spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
GNU Affero General Public License v3.0
4.92k stars 1.05k forks source link

Malformed /etc/systemd/system/matrix-synapse.service file #2348

Closed hungrymonkey closed 1 year ago

hungrymonkey commented 1 year ago

Describe the bug Somehow, matrix-synapse.service file became malformed. One line broke into many new lines with spaces

I used this branch f21269f4418ebe707dac079a505cb4fcecd6b267 with a few custom changes below. These changes should not impact matrix-synapse. I have not attempt to reproduce the issue yet.

$git show HEAD --stat
commit 4a78ea394fe67715a5ddd79096f9b0053564c101 (HEAD -> 2022_12_18, origin/2022_12_18)
Author: hungrymonkey <boringmonkey@gmail.com>
Date:   Thu Apr 23 18:41:27 2020 -0700

    Added s3 backup service
    Added s3 backup timer

    Added awscli dependency

    Save backups into YYYY-MM-DD format

    ansible-modules-extras issues ## 1695

 roles/matrix-base/tasks/server_base/setup_debian.yml                         |  1 +
 roles/matrix-postgres/defaults/main.yml                                      |  7 +++++++
 roles/matrix-postgres/tasks/init.yml                                         |  4 ++++
 roles/matrix-postgres/tasks/setup_postgres.yml                               | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 roles/matrix-postgres/templates/systemd/matrix-postgres-s3-backup.service.j2 | 17 +++++++++++++++++
 roles/matrix-postgres/templates/systemd/matrix-postgres-s3-backup.timer.j2   | 11 +++++++++++

To Reproduce My vars.yml file looks like this:

# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# Example value: example.com
matrix_domain: example.com

# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
#
# If you decide to use another method for managing SSL certifites (different than the default Let's Encrypt),
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: administrator@example.com

# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: “secret”

# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: “key”

### Slack needs control room id to work
# matrix_appservice_slack_enabled: true
# matrix_appservice_slack_control_room_id: ??????
matrix_matrix_hangouts_enabled: true

matrix_postgres_enabled: true
matrix_postgres_connection_password: “password”
matrix_postgres_s3_backup_enabled: true
matrix_postgres_s3_backup_bucket: "s3://example-backups/matrix/"

matrix_s3_media_store_enabled: true
matrix_s3_media_store_bucket_name: "example-matrix-synapse"
matrix_s3_media_store_aws_access_key: “id”
matrix_s3_media_store_aws_secret_key: “key”
matrix_s3_media_store_region: "us-east-1”

matrix_appservice_slack_enabled: true
matrix_appservice_slack_control_room_id: “!specialid:example.com"

matrix_dimension_enabled: true
matrix_dimension_admins: ['@admin-me:example.com', ‘@me:example.com', ‘@he:example.com', ‘@she:example.com', ‘@him:example.com']
matrix_dimension_access_token: “token”
matrix_jitsi_enabled: true
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
matrix_jitsi_auth_type: ldap
matrix_jitsi_ldap_url: ldaps://ldap.example.com/  # or ldaps:// if using tls
matrix_jitsi_ldap_filter: “filter # Use the username as login https://github.com/jitsi/jitsi-meet/wiki/LDAP-Authentication
matrix_jitsi_ldap_base: "ou=Users
matrix_jitsi_ldap_binddn: "cn=customt,ou=something,dc=users”
matrix_jitsi_ldap_bindpw: “pw"
matrix_jitsi_ldap_use_tls: true
matrix_jitsi_ldap_start_tls: false
matrix_jitsi_jicofo_component_secret: secret
matrix_jitsi_jicofo_auth_password: secret
matrix_jitsi_jvb_auth_password: secret
matrix_jitsi_jibri_recorder_password: secret
matrix_jitsi_jibri_xmpp_password: secret

matrix_jitsi_jibri_enabled: true
matrix_jitsi_jibri_finalize_recording_script: 'aws sync $RECORDINGS_DIR s3://example-jitsi-recordings/matrix-$(date +%m-%d-%Y) && rm $RECORDINGS_DIR/*'

matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled: true
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-synapse.md
# https://github.com/matrix-org/synapse/blob/master/docs/sample_config.yaml#L1245
matrix_synapse_configuration_extension_yaml: |
  oidc_providers:
    - idp_id: "oidc"
      idp_name: "keycloak"
      issuer: "https://keycloak.example.com/auth/realms/myrealm“
      client_id: “client_id”
      client_secret: "secret"
      scopes: ["openid", "profile"]
      user_mapping_provider:
        config:
          subject_claim: "email"
  password_config:
    enabled: false
    localdb_enabled: false
  sso:
    client_whitelist:
      - "https://riot.example.com/" 
      - "https://element.example.com/"

# Enable Katex - Remove when default
matrix_client_element_configuration_extension_json: |
  {
    "showLabsSettings": true
  }
[Unit]                  
Description=Synapse server
Requires=docker.service 
After=docker.service    

Requires=matrix-postgres.service
After=matrix-postgres.service

Requires=matrix-goofys  
After=matrix-goofys     

Wants=matrix-coturn.service
Wants=matrix-mailer.service

DefaultDependencies=no  

[Service]               
Type=simple             
Environment="HOME=/root"
ExecStartPre=-/usr/bin/env sh -c '/usr/bin/env docker kill matrix-synapse 2>/dev/null || true'
ExecStartPre=-/usr/bin/env sh -c '/usr/bin/env docker rm matrix-synapse 2>/dev/null || true'
# Allow for some time before starting, so that media store can mount.
# Mounting can happen later too, but if we start writing,
# we'd write files to the local filesystem and fusermount will complain.
ExecStartPre=/usr/bin/env sleep 3

ExecStart=/usr/bin/env docker run --rm --name matrix-synapse \
                        --log-driver=none \
                        --user=997:1001 \
                        --cap-drop=ALL \
                        --read-only \
                        --tmpfs=/tmp:rw,noexec,nosuid,size=2500m \
                        --network=matrix \
                        --mount type=bind,src=/matrix/synapse/config,dst=/data,ro \
                        --mount type=bind,src=/matrix/synapse/storage,dst=/matrix-media-store-parent,bind-propagation=slave \
                        [ \
                        ] \
                          \
                        + \
                          \
                        [ \
                        " \
                        - \
                        - \
                        m \
                        o \
                        u \
                        n \
                        t \
                          \
                        t \
                        y \
                        p \
                        e \
                        = \
                        b \
                        i \
                        n \
                        d \
                        , \
                        s \
                        r \
                        c \
                        = \
                        / \
                        m \
                        a \
                        t \ 
                        r \
                        i \
                        x \
                        / \
                        a \
                        p \
                        p \
                        s \
                        e \
                        r \
                        v \
                        i \
                        c \
                        e \
                        - \
                        s \
                        l \
                        a \
                        c \
                        k \
                        - \
                        r \
                        e \
                        g \
                        i \
                        s \
                        t \
                        r \
                        a \
                        t \
                        i \
                        o \
                        n \
                        . \
                        y \
                        a \
                        m \
                        l \
                        , \
                        r \
                        o \
                        " \
                        ] \

 \
                        docker.io/matrixdotorg/synapse:v1.58.1 \
                        run -m synapse.app.homeserver -c /data/homeserver.yaml

ExecStop=-/usr/bin/env sh -c '/usr/bin/env docker kill matrix-synapse 2>/dev/null || true'
ExecStop=-/usr/bin/env sh -c '/usr/bin/env docker rm matrix-synapse 2>/dev/null || true'
ExecReload=/usr/bin/env docker exec matrix-synapse /bin/sh -c 'kill -HUP 1'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-synapse

[Install]
WantedBy=multi-user.target

Expected behavior The matrix-synapse system service file should not be malformed. The service file works after removing the extra spaces, new lines and braces.

Matrix Server:

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.5 LTS
Release:    20.04
Codename:   focal

Linux ip-10-0-1-246 5.15.0-1026-aws #30~20.04.2-Ubuntu SMP Fri Nov 25 14:53:22 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
ansible [core 2.13.6]
  config file = /Users/psuedofinnish/git_repo/matrix-docker-ansible-deploy/ansible.cfg
  configured module search path = ['/Users/psuedofinnish/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/6.6.0/libexec/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/psuedofinnish/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.0 (main, Oct 25 2022, 14:13:24) [Clang 14.0.0 (clang-1400.0.29.202)]
  jinja version = 3.1.2
  libyaml = True

Client:

Additional context Add any other context about the problem here.

spantaleev commented 1 year ago

Why are you using something from more than 6 months ago..? Have you tried using the latest version?

hungrymonkey commented 1 year ago

opps

hungrymonkey commented 1 year ago

Ii entered the wrong commit in my bug report

hungrymonkey commented 1 year ago

I will reopen once i figure things out. i usually cherry-pick my changes.

hungrymonkey commented 1 year ago

Thanks, I mess up my git fu. I might had used a buggy commit. Thank you very much.