From 25e136ee0a9d058963951cfa448873022876a543 Mon Sep 17 00:00:00 2001 From: Germain Date: Sat, 20 Feb 2021 15:45:25 +0000 Subject: [PATCH 01/15] Update Telegram bridge setup link Change markdown to use link instead of tags for Telegram App setup --- docs/configuring-playbook-bridge-mautrix-telegram.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-telegram.md b/docs/configuring-playbook-bridge-mautrix-telegram.md index 693c81687..bfdc6fc57 100644 --- a/docs/configuring-playbook-bridge-mautrix-telegram.md +++ b/docs/configuring-playbook-bridge-mautrix-telegram.md @@ -4,7 +4,7 @@ The playbook can install and configure [mautrix-telegram](https://github.com/tul See the project's [documentation](https://github.com/tulir/mautrix-telegram/wiki#usage) to learn what it does and why it might be useful to you. -You'll need to obtain API keys from `https://my.telegram.org/apps` and then use the following playbook configuration: +You'll need to obtain API keys from [https://my.telegram.org/apps](https://my.telegram.org/apps) and then use the following playbook configuration: ```yaml matrix_mautrix_telegram_enabled: true From 2f887f292c85dddfc7530d8bfb50adc45ee1f328 Mon Sep 17 00:00:00 2001 From: rakshazi Date: Sat, 20 Feb 2021 19:08:28 +0200 Subject: [PATCH 02/15] added "matrix_%SERVICE%_version" variable to all roles, use it in "matrix_%SERVICE%_docker_image" var (preserving backward-compatibility) --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 4 ++-- roles/matrix-bridge-appservice-discord/defaults/main.yml | 3 ++- roles/matrix-bridge-appservice-irc/defaults/main.yml | 3 ++- roles/matrix-bridge-appservice-slack/defaults/main.yml | 3 ++- roles/matrix-bridge-appservice-webhooks/defaults/main.yml | 3 ++- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 ++- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 ++- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 5 +++-- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 6 ++++-- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 3 ++- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-discord/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-steam/defaults/main.yml | 3 ++- roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml | 3 ++- roles/matrix-bridge-sms/defaults/main.yml | 3 ++- roles/matrix-client-element/defaults/main.yml | 3 ++- roles/matrix-corporal/defaults/main.yml | 3 ++- roles/matrix-coturn/defaults/main.yml | 3 ++- roles/matrix-dimension/defaults/main.yml | 3 ++- roles/matrix-dynamic-dns/defaults/main.yml | 4 +++- roles/matrix-email2matrix/defaults/main.yml | 3 ++- roles/matrix-etherpad/defaults/main.yml | 3 ++- roles/matrix-grafana/defaults/main.yml | 3 ++- roles/matrix-jitsi/defaults/main.yml | 3 ++- roles/matrix-mailer/defaults/main.yml | 3 ++- roles/matrix-nginx-proxy/defaults/main.yml | 3 ++- roles/matrix-prometheus-node-exporter/defaults/main.yml | 3 ++- roles/matrix-prometheus/defaults/main.yml | 3 ++- roles/matrix-redis/defaults/main.yml | 3 ++- roles/matrix-synapse-admin/defaults/main.yml | 3 ++- roles/matrix-synapse/defaults/main.yml | 4 +++- 35 files changed, 75 insertions(+), 38 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index c3deb2f27..dd18579c8 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -2,8 +2,8 @@ # See: https://github.com/anoadragon453/matrix-reminder-bot matrix_bot_matrix_reminder_bot_enabled: true - -matrix_bot_matrix_reminder_bot_docker_image: "docker.io/anoa/matrix-reminder-bot:release-v0.2.0" +matrix_bot_matrix_reminder_bot_version: release-v0.2.0 +matrix_bot_matrix_reminder_bot_docker_image: "docker.io/anoa/matrix-reminder-bot:{{ matrix_bot_matrix_reminder_bot_version }}" matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot" diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index c7cdddb6e..360963bb2 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -3,7 +3,8 @@ matrix_appservice_discord_enabled: true -matrix_appservice_discord_docker_image: "docker.io/halfshot/matrix-appservice-discord:v1.0.0" +matrix_appservice_discord_version: v1.0.0 +matrix_appservice_discord_docker_image: "docker.io/halfshot/matrix-appservice-discord:{{ matrix_appservice_discord_version }}" matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}" matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index ead4e8de1..fbfb6fcd5 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,7 +7,8 @@ matrix_appservice_irc_container_self_build: false matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" -matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.23.0" +matrix_appservice_irc_version: release-0.23.0 +matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 997cfa5e6..1169de4fa 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -7,7 +7,8 @@ matrix_appservice_slack_container_self_build: false matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git" matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src" -matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:release-1.5.0" +matrix_appservice_slack_version: release-1.5.0 +matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index e668f9186..215afc05f 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -3,7 +3,8 @@ matrix_appservice_webhooks_enabled: true -matrix_appservice_webhooks_docker_image: "docker.io/turt2live/matrix-appservice-webhooks:latest" +matrix_appservice_webhooks_version: latest +matrix_appservice_webhooks_docker_image: "docker.io/turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}" matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}" matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks" diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index acd3ee582..7c6b58cac 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -6,8 +6,9 @@ matrix_mautrix_facebook_enabled: true matrix_mautrix_facebook_container_image_self_build: false matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git" +matrix_mautrix_facebook_version: latest # See: https://mau.dev/tulir/mautrix-facebook/container_registry -matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:latest" +matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:{{ matrix_mautrix_facebook_version }}" matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 0ed519cd6..a029b9e82 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -6,8 +6,9 @@ matrix_mautrix_hangouts_enabled: true matrix_mautrix_hangouts_container_image_self_build: false matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/tulir/mautrix-hangouts.git" +matrix_mautrix_hangouts_version: latest # See: https://mau.dev/tulir/mautrix-hangouts/container_registry -matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:latest" +matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:{{ matrix_mautrix_hangouts_version }}" matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 411ec7ed9..449ab7ce5 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -6,8 +6,9 @@ matrix_mautrix_instagram_enabled: true matrix_mautrix_instagram_container_image_self_build: false matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/tulir/mautrix-instagram.git" +matrix_mautrix_instagram_version: latest # See: https://mau.dev/tulir/mautrix-instagram/container_registry -matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}tulir/mautrix-instagram:latest" +matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}tulir/mautrix-instagram:{{ matrix_mautrix_instagram_version }}" matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_instagram_docker_image_force_pull: "{{ matrix_mautrix_instagram_docker_image.endswith(':latest') }}" @@ -34,7 +35,7 @@ matrix_mautrix_instagram_homeserver_token: '' # Database-related configuration fields. -# +# # To use Postgres: # - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables matrix_mautrix_instagram_database_engine: 'postgres' diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index aaa0a1663..502405480 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -3,11 +3,13 @@ matrix_mautrix_signal_enabled: true +matrix_mautrix_signal_version: latest +matrix_mautrix_signal_daemon_version: latest # See: https://mau.dev/tulir/mautrix-signal/container_registry -matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:latest" +matrix_mautrix_signal_docker_image: "dock.mau.dev/tulir/mautrix-signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" -matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:latest" +matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}" matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index b1f1b8fcc..2d5b52642 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -7,8 +7,9 @@ matrix_mautrix_telegram_container_self_build: false matrix_mautrix_telegram_docker_repo: "https://mau.dev/tulir/mautrix-telegram.git" matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" +matrix_mautrix_telegram_version: v0.9.0 # See: https://mau.dev/tulir/mautrix-telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.9.0" +matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:{{ matrix_mautrix_telegram_version }}" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 581d47de2..bfc911778 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -3,8 +3,9 @@ matrix_mautrix_whatsapp_enabled: true +matrix_mautrix_whatsapp_version: latest # See: https://mau.dev/tulir/mautrix-whatsapp/container_registry -matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp:latest" +matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" diff --git a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml index 25f6ae06f..252fb9e13 100644 --- a/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -11,7 +11,8 @@ matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/ma # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_discord_container_http_host_bind_port: '' -matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:latest" +matrix_mx_puppet_discord_version: latest +matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:{{ matrix_mx_puppet_discord_version }}" matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index c0bafcf0d..eeede72e2 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -11,7 +11,8 @@ matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/ro # Takes an ":" or "" value (e.g. "127.0.0.1:8437"), or empty string to not expose. matrix_mx_puppet_groupme_container_http_host_bind_port: '' -matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:latest" +matrix_mx_puppet_groupme_version: latest +matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 4c9fbd989..b14ed0f8e 100644 --- a/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -6,7 +6,8 @@ matrix_mx_puppet_instagram_enabled: true matrix_mx_puppet_instagram_container_image_self_build: false matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git" -matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:latest" +matrix_mx_puppet_instagram_version: latest +matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:{{ matrix_mx_puppet_instagram_version }}" matrix_mx_puppet_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_instagram_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 53c8e379b..c68c41609 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -6,7 +6,8 @@ matrix_mx_puppet_skype_enabled: true matrix_mx_puppet_skype_container_image_self_build: false matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git" -matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:latest" +matrix_mx_puppet_skype_version: latest +matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:{{ matrix_mx_puppet_skype_version }}" matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index b1fb7487f..c5b046f4b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -11,7 +11,8 @@ matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Soru # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_slack_container_http_host_bind_port: '' -matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:latest" +matrix_mx_puppet_slack_version: latest +matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:{{ matrix_mx_puppet_slack_version }}" matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml index c3ac977ee..aee4da2cc 100644 --- a/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -11,7 +11,8 @@ matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icew # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_steam_container_http_host_bind_port: '' -matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:latest" +matrix_mx_puppet_steam_version: latest +matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:{{ matrix_mx_puppet_steam_version }}" matrix_mx_puppet_steam_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_steam_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml index d8582e539..a8b811d8c 100644 --- a/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -11,7 +11,8 @@ matrix_mx_puppet_twitter_container_image_self_build_repo: "https://github.com/So # Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. matrix_mx_puppet_twitter_container_http_host_bind_port: '' -matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:latest" +matrix_mx_puppet_twitter_version: latest +matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:{{ matrix_mx_puppet_twitter_version }}" matrix_mx_puppet_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_twitter_container_image_self_build else 'docker.io/' }}" matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-sms/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml index 3c6b4c61c..0382a2b29 100644 --- a/roles/matrix-bridge-sms/defaults/main.yml +++ b/roles/matrix-bridge-sms/defaults/main.yml @@ -3,7 +3,8 @@ matrix_sms_bridge_enabled: true -matrix_sms_bridge_docker_image: "docker.io/folivonet/matrix-sms-bridge:0.5.5" +matrix_sms_bridge_version: 0.5.5 +matrix_sms_bridge_docker_image: "docker.io/folivonet/matrix-sms-bridge:{{ matrix_sms_bridge_version }}" matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config" diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index db2e79451..fc6f30f90 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,8 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21" +matrix_client_element_version: v1.7.21 +matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 4b4c46c94..c35e4b22c 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -22,9 +22,10 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] +matrix_corporal_version: 2.1.0 matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else 'docker.io/' }}" -matrix_corporal_docker_image_tag: "2.1.0" +matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" diff --git a/roles/matrix-coturn/defaults/main.yml b/roles/matrix-coturn/defaults/main.yml index 8e7813061..4f27e0d9a 100644 --- a/roles/matrix-coturn/defaults/main.yml +++ b/roles/matrix-coturn/defaults/main.yml @@ -3,7 +3,8 @@ matrix_coturn_enabled: true matrix_coturn_container_image_self_build: false matrix_coturn_container_image_self_build_repo: "https://github.com/instrumentisto/coturn-docker-image.git" -matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.2" +matrix_coturn_version: 4.5.2 +matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:{{ matrix_coturn_version }}" matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}" matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 8a691946f..e4ded37a4 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -12,7 +12,8 @@ matrix_dimension_widgets_allow_self_signed_ssl_certificates: false matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension" -matrix_dimension_docker_image: "docker.io/turt2live/matrix-dimension:latest" +matrix_dimension_version: latest +matrix_dimension_docker_image: "docker.io/turt2live/matrix-dimension:{{ matrix_dimension_version }}" matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}" # List of systemd services that matrix-dimension.service depends on. diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index b33961c12..1ec681da8 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -4,8 +4,10 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' +matrix_dynamic_dns_version: v3.9.1-ls45 + # The docker container to use when in mode -matrix_dynamic_dns_docker_image: '{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:v3.9.1-ls45' +matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" matrix_dynamic_dns_docker_image_name_prefix: "{{ 'localhost/' if matrix_dynamic_dns_container_image_self_build else 'docker.io/' }}" diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 7917decf8..b55938820 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -3,7 +3,8 @@ matrix_email2matrix_enabled: true matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config" -matrix_email2matrix_docker_image: "docker.io/devture/email2matrix:1.0.1" +matrix_email2matrix_version: 1.0.1 +matrix_email2matrix_docker_image: "docker.io/devture/email2matrix:{{ matrix_email2matrix_version }}" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 7c63fe036..3ad16c51c 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -2,7 +2,8 @@ matrix_etherpad_enabled: false matrix_etherpad_base_path: "{{ matrix_base_data_path }}/etherpad" -matrix_etherpad_docker_image: "docker.io/etherpad/etherpad:1.8.7" +matrix_etherpad_version: 1.8.7 +matrix_etherpad_docker_image: "docker.io/etherpad/etherpad:{{ matrix_etherpad_version }}" matrix_etherpad_docker_image_force_pull: "{{ matrix_etherpad_docker_image.endswith(':latest') }}" # List of systemd services that matrix-etherpad.service depends on. diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 00ed947e7..876e5f6f8 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -3,7 +3,8 @@ matrix_grafana_enabled: false -matrix_grafana_docker_image: "docker.io/grafana/grafana:7.4.0" +matrix_grafana_version: 7.4.0 +matrix_grafana_docker_image: "docker.io/grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" # Not conditional, because when someone disables metrics diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 028d9c19e..b7434dd3c 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -52,7 +52,8 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_container_image_tag: "stable-5142" +matrix_jitsi_version: stable-5142 +matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "docker.io/jitsi/web:{{ matrix_jitsi_container_image_tag }}" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 18608ef48..4c29f47a3 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -7,7 +7,8 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" -matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:4.93-r1" +matrix_mailer_version: 4.93-r1 +matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else 'docker.io/' }}" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index d46d5480a..1b1391834 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,9 +1,10 @@ matrix_nginx_proxy_enabled: true +matrix_nginx_proxy_version: 1.19.6-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "docker.io/nginx:1.19.6-alpine" +matrix_nginx_proxy_docker_image: "docker.io/nginx:{{ matrix_nginx_proxy_version }}" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index 29dce3648..47611f7cc 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -3,7 +3,8 @@ matrix_prometheus_node_exporter_enabled: false -matrix_prometheus_node_exporter_docker_image: "docker.io/prom/node-exporter:v1.1.0" +matrix_prometheus_node_exporter_version: v1.1.0 +matrix_prometheus_node_exporter_docker_image: "docker.io/prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container diff --git a/roles/matrix-prometheus/defaults/main.yml b/roles/matrix-prometheus/defaults/main.yml index 56018ba6d..123418d45 100644 --- a/roles/matrix-prometheus/defaults/main.yml +++ b/roles/matrix-prometheus/defaults/main.yml @@ -3,7 +3,8 @@ matrix_prometheus_enabled: false -matrix_prometheus_docker_image: "docker.io/prom/prometheus:v2.24.1" +matrix_prometheus_version: v2.24.1 +matrix_prometheus_docker_image: "docker.io/prom/prometheus:{{ matrix_prometheus_version }}" matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" matrix_prometheus_base_path: "{{ matrix_base_data_path }}/prometheus" diff --git a/roles/matrix-redis/defaults/main.yml b/roles/matrix-redis/defaults/main.yml index 74728d870..a512618c4 100644 --- a/roles/matrix-redis/defaults/main.yml +++ b/roles/matrix-redis/defaults/main.yml @@ -5,7 +5,8 @@ matrix_redis_connection_password: "" matrix_redis_base_path: "{{ matrix_base_data_path }}/redis" matrix_redis_data_path: "{{ matrix_redis_base_path }}/data" -matrix_redis_docker_image_v6: "docker.io/redis:6.0.10-alpine" +matrix_redis_version: 6.0.10-alpine +matrix_redis_docker_image_v6: "docker.io/redis:{{ matrix_redis_version }}" matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}" matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}' diff --git a/roles/matrix-synapse-admin/defaults/main.yml b/roles/matrix-synapse-admin/defaults/main.yml index ce0ccd39c..1534bc822 100644 --- a/roles/matrix-synapse-admin/defaults/main.yml +++ b/roles/matrix-synapse-admin/defaults/main.yml @@ -8,7 +8,8 @@ matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Tech matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src" -matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:0.7.0" +matrix_synapse_admin_version: 0.7.0 +matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}" matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else 'docker.io/' }}" matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 5da48c082..2435e9c2a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,7 +15,9 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_docker_image_tag: "{{ 'v1.27.0' if matrix_architecture in ['arm32', 'amd64'] else 'v1.26.0' }}" +matrix_synapse_version: v1.27.0 +matrix_synapse_version_arm64: v1.26.0 +matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 77ab0d3e98222622e88c3beadae3d28fae3ff9e2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 21 Feb 2021 11:14:40 +0200 Subject: [PATCH 03/15] Do not delete Prometheus/Grafana Docker images Same reasoning as in 1cd251ed7840 --- roles/matrix-grafana/tasks/setup.yml | 13 ++++--------- .../matrix-prometheus-node-exporter/tasks/setup.yml | 6 ------ roles/matrix-prometheus/tasks/setup_uninstall.yml | 6 ------ 3 files changed, 4 insertions(+), 21 deletions(-) diff --git a/roles/matrix-grafana/tasks/setup.yml b/roles/matrix-grafana/tasks/setup.yml index 581e66174..c2eea3485 100644 --- a/roles/matrix-grafana/tasks/setup.yml +++ b/roles/matrix-grafana/tasks/setup.yml @@ -28,7 +28,7 @@ - "{{ matrix_grafana_config_path }}/dashboards" - "{{ matrix_grafana_data_path }}" when: matrix_grafana_enabled|bool - + - name: Ensure grafana.ini present template: src: "{{ role_path }}/templates/grafana.ini.j2" @@ -37,7 +37,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: matrix_grafana_enabled|bool - + - name: Ensure provisioning/datasources/default.yaml present template: src: "{{ role_path }}/templates/datasources.yaml.j2" @@ -46,7 +46,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: matrix_grafana_enabled|bool - + - name: Ensure provisioning/dashboards/default.yaml present template: src: "{{ role_path }}/templates/dashboards.yaml.j2" @@ -55,7 +55,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" when: matrix_grafana_enabled|bool - + - name: Ensure dashboard(s) downloaded get_url: url: "{{ item }}" @@ -108,8 +108,3 @@ daemon_reload: yes when: "not matrix_grafana_enabled|bool and matrix_grafana_service_stat.stat.exists" -- name: Ensure matrix-grafana Docker image doesn't exist - docker_image: - name: "{{ matrix_grafana_docker_image }}" - state: absent - when: "not matrix_grafana_enabled|bool" diff --git a/roles/matrix-prometheus-node-exporter/tasks/setup.yml b/roles/matrix-prometheus-node-exporter/tasks/setup.yml index 6f03fbaa3..34086e6cf 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/setup.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/setup.yml @@ -52,9 +52,3 @@ service: daemon_reload: yes when: "not matrix_prometheus_node_exporter_enabled|bool and matrix_prometheus_node_exporter_service_stat.stat.exists" - -- name: Ensure matrix-prometheus-node-exporter Docker image doesn't exist - docker_image: - name: "{{ matrix_prometheus_node_exporter_docker_image }}" - state: absent - when: "not matrix_prometheus_node_exporter_enabled|bool" diff --git a/roles/matrix-prometheus/tasks/setup_uninstall.yml b/roles/matrix-prometheus/tasks/setup_uninstall.yml index 0a4a8cb64..dd46a2228 100644 --- a/roles/matrix-prometheus/tasks/setup_uninstall.yml +++ b/roles/matrix-prometheus/tasks/setup_uninstall.yml @@ -23,9 +23,3 @@ service: daemon_reload: yes when: "matrix_prometheus_service_stat.stat.exists|bool" - -- name: Ensure matrix-prometheus Docker image doesn't exist - docker_image: - name: "{{ matrix_prometheus_docker_image }}" - state: absent - when: "not matrix_prometheus_enabled|bool" From 6768bdcf81be431f1e72ca0cb66dc65550f83bf8 Mon Sep 17 00:00:00 2001 From: Germain Date: Sun, 21 Feb 2021 11:57:05 +0000 Subject: [PATCH 04/15] Update lower power config example All other examples show the config to lower the memory usage on the server --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index a6782231a..beb009ac1 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -289,7 +289,7 @@ matrix_mailer_enabled: false # You can also disable this to save more RAM, # at the expense of audio/video calls being unreliable. -matrix_coturn_enabled: true +matrix_coturn_enabled: false # This makes Synapse not keep track of who is online/offline. # From 53869ac14abcf78d360c7bf8071ad7044494c7d2 Mon Sep 17 00:00:00 2001 From: Marc Leuser Date: Sun, 21 Feb 2021 21:38:20 +0100 Subject: [PATCH 05/15] recommend a better way of backing up postgres don't spawn an extra container run pg_dumpall within matrix-postgres instead, ensures correct version store under /matrix so a backup of the folder will contain a DB dump use absolute paths just in case something in the ENV is messed up --- docs/maintenance-postgres.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index 50f5a55d4..a8eb6edff 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -51,15 +51,12 @@ ansible-playbook -i inventory/hosts setup.yml --tags=run-postgres-vacuum,start To make a back up of the current PostgreSQL database, make sure it's running and then execute a command like this on the server: ```bash -docker run \ ---rm \ ---log-driver=none \ ---network=matrix \ +/usr/bin/docker exec \ --env-file=/matrix/postgres/env-postgres-psql \ -docker.io/postgres:13.1-alpine \ -pg_dumpall -h matrix-postgres \ +matrix-postgres \ +/usr/local/bin/pg_dumpall -h matrix-postgres \ | gzip -c \ -> /postgres.sql.gz +> /matrix/postgres.sql.gz ``` If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above command will not work, because the credentials file (`/matrix/postgres/env-postgres-psql`) is not available. From ca223559107b20a747f0cda926605d1b4356c0f9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 22 Feb 2021 08:36:42 +0200 Subject: [PATCH 06/15] Update backup docs a bit --- docs/maintenance-postgres.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/maintenance-postgres.md b/docs/maintenance-postgres.md index a8eb6edff..acbea54ca 100644 --- a/docs/maintenance-postgres.md +++ b/docs/maintenance-postgres.md @@ -59,9 +59,7 @@ matrix-postgres \ > /matrix/postgres.sql.gz ``` -If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above command will not work, because the credentials file (`/matrix/postgres/env-postgres-psql`) is not available. - -If your server is on the ARM32 [architecture](alternative-architectures.md), you may need to remove the `-alpine` suffix from the image name in the command above. +If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above command will not work, because neither the credentials file (`/matrix/postgres/env-postgres-psql`), nor the `matrix-postgres` container is available. Restoring a backup made this way can be done by [importing it](importing-postgres.md). From 2b96fb0cf1b5c52d2a5fe3dbc60943dfb3774df7 Mon Sep 17 00:00:00 2001 From: tctovsli Date: Mon, 22 Feb 2021 10:32:02 +0100 Subject: [PATCH 07/15] Added paragraph about updating DNS to get stats This document didn't describe that it is necessary to have a DNS-entry for stats sub-domain. --- docs/configuring-playbook-prometheus-grafana.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index a10497cc6..98d1f6049 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -4,6 +4,8 @@ It can be useful to have some (visual) insight into the performance of your home You can enable this with the following settings in your configuration file (`inventory/host_vars/matrix./vars.yml`): +Remember to add `stats.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + ```yaml matrix_prometheus_enabled: true From 8f7f45d6e4588d377c1cbc51b366d6886a1eec15 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 22 Feb 2021 13:03:09 +0200 Subject: [PATCH 08/15] Revert "trust the reverse proxy by default" This reverts commit fd3d48bb6d7f1e1584d2e7d1ba20580be1d103f4. Normally this environment variable gets referred to from `settings.json.docker`, but we have our own full configuration, which hardcodes `"trustProxy": true`, thus making this useless. This has been pointed out here: https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/fd3d48bb6d7f1e1584d2e7d1ba20580be1d103f4#commitcomment-47403097 --- roles/matrix-etherpad/defaults/main.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/matrix-etherpad/defaults/main.yml b/roles/matrix-etherpad/defaults/main.yml index 3ad16c51c..27589b2a3 100644 --- a/roles/matrix-etherpad/defaults/main.yml +++ b/roles/matrix-etherpad/defaults/main.yml @@ -23,12 +23,7 @@ matrix_etherpad_user_gid: '5001' matrix_etherpad_container_http_host_bind_port: '' # A list of extra arguments to pass to the container -# -# We assume that a reverse proxy is used and tell the container to trust it -# Details: https://github.com/ether/etherpad-lite/blob/develop/doc/docker.md -matrix_etherpad_container_extra_arguments: [ - '--env TRUST_PROXY=true' -] +matrix_etherpad_container_extra_arguments: [] matrix_etherpad_public_endpoint: '/etherpad' From f9a0ec6fd109b93b3e0c9e128d58d0812925c920 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 23 Feb 2021 13:17:52 +0200 Subject: [PATCH 09/15] Fix some bridges failing when Synapse workers enabled Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/904 --- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 449ab7ce5..936df4c5f 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -17,7 +17,7 @@ matrix_mautrix_instagram_config_path: "{{ matrix_mautrix_instagram_base_path }}/ matrix_mautrix_instagram_data_path: "{{ matrix_mautrix_instagram_base_path }}/data" matrix_mautrix_instagram_docker_src_files_path: "{{ matrix_mautrix_instagram_base_path }}/docker-src" -matrix_mautrix_instagram_homeserver_address: 'http://matrix-synapse:8008' +matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index bfc911778..b3aee68a9 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -12,7 +12,7 @@ matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config" matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data" -matrix_mautrix_whatsapp_homeserver_address: "http://matrix-synapse:8008" +matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index eeede72e2..53676e832 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -23,7 +23,7 @@ matrix_mx_puppet_groupme_docker_src_files_path: "{{ matrix_mx_puppet_groupme_bas matrix_mx_puppet_groupme_appservice_port: "8437" -matrix_mx_puppet_groupme_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_groupme_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}' From 2ef1d9c537c1b2292385c932182e9eb908e75acd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Feb 2021 07:59:14 +0200 Subject: [PATCH 10/15] Make healthchecks work for Synapse worker containers Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456 --- .../synapse/systemd/matrix-synapse-worker.service.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 index 0f5e7be23..ee858183f 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse-worker.service.j2 @@ -22,6 +22,11 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_synapse_wor --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ --network={{ matrix_docker_network }} \ + {% if matrix_synapse_worker_details.port != 0 %} + --health-cmd 'curl -fSs http://localhost:{{ matrix_synapse_worker_details.port }}/health || exit 1' \ + {% else %} + --no-healthcheck \ + {% endif %} {% if matrix_synapse_workers_enabled and matrix_synapse_workers_container_host_bind_address %} {% if matrix_synapse_worker_details.port != 0 %} -p {{ '' if matrix_synapse_workers_container_host_bind_address == '*' else (matrix_synapse_workers_container_host_bind_address + ':') }}{{ matrix_synapse_worker_details.port }}:{{ matrix_synapse_worker_details.port }} \ From 1ef683d366f5721f502539b0449e64daf2579d9a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 24 Feb 2021 08:17:53 +0200 Subject: [PATCH 11/15] Make nginx proxy config (when disabled) obey matrix_federation_public_port People who were disabling matrix-nginx-proxy (in favor of their own nginx webserver) and also overriding `matrix_federation_public_port`, found that the generated nginx configuration still hardcoded `8448`, which forced their nginx server to use that, regardless of the fact that `matrix_federation_public_port` was pointing elsewhere. We now allow for the in-container federation port to be configurable, and also automatically wire things properly. --- group_vars/matrix_servers | 5 ++++- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 6 +++--- .../templates/systemd/matrix-nginx-proxy.service.j2 | 2 +- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 07900778e..13172a63b 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1074,6 +1074,9 @@ matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:1 matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}" +# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter. +matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}" + matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" # This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore. @@ -1224,7 +1227,7 @@ matrix_postgres_additional_databases: | 'username': matrix_mautrix_instagram_database_username, 'password': matrix_mautrix_instagram_database_password, }] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else []) - + + + ([{ 'name': matrix_mautrix_signal_database_name, 'username': matrix_mautrix_signal_database_username, diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 1b1391834..a4fbd0024 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -111,6 +111,10 @@ matrix_nginx_proxy_proxy_element_hostname: "{{ matrix_server_fqn_element }}" # Controls whether proxying the matrix domain should be done. matrix_nginx_proxy_proxy_matrix_enabled: false matrix_nginx_proxy_proxy_matrix_hostname: "{{ matrix_server_fqn_matrix }}" +# The port name used for federation in the nginx configuration. +# This is not necessarily the port that it's actually on, +# as port-mapping happens (`-p ..`) for the `matrix-nginx-proxy` container. +matrix_nginx_proxy_proxy_matrix_federation_port: 8448 # Controls whether proxying the dimension domain should be done. matrix_nginx_proxy_proxy_dimension_enabled: false diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 2ab78a1b5..414974168 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -199,10 +199,10 @@ server { #} server { {% if matrix_nginx_proxy_https_enabled %} - listen 8448 ssl http2; - listen [::]:8448 ssl http2; + listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2; + listen [::]:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} ssl http2; {% else %} - listen 8448; + listen {{ matrix_nginx_proxy_proxy_matrix_federation_port }}; {% endif %} server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index bd3070ac3..38bc64a85 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ -p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \ {% endif %} {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %} - -p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \ + -p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \ {% endif %} --mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \ --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \ From ae091d7b2da1a5b3260b1e810a73c16e0c868f17 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 25 Feb 2021 13:40:35 +0200 Subject: [PATCH 12/15] Upgrade Synapse (v1.27.0 -> v1.28.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 28 +++++++++++++------ roles/matrix-synapse/vars/workers.yml | 13 +++++++-- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 2435e9c2a..a0d2474d8 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,7 +15,7 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.27.0 +matrix_synapse_version: v1.28.0 matrix_synapse_version_arm64: v1.26.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 99169b8a6..09e11f7ba 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -141,6 +141,7 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # - '100.64.0.0/10' # - '192.0.0.0/24' # - '169.254.0.0/16' +# - '192.88.99.0/24' # - '198.18.0.0/15' # - '192.0.2.0/24' # - '198.51.100.0/24' @@ -149,6 +150,9 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} # - '::1/128' # - 'fe80::/10' # - 'fc00::/7' +# - '2001:db8::/32' +# - 'ff00::/8' +# - 'fec0::/10' # List of IP address CIDR ranges that should be allowed for federation, # identity servers, push servers, and for checking key validity for @@ -993,6 +997,7 @@ url_preview_ip_range_blacklist: - '100.64.0.0/10' - '192.0.0.0/24' - '169.254.0.0/16' + - '192.88.99.0/24' - '198.18.0.0/15' - '192.0.2.0/24' - '198.51.100.0/24' @@ -1001,6 +1006,9 @@ url_preview_ip_range_blacklist: - '::1/128' - 'fe80::/10' - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' # List of IP address CIDR ranges that the URL preview spider is allowed # to access even if they are specified in url_preview_ip_range_blacklist. @@ -1327,6 +1335,8 @@ account_threepid_delegates: # By default, any room aliases included in this list will be created # as a publicly joinable room when the first user registers for the # homeserver. This behaviour can be customised with the settings below. +# If the room already exists, make certain it is a publicly joinable +# room. The join rule of the room must be set to 'public'. # #auto_join_rooms: # - "#example:example.com" @@ -1869,9 +1879,9 @@ oidc_providers: # user_mapping_provider: # config: # subject_claim: "id" - # localpart_template: "{ user.login }" - # display_name_template: "{ user.name }" - # email_template: "{ user.email }" + # localpart_template: "{% raw %}{{ user.login }}{% endraw %}" + # display_name_template: "{% raw %}{{ user.name }}{% endraw %}" + # email_template: "{% raw %}{{ user.email }}{% endraw %}" # For use with Keycloak # @@ -1898,8 +1908,8 @@ oidc_providers: # user_mapping_provider: # config: # subject_claim: "id" - # localpart_template: "{ user.login }" - # display_name_template: "{ user.name }" + # localpart_template: "{% raw %}{{ user.login }}{% endraw %}" + # display_name_template: "{% raw %}{{ user.name }}{% endraw %}" # Enable Central Authentication Service (CAS) for registration and login. @@ -2227,11 +2237,11 @@ password_config: #require_uppercase: true ui_auth: - # The number of milliseconds to allow a user-interactive authentication - # session to be active. + # The amount of time to allow a user-interactive authentication session + # to be active. # # This defaults to 0, meaning the user is queried for their credentials - # before every action, but this can be overridden to alow a single + # before every action, but this can be overridden to allow a single # validation to be re-used. This weakens the protections afforded by # the user-interactive authentication process, by allowing for multiple # (and potentially different) operations to use the same validation session. @@ -2239,7 +2249,7 @@ ui_auth: # Uncomment below to allow for credential validation to last for 15 # seconds. # - #session_timeout: 15000 + #session_timeout: "15s" {% if matrix_synapse_email_enabled %} diff --git a/roles/matrix-synapse/vars/workers.yml b/roles/matrix-synapse/vars/workers.yml index 3adfd9c3a..14b75a924 100644 --- a/roles/matrix-synapse/vars/workers.yml +++ b/roles/matrix-synapse/vars/workers.yml @@ -107,7 +107,8 @@ matrix_synapse_workers_generic_worker_endpoints: # Ensure that all SSO logins go to a single process. # For multiple workers not handling the SSO endpoints properly, see - # [#7530](https://github.com/matrix-org/synapse/issues/7530). + # [#7530](https://github.com/matrix-org/synapse/issues/7530) and + # [#9427](https://github.com/matrix-org/synapse/issues/9427). # Note that a HTTP listener with `client` and `federation` resources must be # configured in the `worker_listeners` option in the worker config. @@ -203,7 +204,15 @@ matrix_synapse_workers_generic_worker_endpoints: # REST endpoints itself, but you should set `start_pushers: False` in the # shared configuration file to stop the main synapse sending push notifications. - # Note this worker cannot be load-balanced: only one instance should be active. + # To run multiple instances at once the `pusher_instances` option should list all + # pusher instances by their worker name, e.g.: + + # ```yaml + # pusher_instances: + # - pusher_worker1 + # - pusher_worker2 + # ``` + # ] # appservice worker (no API endpoints) [ From ccf591587456070d099b4455d5f957911b64a4b9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 25 Feb 2021 19:09:46 +0200 Subject: [PATCH 13/15] Upgrade Synapse for ARM64 (v1.26.0 -> v1.28.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a0d2474d8..9086884b1 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -16,7 +16,7 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. matrix_synapse_version: v1.28.0 -matrix_synapse_version_arm64: v1.26.0 +matrix_synapse_version_arm64: v1.28.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" From 6baa91dd9fea14a1cd9ba204d98835fb6d43465a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 26 Feb 2021 13:37:51 +0200 Subject: [PATCH 14/15] Do not delete matrix-ssl-lets-encrypt-certificates-renew only to recreate it later This seems to have been added to the list of "deprecated files to remove" by mistake. --- roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index f0b14327d..5bf9102d7 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -11,7 +11,6 @@ - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal" - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter" - "/etc/cron.d/matrix-ssl-lets-encrypt" - - "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" # # Tasks related to setting up Let's Encrypt's management of certificates From f4930d789eb7ebc6a04dace7e2cb09731c32da6e Mon Sep 17 00:00:00 2001 From: Hardy Erlinger Date: Sat, 27 Feb 2021 21:11:22 +0100 Subject: [PATCH 15/15] Run Let's Encrypt renewal checks daily instead of weekly. This ensures more timely updates of certifcates. --- .../templates/systemd/matrix-coturn-reload.timer.j2 | 4 ++-- .../matrix-ssl-lets-encrypt-certificates-renew.timer.j2 | 4 ++-- .../templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 index 622cd80a6..528945412 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn-reload.timer.j2 @@ -3,8 +3,8 @@ Description=Reloads matrix-coturn periodically so that new SSL certificates can [Timer] Unit=matrix-coturn-reload.service -OnCalendar=Sunday *-*-* 13:00:00 -RandomizedDelaySec=3h +OnCalendar=*-*-* 06:30:00 +RandomizedDelaySec=1h [Install] WantedBy=timers.target diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 index 91b13b29e..b1e1c21e8 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.timer.j2 @@ -3,8 +3,8 @@ Description=Renews Let's Encrypt SSL certificates periodically [Timer] Unit=matrix-ssl-lets-encrypt-certificates-renew.service -OnCalendar=Sunday *-*-* 05:00:00 -RandomizedDelaySec=3h +OnCalendar=*-*-* 04:00:00 +RandomizedDelaySec=2h [Install] WantedBy=timers.target diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 index 73c1848ea..09cb6dad7 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-ssl-nginx-proxy-reload.timer.j2 @@ -3,8 +3,8 @@ Description=Reloads matrix-nginx-proxy periodically so that new SSL certificates [Timer] Unit=matrix-ssl-nginx-proxy-reload.service -OnCalendar=Sunday *-*-* 13:00:00 -RandomizedDelaySec=3h +OnCalendar=*-*-* 06:30:00 +RandomizedDelaySec=1h [Install] WantedBy=timers.target