Commit 232353e3 authored by nono's avatar nono 💻
Browse files
parents f90e7ca2 b166f017
......@@ -24,7 +24,7 @@ matrix_dimension_enabled: true
## Define admin users
These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon.
These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension.<your-domain>/riot-app/admin` after logging in to element.
Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
......
......@@ -26,7 +26,6 @@ matrix_jitsi_enabled: true
# Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords,
# or define your own strong passwords manually.
matrix_jitsi_jicofo_component_secret: ""
matrix_jitsi_jicofo_auth_password: ""
matrix_jitsi_jvb_auth_password: ""
matrix_jitsi_jibri_recorder_password: ""
......
......@@ -27,8 +27,6 @@ ansible-playbook -i inventory/hosts setup.yml \
--tags=import-postgres
```
We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too).
**Note**: `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!).
......
......@@ -14,7 +14,7 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# If you decide to use another method for managing SSL certificates (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
......
......@@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.0.0
matrix_heisenbridge_version: 1.1.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
......
......@@ -60,7 +60,7 @@
git:
repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
# version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_mautrix_facebook_git_pull_results
when: "matrix_mautrix_facebook_container_image_self_build|bool"
......
......@@ -3,7 +3,7 @@ matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_version: v1.8.1
matrix_client_element_version: v1.8.5
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
......
......@@ -53,6 +53,8 @@
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
when: "matrix_client_hydrogen_enabled|bool and item.src is not none"
# This step MUST come after the steps to install the configuration files because the config files
# are currently only read at build time, not at run time like most other components in the playbook
- name: Ensure Hydrogen Docker image is built
docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"
......
......@@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.5.2-r3
matrix_coturn_version: 4.5.2-r4
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
......
......@@ -3,7 +3,7 @@
matrix_grafana_enabled: false
matrix_grafana_version: 8.1.2
matrix_grafana_version: 8.1.3
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
......
......@@ -7,6 +7,7 @@ matrix_jitsi_enable_guests: false
matrix_jitsi_enable_recording: false
matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_p2p: true
matrix_jitsi_enable_av_moderation: true
# Authentication type, must be one of internal, jwt or ldap. Currently only
# internal and ldap are supported by this playbook.
......@@ -53,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-5963
matrix_jitsi_version: stable-6173
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
......@@ -69,6 +70,14 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
# Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`.
matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443']
# Setting up TURN
# Default set with Coturn container
matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}"
matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
# Controls whether Etherpad will be available within Jitsi
matrix_jitsi_etherpad_enabled: false
......
......@@ -2,6 +2,7 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }}
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
ENABLE_XMPP_WEBSOCKET
GLOBAL_MODULES
GLOBAL_CONFIG
......@@ -48,4 +49,9 @@ JWT_AUTH_TYPE
JWT_TOKEN_AUTH_MODULE
LOG_LEVEL
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
TURN_HOST={{ matrix_jitsi_turn_host }}
TURNS_HOST={{ matrix_jitsi_turns_host }}
TURN_PORT={{ matrix_jitsi_turn_port }}
TURNS_PORT={{ matrix_jitsi_turns_port }}
TZ={{ matrix_jitsi_timezone }}
......@@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_version: 4.94.2-r0-3
matrix_mailer_version: 4.94.2-r0-4
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
......
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_version: 1.21.1-alpine
matrix_nginx_proxy_version: 1.21.3-alpine
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
......@@ -282,6 +282,23 @@ matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
# A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
# To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives
# Nginx Default: proxy_connect_timeout 60s; #Defines a timeout for establishing a connection with a proxied server
# Nginx Default: proxy_send_timeout 60s; #Sets a timeout for transmitting a request to the proxied server.
# Nginx Default: proxy_read_timeout 60s; #Defines a timeout for reading a response from the proxied server.
# Nginx Default: send_timeout 60s; #Sets a timeout for transmitting a response to the client.
#
# For more information visit:
# http://nginx.org/en/docs/http/ngx_http_proxy_module.html
# http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout
# https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/
#
# Here we are sticking with nginx default values change this value carefully.
matrix_nginx_proxy_connect_timeout: 60
matrix_nginx_proxy_send_timeout: 60
matrix_nginx_proxy_read_timeout: 60
matrix_nginx_send_timeout: 60
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users.
#
# Learn more about what it is here:
......@@ -409,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0"
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.19.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~
......
......@@ -42,6 +42,11 @@ http {
{% else %}
access_log off;
{% endif %}
proxy_connect_timeout {{ matrix_nginx_proxy_connect_timeout }};
proxy_send_timeout {{ matrix_nginx_proxy_send_timeout }};
proxy_read_timeout {{ matrix_nginx_proxy_read_timeout }};
send_timeout {{ matrix_nginx_send_timeout }};
sendfile on;
#tcp_nopush on;
......
......@@ -3,7 +3,7 @@
matrix_prometheus_enabled: false
matrix_prometheus_version: v2.29.1
matrix_prometheus_version: v2.29.2
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"
......
......@@ -16,6 +16,7 @@
git:
repo: "{{ matrix_synapse_admin_container_self_build_repo }}"
dest: "{{ matrix_synapse_admin_docker_src_files_path }}"
version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_synapse_admin_git_pull_results
when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool"
......
......@@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.41.0
matrix_synapse_version_arm64: v1.41.0
matrix_synapse_version: v1.42.0
matrix_synapse_version_arm64: v1.42.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
......
......@@ -83,20 +83,6 @@ presence:
#
enabled: {{ matrix_synapse_presence_enabled|to_json }}
# Presence routers are third-party modules that can specify additional logic
# to where presence updates from users are routed.
#
presence_router:
# The custom module's class. Uncomment to use a custom presence router module.
#
#module: "my_custom_router.PresenceRouter"
# Configuration options of the custom module. Refer to your module's
# documentation for available options.
#
#config:
# example_option: 'something'
# Whether to require authentication to retrieve profile data (avatars,
# display names) of other users through the client API. Defaults to
# 'false'. Note that profile data is also available via the federation
......@@ -839,6 +825,8 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config"
# is using
# - one for registration that ratelimits registration requests based on the
# client's IP address.
# - one for checking the validity of registration tokens that ratelimits
# requests based on the client's IP address.
# - one for login that ratelimits login requests based on the client's IP
# address.
# - one for login that ratelimits login requests based on the account the
......@@ -869,6 +857,10 @@ rc_message: {{ matrix_synapse_rc_message|to_json }}
# burst_count: 3
rc_registration: {{ matrix_synapse_rc_registration|to_json }}
#
#rc_registration_token_validity:
# per_second: 0.1
# burst_count: 5
#
#rc_login:
# address:
# per_second: 0.17
......@@ -1228,6 +1220,15 @@ allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
#
#enable_3pid_lookup: true
# Require users to submit a token during registration.
# Tokens can be managed using the admin API:
# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html
# Note that `enable_registration` must be set to `true`.
# Disabling this option will not delete any tokens previously generated.
# Defaults to false. Uncomment the following to require tokens:
#
#registration_requires_token: true
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
......
......@@ -59,6 +59,7 @@ matrix_synapse_workers_generic_worker_endpoints:
# Registration/login requests
- ^/_matrix/client/(api/v1|r0|unstable)/login$
- ^/_matrix/client/(r0|unstable)/register$
- ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
# Event sending requests
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/redact
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment