Since it is required to create and input a strong password (random strings) on vars.yml, this commit adds a password generator as a required software to configure and run the playbook. Password Tech, reportedly formerly known as "PWGen for Windows", is linked from https://github.com/jbernard/pwgen
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Essentially it means "configuring your DNS settings or records on the DNS server you use".
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add hard-coded breadcrumbs to documentation files about installation procedure for easier navigation
Since it is easy to get lost among these files, the breadcrumbs should be helpful to get the whole picture of the procedure. Hopefully they will be replaced with something else generated automatically.
Please note that the usage of <sup> HTML tags on this context is not proper as the tag is intended to be used only for typographical reasons. Here <small> tags should rather be used instead as long as we do not use CSS, but since GitHub strips these tags against its spec (https://github.github.com/gfm/#disallowed-raw-html-extension-) (also note: the <small> HTML tags are not stripped on Codeberg for example), this commit intentionally uses <sup> to have those breadcrumbs rendered in small points.
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Update docs/configuring-playbook.md title
The file is referred from other files as "Configuring the playbook"
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* Add "Quick start" link with the thunder icon
For now docs/README.md is linked
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
---------
Signed-off-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
Co-authored-by: Suguru Hirahara <acioustick@noreply.codeberg.org>
* rewrite `just update` command to provide a one-line command to update everything
* update prefix
* uncomment update-self
* Revert requirements.yml updates not belonging to this PR
* Justfile and documentation updates to make things clearer
---------
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
I've just tested Rocky Linux v9 and it seems to work.
I suppose the Docker situation
(https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)
on RHEL v8 has improved, so it probably works too.
I see no reason AlmaLinux and other RHEL derivatives wouldn't work,
but I have neither tested them, nor have confirmation from others about
it.
It's mostly a matter of us being able to install:
- Docker, via https://github.com/geerlingguy/ansible-role-docker which
seems to support various distros
- a few other packages (systemd-timesyncd, etc).
The list of supported distros has been reordered alphabetically.
I've heard reports of SUSE Linux working well too, so it may also be added
if confirmed again.
Closes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300
It's not strictly required yet, but certain versions of Ansible display warnings
if passlib is missing. The non-passlib crypto usage is deprecated, so
passlib will become a requirement in newer Ansible versions. It's only a
matter of time.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1282
It's mostly due to Docker CE dropping its repositories (and support) for
Debian 9.
If one installs Docker manually (likely a package named `docker.io`), it
will likely still work.
In any case, Debian 9 is old and end-of-life now, so advertising support
for it is not productive.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963
This also simplifies Prerequisites, which is great.
It'd be nice if we were doing these checks in some optional manner
and reporting them as helpful messages (using
`matrix_playbook_runtime_results`), but that's more complicated.
I'd rather drop these checks completely.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/756
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/737
I feel like timers are somewhat more complicated and dirty (compared to
cronjobs), but they come with these benefits:
- log output goes to journald
- on newer systemd distros, you can see when the timer fired, when it
will fire, etc.
- we don't need to rely on cron (reducing our dependencies to just
systemd + Docker)
Cronjobs work well, but it's one more dependency that needs to be
installed. We were even asking people to install it manually
(in `docs/prerequisites.md`), which could have gone unnoticed.
Once in a while someone says "my SSL certificates didn't renew"
and it's likely because they forgot to install a cron daemon.
Switching to systemd timers means that installation is simpler
and more unified.
ma1sd requires the openid endpoints for certain functionality.
Example: 90b2b5301c/src/main/java/io/kamax/mxisd/auth/AccountManager.java (L67-L99)
If federation is disabled, we still need to expose these openid APIs on the
federation port.
Previously, we were doing similar magic for Dimension.
As per its documentation, when running unfederated, one is to enable
the openid listener as well. As per their recommendation, people
are advised to do enable it on the Client-Server API port
and use the `federationUrl` variable to override where the federation
port is (making federation requests go to the Client-Server API).
Because ma1sd always uses the federation port (unless you do some
DNS overwriting magic using its configuration -- which we'd rather not
do), it's better if we just default to putting the `openid` listener
where it belongs - on the federation port.
With this commit, we retain the "automatically enable openid APIs" thing
we've been doing for Dimension, but move it to the federation port instead.
We also now do the same thing when ma1sd is enabled.
Don't mention systemd-journald adjustment anymore, because
we've changed log levels to WARNING and Synapse is not chatty by default
anymore.
The "excessive log messages may get dropped on CentOS" issue no longer
applies to most users and we shouldn't bother them with it.
Somewhat related to #213 (Github Pull Request).
We've been moving in the opposite direction for quite a long time.
All services should just leave logging to systemd's journald.
When using Let's Encrypt SSL certificates, a cronjob is set up to
automatically renew them. Though it does require a `cron`-compatible
program on the server.
This fixes the error that is caused by the `/etc/cron.d` directory
not existing and the `ansible-cron` module trying to write out a
file there -- without checking if the directory exists first.