iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-04-15 10:05:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: iartamonov:ace086056fc742ec25c26cc467b26642bcd9a69c
Branches Tags
iartamonov:master iartamonov:renovate/packaging-26.x iartamonov:renovate/prometheus-3.x iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption
..
compare: iartamonov:remove-zulip-bridge
Branches Tags
iartamonov:master iartamonov:renovate/packaging-26.x iartamonov:renovate/prometheus-3.x iartamonov:create-pull-request/i18n iartamonov:migration-validation-system iartamonov:copilot/update-exim-relay-docs iartamonov:renovate/matrixdotorg-sygnal-0.x iartamonov:synapse-user-register-wait-for iartamonov:remove-zulip-bridge iartamonov:stabilize-mas iartamonov:element-call-stack iartamonov:element-call-integration iartamonov:synapse-cache-tuning iartamonov:HarHarLinks/hookshot-encryption

1 Commits
ace086056f ... remove-zul

Author SHA1 Message Date
Aine
f16c8dfcbf remove Zulip bridge 2026-02-08 18:27:59 +00:00
8 changed files with 11 additions and 89 deletions
Expand all files Collapse all files

27
CHANGELOG.md
View File

@@ -1,30 +1,3 @@
# 2026-02-09
## (BC Break) matrix-media-repo datastore IDs are now required in `vars.yml`
**Affects**: users with [matrix-media-repo](docs/configuring-playbook-matrix-media-repo.md) enabled (`matrix_media_repo_enabled: true`)
The `matrix_media_repo_datastore_file_id` and `matrix_media_repo_datastore_s3_id` variables are no longer auto-configured with values. They must now be explicitly defined in your `vars.yml` file. The playbook will fail with a helpful error if they are not set (when needed).
These were never meant to be auto-configured. They were derived from `matrix_homeserver_generic_secret_key`, which is intended for secrets that are OK to change subsequently (and Ansible would assist in propagating these changes). matrix-media-repo datastore IDs are not secrets — they are static identifiers linking media to storage backends, and **must not change** after first use.
**For existing installations**, retrieve your current values from the server:
```sh
grep 'id:' /matrix/media-repo/config/media-repo.yaml
```
Then add to your `vars.yml`:
```yaml
matrix_media_repo_datastore_file_id: "YOUR_FILE_DATASTORE_ID_HERE"
# Only if you use S3 storage:
# matrix_media_repo_datastore_s3_id: "YOUR_S3_DATASTORE_ID_HERE"
```
**Why do this?**: This change allows us to **remove the [passlib](https://passlib.readthedocs.io/en/stable/index.html) Python library** from the [prerequisites](docs/prerequisites.md), as it was the last component that depended on it.
# 2026-02-08
## Zulip bridge has been removed from the playbook

18
docs/configuring-playbook-matrix-media-repo.md
View File

@@ -24,21 +24,8 @@ To enable matrix-media-repo, add the following configuration to your `inventory/
```yaml
matrix_media_repo_enabled: true
# Any unique alphanumeric string. Cannot be changed after first use.
# For new installations, generate one with: pwgen -s 64 1
# For existing installations, see below.
matrix_media_repo_datastore_file_id: "CHANGE_ME_TO_A_UNIQUE_VALUE"
```
**For existing installations**: retrieve the current datastore ID from the server's config file before proceeding:
```sh
grep 'id:' /matrix/media-repo/config/media-repo.yaml
```
Then use that value for `matrix_media_repo_datastore_file_id`. This is not a secret — it is a plain identifier used by matrix-media-repo to link media files to their storage backend.
By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
### Enable metrics
@@ -122,11 +109,6 @@ matrix_media_repo_admins: []
matrix_media_repo_datastore_file_for_kinds: ["thumbnails", "remote_media", "local_media", "archives"]
matrix_media_repo_datastore_s3_for_kinds: []
# Required when S3 storage is enabled (matrix_media_repo_datastore_s3_for_kinds is non-empty).
# Any unique alphanumeric string. Cannot be changed after first use.
# For new installations, generate one with: pwgen -s 64 1
# matrix_media_repo_datastore_s3_id: ""
# The s3 uploader needs a temporary location to buffer files to reduce memory usage on
# small file uploads. If the file size is unknown, the file is written to this location
# before being uploaded to s3 (then the file is deleted). If you aren't concerned about

2
docs/prerequisites.md
View File

@@ -23,6 +23,8 @@ We will be using `example.com` as the domain in the following instruction. Pleas
- [Ansible](http://ansible.com/) program. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
- [passlib](https://passlib.readthedocs.io/en/stable/index.html) Python library. See [this official documentation](https://passlib.readthedocs.io/en/stable/install.html#installation-instructions) for an instruction to install it. On most distros, you need to install some `python-passlib` or `py3-passlib` package, etc.
- [`git`](https://git-scm.com/) as the recommended way to download the playbook. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- [`just`](https://github.com/casey/just) for running `just roles`, `just update`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually. Take a look at this documentation for more information: [Running `just` commands](just.md).

3
group_vars/matrix_servers
View File

@@ -3299,9 +3299,6 @@ ddclient_identifier: matrix-dynamic-dns
ddclient_base_path: "{{ matrix_base_data_path }}/dynamic-dns"
ddclient_uid: "{{ matrix_user_uid }}"
ddclient_gid: "{{ matrix_user_gid }}"
ddclient_container_image_registry_prefix: "{{ 'localhost/' if ddclient_container_image_self_build else ddclient_container_image_registry_prefix_upstream }}"
ddclient_container_image_registry_prefix_upstream: "{{ matrix_container_global_registry_prefix_override if matrix_container_global_registry_prefix_override else ddclient_docker_image_registry_prefix_upstream_default }}"

2
requirements.yml
View File

@@ -50,7 +50,7 @@
version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v18.1-5
version: v18.1-4
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-0

10
roles/custom/matrix-media-repo/defaults/main.yml
View File

@@ -414,9 +414,8 @@ matrix_media_repo_shared_secret_auth_token: "PutSomeRandomSecureValueHere"
# thumbnails and other misc data is also stored in these places. The media repo, when looking
# for a datastore to use, will always use the smallest datastore first.
# ID for the file datastore. Any unique alphanumeric string (e.g. generated via `pwgen -s 64 1`).
# This value CANNOT be changed after media has been stored — matrix-media-repo ties media to this ID.
matrix_media_repo_datastore_file_id: ""
# ID for the file datastore (cannot change). Alphanumeric recommended.
matrix_media_repo_datastore_file_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'filestore.db', rounds=655555) | to_uuid }}"
# Datastores can be split into many areas when handling uploads. Media is still de-duplicated
# across all datastores (local content which duplicates remote content will re-use the remote
@@ -435,9 +434,8 @@ matrix_media_repo_datastore_file_for_kinds: ["thumbnails", "remote_media", "loca
# Path to datastore, relative to matrix-media-repo directory root
matrix_media_repo_datastore_opts_path: "/data/media"
# ID for the S3 datastore. Any unique alphanumeric string (e.g. generated via `pwgen -s 64 1`).
# This value CANNOT be changed after media has been stored — matrix-media-repo ties media to this ID.
matrix_media_repo_datastore_s3_id: ""
# ID for the s3 datastore (cannot change). Alphanumeric recommended.
matrix_media_repo_datastore_s3_id: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 's3store.db', rounds=655555) | to_uuid }}"
# Datastores can be split into many areas when handling uploads. Media is still de-duplicated
# across all datastores (local content which duplicates remote content will re-use the remote

2
roles/custom/matrix-media-repo/tasks/validate_config.yml
View File

@@ -15,8 +15,6 @@
- {'name': 'matrix_media_repo_database_hostname', when: true}
- {'name': 'matrix_media_repo_container_labels_traefik_internal_media_entrypoints', when: "{{ matrix_media_repo_container_labels_traefik_internal_media_enabled }}"}
- {'name': 'matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints', when: "{{ matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled }}"}
- {'name': 'matrix_media_repo_datastore_file_id', when: "{{ (matrix_media_repo_datastore_file_for_kinds | length) > 0 }}"}
- {'name': 'matrix_media_repo_datastore_s3_id', when: "{{ (matrix_media_repo_datastore_s3_for_kinds | length) > 0 }}"}
- name: (Deprecation) Catch and report renamed matrix-media-repo settings
ansible.builtin.fail:

36
roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml
View File

@@ -4,9 +4,9 @@
---
- name: Build Synapse user registration command - {{ user.username | quote }}
ansible.builtin.set_fact:
matrix_synapse_register_user_command: |-
- name: Ensure Synapse user registered - {{ user.username | quote }}
ansible.builtin.command:
cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse
register_new_matrix_user
-u {{ user.username | quote }}
@@ -21,34 +21,6 @@
{% endif %}
{% endif %}
http://localhost:{{ matrix_synapse_container_client_api_port }}
- name: Ensure Synapse user registered - {{ user.username | quote }}
ansible.builtin.command:
cmd: "{{ matrix_synapse_register_user_command }}"
register: matrix_synapse_register_user_result
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: >-
matrix_synapse_register_user_result.rc != 0
and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
and 'HMAC incorrect' not in matrix_synapse_register_user_result.stdout
and 'Connection refused' not in matrix_synapse_register_user_result.stderr | default('')
- when: >-
'HMAC incorrect' in matrix_synapse_register_user_result.stdout | default('')
or 'Connection refused' in matrix_synapse_register_user_result.stderr | default('')
block:
- name: Restart Synapse due to registration failure (likely a registration_shared_secret or DB credentials change)
ansible.builtin.service:
name: "matrix-synapse.service"
state: restarted
- name: Wait for Synapse to start after restart
ansible.builtin.pause:
seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
- name: Retry Synapse user registration - {{ user.username | quote }}
ansible.builtin.command:
cmd: "{{ matrix_synapse_register_user_command }}"
register: matrix_synapse_register_user_result
changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout