Commit Graph

473 Commits

Author SHA1 Message Date
Slavi Pantaleev
49e5dad86d Do not do the S3 setup so early
It was never intended to be there, but was while testing/development
and got forgotten later.
2017-09-08 10:50:31 +03:00
Slavi Pantaleev
0f43abb91d Do not assume /usr/local/bin is always on the PATH 2017-09-08 10:47:12 +03:00
Slavi Pantaleev
9c68b057b0 Add support for storing Matrix Synapse's media_store to Amazon S3 2017-09-07 18:26:41 +03:00
Slavi Pantaleev
9b97ab6a90 Do not wastefully preserve owner/group when importing media store files 2017-09-07 12:27:32 +03:00
Slavi Pantaleev
0f723c9574 Ensure media store files are owned by the correct user/group after importing (recursively) 2017-09-07 12:24:04 +03:00
Slavi Pantaleev
a6760f4469 Ensure media store files are owned by the correct user/group after importing 2017-09-07 12:23:22 +03:00
Slavi Pantaleev
ea91ef7fb2 Move media_store & logs out of /data. Allow logging to be configured
The goal is to allow these to be on separate partitions
(including remote ones in the future).

Because the `silviof/docker-matrix` image chowns
everything to MATRIX_UID:MATRIX_GID on startup,
we definitely don't want to include `media_store` in it.
If it's on a remote FS, it would cause a slow startup.

Also, adding some safety checks to the "import media store"
task, after passing a wrong path to it on multiple occassions and
wondering what's wrong.

Also, making logging configurable. The default of keeping 10x100MB
log files is likely excessive and people may want to change that.
2017-09-07 12:12:31 +03:00
Slavi Pantaleev
2bb8bb96d4 Add support for configuring max_upload_size 2017-08-30 12:07:03 +03:00
Slavi Pantaleev
b046052aed Switch from playbook vars to role defaults
By using role defauts, we can have inventory variables
which overide the defaults.
2017-08-30 12:05:13 +03:00
Slavi Pantaleev
ce3c31eb41 Adjust x_forwarded setting for the plain (8008) port
Port 8008 is forwarded in our case, so unless we adjust
`x_forwaded` for it, Docker's local network IPs are
logged/displayed for devices.

The TLS port (8448) is not proxied in our setup,
so its `x_forwarded` setting remains `false`.
2017-08-12 18:32:24 +03:00
Slavi Pantaleev
1cd227b699 Increase max body size for the nginx proxy
Otherwise, we can't support large media file uploads.
2017-08-12 15:39:21 +03:00
Slavi Pantaleev
887d14884e Do not generate a new Matrix Synapse config, if one already exists
Otherwise certains values in the config file,
such as `macaroon_secret_key`, would be regenerated,
which is not something that we want.

If `macaroon_secret_key` is regenerated, all users'
auth tokens will become invalid (effectively logging out
all users).
2017-08-12 11:06:57 +03:00
Slavi Pantaleev
7d74dced28 Disable TURN for guests and enable URL previews 2017-08-12 10:36:34 +03:00
Slavi Pantaleev
fc3386dff7 Fix matrix-synapse-register-user for when the non-admin case
It was trying to omit the `-a` flag, but that wasn't enough,
because the underlying `register_new_matrix_user` command
prompts interactively if it doesn't see the `-a` flag
(it doesn't default to non-admin).

We need to answer such interactive prompts.
2017-08-11 08:21:34 +03:00
Slavi Pantaleev
b074030d59 Fix problem detecting matrix-nginx-proxy state when it is not installed 2017-08-08 14:31:01 +03:00
Slavi Pantaleev
02bdb7c7bc Ensure firewalld is installed and Docker launcher after firewalld
Some CentOS 7 hosts may not have firewalld installed.
We shouldn't expect it to be, but should ensure by ourselves that it is.

Docker likes to mess around with iptables forwarding rules,
so it ought to start after firewalld.
2017-08-08 14:29:14 +03:00
Slavi Pantaleev
91bb06e4be Update README 2017-08-06 19:21:18 +03:00
Slavi Pantaleev
a3ecb7bfd9 Add http->http redirection for Matrix/Riot
Doing this means that matrix-nginx-proxy now starts
occupying port 80, which necessitates that
SSL renewal happens slightly differently.
2017-08-06 19:10:50 +03:00
Slavi Pantaleev
0d1a2071de Ensure playbook works if running at SSL-renewal time
matrix-nginx-proxy will be occupying port 80 soon,
so that we can be more user-friendly and have
http->https forwarding for the Riot hostname.

During the playbook run, acmetool also expects to use
port 80 for domain verification.

During an initial playbook run, this wouldn't cause trouble
because matrix-nginx-proxy is not installed yet.

However, on subsequent playbook runs, it would cause trouble.

This ensures that if matrix-nginx-proxy is available
and running, it would be stopped before running acmetool
and started right after.
2017-08-06 18:40:16 +03:00
Slavi Pantaleev
13eaee2463 Enable TURN support and UDP for STUN 2017-08-06 18:26:06 +03:00
Slavi Pantaleev
7b980525a4 Fix README anchors 2017-08-01 12:36:54 +03:00
Slavi Pantaleev
81077e6cdf Allow regular users to be created as well (not only admins) 2017-08-01 11:11:29 +03:00
Slavi Pantaleev
87f5883f24 Initial commit 2017-07-31 23:08:20 +03:00