Merge branch 'master' of https://github.com/spantaleev/matrix-docker-…

…ansible-deploy

# Conflicts:
#	setup.yml

CHANGELOG.md

@@ -1,3 +1,12 @@
+# 2024-07-25
+
+## synapse-usage-exporter support
+
+Thanks to [Michael Hollister](https://github.com/Michael-Hollister) from [FUTO](https://www.futo.org/), the creators of the [Circles app](https://circu.li/), the playbook can now set up [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) - a small [Flask](https://flask.palletsprojects.com)-based webservice which can capture usage statistics from Synapse (via HTTP `PUT`) and then make them available for Prometheus to scrape.
+
+To learn more see our [Enabling synapse-usage-exporter for Synapse usage statistics](docs/configuring-playbook-synapse-usage-exporter.md) documentation page.
+
+
 # 2024-07-06
 
 ## matrix-alertmanager-receiver support

README.md

@@ -157,6 +157,7 @@ Services that help you in administrating and monitoring your matrix installation
 | Metrics and Graphs | x | Consists of the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI | [Link](docs/configuring-playbook-prometheus-grafana.md) |
 | [Borg](https://borgbackup.org) | x | Backups | [Link](docs/configuring-playbook-backup-borg.md) |
 | [Rageshake](https://github.com/matrix-org/rageshake) | x | Bug report server | [Link](docs/configuring-playbook-rageshake.md) |
+| [synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) | x | Export the usage statistics of a Synapse homeserver to be scraped by Prometheus. | [Link](docs/configuring-playbook-synapse-usage-exporter.md) |
 
 ### Misc
 

docs/configuring-playbook-matrix-media-repo.md

@@ -23,9 +23,11 @@ matrix_media_repo_enabled: true
 # matrix_media_repo_metrics_enabled: true
 ```
 
-The repo is pre-configured for integrating with the Postgres database, NGINX proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
+The repo is pre-configured for integrating with the Postgres database, Traefik proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
 
-By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
+By default, the media-repo will use the local filesystem for data storage. You can alternatively use a `s3` cloud backend as well. Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
+
+**Note:** If you want to use authenticated media endpoints ([MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916)), you must configure a signing key for your MMR instance to authorize outbound federation requests. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/ for more details on how to configure your server with a signing key.
 
 ## Configuring the media-repo
 

docs/configuring-playbook-prometheus-grafana.md

@@ -121,6 +121,7 @@ scrape_configs:
 
 ## More information
 
+- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)
 - [Understanding Synapse Performance Issues Through Grafana Graphs](https://element-hq.github.io/synapse/latest/usage/administration/understanding_synapse_through_grafana_graphs.html) at the Synapse Github Wiki
 - [The Prometheus scraping rules](https://github.com/element-hq/synapse/tree/master/contrib/prometheus) (we use v2)
 - [The Synapse Grafana dashboard](https://github.com/element-hq/synapse/tree/master/contrib/grafana)

docs/configuring-playbook-synapse-usage-exporter.md

@@ -0,0 +1,26 @@
+# Setting up synapse-usage-exporter (optional)
+
+[synapse-usage-exporter](https://github.com/loelkes/synapse-usage-exporter) allows you to export the usage statistics of a Synapse homeserver to this container service and for the collected metrics to later be scraped by Prometheus.
+
+Synapse does not include usage statistics in its Prometheus metrics. They can be reported to an HTTP `PUT` endpoint 5 minutes after startup and from then on at a fixed interval of once every three hours. This role integrates a simple [Flask](https://flask.palletsprojects.com) project that offers an HTTP `PUT` endpoint and holds the most recent received record available to be scraped by Prometheus.
+
+Enabling this service will automatically:
+
+- install the synapse-usage-exporter service
+- re-configure Synapse to push (via HTTP `PUT`) usage statistics information to synapse-usage-exporter
+- re-configure [Prometheus](./configuring-playbook-prometheus-grafana.md) (if Prometheus is enabled), to periodically scrape metrics from synapse-usage-exporter
+- add a new [Grafana](./configuring-playbook-prometheus-grafana.md) dashboard (if Grafana is enabled) containing Synapse usage statistics
+
+## Quickstart
+
+Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file and [re-run the installation process](./installing.md) for the playbook:
+
+```yaml
+matrix_synapse_usage_exporter_enabled: true
+
+# (Optional) Expose endpoint if you want to collect statistics from outside (from other homeservers).
+# If enabled, synapse-usage-exporter will be exposed publicly at `matrix.DOMAIN/report-usage-stats/push`.
+# When collecting usage statistics for Synapse running on the same host, you don't need to enable this.
+# You can adjust the hostname and path via `matrix_synapse_usage_exporter_hostname` and `matrix_synapse_usage_exporter_path_prefix`.
+# matrix_synapse_usage_exporter_proxying_enabled: true
+```

docs/configuring-playbook-synapse.md

@@ -161,4 +161,6 @@ Due to this, it's recommended to only store and maintain template files in your
 
 This playbook allows you to enable Synapse metrics, which can provide insight into the performance and activity of Synapse.
 
-To enable Synapse metrics see [`configuring-playbook-prometheus-grafana.md`](./configuring-playbook-prometheus-grafana.md)
+To enable Synapse runtime metrics see: [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md)
+
+To enable Synapse usage metrics, see: [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md)

docs/configuring-playbook.md

@@ -42,6 +42,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
 
 - [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional)
 
+- [Enabling synapse-usage-exporter for Synapse usage statistics](configuring-playbook-synapse-usage-exporter.md) (optional)
+
 ### Core service adjustments
 
 - Homeserver configuration:

group_vars/matrix_servers

@@ -441,6 +441,8 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-synapse-admin.service', 'priority': 4000, 'groups': ['matrix', 'synapse-admin']}] if matrix_synapse_admin_enabled else [])
     +
+    ([{'name': (matrix_synapse_usage_exporter_identifier + '.service'), 'priority': 4000, 'groups': ['matrix', 'synapse-usage-exporter']}] if matrix_synapse_usage_exporter_enabled else [])
+    +
     ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'synapse-reverse-proxy-companion', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else [])
     +
     ([{'name': 'matrix-user-verification-service.service', 'priority': 800, 'groups': ['matrix', 'matrix-user-verification-service']}] if matrix_user_verification_service_enabled else [])
@@ -3611,6 +3613,12 @@ matrix_media_repo_container_labels_traefik_internal_media_entrypoints: "{{ matri
 matrix_media_repo_container_labels_traefik_internal_matrix_client_media_enabled: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled }}"
 matrix_media_repo_container_labels_traefik_internal_matrix_client_media_entrypoints: "{{ matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name }}"
 
+matrix_media_repo_metrics_proxying_enabled: "{{ matrix_media_repo_metrics_enabled and matrix_metrics_exposure_enabled }}"
+matrix_media_repo_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
+matrix_media_repo_metrics_proxying_path: "{{ matrix_metrics_exposure_path_prefix }}/matrix-media-repo"
+matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+matrix_media_repo_container_labels_traefik_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+
 matrix_media_repo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_media_repo_database_username: matrix_media_repo
 matrix_media_repo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mediarepo.db', rounds=655555) | to_uuid }}"
@@ -3644,6 +3652,11 @@ matrix_media_repo_homeservers_auto:
     # to "matrix", most functionality requiring the admin API will not work.
     adminApiKind: "{{ 'synapse' if matrix_homeserver_implementation == 'synapse' else ('dendrite' if matrix_homeserver_implementation == 'dendrite' else 'matrix') }}"
 
+    # The signing key to use for authorizing outbound federation requests. If not specified,
+    # requests will not be authorized. See https://docs.t2bot.io/matrix-media-repo/v1.3.5/installation/signing-key/
+    # for details.
+    signingKeyPath: ""
+
 matrix_media_repo_homeserver_federation_enabled: "{{ matrix_homeserver_federation_enabled }}"
 
 ######################################################################
@@ -4454,6 +4467,10 @@ matrix_synapse_app_service_config_files_auto: "{{ matrix_homeserver_app_service_
 # Disable creation of media repository Synapse worker when using media-repo
 matrix_synapse_ext_media_repo_enabled: "{{ matrix_media_repo_enabled }}"
 
+# Enable Synapse statistics reporting when using synapse-usage-exporter
+matrix_synapse_report_stats: "{{ matrix_synapse_usage_exporter_enabled }}"
+matrix_synapse_report_stats_endpoint: "http://{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}/report-usage-stats/push"
+
 ######################################################################
 #
 # /matrix-synapse
@@ -4586,6 +4603,28 @@ matrix_synapse_admin_container_labels_traefik_tls_certResolver: "{{ devture_trae
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-synapse-usage-exporter
+#
+######################################################################
+
+matrix_synapse_usage_exporter_enabled: false
+
+matrix_synapse_usage_exporter_container_network: "{{ matrix_monitoring_container_network }}"
+
+matrix_synapse_usage_exporter_container_additional_networks: "{{ [matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else [] }}"
+
+matrix_synapse_usage_exporter_container_labels_traefik_enabled: "{{ matrix_synapse_usage_exporter_proxying_enabled }}"
+matrix_synapse_usage_exporter_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}"
+matrix_synapse_usage_exporter_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
+matrix_synapse_usage_exporter_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
+
+######################################################################
+#
+# /matrix-synapse-usage-exporter
+#
+######################################################################
 
 ######################################################################
 #
@@ -4744,6 +4783,8 @@ prometheus_container_additional_networks_auto: |
       ([matrix_prometheus_nginxlog_exporter_container_network] if matrix_prometheus_services_connect_scraper_nginxlog_enabled and matrix_prometheus_nginxlog_exporter_container_network != prometheus_container_network else [])
       +
       ([matrix_media_repo_container_network] if matrix_prometheus_services_connect_scraper_media_repo_enabled and matrix_media_repo_container_network != prometheus_container_network else [])
+      +
+      ([matrix_synapse_usage_exporter_container_network] if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled and matrix_synapse_usage_exporter_container_network != prometheus_container_network else [])
     ) | unique
   }}
 
@@ -4768,6 +4809,8 @@ prometheus_config_scrape_configs_auto: |
     (matrix_prometheus_services_connect_scraper_nginxlog_scrape_configs if matrix_prometheus_services_connect_scraper_nginxlog_enabled else [])
     +
     (matrix_prometheus_services_connect_scraper_media_repo_scrape_configs if matrix_prometheus_services_connect_scraper_media_repo_enabled else [])
+    +
+    (matrix_prometheus_services_connect_scraper_synapse_usage_exporter_scrape_configs if matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled else [])
   }}
 
 ######################################################################
@@ -4806,6 +4849,9 @@ matrix_prometheus_services_connect_scraper_nginxlog_static_configs_target: "{{ m
 matrix_prometheus_services_connect_scraper_media_repo_enabled: "{{ matrix_media_repo_enabled and matrix_media_repo_metrics_enabled }}"
 matrix_prometheus_services_connect_scraper_media_repo_static_configs_target: "{{ matrix_media_repo_identifier }}:{{ matrix_media_repo_metrics_port }}"
 
+matrix_prometheus_services_connect_scraper_synapse_usage_exporter_enabled: "{{ matrix_synapse_usage_exporter_enabled }}"
+matrix_prometheus_services_connect_scraper_synapse_usage_exporter_static_configs_target: "{{ matrix_synapse_usage_exporter_identifier }}:{{ matrix_synapse_usage_exporter_container_port | string }}"
+
 ######################################################################
 #
 # /matrix-prometheus-services-connect
@@ -4872,6 +4918,8 @@ grafana_dashboard_download_urls: |
     (matrix_prometheus_nginxlog_exporter_dashboard_urls if matrix_prometheus_nginxlog_exporter_enabled else [])
     +
     (matrix_media_repo_dashboard_urls if matrix_media_repo_metrics_enabled else [])
+    +
+    (matrix_synapse_usage_exporter_dashboard_urls if matrix_synapse_usage_exporter_enabled else [])
   }}
 
 grafana_provisioning_dashboard_template_files: |
@@ -4880,11 +4928,6 @@ grafana_provisioning_dashboard_template_files: |
         'path': 'roles/custom/matrix-prometheus-nginxlog-exporter/templates/grafana/nginx-proxy.json',
         'name': 'nginx-proxy.json',
     }] if matrix_prometheus_nginxlog_exporter_enabled else [])
-    +
-    ([{
-        'path': 'roles/custom/matrix-media-repo/templates/grafana/media-repo.json',
-        'name': 'media-repo.json',
-    }] if matrix_media_repo_metrics_enabled else [])
   }}
 
 grafana_default_home_dashboard_path: |-

requirements.yml

@@ -22,7 +22,7 @@
   version: v4.98-r0-0-0
   name: exim_relay
 - src: git+https://gitlab.com/etke.cc/roles/grafana.git
-  version: v11.1.0-0
+  version: v11.1.3-1
   name: grafana
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
   version: v9584-1

roles/custom/matrix-bot-buscarron/defaults/main.yml

@@ -6,7 +6,7 @@
 matrix_bot_buscarron_enabled: true
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/buscarron
-matrix_bot_buscarron_version: v1.4.1
+matrix_bot_buscarron_version: v1.4.2
 
 # The hostname at which Buscarron is served.
 matrix_bot_buscarron_hostname: ''
@@ -50,6 +50,17 @@ matrix_bot_buscarron_metrics_password: ''
 # /metrics allowed ips
 matrix_bot_buscarron_metrics_ips: []
 
+# healthchecks.io integration
+matrix_bot_buscarron_hc_url: ''  # default is https://hc-ping.com (healthchecks.io)
+matrix_bot_buscarron_hc_uuid: ''  # check UUID
+
+# redmine integration
+matrix_bot_buscarron_redmine_host: ''  # e.g. https://redmine.example.com
+matrix_bot_buscarron_redmine_apikey: ''
+matrix_bot_buscarron_redmine_project: ''  # project identifier (e.g., my-project)
+matrix_bot_buscarron_redmine_trackerid: ''  # task tracker ID (e.g., 1)
+matrix_bot_buscarron_redmine_statusid: ''  # task status ID (e.g., 1)
+
 
 # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.

roles/custom/matrix-bot-buscarron/templates/env.j2

@@ -5,6 +5,8 @@ BUSCARRON_DB_DSN={{ matrix_bot_buscarron_database_connection_string }}
 BUSCARRON_DB_DIALECT={{ matrix_bot_buscarron_database_dialect }}
 BUSCARRON_SPAMLIST={{ matrix_bot_buscarron_spamlist|join(" ") }}
 BUSCARRON_SENTRY={{ matrix_bot_buscarron_sentry }}
+BUSCARRON_HC_URL={{ matrix_bot_buscarron_hc_url }}
+BUSCARRON_HC_UUID={{ matrix_bot_buscarron_hc_uuid }}
 BUSCARRON_LOGLEVEL={{ matrix_bot_buscarron_loglevel }}
 BUSCARRON_BAN_SIZE={{ matrix_bot_buscarron_ban_size }}
 BUSCARRON_BAN_LIST={{ matrix_bot_buscarron_ban_list|default('')|join(' ') }}
@@ -16,6 +18,11 @@ BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }}
 BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }}
 BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }}
 BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }}
+BUSCARRON_REDMINE_HOST={{ matrix_bot_buscarron_redmine_host }}
+BUSCARRON_REDMINE_APIKEY={{ matrix_bot_buscarron_redmine_apikey }}
+BUSCARRON_REDMINE_PROJECT={{ matrix_bot_buscarron_redmine_project }}
+BUSCARRON_REDMINE_TRACKERID={{ matrix_bot_buscarron_redmine_trackerid }}
+BUSCARRON_REDMINE_STATUSID={{ matrix_bot_buscarron_redmine_statusid }}
 {% set forms = [] %}
 {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}}
 BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }}

roles/custom/matrix-bot-honoroit/defaults/main.yml

@@ -21,7 +21,7 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/honoroit
-matrix_bot_honoroit_version: v0.9.22
+matrix_bot_honoroit_version: v0.9.24
 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
 matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

roles/custom/matrix-bot-postmoogle/defaults/main.yml

@@ -10,7 +10,7 @@ matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_v
 matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
 
 # renovate: datasource=docker depName=registry.gitlab.com/etke.cc/postmoogle
-matrix_bot_postmoogle_version: v0.9.18
+matrix_bot_postmoogle_version: v0.9.20
 matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
 matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
 matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"

roles/custom/matrix-client-cinny/defaults/main.yml

@@ -7,7 +7,7 @@ matrix_client_cinny_container_image_self_build: false
 matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
 
 # renovate: datasource=docker depName=ajbura/cinny
-matrix_client_cinny_version: v3.2.0
+matrix_client_cinny_version: v4.0.3
 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
 matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"