancy between Ansible versions
...
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
4 years ago
Slavi Pantaleev
9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2
...
Update prometheus node exporter (1.1.0->1.1.2)
4 years ago
Dan Arnfield
8a550ce67c
Update prometheus (2.24.1->2.26.0)
4 years ago
Dan Arnfield
83cc5c9e6a
Update prometheus node exporter (1.1.0 -> 1.1.2)
4 years ago
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
4 years ago
Slavi Pantaleev
fcb9e9618a
Make Coturn TLSv1/v1.1 configurable
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
4 years ago
sakkiii
540416e32d
Disable support for TLS 1.0 and TLS 1.1
...
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
4 years ago
Michael-GMH
89cb5a3d7a
GMH v0.4.2 update
4 years ago
Michael
f41bfb69d2
update survey template formatting
4 years ago
Michael
814bdf5a88
update spelling
4 years ago
Michael
fbe22289bd
merge with upstream and testing branch
4 years ago
Slavi Pantaleev
995c483856
Merge pull request #962 from aaronraimist/mjolnir
...
Add mjolnir
4 years ago
Slavi Pantaleev
f183add44d
Merge pull request #977 from aaronraimist/simple-antispam
...
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3)
4 years ago
Aaron Raimist
81dddd2e25
Upgrade Element (1.7.24 -> 1.7.24.1)
4 years ago
Aaron Raimist
c43bd412dd
Upgrade synapse-simple-antispam (0.0.1 -> 0.0.3)
4 years ago
Aaron Raimist
1ecee625d5
Depend on more services, add a delay
4 years ago
Slavi Pantaleev
a88391edf5
Merge pull request #972 from JohannesKleine/nginx-config
...
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
4 years ago
teutat3s
0b5e903693
Updates to mautrix-signal config
...
See these last commits:
tulir/mautrix-signal@4fc34330c1f6947aece67863b0d04da34c776f80
tulir/mautrix-signal@64bc5c36a509ba435a0b01cf44afb1b5d2642efd
tulir/mautrix-signal@ddda1666d41d28750cc59d070e4388b24add6ad9
4 years ago
Christoph Johannes Kleine
fcd66b2889
rename variables
4 years ago
Christoph Johannes Kleine
8ba1105010
rename variable
4 years ago
Christoph Johannes Kleine
3a772f2f65
matrix-nginx-proxy: add custom nginx options to nginx.conf.j2
4 years ago
Slavi Pantaleev
93960b70be
Do not fail if `_matrix-identity` DNS SRV record missing
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963
This also simplifies Prerequisites, which is great.
It'd be nice if we were doing these checks in some optional manner
and reporting them as helpful messages (using
`matrix_playbook_runtime_results`), but that's more complicated.
I'd rather drop these checks completely.
4 years ago
Slavi Pantaleev
5e1cf7f8b9
Upgrade Element (1.7.23 -> 1.7.24)
4 years ago
Slavi Pantaleev
9409588513
Fix variable name typo (take 2)
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
4 years ago
Slavi Pantaleev
179b416ed5
Fix variable name typo
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/970
4 years ago
Slavi Pantaleev
77d598b315
Fix Go-NEB variable definitions using the wrong type
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/969
4 years ago
Slavi Pantaleev
49868db3de
Upgrade Synapse for ARM64 (1.30.0 -> 1.30.1)
4 years ago
Slavi Pantaleev
94487dc6a7
Upgrade Synapse for amd64 (1.30.0 -> 1.30.1)
4 years ago
transcaffeine
dbae18fd6a
feat: push ephemeral events to appservices
...
This adds https://github.com/matrix-org/matrix-doc/pull/2409 to the
appservice registrations, enabling synapse to push EDUs to appservices.
4 years ago
Dan Arnfield
97d8527e00
Update nginx (1.19.6 -> 1.19.8)
4 years ago
Slavi Pantaleev
5a4ea5f866
Make AWX enabling/disabling consistent with other playbook roles
...
That is:
- enabled in the role by default
- disabled in the compilation (playbook), if considered an optional
component
4 years ago
Aaron Raimist
bab8b950ca
Add mjolnir
4 years ago
Slavi Pantaleev
06c74728eb
Move matrix_nginx_proxy_proxy_synapse_federation_api_enabled definition to the role
...
This variable was previously undefined in the role and was only getting
defined via `group_vars/matrix_servers`.
We now properly initialize it (and its good default value) in the role
itself.
4 years ago
Slavi Pantaleev
d09609daa8
Fix Jinja2 syntax error
...
Fixes a regression introduced in ffe649a240
4 years ago
Slavi Pantaleev
6a3433fbad
Update Synapse for ARM64 (1.29.0 -> 1.30.0)
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
4 years ago
Slavi Pantaleev
ffe649a240
Update homeserver.yaml to keep up with Synapse v1.30.0
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/958
4 years ago
rakshazi
74106f2a80
Updated synapse 1.29.0 -> 1.30.0
4 years ago
Thom Wiggers
54fe59f05c
Update IRC appservice
4 years ago
Slavi Pantaleev
2737ebc290
Complain if people try to use matrix-sygnal on non-amd64
4 years ago
Slavi Pantaleev
b824522b33
Remove unnecessary with_items statement
4 years ago
Slavi Pantaleev
9a0222fa47
Add Sygnal support
...
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/683
4 years ago
Michael
af240aef37
remove sections from task list that arent needed
4 years ago
Michael
85127bacba
Merge remote-tracking branch 'upstream/master'
4 years ago
Michael
1e54b1d1a5
merge upstream
4 years ago
Slavi Pantaleev
f99dcd611f
Pass proper UID/GID to Synapse
...
Fixes a regression caused by a5ee39266c
.
If the user id and group id were different than 991:991
(which used to be a hardcoded default for us long ago),
there was a mismatch between what Synapse was trying to use (991:991)
and what it was actually started with (in `--user=..`). It was then
trying to change ownership, which was failing.
This was mostly affecting newer installations which were not using the
991:991 defaults we had long ago (since a1c5a197a9
).
4 years ago
Slavi Pantaleev
a5ee39266c
Go through start.py when launching Synapse
...
This allows us to benefit from helpful things it does for us,
like enabling jemalloc: https://github.com/matrix-org/synapse/pull/8553
We weren't going through `start.py` before, because it was causing some
conflict with our `docker run --user=...` stuff, but it doesn't seem
to be a problem anymore.
Having done this, we won't need to do things like
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/941
anymore.
4 years ago