Update to 2021-10-28 13:00

3 years ago · fda3632908
parent 7f910f8ffc
commit fda3632908
7 changed files with 25 additions and 23 deletions
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -1,11 +1,11 @@
 ---

 # Version to install
-gitea_version: 1.15.5
+gitea_version: 1.15.6
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: c3f190848c271bf250d385b80c1a98a7e2c9b23d092891cf1f7e4ce18c736484
+gitea_bin_sha256: 1b7473b5993e07b33fec58edbc1a90f15f040759ca4647e97317c33d5dfe58be
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
--- a/roles/matrix_ma1sd/defaults/main.yml
+++ b/roles/matrix_ma1sd/defaults/main.yml
@ -61,9 +61,7 @@ ma1sd_ldap_attr_tel:
  - otherTelephone
  - otherMobile
  - otherHomePhone
-ma1sd_ldap_attr_other:
-  - cn
-  - memberOf
+ma1sd_ldap_attr_other: []

 # Outgoing email settings
 # Will use synapse settings if available
--- a/roles/matrix_ma1sd/templates/matrix-ma1sd.service.j2
+++ b/roles/matrix_ma1sd/templates/matrix-ma1sd.service.j2
@ -14,6 +14,7 @@ NoNewPrivileges=yes
 MemoryLimit={{ ma1sd_max_mem }}M
 SyslogIdentifier=matrix-ma1sd
 Restart=on-failure
+SuccessExitStatus=143

 [Install]
 WantedBy=multi-user.target
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@ -106,24 +106,25 @@ synapse_app_name: Matrix
 # Log level
 synapse_log_level: ERROR

-# Can be internal, ldap, rest or oidc
-synapse_auth: internal
+# Can be internal, ldap, rest or oidc (several choices can be made)
+synapse_auth:
+  - internal

 # If auth is ldap
-synapse_ldap_uri: ldap://ldap.example.com:389
+synapse_ldap_uri: "{{ ldap_uri | default('ldap://ldap.example.com:389') }}"
 synapse_ldap_start_tls: True
-synapse_ldap_user_base: ou=Users,dc=example,dc=com
-synapse_ldap_attr_uid: uid
+synapse_ldap_user_base: "{{ ad_ldap_user_search_base | default(ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), 'dc=example,dc=org')) }}"
+synapse_ldap_attr_uid: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
 synapse_ldap_attr_email: mail
 synapse_ldap_attr_name: cn
-synapse_ldap_filter: (objectClass=posixAccount)
+synapse_ldap_filter: "{{ ad_auth | default(False) | ternary('(&(objectCategory=person)(objectClass=user)(primaryGroupId=513))', '(objectClass=inetOrgPerson)') }}"

 # if auth is rest
 synapse_auth_rest_uri: http://localhost:8083

 # if auth is oidc
 synapse_oidc_server: https://sso.domain.com
-synapse_oidc_client: matric
+synapse_oidc_client: matrix
 synapse_oidc_secret: XXXXX
 # Jinja2 template to for the local part of the MXID.
 synapse_oidc_localpart: "{{ '{{ user.sub }}' }}"
--- a/roles/matrix_synapse/templates/homeserver.yaml.j2
+++ b/roles/matrix_synapse/templates/homeserver.yaml.j2
@ -156,8 +156,10 @@ email:
  client_base_url: '{{ synapse_client_base_url }}'
 {% endif %}

-{% if synapse_auth == 'ldap' %}
+{% if 'ldap' in synapse_auth or 'rest' in synapse_auth  or synapse_auth in ['ldap','rest'] %}
 password_providers:
+{% endif %}
+{% if synapse_auth == 'ldap' or 'ldap' in synapse_auth %}
  - module: 'ldap_auth_provider.LdapAuthProvider'
    config:
      enabled: True
@ -172,15 +174,14 @@ password_providers:
      bind_dn: '{{ synapse_ldap_bind_dn }}'
      bind_password: '{{ synapse_ldap_bind_pass }}'
 {% endif %}
-{% if synapse_ldap_filter is defined %}
      filter: '{{ synapse_ldap_filter }}'
 {% endif %}
-{% elif synapse_auth == 'rest' %}
-password_providers:
+{% if synapse_auth == 'rest' or 'rest' in synapse_auth %}
  - module: 'rest_auth_provider.RestAuthProvider'
    config:
      endpoint: '{{ synapse_auth_rest_uri }}'
-{% elif synapse_auth == 'oidc' %}
+{% endif %}
+{% if synapse_auth == 'oidc' or 'oidc' in synapse_auth %}
 oidc_config:
  enabled: True
  issuer: '{{ synapse_oidc_server }}'
@ -195,11 +196,12 @@ oidc_config:

 sso:
  client_whitelist:
-    - {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }}
+    - {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name + '/') }}
+  update_profile_information: True
+{% endif %}

 password_config:
-  enabled: False
-{% endif %}
+  enabled: {{ ('internal' in synapse_auth or 'ldap' in synapse_auth or 'rest' in synapse_auth) | ternary('True', 'False') }}

 alias_creation_rules:
    - user_id: '*'
--- a/roles/n8n/defaults/main.yml
+++ b/roles/n8n/defaults/main.yml
@ -1,7 +1,7 @@
 ---

 # Version to deploy
-n8n_version: 0.144.0
+n8n_version: 0.145.0
 # Root directory where n8n will be installed
 n8n_root_dir: /opt/n8n
 # User account under which n8n will run
--- a/roles/vaultwarden/defaults/main.yml
+++ b/roles/vaultwarden/defaults/main.yml
@ -4,9 +4,9 @@ vaultwarden_version: 1.23.0
 vaultwarden_archive_url: https://github.com/dani-garcia/vaultwarden/archive/{{ vaultwarden_version }}.tar.gz
 vaultwarden_archive_sha1: 76c83155bb4e7bf7b998dcd0853145ac96202dcd

-vaultwarden_web_version: 2.23.0c
+vaultwarden_web_version: 2.24.1
 vaultwarden_web_archive_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
-vaultwarden_web_archive_sha1: d2fbc58969fcd4c2a97825cb20521df3a8fb2c82
+vaultwarden_web_archive_sha1: 63efb8146ef6e5482cf711eb4abdc36432b15af5

 vaultwarden_root_dir: /opt/vaultwarden
 vaultwarden_user: vaultwarden