Commit Graph

5415 Commits

Author SHA1 Message Date
Slavi Pantaleev
5b26647127 Upgrade Certbot (v1.31.0 -> v2.0.0) and switch to new default key type (ecdsa)
More details about the new key type can be found here:
https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys

Existing RSA-based keys will continue to renew as RSA until manual
action is taken. Example from the documentation above:
> certbot renew --key-type ecdsa --cert-name example.com --force-renewal

In the future, we may add a command which does this automatically for
all domains.
2022-11-28 09:24:25 +02:00
Slavi Pantaleev
81054bb19c Upgrade com.devture.ansible.role.postgres 2022-11-28 09:05:22 +02:00
Slavi Pantaleev
0d322a5c86 Announce matrix-postgres replacement and /usr/local/bin cleanup 2022-11-28 08:09:57 +02:00
Slavi Pantaleev
4b111d05d5 Pass devture_postgres_db_migration_request to com.devture.ansible.role.postgres in a cleaner way 2022-11-28 07:44:59 +02:00
Slavi Pantaleev
910cd9adf0 Replace import_role calls with include_role calls 2022-11-27 11:27:01 +02:00
Slavi Pantaleev
4bb3a38de6 Upgrade com.devture.ansible.role.postgres 2022-11-27 11:24:53 +02:00
Slavi Pantaleev
3d1ea3e79e Auto-delete old matrix scripts from /usr/local/bin 2022-11-27 10:10:00 +02:00
Slavi Pantaleev
d1b2fd50be Remove manual service enablement/start for backup-borg
This is done via devture_systemd_service_manager_services_list_auto
already.
2022-11-27 10:04:03 +02:00
Slavi Pantaleev
2688e8bfc3 Optimize initial installation by not reloading systemd after each .service install
We expect `--tags=start` to handle systemd reloading, so we don't need
to do it manually each time we install/uninstall a .service file.
2022-11-27 10:02:45 +02:00
Slavi Pantaleev
707e909b9b /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew 2022-11-27 09:53:23 +02:00
Slavi Pantaleev
fb86f6d5e7 /usr/local/bin/matrix-remove-all -> /matrix/bin/remove-all 2022-11-27 09:47:02 +02:00
Slavi Pantaleev
c928148261 Make uninstall tasks for Synapse delete bin/ 2022-11-27 09:43:25 +02:00
Slavi Pantaleev
40cf9cd72c /usr/local/bin/matrix-dendrite-create-account -> /matrix/dendrite/bin/create-account 2022-11-27 09:42:10 +02:00
Slavi Pantaleev
7c5c3aedc4 Put s3-storage-provider scripts under /matrix/synapse/ext/s3-storage-provider/bin, not /usr/local/bin 2022-11-27 09:38:34 +02:00
Slavi Pantaleev
735e7355a5 Rename variable (matrix_synapse_ext_s3_storage_provider_path -> matrix_synapse_ext_s3_storage_provider_base_path) 2022-11-27 09:28:29 +02:00
Slavi Pantaleev
72744f9db9 /usr/local/bin/matrix-synapse-register-user -> /matrix/synapse/bin/register-user 2022-11-27 09:26:18 +02:00
Slavi Pantaleev
7b43ef34b7 Remove more hardcoded matrix-postgres references 2022-11-27 09:16:18 +02:00
Slavi Pantaleev
3d5d843418 Replace some devture_postgres_identifier instances with devture_postgres_connection_hostname 2022-11-27 08:31:54 +02:00
Slavi Pantaleev
eedf5ad94d Remove some hardcoded matrix-postgres references 2022-11-27 08:23:43 +02:00
Slavi Pantaleev
04b9483f0d Switch from matrix-postgres to com.devture.ansible.role.postgres 2022-11-27 08:04:31 +02:00
Slavi Pantaleev
dd9ae0d25c Fix accidentally swapped tags (rust-synapse-compress-state and update-user-password) 2022-11-27 07:24:39 +02:00
Slavi Pantaleev
1688983436
Merge pull request #2299 from etkecc/patch-127
update mautrix-telegram 0.12.1 -> 0.12.2
2022-11-26 20:51:02 +02:00
Aine
ea0c9ed71d
update mautrix-telegram 0.12.1 -> 0.12.2 2022-11-26 18:48:04 +00:00
Slavi Pantaleev
018a609e47 Simplify matrix_postgres_backup_databases definition
Related to 71de7cd8cd
2022-11-26 18:57:45 +02:00
Slavi Pantaleev
71de7cd8cd Simplify matrix_backup_borg_postgresql_databases definition
There was no need to add `synapse` to the list manually
and then add all other additional databases.

When the `synapse` database was the main database, this made sense.
Since a long time ago already, ALL databases are "additional" databases,
so the `synapse` database is part of that list.

We could additional add the main (`matrix`) database to this list,
but there's probably no point in backing that one up.
2022-11-26 18:53:54 +02:00
Slavi Pantaleev
9427f9408d
Merge pull request #2298 from pub-solar/docs/synapse-oidc-keycloak
Update docs on how to use synapse & keycloak OIDC
2022-11-26 17:23:31 +02:00
teutat3s
e9765ae4a5
Update docs on how to use synapse & keycloak OIDC
Use up-to-date example from synapse docs

Add link to keycloak website

Add link to synapse docs on OIDC
2022-11-26 16:16:56 +01:00
Slavi Pantaleev
fe4c2d73f4 Update Ansible version requirements
Tests were carried out like this:

- `virtualenv3 env`
- `./env/bin/pip install ansible==4.10.0 ansible-core==2.11.7`
- `./env/bin/ansible-playbook .....`

The lowest version of `ansible-core` available on PyPI right now is
2.11.0. That version has trouble with `ansible==4.0.0` though.
The errors we were hitting seemed to be resolved by others online by
using `ansible==4.10.0` instead, which has a minimum `ansible-core`
requirement of `2.11.7`, so that's what we went with.

Older versions of Ansible may work, but.. I'm having trouble
installing them and don't want to spend too much time on digging through
ancient versions and testing them out. People should just learn to run
up-to-date software.
2022-11-26 16:45:07 +02:00
Array in a Matrix
504d4a4134
Add dendrite captcha config to doc and hCaptcha (#2290)
* added dendrite captcha options

* added hcaptcha doc

* proper url

* Apply suggestions from code review

Co-authored-by: Slavi Pantaleev <slavi@devture.com>

* Update main.yml

* renamed captcha vars to new naming scheme

* change vars to new format

* Rename back some incorrect renamed variables

These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9

* Fix up naming inconsistencies

Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.

* Add validation/deprecation for renamed Dendrite variables

Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
2022-11-26 09:27:43 +02:00
Slavi Pantaleev
16c18b0344 Upgrade Hydrogen (v0.3.4 -> v0.3.5) 2022-11-25 18:59:01 +02:00
Slavi Pantaleev
fa523c6472 Remove blank lines 2022-11-25 17:36:42 +02:00
Slavi Pantaleev
a04f6f4e3d Optimize uninstall tasks a bit
- forego removing Docker images - it's not effective anyway, because it
  only removes the last version.. which is a drop in the bucket, usually

- do not reload systemd - it's none of our business. `--tags=start`,
  etc., handle this

- combine all uninstall tasks under a single block, which only runs if
  we detect traces (a leftover systemd .service file) of the component.
  If no such .service is detected, we skip them all. This may lead to
  incorect cleanup in rare cases, but is good enough for the most part.
2022-11-25 17:28:57 +02:00
Slavi Pantaleev
8456657f21 Announce install-* tags 2022-11-25 16:15:19 +02:00
Slavi Pantaleev
61f67d8f0a Add install-* tags for quicker runs 2022-11-25 16:02:51 +02:00
Slavi Pantaleev
34c01da9d2 Ensure consistent password_hash results regardless of whether crypt or passlib is used
Ansible recently started showing warnings about `crypt` being
deprecated. If one installs `passlib`, the `password_hash` values that
are generated would be different by default. With this patch, we ensure
consistency regardless of which one is used.

After this patch, password hashes (and UUIDs derived from them) will
change once, but they should be stable after that.

These hashes changing is not a problem, because the playbook
changes all references to the new values. Changes are only a problem if
they're done partially and with different tools.
For example:
- `--tags=setup-COMPONENT` with `passlib`
- `--tags=setup-postgres` with `crypt` (no `passlib`)
If so, the Postgres database password's value will differ for the
configuration generated for `COMPONENT`.

The `rounds=` value is arbitrary. It doesn't matter what it is,
as long as it's different than the default for `crypt` (5000)
and the default for `passlib` for `sha512` (656000).

Source (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html):

> To ensure idempotency, specify rounds to be neither crypt’s nor passlib’s default, which is 5000 for crypt and a variable value (535000 for sha256, 656000 for sha512) for passlib
2022-11-25 11:41:16 +02:00
Slavi Pantaleev
42f3c3cbf6 Improve command for connecting to additional container networks 2022-11-25 10:22:25 +02:00
Slavi Pantaleev
b59981f03c Remove incorrectly places task
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2297
2022-11-25 06:17:14 +02:00
Karmanyaah Malhotra
140acfcc5f
Exempt Matrix server from ntfy rate limit (#2135)
* Exempt Matrix server from ntfy rate limit

Add the matrix fqdn and localhost to ntfy's exemption list.
Also allow all ntfy rate limits to be configured through Ansible
variables.

* Fix names and formatting

* fixes

* tabs not spaces

* Lint

* Use raw tags instead of bracket soup
2022-11-24 21:12:43 +02:00
Slavi Pantaleev
9c0cf5481a Try to be more helpful when matrix_homeserver_generic_secret_key appears to be undefined 2022-11-24 18:42:01 +02:00
Slavi Pantaleev
663a17ea10 Fix ansible-lint-reported errors 2022-11-24 17:39:34 +02:00
Slavi Pantaleev
c37cf42427 Do not delete and re-create Synapse worker configs needlessly
We had checks to avoid stopping/deleting systemd services for workers
that used to exist and will continue to exist, but we were deleting
config files for workers each time.. Only to recreate them again later.

This lead to:

- too many misleading "changed" tasks
- too much unnecessary work
- potential failures during playbook execution possibly leaving the
  system in a bad state (no worker config files)
2022-11-24 17:06:31 +02:00
Slavi Pantaleev
2e7b5c7b02 Untangle the setup import/include mess in matrix-synapse 2022-11-24 16:27:11 +02:00
Slavi Pantaleev
d29b0aeddb Replace even more import_tasks calls with include_tasks 2022-11-24 15:19:42 +02:00
Slavi Pantaleev
7c2a7a8eb6 Replace most import_tasks calls with include_tasks for improved performance 2022-11-24 11:33:45 +02:00
Slavi Pantaleev
5c3df22c35
Merge pull request #2293 from jpdown/update-traefik-example
Add service declaration to sample traefik config
2022-11-24 08:11:34 +02:00
Jaden Down
86f495f461
Add service declaration to sample traefik config 2022-11-23 19:08:52 -06:00
Slavi Pantaleev
d9ab60fbf2
Merge pull request #2289 from etkecc/patch-126
Update grafana 9.2.5 -> 9.2.6
2022-11-23 18:06:55 +02:00
Aine
e05b4c78c7
Update grafana 9.2.5 -> 9.2.6 2022-11-23 16:02:28 +00:00
Slavi Pantaleev
787a82d6e8 Combine matrix user/group set_fact calls into one 2022-11-23 17:07:52 +02:00
Slavi Pantaleev
4d881477a3 Add matrix_homeserver_enabled variable
We need this to control whether `('matrix-' + matrix_homeserver_implementation + '.service')`
would get injected into `devture_systemd_service_manager_services_list_auto`
2022-11-23 16:56:39 +02:00