From 308fc9c60a15b91354306bb525537b2c83e43476 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 10 May 2020 09:52:52 +0300 Subject: [PATCH 01/84] Fix webhooks service address when matrix-nginx-proxy disabled Fixes #494 (Github Issue). --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 382897fd..970a5703 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -88,7 +88,7 @@ matrix_appservice_webhooks_enabled: false # Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # matrix-appservice-webhooks' client-server port to the local host. -matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}' }}" +matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_appservice_webhooks_matrix_port) }}" matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}" From 058e3bbd7fc7eac3feb63d4114e1bcc571188850 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Sun, 10 May 2020 18:44:52 +0200 Subject: [PATCH 02/84] Document how to administer synapse database via tunneled web-frontend --- docs/maintenance-synapse.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index ab33b9de..b7c1ede2 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -14,6 +14,7 @@ Table of contents: - [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api) - [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state) +- [Browse and manipulate the database](#browse-and-manipulate-the-database), for when you really need to take matters into your own hands ## Purging unused data with synapse-janitor @@ -76,3 +77,23 @@ Don't forget that disk space only ever gets released after a [`FULL` Postgres `V Unfortunately, at this time the playbook can't help you run this **experimental tool**. Since it's also experimental, you may wish to stay away from it, or at least [make Postgres backups](./maintenance-postgres.md#backing-up-postgresql) first. + +## Browse and manipulate the database + +When the [matrix admin API](https://github.com/matrix-org/synapse/tree/master/docs/admin_api) and the other tools do not provide a more convenient way, having a look at synapse's postgresql database can satisfy a lot of admins' needs. +First, set up an SSH tunnel to your matrix server (skip if it is your local machine): + +``` +# you may replace 1799 with an arbitrary port unbound on both machines +ssh -L 1799:localhost:1799 matrix.DOMAIN +``` + +Then start up an ephemeral [adminer](https://www.adminer.org/) container, connecting it to the matrix-net and linking the postgresql container: + +``` +docker run --rm --publish 1799:8080 --link matrix-postgres --net matrix adminer +``` + +You should then be able to browse the adminer database administration GUI at http://localhost:1799/ after entering your DB credentials (found in the `host_vars` or on the server in `{{matrix_synapse_config_dir_path}}/homeserver.yaml` under `database.args`) + +⚠️ Be **very careful** with this, there is **no undo** for impromptu DB operations. From 4ff7e753b2b7471bd6a152cca76818a00aedac65 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 11 May 2020 11:09:22 +0300 Subject: [PATCH 03/84] Make it clearer where to spawn adminer --- docs/maintenance-synapse.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index b7c1ede2..9c70934d 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -88,7 +88,7 @@ First, set up an SSH tunnel to your matrix server (skip if it is your local mach ssh -L 1799:localhost:1799 matrix.DOMAIN ``` -Then start up an ephemeral [adminer](https://www.adminer.org/) container, connecting it to the matrix-net and linking the postgresql container: +Then start up an ephemeral [adminer](https://www.adminer.org/) container on the Matrix server, connecting it to the `matrix` network and linking the postgresql container: ``` docker run --rm --publish 1799:8080 --link matrix-postgres --net matrix adminer From 93f4111654a202158f85fa15d5ff898274ab893d Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Wed, 13 May 2020 16:15:37 +0200 Subject: [PATCH 04/84] Prevent 404s when Riot tries to retrieve domain-specific config.json Riot unconditionally asks for a config.${document.domain}.json, c.f. https://github.com/vector-im/riot-web/blame/develop/src/vector/getconfig.ts#L24 --- .../matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 index 51c61f47..364e0fa1 100644 --- a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 @@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ -v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \ -v /dev/null:/etc/nginx/conf.d/default.conf:ro \ -v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \ + -v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \ {% if matrix_riot_web_embedded_pages_home_path is not none %} -v {{ matrix_riot_web_data_path }}/home.html:/app/home.html:ro \ {% endif %} From d430e42c99e94e763525402579d8cfd2de9d50ea Mon Sep 17 00:00:00 2001 From: chagai95 <31655082+chagai95@users.noreply.github.com> Date: Sat, 16 May 2020 14:49:12 +0200 Subject: [PATCH 05/84] Typo STMP -> SMTP --- docs/configuring-playbook-email.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 0933fb54..d9721a4e 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -34,7 +34,7 @@ matrix_mailer_relay_auth_password: "some-password" ### Configuations for sending emails using Sendgrid -An easy and free STMP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`. +An easy and free SMTP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`. The only other thing you need to change is the `matrix_mailer_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`. From c2df3d7bbfc4bd9397d5512ae80f175d4daf6004 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sat, 16 May 2020 15:00:44 +0200 Subject: [PATCH 06/84] Update jitsi containers to 4548-1 --- roles/matrix-jitsi/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index fc428b96..9d79a5cd 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -50,7 +50,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: '' -matrix_jitsi_web_docker_image: "jitsi/web:4416" +matrix_jitsi_web_docker_image: "jitsi/web:4548-1" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -96,7 +96,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:4416" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:4548-1" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -109,7 +109,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4416" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4548-1" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -126,7 +126,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' -matrix_jitsi_jvb_docker_image: "jitsi/jvb:4416" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:4548-1" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From fbd8f3ec9bcebcef9c09e7a345a6713a4a3c2c51 Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sat, 16 May 2020 15:12:51 +0200 Subject: [PATCH 07/84] Jitsi prosody: add volume /prosody-plugins-custom --- roles/matrix-jitsi/defaults/main.yml | 1 + .../templates/prosody/matrix-jitsi-prosody.service.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 9d79a5cd..bc61829e 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -101,6 +101,7 @@ matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_im matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" matrix_jitsi_prosody_config_path: "{{ matrix_jitsi_prosody_base_path }}/config" +matrix_jitsi_prosody_plugins_path: "{{ matrix_jitsi_prosody_base_path }}/prosody-plugins-custom" # A list of extra arguments to pass to the container matrix_jitsi_prosody_container_extra_arguments: [] diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index bf43021d..459a24d3 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -16,6 +16,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_jitsi_prosody_base_path }}/env \ -v {{ matrix_jitsi_prosody_config_path }}:/config \ + -v {{ matrix_jitsi_prosody_plugins_path }}:/prosody-plugins-custom \ {% for arg in matrix_jitsi_prosody_container_extra_arguments %} {{ arg }} \ {% endfor %} From 47001258b5935e86e239b7a4acc328a76b1fa41c Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Sun, 17 May 2020 14:19:58 +0200 Subject: [PATCH 08/84] Ensure prosody plugin path created / permissions --- roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml index 4159362d..66299f64 100644 --- a/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml +++ b/roles/matrix-jitsi/tasks/setup_jitsi_prosody.yml @@ -14,6 +14,7 @@ with_items: - { path: "{{ matrix_jitsi_prosody_base_path }}", when: true } - { path: "{{ matrix_jitsi_prosody_config_path }}", when: true } + - { path: "{{ matrix_jitsi_prosody_plugins_path }}", when: true } when: matrix_jitsi_enabled|bool and item.when - name: Ensure jitsi-prosody Docker image is pulled From ba23779b05a89714d7cecb3ce9db96652cb1b56f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 17 May 2020 21:23:18 +0300 Subject: [PATCH 09/84] Fix incorrect Jitsi container image tags Related to #508 (Github Pull Request). --- roles/matrix-jitsi/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index bc61829e..21dae448 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -50,7 +50,7 @@ matrix_jitsi_jibri_recorder_user: recorder matrix_jitsi_jibri_recorder_password: '' -matrix_jitsi_web_docker_image: "jitsi/web:4548-1" +matrix_jitsi_web_docker_image: "jitsi/web:stable-4548-1" matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}" matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web" @@ -96,7 +96,7 @@ matrix_jitsi_web_interface_config_show_powered_by: false matrix_jitsi_web_interface_config_disable_transcription_subtitles: false matrix_jisti_web_interface_config_show_deep_linking_image: false -matrix_jitsi_prosody_docker_image: "jitsi/prosody:4548-1" +matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1" matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}" matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody" @@ -110,7 +110,7 @@ matrix_jitsi_prosody_container_extra_arguments: [] matrix_jitsi_prosody_systemd_required_services_list: ['docker.service'] -matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:4548-1" +matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4548-1" matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}" matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo" @@ -127,7 +127,7 @@ matrix_jitsi_jicofo_auth_user: focus matrix_jitsi_jicofo_auth_password: '' -matrix_jitsi_jvb_docker_image: "jitsi/jvb:4548-1" +matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4548-1" matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}" matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb" From 07ff1162661b52a0a161ec769f4ad55aa3393d4c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 May 2020 12:57:19 +0300 Subject: [PATCH 10/84] Do not send User Directory search requests to ma1sd for now We can undo this once https://github.com/ma1uta/ma1sd/issues/44 gets resolved. --- CHANGELOG.md | 14 ++++++++++++++ group_vars/matrix_servers | 5 ++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e018879..de86333d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2020-05-19 + +## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server + +User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database. + +ma1sd current has [a security issue](https://github.com/ma1uta/ma1sd/issues/44), which made it leak information about all users - including users created by bridges, etc. + +Until the issue gets fixed, we're making User Directory search not go to ma1sd by default. You **need to re-run the playbook and restart services to apply this workaround**. + +*If you insist on restoring the old behavior* (**which has a security issue!**), you *might* use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"` + + # 2020-04-28 ## Newer IRC bridge (with potential breaking change) @@ -11,6 +24,7 @@ If you did not include `mappings` in your configuration for IRC, no change is necessary. `mappings` is not part of the default configuration. + # 2020-04-23 ## Slack bridging support diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 970a5703..6d9876ac 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -616,7 +616,10 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" -matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}" +# Not proxying the user directory search to the identity server by default anymore, +# because it currently leaks data. +# See: https://github.com/ma1uta/ma1sd/issues/44 +matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}" matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}" From 7a2dbdc2d7c5595a6bab71295f62660d152d7eee Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 May 2020 15:06:35 +0300 Subject: [PATCH 11/84] Update components --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- roles/matrix-riot-web/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 5f6d0503..819691f6 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -3,7 +3,7 @@ matrix_appservice_irc_enabled: true -matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.16.0" +matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.17.1" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 8f329f1a..07dd2038 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 71255e24..d8233699 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.0" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From a03e95b7eb4d20ba3765e959af332feb2ad66057 Mon Sep 17 00:00:00 2001 From: louis Date: Tue, 19 May 2020 17:06:11 +0200 Subject: [PATCH 12/84] enable by default v2 api prefix for ma1sd --- roles/matrix-ma1sd/defaults/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index 144f4932..a02845f9 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -76,6 +76,10 @@ matrix_ma1sd_self_check_validate_certificates: true # According to: https://github.com/ma1uta/ma1sd/blob/master/docs/troubleshooting.md#increase-verbosity matrix_ma1sd_verbose_logging: false +# Setting up support for API prefixes +matrix_ma1sd_v1_enabled: true +matrix_ma1sd_v2_enabled: true + # Default ma1sd configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -85,6 +89,8 @@ matrix_ma1sd_configuration_yaml: | #jinja2: lstrip_blocks: True matrix: domain: {{ matrix_domain }} + v1: {{ matrix_ma1sd_v1_enabled }} + v2: {{ matrix_ma1sd_v2_enabled }} server: name: {{ matrix_server_fqn_matrix }} From a3259bbd777da37f7446d16e049f2fb9ea8326a0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 May 2020 21:15:23 +0300 Subject: [PATCH 13/84] Add |to_json to some variables --- roles/matrix-ma1sd/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index a02845f9..ff2f72d4 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -89,8 +89,8 @@ matrix_ma1sd_configuration_yaml: | #jinja2: lstrip_blocks: True matrix: domain: {{ matrix_domain }} - v1: {{ matrix_ma1sd_v1_enabled }} - v2: {{ matrix_ma1sd_v2_enabled }} + v1: {{ matrix_ma1sd_v1_enabled|to_json }} + v2: {{ matrix_ma1sd_v2_enabled|to_json }} server: name: {{ matrix_server_fqn_matrix }} From 8fb3ce6f6d4c312f264d613b21308d3d07cd4414 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 19 May 2020 21:35:32 +0300 Subject: [PATCH 14/84] Upgrade Synapse (v1.12.4 -> v1.13.0) --- .../tasks/import_sqlite_db.yml | 1 - roles/matrix-synapse/defaults/main.yml | 3 +- roles/matrix-synapse/tasks/setup_synapse.yml | 1 - .../templates/synapse/homeserver.yaml.j2 | 166 +++++++++++++----- .../synapse/systemd/matrix-synapse.service.j2 | 1 - 5 files changed, 123 insertions(+), 49 deletions(-) diff --git a/roles/matrix-postgres/tasks/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml index eab4e892..42c39a2d 100644 --- a/roles/matrix-postgres/tasks/import_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_sqlite_db.yml @@ -79,7 +79,6 @@ --network={{ matrix_docker_network }} --entrypoint=python -v {{ matrix_synapse_config_dir_path }}:/data - -v {{ matrix_synapse_run_path }}:/matrix-run -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro {{ matrix_synapse_docker_image }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 8597c751..50d7d824 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,13 +5,12 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.4" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" -matrix_synapse_run_path: "{{ matrix_synapse_base_path }}/run" matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage" matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store" matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext" diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index 4fb41b1a..1ae7ade6 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -9,7 +9,6 @@ group: "{{ matrix_user_groupname }}" with_items: - { path: "{{ matrix_synapse_config_dir_path }}", when: true } - - { path: "{{ matrix_synapse_run_path }}", when: true } - { path: "{{ matrix_synapse_ext_path }}", when: true } - { path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}" } # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 4479d8fc..e729c733 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -20,10 +20,15 @@ server_name: "{{ matrix_domain }}" # pid_file: /homeserver.pid -# The path to the web client which will be served at /_matrix/client/ -# if 'webclient' is configured under the 'listeners' configuration. +# The absolute URL to the web client which /_matrix/client will redirect +# to if 'webclient' is configured under the 'listeners' configuration. # -#web_client_location: "/path/to/web/root" +# This option can be also set to the filesystem path to the web client +# which will be served at /_matrix/client/ if 'webclient' is configured +# under the 'listeners' configuration, however this is a security risk: +# https://github.com/matrix-org/synapse#security-note +# +#web_client_location: https://riot.example.com/ # The public-facing base URL that clients use to access this HS # (not including _matrix/...). This is the same URL a user would @@ -252,6 +257,19 @@ listeners: {% endif %} +# Forward extremities can build up in a room due to networking delays between +# homeservers. Once this happens in a large room, calculation of the state of +# that room can become quite expensive. To mitigate this, once the number of +# forward extremities reaches a given threshold, Synapse will send an +# org.matrix.dummy_event event, which will reduce the forward extremities +# in the room. +# +# This setting defines the threshold (i.e. number of forward extremities in the +# room) at which dummy events are sent. The default value is 10. +# +#dummy_events_threshold: 5 + + ## Homeserver blocking ## # How to reach the server admin, used in ResourceLimitError @@ -410,6 +428,16 @@ retention: # longest_max_lifetime: 1y # interval: 1d +# Inhibits the /requestToken endpoints from returning an error that might leak +# information about whether an e-mail address is in use or not on this +# homeserver. +# Note that for some endpoints the error situation is the e-mail already being +# used, and for others the error is entering the e-mail being unused. +# If this option is enabled, instead of returning an error, these endpoints will +# act as if no error happened and return a fake session ID ('sid') to clients. +# +#request_token_inhibit_3pid_errors: true + ## TLS ## @@ -706,20 +734,15 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire # #media_storage_providers: # - module: file_system -# # Whether to write new local files. +# # Whether to store newly uploaded local files # store_local: false -# # Whether to write new remote media +# # Whether to store newly downloaded remote files # store_remote: false -# # Whether to block upload requests waiting for write to this -# # provider to complete +# # Whether to wait for successful storage for local uploads # store_synchronous: false # config: # directory: /mnt/some/other/directory -# Directory where in-progress uploads are stored. -# -uploads_path: "/matrix-run/uploads" - # The largest allowed upload size in bytes # max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M" @@ -834,6 +857,31 @@ url_preview_ip_range_blacklist: # max_spider_size: 10M +# A list of values for the Accept-Language HTTP header used when +# downloading webpages during URL preview generation. This allows +# Synapse to specify the preferred languages that URL previews should +# be in when communicating with remote servers. +# +# Each value is a IETF language tag; a 2-3 letter identifier for a +# language, optionally followed by subtags separated by '-', specifying +# a country or region variant. +# +# Multiple values can be provided, and a weight can be added to each by +# using quality value syntax (;q=). '*' translates to any language. +# +# Defaults to "en". +# +# Example: +# +# url_preview_accept_language: +# - en-UK +# - en-US;q=0.9 +# - fr;q=0.8 +# - *;q=0.7 +# +url_preview_accept_language: +# - en + ## Captcha ## # See docs/CAPTCHA_SETUP for full details of configuring this. @@ -852,10 +900,6 @@ max_spider_size: 10M # #enable_registration_captcha: false -# A secret key used to bypass the captcha test entirely. -# -#captcha_bypass_secret: "YOUR_SECRET_HERE" - # The API endpoint to use for verifying m.login.recaptcha responses. # #recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" @@ -1066,6 +1110,29 @@ account_threepid_delegates: email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} +# Whether users are allowed to change their displayname after it has +# been initially set. Useful when provisioning users based on the +# contents of a third-party directory. +# +# Does not apply to server administrators. Defaults to 'true' +# +#enable_set_displayname: false + +# Whether users are allowed to change their avatar after it has been +# initially set. Useful when provisioning users based on the contents +# of a third-party directory. +# +# Does not apply to server administrators. Defaults to 'true' +# +#enable_set_avatar_url: false + +# Whether users can change the 3PIDs associated with their accounts +# (email address and msisdn). +# +# Defaults to 'true' +# +#enable_3pid_changes: false + # Users who register on this homeserver will automatically be joined # to these rooms # @@ -1108,7 +1175,7 @@ sentry: # enabled by default, either for performance reasons or limited use. # metrics_flags: - # Publish synapse_federation_known_servers, a g auge of the number of + # Publish synapse_federation_known_servers, a gauge of the number of # servers this homeserver knows about, including itself. May cause # performance problems on large homeservers. # @@ -1272,32 +1339,32 @@ saml2_config: # remote: # - url: https://our_idp/metadata.xml # - # # By default, the user has to go to our login page first. If you'd like - # # to allow IdP-initiated login, set 'allow_unsolicited: true' in a - # # 'service.sp' section: - # # - # #service: - # # sp: - # # allow_unsolicited: true - # - # # The examples below are just used to generate our metadata xml, and you - # # may well not need them, depending on your setup. Alternatively you - # # may need a whole lot more detail - see the pysaml2 docs! - # - # description: ["My awesome SP", "en"] - # name: ["Test SP", "en"] - # - # organization: - # name: Example com - # display_name: - # - ["Example co", "en"] - # url: "http://example.com" - # - # contact_person: - # - given_name: Bob - # sur_name: "the Sysadmin" - # email_address": ["admin@example.com"] - # contact_type": technical + # # By default, the user has to go to our login page first. If you'd like + # # to allow IdP-initiated login, set 'allow_unsolicited: true' in a + # # 'service.sp' section: + # # + # #service: + # # sp: + # # allow_unsolicited: true + # + # # The examples below are just used to generate our metadata xml, and you + # # may well not need them, depending on your setup. Alternatively you + # # may need a whole lot more detail - see the pysaml2 docs! + # + # description: ["My awesome SP", "en"] + # name: ["Test SP", "en"] + # + # organization: + # name: Example com + # display_name: + # - ["Example co", "en"] + # url: "http://example.com" + # + # contact_person: + # - given_name: Bob + # sur_name: "the Sysadmin" + # email_address": ["admin@example.com"] + # contact_type": technical # Instead of putting the config inline as above, you can specify a # separate pysaml2 configuration file: @@ -1532,8 +1599,19 @@ email: #template_dir: "res/templates" {% endif %} - -#password_providers: +# Password providers allow homeserver administrators to integrate +# their Synapse installation with existing authentication methods +# ex. LDAP, external tokens, etc. +# +# For more information and known implementations, please see +# https://github.com/matrix-org/synapse/blob/master/docs/password_auth_providers.md +# +# Note: instances wishing to use SAML or CAS authentication should +# instead use the `saml2_config` or `cas_config` options, +# respectively. +# +# password_providers: +# # Example config for an LDAP auth provider # - module: "ldap_auth_provider.LdapAuthProvider" # config: # enabled: true diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 0bd2c25d..e7b7f1c6 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -45,7 +45,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ -p {{ matrix_synapse_container_manhole_api_host_bind_port }}:9000 \ {% endif %} -v {{ matrix_synapse_config_dir_path }}:/data:ro \ - -v {{ matrix_synapse_run_path }}:/matrix-run:rw \ -v {{ matrix_synapse_storage_path }}:/matrix-media-store-parent:slave \ {% for volume in matrix_synapse_container_additional_volumes %} -v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \ From ee3944bcdb1befeaf4daa278a846084bc9087913 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Thu, 21 May 2020 11:40:40 -0500 Subject: [PATCH 15/84] Update postgres (12.2 -> 12.3, etc) --- roles/matrix-postgres/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 4089793a..e26c43e7 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -8,10 +8,10 @@ matrix_postgres_db_name: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine" -matrix_postgres_docker_image_v10: "postgres:10.12-alpine" -matrix_postgres_docker_image_v11: "postgres:11.7-alpine" -matrix_postgres_docker_image_v12: "postgres:12.2-alpine" +matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine" +matrix_postgres_docker_image_v10: "postgres:10.13-alpine" +matrix_postgres_docker_image_v11: "postgres:11.8-alpine" +matrix_postgres_docker_image_v12: "postgres:12.3-alpine" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}" # This variable is assigned at runtime. Overriding its value has no effect. From c1bb4f680ef96a5df8c681fcb75671e4b595dafa Mon Sep 17 00:00:00 2001 From: joao-p-marques Date: Thu, 21 May 2020 23:40:38 +0100 Subject: [PATCH 16/84] enable oauth --- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 7648fafe..8a993bb7 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -68,7 +68,7 @@ matrix_mx_puppet_slack_configuration_yaml: | # Slack OAuth settings. Create a slack app at https://api.slack.com/apps oauth: - enabled: false + enabled: true # Slack app credentials. # N.B. This must be quoted so YAML wouldn't parse it as a float. clientId: "{{ matrix_mx_puppet_slack_client_id }}" From afd6d7e45ab5baa316dbd677ea4f5c6321452f2e Mon Sep 17 00:00:00 2001 From: joao-p-marques Date: Thu, 21 May 2020 23:40:54 +0100 Subject: [PATCH 17/84] change var name to correct one --- roles/matrix-bridge-mx-puppet-slack/tasks/init.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 0b823b2c..5781adf5 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -50,7 +50,7 @@ }} tags: - always - when: matrix_appservice_slack_enabled|bool + when: matrix_mx_puppet_slack_enabled|bool - name: Warn about reverse-proxying if matrix-nginx-proxy not used debug: @@ -60,7 +60,7 @@ Please make sure that you're proxying the `{{ something }}` URL endpoint to the matrix-appservice-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. - when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" # ansible lower than 2.8, does not support docker_image build parameters # for self buildig it is explicitly needed, so we rather fail here From 3198ed0dc962ef2abd9875387e61a59b307ad541 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 May 2020 11:12:06 +0300 Subject: [PATCH 18/84] Add missing matrix_mx_puppet_slack_container_http_host_bind_port variable --- roles/matrix-bridge-mx-puppet-slack/defaults/main.yml | 5 +++++ roles/matrix-bridge-mx-puppet-slack/tasks/init.yml | 4 ++-- .../templates/systemd/matrix-mx-puppet-slack.service.j2 | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 8a993bb7..083910b1 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true matrix_mx_puppet_slack_container_image_self_build: false +# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8432"), or empty string to not expose. +matrix_mx_puppet_slack_container_http_host_bind_port: '' + matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest" matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml index 5781adf5..dac04b9b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -57,8 +57,8 @@ msg: >- NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy reverse proxy. - Please make sure that you're proxying the `{{ something }}` - URL endpoint to the matrix-appservice-slack container. + Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}` + URL endpoint to the matrix-mx-puppet-slack container. You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index a86c6765..6db53733 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -22,6 +22,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ + {% if matrix_mx_puppet_slack_container_http_host_bind_port %} + -p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \ + {% endif %} -e CONFIG_PATH=/config/config.yaml \ -e REGISTRATION_PATH=/config/registration.yaml \ -v {{ matrix_mx_puppet_slack_config_path }}:/config:z \ From 2d75fca257db5ff754954bf2be7d6d5ad73ad6a4 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Fri, 22 May 2020 13:50:59 +0200 Subject: [PATCH 19/84] added matrix-sms-bridge --- group_vars/matrix_servers | 28 +++- roles/matrix-sms-bridge/defaults/main.yml | 151 ++++++++++++++++++ roles/matrix-sms-bridge/tasks/init.yml | 24 +++ roles/matrix-sms-bridge/tasks/main.yml | 21 +++ .../matrix-sms-bridge/tasks/setup_install.yml | 71 ++++++++ .../tasks/setup_uninstall.yml | 24 +++ .../tasks/validate_config.yml | 12 ++ .../systemd/matrix-sms-bridge.service.j2 | 59 +++++++ 8 files changed, 389 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-sms-bridge/defaults/main.yml create mode 100644 roles/matrix-sms-bridge/tasks/init.yml create mode 100644 roles/matrix-sms-bridge/tasks/main.yml create mode 100644 roles/matrix-sms-bridge/tasks/setup_install.yml create mode 100644 roles/matrix-sms-bridge/tasks/setup_uninstall.yml create mode 100644 roles/matrix-sms-bridge/tasks/validate_config.yml create mode 100644 roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6d9876ac..1fb1ea0f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -276,7 +276,6 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro # ###################################################################### - ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -305,6 +304,33 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro # ###################################################################### +###################################################################### +# +# matrix-sms-bridge +# +###################################################################### + +# We don't enable bridges by default. +matrix_sms_bridge_enabled: false + +matrix_sms_bridge_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}" + +matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" + +matrix_sms_bridge_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.db.password') | to_uuid }}" + +###################################################################### +# +# /matrix-sms-bridge +# +###################################################################### ###################################################################### # diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml new file mode 100644 index 00000000..089b78ef --- /dev/null +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -0,0 +1,151 @@ +# matrix-sms-bridge is a Matrix <-> SMS bridge +# See: https://github.com/benkuly/matrix-sms-bridge + +matrix_sms_bridge_enabled: true + +matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:latest" +matrix_sms_bridge_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" +matrix_sms_bridge_database_docker_image: "neo4j:latest" +matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}" + +matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" +matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config" +matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data" +matrix_sms_bridge_data_spool_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool" +matrix_sms_bridge_data_spool_inbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox" +matrix_sms_bridge_data_spool_inbox_processed_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox_processed" +matrix_sms_bridge_data_spool_outbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/outbox" +matrix_sms_bridge_data_spool_sent_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/sent" +matrix_sms_bridge_data_spool_error_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/error" +matrix_sms_bridge_database_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/database" + +matrix_sms_bridge_appservice_token: '' +matrix_sms_bridge_homeserver_token: '' + +matrix_sms_bridge_database_username: 'matrix-sms-bridge' +matrix_sms_bridge_database_password: '' + +matrix_sms_bridge_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_sms_bridge_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-discord.service depends on. +matrix_sms_bridge_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-discord.service wants +matrix_sms_bridge_systemd_wanted_services_list: [] + +matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' +matrix_sms_bridge_database_url: 'bolt://matrix-sms-bridge-database:7687' +matrix_sms_bridge_homeserver_hostname: 'matrix-synapse' +matrix_sms_bridge_homeserver_port: '8008' + +matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" +matrix_sms_bridge_default_room: '' + +matrix_sms_bridge_gammu_modem: '' + + +matrix_sms_bridge_configuration_yaml: | + #jinja2: lstrip_blocks: "True" + + # Database connection + org: + neo4j: + driver: + uri: {{ matrix_sms_bridge_database_url }} + authentication: + username: {{ matrix_sms_bridge_database_username }} + password: {{ matrix_sms_bridge_database_password }} + + matrix: + bridge: + sms: + # (optional) SMS messages without a valid token a routed to this room. + # Note that you must invite @smsbot:yourHomeServer to this room. + defaultRoomId: "{{ matrix_sms_bridge_default_room }}" + templates: + # (optional) The message, that will be sent as SMS. Valid placeholders are {sender}, {body} and {token}. + outgoingMessage: "{sender} wrote:\n\n{body}\n\nTo answer to this message add this token to your message: {token}" + # (optional) The message, that will be sent as SMS, when an incoming SMS didn't contain a valid token + # and was routed to a default room. By default no answer will be sent. + answerInvalidTokenWithDefaultRoom: "Your token was invalid. The message will be sent to a default matrix room." + # (optional) The message, that will be sent as SMS, when an incoming SMS didn't contain a valid token + # and no default room is configured. + answerInvalidTokenWithoutDefaultRoom: "Your message did not contain any valid token. Nobody will read your message.", + # (optional) The message, that will be sent to a matrix room, when sending a bridged message via SMS failed. + sendSmsError: "Could not send SMS to this user. Please try it again later." + # (optional) The content of bridged SMS message into the default room. Valid placeholders are {sender} and {body}. + defaultRoomIncomingMessage: "{sender} wrote:\n{body}" + provider: + gammu: + # (optional) default is disabled + enabled: true + # (optional) Path to the Gammu-Inbox directory. Default is "/var/spool/gammu/inbox". + inboxPath: "{{ matrix_sms_bridge_data_path }}/spool/inbox" + # (optional) Path to the directory, where to put processed messages. Default is "/var/spool/gammu/inbox_processed". + inboxProcessedPath: "{{ matrix_sms_bridge_data_path }}/spool/inbox_processed" + bot: + # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org + serverName: {{ matrix_sms_bridge_homserver_domain }} + client: + homeServer: + # The hostname of your Homeserver. + hostname: {{ matrix_sms_bridge_homeserver_hostname }} + # (optional) The port of your Homeserver. Default is 443. + port: {{ matrix_sms_bridge_homeserver_port }} + # (optional) Use http or https. Default is true (so uses https). + secure: false + # The token to authenticate against the Homeserver. + token: {{ matrix_sms_bridge_appservice_token }} + appservice: + # A unique token for Homeservers to use to authenticate requests to this application service. + hsToken: {{ matrix_sms_bridge_homeserver_token }} + +matrix_sms_bridge_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_sms_bridge_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_sms_bridge_configuration_yaml`. + +matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml|from_yaml if matrix_sms_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" + +matrix_sms_bridge_gammu_configuration: | + [gammu] + Device = /dev/ttyModem + LogFile = {{ matrix_sms_bridge_data_path }}/log/gammu.log + debugLevel = 1 + + [smsd] + Service = files + LoopSleep = 2 + InboxPath = {{ matrix_sms_bridge_data_path }}/spool/inbox/ + OutboxPath = {{ matrix_sms_bridge_data_path }}/spool/outbox/ + SentSMSPath = {{ matrix_sms_bridge_data_path }}/spool/sent/ + ErrorSMSPath = {{ matrix_sms_bridge_data_path }}/spool/error/ + InboxFormat = detail + OutboxFormat = detail + TransmitFormat = auto + debugLevel = 1 + LogFile = {{ matrix_sms_bridge_data_path }}/log/smsd.log + DeliveryReport = log + DeliveryReportDelay = 7200 + HangupCalls = 1 + CheckBattery = 0 + + +matrix_sms_bridge_registration_yaml: | + id: sms + as_token: "{{ matrix_sms_bridge_appservice_token }}" + hs_token: "{{ matrix_sms_bridge_homeserver_token }}" + namespaces: + users: + - exclusive: true + regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$' + url: {{ matrix_sms_bridge_appservice_url }} + sender_localpart: smsbot + rate_limited: false diff --git a/roles/matrix-sms-bridge/tasks/init.yml b/roles/matrix-sms-bridge/tasks/init.yml new file mode 100644 index 00000000..7a49e4b2 --- /dev/null +++ b/roles/matrix-sms-bridge/tasks/init.yml @@ -0,0 +1,24 @@ +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-sms-bridge role needs to execute before the matrix-synapse role. + when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}" + when: matrix_sms_bridge_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-sms-bridge-registration.yaml"] }} + when: matrix_sms_bridge_enabled|bool diff --git a/roles/matrix-sms-bridge/tasks/main.yml b/roles/matrix-sms-bridge/tasks/main.yml new file mode 100644 index 00000000..c1c499de --- /dev/null +++ b/roles/matrix-sms-bridge/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_sms_bridge_enabled|bool" + tags: + - setup-all + - setup-matrix-sms-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_sms_bridge_enabled|bool" + tags: + - setup-all + - setup-matrix-sms-bridge + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_sms_bridge_enabled|bool" + tags: + - setup-all + - setup-matrix-sms-bridge diff --git a/roles/matrix-sms-bridge/tasks/setup_install.yml b/roles/matrix-sms-bridge/tasks/setup_install.yml new file mode 100644 index 00000000..1ceb371e --- /dev/null +++ b/roles/matrix-sms-bridge/tasks/setup_install.yml @@ -0,0 +1,71 @@ +--- + +- name: Ensure matrix-sms-bridge image is pulled + docker_image: + name: "{{ matrix_sms_bridge_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_sms_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_docker_image_force_pull }}" + +- name: Ensure matrix-sms-bridge databse image is pulled + docker_image: + name: "{{ matrix_sms_bridge_database_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_sms_bridge_database_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_database_docker_image_force_pull }}" + + +- name: Ensure matrix-sms-bridge paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_sms_bridge_base_path }}" + - "{{ matrix_sms_bridge_config_path }}" + - "{{ matrix_sms_bridge_data_path }}" + - "{{ matrix_sms_bridge_data_spool_path }}" + - "{{ matrix_sms_bridge_data_spool_inbox_path }}" + - "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}" + - "{{ matrix_sms_bridge_data_spool_outbox_path }}" + - "{{ matrix_sms_bridge_data_spool_sent_path }}" + - "{{ matrix_sms_bridge_data_spool_error_path }}" + - "{{ matrix_sms_bridge_database_path }}" + +- name: Ensure matrix-sms-bridge application.yml installed + copy: + content: "{{ matrix_sms_bridge_configuration|to_nice_yaml }}" + dest: "{{ matrix_sms_bridge_config_path }}/application.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-sms-bridge registration.yaml installed + copy: + content: "{{ matrix_sms_bridge_registration|to_nice_yaml }}" + dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-sms-bridge gammu-smsdrc installed + copy: + content: "{{ matrix_sms_bridge_registration }}" + dest: "{{ matrix_sms_bridge_config_path }}/gammu-smsdrc" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-sms-bridge.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + mode: 0644 + register: matrix_sms_bridge_systemd_service_result + +- name: Ensure systemd reloaded after matrix-sms-bridge.service installation + service: + daemon_reload: yes + when: "matrix_sms_bridge_systemd_service_result.changed" diff --git a/roles/matrix-sms-bridge/tasks/setup_uninstall.yml b/roles/matrix-sms-bridge/tasks/setup_uninstall.yml new file mode 100644 index 00000000..10912700 --- /dev/null +++ b/roles/matrix-sms-bridge/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-sms-bridge service + stat: + path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + register: matrix_sms_bridge_service_stat + +- name: Ensure matrix-sms-bridge is stopped + service: + name: matrix-sms-bridge + state: stopped + daemon_reload: yes + when: "matrix_sms_bridge_service_stat.stat.exists" + +- name: Ensure matrix-sms-bridge.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" + state: absent + when: "matrix_sms_bridge_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-sms-bridge.service removal + service: + daemon_reload: yes + when: "matrix_sms_bridge_service_stat.stat.exists" diff --git a/roles/matrix-sms-bridge/tasks/validate_config.yml b/roles/matrix-sms-bridge/tasks/validate_config.yml new file mode 100644 index 00000000..8eb7b63c --- /dev/null +++ b/roles/matrix-sms-bridge/tasks/validate_config.yml @@ -0,0 +1,12 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_sms_bridge_appservice_token" + - "matrix_sms_bridge_homeserver_token" + - "matrix_sms_bridge_database_password" + - "matrix_sms_bridge_gammu_modem" diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 new file mode 100644 index 00000000..a97db783 --- /dev/null +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -0,0 +1,59 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-sms-bridge server +{% for service in matrix_sms_bridge_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_sms_bridge_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge +ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge +ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database +ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database + +ExecStartPre=/usr/bin/docker run --rm --name matrix-sms-bridge-database \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_sms_bridge_container_http_host_bind_port %} + -p {{ matrix_sms_bridge_container_http_host_bind_port }}:7687 \ + {% endif %} + -v {{ matrix_sms_bridge_database_path }}:/data:z \ + -e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} + {{ matrix_sms_bridge_database_docker_image }} + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre=/bin/sleep 5 + +ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_sms_bridge_container_http_host_bind_port %} + -p {{ matrix_sms_bridge_container_http_host_bind_port }}:8080 \ + {% endif %} + -v {{ matrix_sms_bridge_config_path }}:/config:z \ + -v {{ matrix_sms_bridge_data_path }}:/data:z \ + --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem + {% for arg in matrix_sms_bridge_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_sms_bridge_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-sms-bridge +ExecStop=-/usr/bin/docker rm matrix-sms-bridge +ExecStop=-/usr/bin/docker kill matrix-sms-database +ExecStop=-/usr/bin/docker rm matrix-sms-database +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-sms-bridge + + [Install] +WantedBy=multi-user.target From 4913ca4bb266521815169b3f01e4972ad22c2c35 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Fri, 22 May 2020 13:59:38 +0200 Subject: [PATCH 20/84] matri-sms-bridge: better path handling, fixed some mistakes --- roles/matrix-sms-bridge/defaults/main.yml | 21 ++++++++++--------- roles/matrix-sms-bridge/tasks/init.yml | 2 +- .../matrix-sms-bridge/tasks/setup_install.yml | 1 + 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 089b78ef..d69724bd 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -11,6 +11,7 @@ matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge" matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config" matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data" +matrix_sms_bridge_data_log_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/log" matrix_sms_bridge_data_spool_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool" matrix_sms_bridge_data_spool_inbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox" matrix_sms_bridge_data_spool_inbox_processed_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox_processed" @@ -82,10 +83,10 @@ matrix_sms_bridge_configuration_yaml: | gammu: # (optional) default is disabled enabled: true - # (optional) Path to the Gammu-Inbox directory. Default is "/var/spool/gammu/inbox". - inboxPath: "{{ matrix_sms_bridge_data_path }}/spool/inbox" - # (optional) Path to the directory, where to put processed messages. Default is "/var/spool/gammu/inbox_processed". - inboxProcessedPath: "{{ matrix_sms_bridge_data_path }}/spool/inbox_processed" + # (optional) Path to the Gammu-Inbox directory. + inboxPath: "{{ matrix_sms_bridge_data_spool_inbox_path }}" + # (optional) Path to the directory, where to put processed messages. + inboxProcessedPath: "{{ matrix_sms_bridge_data_spool_inbox_path_processed }}" bot: # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org serverName: {{ matrix_sms_bridge_homserver_domain }} @@ -117,21 +118,21 @@ matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_e matrix_sms_bridge_gammu_configuration: | [gammu] Device = /dev/ttyModem - LogFile = {{ matrix_sms_bridge_data_path }}/log/gammu.log + LogFile = {{ matrix_sms_bridge_data_log_path }}/gammu.log debugLevel = 1 [smsd] Service = files LoopSleep = 2 - InboxPath = {{ matrix_sms_bridge_data_path }}/spool/inbox/ - OutboxPath = {{ matrix_sms_bridge_data_path }}/spool/outbox/ - SentSMSPath = {{ matrix_sms_bridge_data_path }}/spool/sent/ - ErrorSMSPath = {{ matrix_sms_bridge_data_path }}/spool/error/ + InboxPath = {{ matrix_sms_bridge_data_spool_inbox_path }} + OutboxPath = {{ matrix_sms_bridge_data_spool_outbox_path }} + SentSMSPath = {{ matrix_sms_bridge_data_spool_sent_path }} + ErrorSMSPath = {{ matrix_sms_bridge_data_spool_error_path }} InboxFormat = detail OutboxFormat = detail TransmitFormat = auto debugLevel = 1 - LogFile = {{ matrix_sms_bridge_data_path }}/log/smsd.log + LogFile = {{ matrix_sms_bridge_data_log_path }}/smsd.log DeliveryReport = log DeliveryReportDelay = 7200 HangupCalls = 1 diff --git a/roles/matrix-sms-bridge/tasks/init.yml b/roles/matrix-sms-bridge/tasks/init.yml index 7a49e4b2..cca4d4c5 100644 --- a/roles/matrix-sms-bridge/tasks/init.yml +++ b/roles/matrix-sms-bridge/tasks/init.yml @@ -7,7 +7,7 @@ when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}" when: matrix_sms_bridge_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. diff --git a/roles/matrix-sms-bridge/tasks/setup_install.yml b/roles/matrix-sms-bridge/tasks/setup_install.yml index 1ceb371e..6a800892 100644 --- a/roles/matrix-sms-bridge/tasks/setup_install.yml +++ b/roles/matrix-sms-bridge/tasks/setup_install.yml @@ -26,6 +26,7 @@ - "{{ matrix_sms_bridge_base_path }}" - "{{ matrix_sms_bridge_config_path }}" - "{{ matrix_sms_bridge_data_path }}" + - "{{ matrix_sms_bridge_data_log_path }}" - "{{ matrix_sms_bridge_data_spool_path }}" - "{{ matrix_sms_bridge_data_spool_inbox_path }}" - "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}" From 5c7e5c57bda1af540322b6c64568705fe109c285 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 May 2020 18:08:17 +0300 Subject: [PATCH 21/84] Upgrade riot-web (1.6.1 -> 1.6.2) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index d8233699..1dc1be04 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.2" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 4c4f208613230d652043a334b8645f8e80bfef81 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 22 May 2020 19:54:30 +0300 Subject: [PATCH 22/84] Upgrade mautrix-telegram (0.7.0 -> 0.7.2) --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index b491dce8..1e77eb02 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -4,7 +4,7 @@ matrix_mautrix_telegram_enabled: true # See: https://mau.dev/tulir/mautrix-telegram/container_registry -matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0" +matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" From 1ffa4a326ca44b1d0f8eb4ebaddeab265ca8cda8 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 13:14:24 +0200 Subject: [PATCH 23/84] matrix-sms-bridge: added docs, added seperate service for database, pr comments --- README.md | 4 +++ .../configuring-playbook-matrix-sms-bridge.md | 24 +++++++++++++ docs/configuring-playbook.md | 2 ++ group_vars/matrix_servers | 2 -- roles/matrix-sms-bridge/defaults/main.yml | 8 +++-- .../matrix-sms-bridge/tasks/setup_install.yml | 11 ++++-- .../tasks/setup_uninstall.yml | 22 ++++++++++-- .../matrix-sms-bridge-database.service.j2 | 36 +++++++++++++++++++ .../systemd/matrix-sms-bridge.service.j2 | 18 +--------- 9 files changed, 101 insertions(+), 26 deletions(-) create mode 100644 docs/configuring-playbook-matrix-sms-bridge.md create mode 100644 roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 diff --git a/README.md b/README.md index 6f7d25e0..a5ec78d3 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.) +- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS + - (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients @@ -144,6 +146,8 @@ This playbook sets up your server using the following Docker images: - [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional) +- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) (optional) + - [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional) - [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md new file mode 100644 index 00000000..ef2aeb08 --- /dev/null +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -0,0 +1,24 @@ +# Setting up matrix-sms-bridge (optional) + +The playbook can install and configure +[matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the bridge just use the following +playbook configuration: + + +```yaml +matrix_sms_bridge_enabled: true +matrix_sms_bridge_gammu_modem: "/path/to/modem" +# generate a secret passwort e.g. with pwgen -s 64 1 +matrix_sms_bridge_database_password: "" +# (optional) a room id to a default room +matrix_sms_bridge_default_room: "" +``` + + +## Usage + +Read the [user guide](https://github.com/benkuly/matrix-sms-bridge/blob/master/README.md#user-guide) to see how this bridge works. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 7e911095..90771cf3 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -102,3 +102,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) + +- [Setting up Matrix SMS bridging](configuring-playbook-matrix-sms-bridge.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1fb1ea0f..8ff5ce96 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -324,8 +324,6 @@ matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | pas matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}" -matrix_sms_bridge_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.db.password') | to_uuid }}" - ###################################################################### # # /matrix-sms-bridge diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index d69724bd..57a7a373 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -31,11 +31,13 @@ matrix_sms_bridge_container_http_host_bind_port: '' # A list of extra arguments to pass to the container matrix_sms_bridge_container_extra_arguments: [] -# List of systemd services that matrix-appservice-discord.service depends on. -matrix_sms_bridge_systemd_required_services_list: ['docker.service'] +# List of systemd services that service depends on. +matrix_sms_bridge_systemd_required_services_list: ['docker.service','matrix-sms-bridge-database.service'] +matrix_sms_bridge_database_systemd_required_services_list: ['docker.service'] -# List of systemd services that matrix-appservice-discord.service wants +# List of systemd services that service wants matrix_sms_bridge_systemd_wanted_services_list: [] +matrix_sms_bridge_database_systemd_wanted_services_list: [] matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080' matrix_sms_bridge_database_url: 'bolt://matrix-sms-bridge-database:7687' diff --git a/roles/matrix-sms-bridge/tasks/setup_install.yml b/roles/matrix-sms-bridge/tasks/setup_install.yml index 6a800892..1e86f2e6 100644 --- a/roles/matrix-sms-bridge/tasks/setup_install.yml +++ b/roles/matrix-sms-bridge/tasks/setup_install.yml @@ -66,7 +66,14 @@ mode: 0644 register: matrix_sms_bridge_systemd_service_result -- name: Ensure systemd reloaded after matrix-sms-bridge.service installation +- name: Ensure matrix-sms-bridge-database.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-sms-bridge-database.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service" + mode: 0644 + register: matrix_sms_bridge_database_systemd_service_result + +- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service installation service: daemon_reload: yes - when: "matrix_sms_bridge_systemd_service_result.changed" + when: matrix_sms_bridge_systemd_service_result.changed or matrix_sms_bridge_database_systemd_service_result.changed diff --git a/roles/matrix-sms-bridge/tasks/setup_uninstall.yml b/roles/matrix-sms-bridge/tasks/setup_uninstall.yml index 10912700..87436687 100644 --- a/roles/matrix-sms-bridge/tasks/setup_uninstall.yml +++ b/roles/matrix-sms-bridge/tasks/setup_uninstall.yml @@ -5,6 +5,11 @@ path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" register: matrix_sms_bridge_service_stat +- name: Check existence of matrix-sms-bridge-database service + stat: + path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service" + register: matrix_sms_bridge_database_service_stat + - name: Ensure matrix-sms-bridge is stopped service: name: matrix-sms-bridge @@ -12,13 +17,26 @@ daemon_reload: yes when: "matrix_sms_bridge_service_stat.stat.exists" +- name: Ensure matrix-sms-bridge-database is stopped + service: + name: matrix-sms-bridge-database + state: stopped + daemon_reload: yes + when: "matrix_sms_bridge_database_service_stat.stat.exists" + - name: Ensure matrix-sms-bridge.service doesn't exist file: path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service" state: absent when: "matrix_sms_bridge_service_stat.stat.exists" -- name: Ensure systemd reloaded after matrix-sms-bridge.service removal +- name: Ensure matrix-sms-bridge-database.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service" + state: absent + when: "matrix_sms_bridge_database_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service removal service: daemon_reload: yes - when: "matrix_sms_bridge_service_stat.stat.exists" + when: matrix_sms_bridge_service_stat.stat.exists or matrix_sms_bridge_database_service_stat.stat.exists diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 new file mode 100644 index 00000000..e2cad164 --- /dev/null +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 @@ -0,0 +1,36 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-sms-bridge-database server +{% for service in matrix_sms_bridge_database_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_sms_bridge_database_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database +ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre=/bin/sleep 5 + +ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge-database \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_sms_bridge_database_path }}:/data:z \ + -e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} \ + {{ matrix_sms_bridge_database_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-sms-bridge-database +ExecStop=-/usr/bin/docker rm matrix-sms-bridge-database +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-sms-bridge + + [Install] +WantedBy=multi-user.target diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index a97db783..86ac264d 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -13,20 +13,6 @@ Wants={{ service }} Type=simple ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge -ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database -ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database - -ExecStartPre=/usr/bin/docker run --rm --name matrix-sms-bridge-database \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - {% if matrix_sms_bridge_container_http_host_bind_port %} - -p {{ matrix_sms_bridge_container_http_host_bind_port }}:7687 \ - {% endif %} - -v {{ matrix_sms_bridge_database_path }}:/data:z \ - -e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} - {{ matrix_sms_bridge_database_docker_image }} # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre=/bin/sleep 5 @@ -41,7 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endif %} -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ - --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem + --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} @@ -49,8 +35,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ ExecStop=-/usr/bin/docker kill matrix-sms-bridge ExecStop=-/usr/bin/docker rm matrix-sms-bridge -ExecStop=-/usr/bin/docker kill matrix-sms-database -ExecStop=-/usr/bin/docker rm matrix-sms-database Restart=always RestartSec=30 SyslogIdentifier=matrix-sms-bridge From ca9d0909c7db61d6a947bdab4a9acebfa58d9086 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 13:48:33 +0200 Subject: [PATCH 24/84] added missing role --- setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.yml b/setup.yml index ff80320a..fc0ddc2c 100755 --- a/setup.yml +++ b/setup.yml @@ -18,6 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack + - matrix-sms-bridge - matrix-synapse - matrix-riot-web - matrix-jitsi From 9ed80e754b285fb6ed97bda31fa89199062f9fb5 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 13:54:07 +0200 Subject: [PATCH 25/84] added missing variable --- roles/matrix-sms-bridge/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 57a7a373..13263396 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -117,6 +117,8 @@ matrix_sms_bridge_configuration_extension_yaml: | matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml|from_yaml if matrix_sms_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}" +matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" + matrix_sms_bridge_gammu_configuration: | [gammu] Device = /dev/ttyModem From be101a3114e4e4876cd09facaec0c0843d41f2e7 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 14:16:44 +0200 Subject: [PATCH 26/84] added missing service to service list --- roles/matrix-sms-bridge/tasks/init.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/tasks/init.yml b/roles/matrix-sms-bridge/tasks/init.yml index cca4d4c5..7a49e4b2 100644 --- a/roles/matrix-sms-bridge/tasks/init.yml +++ b/roles/matrix-sms-bridge/tasks/init.yml @@ -7,7 +7,7 @@ when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)" - set_fact: - matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}" + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}" when: matrix_sms_bridge_enabled|bool # If the matrix-synapse role is not used, these variables may not exist. From c802009b5c3570eb51690ea58b4079f9d72c6016 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 15:12:56 +0200 Subject: [PATCH 27/84] fixed wrong var name --- roles/matrix-sms-bridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 13263396..8c0aa026 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -88,7 +88,7 @@ matrix_sms_bridge_configuration_yaml: | # (optional) Path to the Gammu-Inbox directory. inboxPath: "{{ matrix_sms_bridge_data_spool_inbox_path }}" # (optional) Path to the directory, where to put processed messages. - inboxProcessedPath: "{{ matrix_sms_bridge_data_spool_inbox_path_processed }}" + inboxProcessedPath: "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}" bot: # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org serverName: {{ matrix_sms_bridge_homserver_domain }} From 63705f94f11006636214cbb90311be118ce33edd Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 15:30:31 +0200 Subject: [PATCH 28/84] removed templates --- roles/matrix-sms-bridge/defaults/main.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 8c0aa026..aa2dba7e 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -68,19 +68,6 @@ matrix_sms_bridge_configuration_yaml: | # (optional) SMS messages without a valid token a routed to this room. # Note that you must invite @smsbot:yourHomeServer to this room. defaultRoomId: "{{ matrix_sms_bridge_default_room }}" - templates: - # (optional) The message, that will be sent as SMS. Valid placeholders are {sender}, {body} and {token}. - outgoingMessage: "{sender} wrote:\n\n{body}\n\nTo answer to this message add this token to your message: {token}" - # (optional) The message, that will be sent as SMS, when an incoming SMS didn't contain a valid token - # and was routed to a default room. By default no answer will be sent. - answerInvalidTokenWithDefaultRoom: "Your token was invalid. The message will be sent to a default matrix room." - # (optional) The message, that will be sent as SMS, when an incoming SMS didn't contain a valid token - # and no default room is configured. - answerInvalidTokenWithoutDefaultRoom: "Your message did not contain any valid token. Nobody will read your message.", - # (optional) The message, that will be sent to a matrix room, when sending a bridged message via SMS failed. - sendSmsError: "Could not send SMS to this user. Please try it again later." - # (optional) The content of bridged SMS message into the default room. Valid placeholders are {sender} and {body}. - defaultRoomIncomingMessage: "{sender} wrote:\n{body}" provider: gammu: # (optional) default is disabled From fe54690ea1f266cc4825564facbe6c078b940388 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 15:32:16 +0200 Subject: [PATCH 29/84] fixed missing registration var --- roles/matrix-sms-bridge/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index aa2dba7e..8ffad09b 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -141,3 +141,5 @@ matrix_sms_bridge_registration_yaml: | url: {{ matrix_sms_bridge_appservice_url }} sender_localpart: smsbot rate_limited: false + +matrix_sms_bridge_registration: "{{ matrix_sms_bridge_registration_yaml|from_yaml }}" \ No newline at end of file From f0ff8112c74d2800354900181750cb9134fbe556 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Sat, 23 May 2020 20:51:07 +0200 Subject: [PATCH 30/84] database admin username must be neo4j --- roles/matrix-sms-bridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 8ffad09b..db337313 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -23,7 +23,7 @@ matrix_sms_bridge_database_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/ matrix_sms_bridge_appservice_token: '' matrix_sms_bridge_homeserver_token: '' -matrix_sms_bridge_database_username: 'matrix-sms-bridge' +matrix_sms_bridge_database_username: 'neo4j' matrix_sms_bridge_database_password: '' matrix_sms_bridge_container_http_host_bind_port: '' From 1234cc48c5e1633e44c19ae0f86dfb54eeb0bbe6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 24 May 2020 10:55:33 +0300 Subject: [PATCH 31/84] Point to newer Ansible container image Using the older one likely leads to issues like #517. --- docs/ansible.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index e098c8a4..5f27a7c7 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -49,7 +49,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.8.1-r0 +devture/ansible:2.9.7-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). @@ -60,7 +60,7 @@ The `/work` directory contains the playbook's code. You can execute `ansible-playbook` commands as per normal now. -### If you don't use SSH keys for authentication +### If you don't use SSH keys for authentication If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`). To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run: From eb8e3572fda55490aee53b31489218f3e2d454b1 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 15:37:46 +0200 Subject: [PATCH 32/84] fixed wrong behaviour of gammu --- .../templates/systemd/matrix-sms-bridge.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 86ac264d..e963f8cf 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -27,6 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endif %} -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ + -v {{ matrix_sms_bridge_data_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ From 469554b8363edfa910f639c4cdcf3f200242fa56 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:04:56 +0200 Subject: [PATCH 33/84] try to use other mount option to prevent docker from using dir instead of file --- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index e963f8cf..1c82dc31 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -27,7 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endif %} -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ - -v {{ matrix_sms_bridge_data_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ + --mount type=bind,source={{ matrix_sms_bridge_data_path }}/gammu-smsdrc,target=/etc/gammu-smsdrc \ --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ From 1f570b3251eba6d28df14d92d398ec1ab4868c04 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:09:08 +0200 Subject: [PATCH 34/84] revert last change --- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 1c82dc31..e963f8cf 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -27,7 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endif %} -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ - --mount type=bind,source={{ matrix_sms_bridge_data_path }}/gammu-smsdrc,target=/etc/gammu-smsdrc \ + -v {{ matrix_sms_bridge_data_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ From 73b71a34c86e0e8f53f60f01e03325af32dea402 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:19:30 +0200 Subject: [PATCH 35/84] try to fix gammu-smsdrc is not a file --- roles/matrix-sms-bridge/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index db337313..7f048ff3 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -107,6 +107,8 @@ matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_e matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" matrix_sms_bridge_gammu_configuration: | + #jinja2: lstrip_blocks: "True" + [gammu] Device = /dev/ttyModem LogFile = {{ matrix_sms_bridge_data_log_path }}/gammu.log From 805708e0894c88dd65a334822725577ba319da58 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:21:07 +0200 Subject: [PATCH 36/84] fix wrong used paath for gammu config file --- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index e963f8cf..5475a389 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -27,7 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ {% endif %} -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ - -v {{ matrix_sms_bridge_data_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ + -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ From f8663512de2b0997e0b4e0ac4dde956dfe6aaedd Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:31:03 +0200 Subject: [PATCH 37/84] fixed wrong paths --- roles/matrix-sms-bridge/defaults/main.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 7f048ff3..1dccb4e8 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -73,9 +73,9 @@ matrix_sms_bridge_configuration_yaml: | # (optional) default is disabled enabled: true # (optional) Path to the Gammu-Inbox directory. - inboxPath: "{{ matrix_sms_bridge_data_spool_inbox_path }}" + inboxPath: /data/spool/inbox # (optional) Path to the directory, where to put processed messages. - inboxProcessedPath: "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}" + inboxProcessedPath: /data/spool/inbox_processed bot: # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org serverName: {{ matrix_sms_bridge_homserver_domain }} @@ -111,21 +111,21 @@ matrix_sms_bridge_gammu_configuration: | [gammu] Device = /dev/ttyModem - LogFile = {{ matrix_sms_bridge_data_log_path }}/gammu.log + LogFile = /data/log/gammu.log debugLevel = 1 [smsd] Service = files LoopSleep = 2 - InboxPath = {{ matrix_sms_bridge_data_spool_inbox_path }} - OutboxPath = {{ matrix_sms_bridge_data_spool_outbox_path }} - SentSMSPath = {{ matrix_sms_bridge_data_spool_sent_path }} - ErrorSMSPath = {{ matrix_sms_bridge_data_spool_error_path }} + InboxPath = /data/spool/inbox + OutboxPath = /data/spool/outbox + SentSMSPath = /data/spool/sent + ErrorSMSPath = /data/spool/error InboxFormat = detail OutboxFormat = detail TransmitFormat = auto debugLevel = 1 - LogFile = {{ matrix_sms_bridge_data_log_path }}/smsd.log + LogFile = /data/log/smsd.log DeliveryReport = log DeliveryReportDelay = 7200 HangupCalls = 1 From ecf3116c4ab450e2ca54208d25044517a8b4e5c9 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:34:40 +0200 Subject: [PATCH 38/84] fixed wrong gammu config dest --- roles/matrix-sms-bridge/tasks/setup_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/tasks/setup_install.yml b/roles/matrix-sms-bridge/tasks/setup_install.yml index 1e86f2e6..47454b27 100644 --- a/roles/matrix-sms-bridge/tasks/setup_install.yml +++ b/roles/matrix-sms-bridge/tasks/setup_install.yml @@ -53,7 +53,7 @@ - name: Ensure matrix-sms-bridge gammu-smsdrc installed copy: - content: "{{ matrix_sms_bridge_registration }}" + content: "{{ matrix_sms_bridge_gammu_configuration }}" dest: "{{ matrix_sms_bridge_config_path }}/gammu-smsdrc" mode: 0644 owner: "{{ matrix_user_username }}" From a7fd27c43c0d8bd56f92163a896c72001d99a5c2 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Mon, 25 May 2020 19:36:19 +0200 Subject: [PATCH 39/84] removed jinja command --- roles/matrix-sms-bridge/defaults/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 1dccb4e8..428560f5 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -107,8 +107,6 @@ matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_e matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}" matrix_sms_bridge_gammu_configuration: | - #jinja2: lstrip_blocks: "True" - [gammu] Device = /dev/ttyModem LogFile = /data/log/gammu.log From a353217cf3723c6ade1e6f3075977c69fcc5089d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 26 May 2020 09:49:12 +0300 Subject: [PATCH 40/84] Add delivery_receipts option for matrix-bridge-mautrix-facebook --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 3c09dafd..2f737afd 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -153,6 +153,10 @@ matrix_mautrix_facebook_configuration_yaml: | # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to Facebook. + delivery_receipts: false + # Permissions for using the bridge. # Permitted values: # user - Use the bridge with puppeting. From 3d63ee6d13bbf087e8538b3927ffd4f8f345efe5 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 26 May 2020 18:12:26 +0200 Subject: [PATCH 41/84] add group dialout to container --- .../templates/systemd/matrix-sms-bridge.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 5475a389..5c3b9544 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -20,6 +20,7 @@ ExecStartPre=/bin/sleep 5 ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --group-add dialout \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ {% if matrix_sms_bridge_container_http_host_bind_port %} From e4f128a1ba02bf45709e0d7111abe352135630fd Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 26 May 2020 18:19:22 +0200 Subject: [PATCH 42/84] fixed wrong gammu path --- roles/matrix-sms-bridge/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 428560f5..faf2b6fc 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -115,10 +115,10 @@ matrix_sms_bridge_gammu_configuration: | [smsd] Service = files LoopSleep = 2 - InboxPath = /data/spool/inbox - OutboxPath = /data/spool/outbox - SentSMSPath = /data/spool/sent - ErrorSMSPath = /data/spool/error + InboxPath = /data/spool/inbox/ + OutboxPath = /data/spool/outbox/ + SentSMSPath = /data/spool/sent/ + ErrorSMSPath = /data/spool/error/ InboxFormat = detail OutboxFormat = detail TransmitFormat = auto From 256de59a7535f629074b1bedae8cf0991c4af67d Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 14:33:17 +0200 Subject: [PATCH 43/84] Add note on port forwarding to docs when running Jitsi behind NAT --- docs/prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 9a26d769..61975654 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -16,6 +16,6 @@ - properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)) -- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP) +- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of [STUN](../roles/matrix-jitsi/defaults/main.yml#L147) in JVB. When ready to proceed, continue with [Configuring DNS](configuring-dns.md). From 1b47197c91a245cbb97d54b87d25e79ace3427db Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 15:55:11 +0200 Subject: [PATCH 44/84] Minor docs formatting cleanup --- docs/prerequisites.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 61975654..c6dc7e6c 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -6,16 +6,16 @@ - [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`). -- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* +- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.* -- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. +- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible. -- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. +- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature. -- an HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). +- An HTTPS-capable web server at the base domain name (``) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md). -- properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)) +- Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). -- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of [STUN](../roles/matrix-jitsi/defaults/main.yml#L147) in JVB. +- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of [STUN](../roles/matrix-jitsi/defaults/main.yml#L147) in JVB. When ready to proceed, continue with [Configuring DNS](configuring-dns.md). From 84e2e31d07b0f1d02cb78d8c59e5125f0b64339b Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 16:40:05 +0200 Subject: [PATCH 45/84] Linking to a file is more robust than linking to a line number --- docs/prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index c6dc7e6c..a465a93a 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -16,6 +16,6 @@ - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). -- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of [STUN](../roles/matrix-jitsi/defaults/main.yml#L147) in JVB. +- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml). When ready to proceed, continue with [Configuring DNS](configuring-dns.md). From cb94167ccbce28dc79ab704b9f034c18e984f990 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 17:00:44 +0200 Subject: [PATCH 46/84] Add missing parenthesis in docs --- docs/prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/prerequisites.md b/docs/prerequisites.md index a465a93a..5f551eb4 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -16,6 +16,6 @@ - Properly configured DNS records for `` (details in [Configuring DNS](configuring-dns.md)). -- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml). +- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)). When ready to proceed, continue with [Configuring DNS](configuring-dns.md). From 5ace3f4a1cb8b03573011f18c17b276eca67e077 Mon Sep 17 00:00:00 2001 From: Ugurtan Date: Wed, 27 May 2020 18:13:36 +0200 Subject: [PATCH 47/84] fix for importing sqllite database the current version fails the import, because the volume for the media is missing. It still fails if you have the optional shared secret password provider is enabled, so that might need another mount. Commenting out the password provider in the hoimeserver.yaml during the run works as well. --- roles/matrix-postgres/tasks/import_sqlite_db.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-postgres/tasks/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml index 42c39a2d..850ee370 100644 --- a/roles/matrix-postgres/tasks/import_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_sqlite_db.yml @@ -79,6 +79,7 @@ --network={{ matrix_docker_network }} --entrypoint=python -v {{ matrix_synapse_config_dir_path }}:/data + -v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store -v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro {{ matrix_synapse_docker_image }} /usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml From 6334f6c1ea14e4e57e2fa88e3513ee776189be21 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 18:53:52 +0200 Subject: [PATCH 48/84] Remove hardcoded command paths in systemd unit files Depending on the distro, common commands like sleep and chown may either be located in /bin or /usr/bin. Systemd added path lookup to ExecStart in v239, allowing only the command name to be put in unit files and not the full path as historically required. At least Ubuntu 18.04 LTS is however still on v237 so we should maintain portability for a while longer. --- roles/matrix-base/defaults/main.yml | 5 +++++ .../systemd/matrix-appservice-discord.service.j2 | 12 ++++++------ .../systemd/matrix-appservice-irc.service.j2 | 12 ++++++------ .../systemd/matrix-appservice-slack.service.j2 | 12 ++++++------ .../systemd/matrix-appservice-webhooks.service.j2 | 12 ++++++------ .../systemd/matrix-mautrix-facebook.service.j2 | 14 +++++++------- .../systemd/matrix-mautrix-hangouts.service.j2 | 14 +++++++------- .../systemd/matrix-mautrix-telegram.service.j2 | 14 +++++++------- .../systemd/matrix-mautrix-whatsapp.service.j2 | 12 ++++++------ .../systemd/matrix-mx-puppet-skype.service.j2 | 12 ++++++------ .../systemd/matrix-mx-puppet-slack.service.j2 | 12 ++++++------ .../templates/systemd/matrix-corporal.service.j2 | 10 +++++----- .../templates/systemd/matrix-coturn.service.j2 | 12 ++++++------ .../templates/systemd/matrix-dimension.service.j2 | 12 ++++++------ .../systemd/matrix-email2matrix.service.j2 | 10 +++++----- .../jicofo/matrix-jitsi-jicofo.service.j2 | 10 +++++----- .../templates/jvb/matrix-jitsi-jvb.service.j2 | 10 +++++----- .../prosody/matrix-jitsi-prosody.service.j2 | 10 +++++----- .../templates/web/matrix-jitsi-web.service.j2 | 10 +++++----- .../templates/systemd/matrix-ma1sd.service.j2 | 10 +++++----- .../templates/systemd/matrix-mailer.service.j2 | 10 +++++----- .../systemd/matrix-nginx-proxy.service.j2 | 12 ++++++------ .../templates/systemd/matrix-postgres.service.j2 | 10 +++++----- .../templates/systemd/matrix-riot-web.service.j2 | 10 +++++----- .../goofys/systemd/matrix-goofys.service.j2 | 14 +++++++------- .../synapse/systemd/matrix-synapse.service.j2 | 14 +++++++------- 26 files changed, 150 insertions(+), 145 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 1844f299..b596b85f 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -32,6 +32,11 @@ matrix_systemd_path: "/etc/systemd/system" matrix_cron_path: "/etc/cron.d" matrix_local_bin_path: "/usr/local/bin" +matrix_host_command_docker: "/usr/bin/env docker" +matrix_host_command_sleep: "/usr/bin/env sleep" +matrix_host_command_chown: "/usr/bin/env chown" +matrix_host_command_fusermount: "/usr/bin/env fusermount" + matrix_ntpd_package: "ntp" matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}" diff --git a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 9b0ac514..d512cd88 100644 --- a/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord -ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ {{ matrix_appservice_discord_docker_image }} \ node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml -ExecStop=-/usr/bin/docker kill matrix-appservice-discord -ExecStop=-/usr/bin/docker rm matrix-appservice-discord +ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord +ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 53e5b8e3..aa6141d6 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc -ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ {{ matrix_appservice_irc_docker_image }} \ -c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999' -ExecStop=-/usr/bin/docker kill matrix-appservice-irc -ExecStop=-/usr/bin/docker rm matrix-appservice-irc +ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc +ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-irc diff --git a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 index 8b3d1f9d..de773ff9 100644 --- a/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 +++ b/roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack -ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \ {{ matrix_appservice_slack_docker_image }} \ node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml -ExecStop=-/usr/bin/docker kill matrix-appservice-slack -ExecStop=-/usr/bin/docker rm matrix-appservice-slack +ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack +ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-slack diff --git a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 index cde798df..b05f8a27 100644 --- a/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 +++ b/roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks -ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \ {{ matrix_appservice_webhooks_docker_image }} \ node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml -ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks -ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks +ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks +ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks Restart=always RestartSec=30 SyslogIdentifier=matrix-appservice-webhooks diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index e0ac9084..444423c1 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -11,9 +11,9 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook -ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook +ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ alembic -x config=/config/config.yaml upgrade head # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /config/config.yaml -ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook -ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 index c110ed79..f33aff63 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -11,9 +11,9 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db -ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db +ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ alembic -x config=/config/config.yaml upgrade head # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ {{ matrix_mautrix_hangouts_docker_image }} \ python3 -m mautrix_hangouts -c /config/config.yaml -ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts -ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 02264236..2c9986b4 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -11,9 +11,9 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram -ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram +ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ alembic -x config=/config/config.yaml upgrade head # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -41,8 +41,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /config/config.yaml -ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram -ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index d864c041..7dd25140 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp -ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml -ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp -ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp Restart=always RestartSec=30 SyslogIdentifier=matrix-mautrix-whatsapp diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 index cc55f324..a6860b69 100644 --- a/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 +++ b/roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype -ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \ {% endfor %} {{ matrix_mx_puppet_skype_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype -ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-skype diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 index 6db53733..3ce0e18b 100644 --- a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -11,13 +11,13 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack -ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack # Intentional delay, so that the homeserver (we likely depend on) can manage to start. -ExecStartPre=/bin/sleep 5 +ExecStartPre={{ matrix_host_command_sleep }} 5 -ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ {% endfor %} {{ matrix_mx_puppet_slack_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack -ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack Restart=always RestartSec=30 SyslogIdentifier=matrix-mx-puppet-slack diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index ae4830ff..533ece0a 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-corporal -ExecStartPre=-/usr/bin/docker rm matrix-corporal +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal -ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json -ExecStop=-/usr/bin/docker kill matrix-corporal -ExecStop=-/usr/bin/docker rm matrix-corporal +ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal +ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal Restart=always RestartSec=30 SyslogIdentifier=matrix-corporal diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index 35198616..a6d19705 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-coturn -ExecStartPre=-/usr/bin/docker rm matrix-coturn +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn -ExecStart=/usr/bin/docker run --rm --name matrix-coturn \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \ {{ matrix_coturn_docker_image }} \ -c /turnserver.conf -ExecStop=-/usr/bin/docker kill matrix-coturn -ExecStop=-/usr/bin/docker rm matrix-coturn +ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn +ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn # This only reloads certificates (not other configuration). # See: https://github.com/coturn/coturn/pull/236 -ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1 +ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1 Restart=always RestartSec=30 diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index 0a8d0c83..db9d58a8 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -6,13 +6,13 @@ Requires=docker.service [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-dimension -ExecStartPre=-/usr/bin/docker rm matrix-dimension +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension # Fixup database ownership if it got changed somehow (during a server migration, etc.) -ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db +ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db -ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \ --log-driver=none \ --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ --cap-drop=ALL \ @@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ {% endfor %} {{ matrix_dimension_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-dimension -ExecStop=-/usr/bin/docker rm matrix-dimension +ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension +ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension Restart=always RestartSec=30 SyslogIdentifier=matrix-dimension diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 index eb7e125b..52806f35 100644 --- a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -6,10 +6,10 @@ Requires=docker.service [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-email2matrix -ExecStartPre=-/usr/bin/docker rm matrix-email2matrix +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix -ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ {% endfor %} {{ matrix_email2matrix_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-email2matrix -ExecStop=-/usr/bin/docker rm matrix-email2matrix +ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix +ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix Restart=always RestartSec=30 SyslogIdentifier=matrix-email2matrix diff --git a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 index 53f08688..3512b3af 100644 --- a/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 +++ b/roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo -ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo -ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \ --log-driver=none \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_jitsi_jicofo_base_path }}/env \ @@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \ {% endfor %} {{ matrix_jitsi_jicofo_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo -ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo +ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo +ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jicofo diff --git a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 index 5df5807a..a189df9c 100644 --- a/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 +++ b/roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb -ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb -ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \ --log-driver=none \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_jitsi_jvb_base_path }}/env \ @@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \ {% endfor %} {{ matrix_jitsi_jvb_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb -ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb +ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb +ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-jvb diff --git a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 index 459a24d3..30801d77 100644 --- a/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 +++ b/roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody -ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody -ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \ --log-driver=none \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_jitsi_prosody_base_path }}/env \ @@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \ {% endfor %} {{ matrix_jitsi_prosody_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody -ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody +ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody +ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-prosody diff --git a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 index deed5025..1f8a890b 100644 --- a/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 +++ b/roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web -ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web -ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \ --log-driver=none \ --network={{ matrix_docker_network }} \ --env-file={{ matrix_jitsi_web_base_path }}/env \ @@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \ {% endfor %} {{ matrix_jitsi_web_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-jitsi-web -ExecStop=-/usr/bin/docker rm matrix-jitsi-web +ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web +ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web Restart=always RestartSec=30 SyslogIdentifier=matrix-jitsi-web diff --git a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 index b316fc2b..80370088 100644 --- a/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 +++ b/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2 @@ -11,12 +11,12 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-ma1sd -ExecStartPre=-/usr/bin/docker rm matrix-ma1sd +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. -ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \ {% endfor %} {{ matrix_ma1sd_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-ma1sd -ExecStop=-/usr/bin/docker rm matrix-ma1sd +ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd +ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index cf54a8e9..1371a861 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -6,10 +6,10 @@ Requires=docker.service [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-mailer -ExecStartPre=-/usr/bin/docker rm matrix-mailer +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer -ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \ --log-driver=none \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ --cap-drop=ALL \ @@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ {% endfor %} {{ matrix_mailer_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-mailer -ExecStop=-/usr/bin/docker rm matrix-mailer +ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer +ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer Restart=always RestartSec=30 SyslogIdentifier=matrix-mailer diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 5b4dfb2a..7a385a64 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -11,10 +11,10 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy -ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy -ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \ {% endfor %} {{ matrix_nginx_proxy_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-nginx-proxy -ExecStop=-/usr/bin/docker rm matrix-nginx-proxy -ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload +ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy +ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy +ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 SyslogIdentifier=matrix-nginx-proxy diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 4a197003..8e6392c1 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -6,10 +6,10 @@ Requires=docker.service [Service] Type=simple -ExecStartPre=-/usr/bin/docker stop matrix-postgres -ExecStartPre=-/usr/bin/docker rm matrix-postgres +ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres -ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ {% endfor %} {{ matrix_postgres_docker_image_to_use }} -ExecStop=-/usr/bin/docker stop matrix-postgres -ExecStop=-/usr/bin/docker rm matrix-postgres +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres +ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres Restart=always RestartSec=30 SyslogIdentifier=matrix-postgres diff --git a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 index 364e0fa1..37aff5cd 100644 --- a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 @@ -8,10 +8,10 @@ After={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-riot-web -ExecStartPre=-/usr/bin/docker rm matrix-riot-web +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web -ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ {% endfor %} {{ matrix_riot_web_docker_image }} -ExecStop=-/usr/bin/docker kill matrix-riot-web -ExecStop=-/usr/bin/docker rm matrix-riot-web +ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web +ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web Restart=always RestartSec=30 SyslogIdentifier=matrix-riot-web diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index d2cc0b87..d9d752c2 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -6,10 +6,10 @@ Requires=docker.service [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill %n -ExecStartPre=-/usr/bin/docker rm %n +ExecStartPre=-{{ matrix_host_command_docker }} kill %n +ExecStartPre=-{{ matrix_host_command_docker }} rm %n -ExecStart=/usr/bin/docker run --rm --name %n \ +ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ -v /etc/passwd:/etc/passwd:ro \ @@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' TimeoutStartSec=5min -ExecStop=-/usr/bin/docker stop %n -ExecStop=-/usr/bin/docker kill %n -ExecStop=-/usr/bin/docker rm %n -ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }} +ExecStop=-{{ matrix_host_command_docker }} stop %n +ExecStop=-{{ matrix_host_command_docker }} kill %n +ExecStop=-{{ matrix_host_command_docker }} rm %n +ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }} Restart=always RestartSec=5 SyslogIdentifier=matrix-goofys diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index e7b7f1c6..c782aa66 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -11,16 +11,16 @@ Wants={{ service }} [Service] Type=simple -ExecStartPre=-/usr/bin/docker kill matrix-synapse -ExecStartPre=-/usr/bin/docker rm matrix-synapse +ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse +ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse {% if matrix_s3_media_store_enabled %} # Allow for some time before starting, so that media store can mount. # Mounting can happen later too, but if we start writing, # we'd write files to the local filesystem and fusermount will complain. -ExecStartPre=/bin/sleep 3 +ExecStartPre={{ matrix_host_command_sleep }} 3 {% endif %} -ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ @@ -55,9 +55,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ {{ matrix_synapse_docker_image }} \ -m synapse.app.homeserver -c /data/homeserver.yaml -ExecStop=-/usr/bin/docker kill matrix-synapse -ExecStop=-/usr/bin/docker rm matrix-synapse -ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1 +ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse +ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse +ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1 Restart=always RestartSec=30 SyslogIdentifier=matrix-synapse From 6e3b877dc2a2d715beeee891321fa469f9714719 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 22:18:24 +0200 Subject: [PATCH 49/84] Remove hardcoded command paths in playbook shell usage --- roles/matrix-base/defaults/main.yml | 1 + .../matrix-bridge-appservice-discord/tasks/setup_install.yml | 2 +- roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 4 ++-- .../tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 4 ++-- roles/matrix-postgres/tasks/import_postgres.yml | 2 +- roles/matrix-postgres/tasks/run_synapse_janitor.yml | 2 +- roles/matrix-postgres/tasks/run_vacuum.yml | 2 +- roles/matrix-postgres/tasks/upgrade_postgres.yml | 4 ++-- roles/matrix-synapse/tasks/update_user_password.yml | 2 +- 9 files changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index b596b85f..c8ea52c7 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -36,6 +36,7 @@ matrix_host_command_docker: "/usr/bin/env docker" matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" +matrix_host_command_openssl: "/usr/bin/env openssl" matrix_ntpd_package: "ntp" matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index d736fa7c..3678b35b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -60,7 +60,7 @@ # We intentionally suppress Ansible changes. - name: Generate AppService Discord invite link shell: >- - /usr/bin/docker run --rm --name matrix-appservice-discord-link-gen + {{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL -v {{ matrix_appservice_discord_config_path }}:/cfg diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 7206d25e..5e313347 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -58,7 +58,7 @@ register: irc_passkey_file - name: Generate Appservice IRC passkey if it doesn't exist - shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048" become: true become_user: "{{ matrix_user_username }}" when: "not irc_passkey_file.stat.exists" @@ -93,7 +93,7 @@ # to produce a final registration.yaml file, as we desire. - name: Generate Appservice IRC registration-template.yaml shell: >- - /usr/bin/docker run --rm --name matrix-appservice-irc-gen + {{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL -v {{ matrix_appservice_irc_config_path }}:/config:z diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 19500b15..e80b655d 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -16,7 +16,7 @@ # We suppress the error, as we'll try another method below. - name: Attempt initial SSL certificate retrieval with standalone authenticator (directly) shell: >- - /usr/bin/docker run + {{ matrix_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} @@ -43,7 +43,7 @@ # and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`. - name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy) shell: >- - /usr/bin/docker run + {{ matrix_host_command_docker }} run --rm --name=matrix-certbot --user={{ matrix_user_uid }}:{{ matrix_user_gid }} diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index ba237d6a..e58711f1 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -63,7 +63,7 @@ - name: Generate Postgres database import command set_fact: matrix_postgres_import_command: >- - /usr/bin/docker run --rm --name matrix-postgres-import + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} diff --git a/roles/matrix-postgres/tasks/run_synapse_janitor.yml b/roles/matrix-postgres/tasks/run_synapse_janitor.yml index 41484d79..d7f283be 100644 --- a/roles/matrix-postgres/tasks/run_synapse_janitor.yml +++ b/roles/matrix-postgres/tasks/run_synapse_janitor.yml @@ -66,7 +66,7 @@ - name: Generate Postgres database synapse-janitor command set_fact: matrix_postgres_synapse_janitor_command: >- - /usr/bin/docker run --rm --name matrix-postgres-synapse-janitor + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} diff --git a/roles/matrix-postgres/tasks/run_vacuum.yml b/roles/matrix-postgres/tasks/run_vacuum.yml index 3c3292ff..19a27562 100644 --- a/roles/matrix-postgres/tasks/run_vacuum.yml +++ b/roles/matrix-postgres/tasks/run_vacuum.yml @@ -45,7 +45,7 @@ - name: Generate Postgres database vacuum command set_fact: matrix_postgres_vacuum_command: >- - /usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index 8a3886b3..73263695 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -79,7 +79,7 @@ # we need to remove these from the dump, or we'll get errors saying these already exist. - name: Perform Postgres database dump command: >- - /usr/bin/docker run --rm --name matrix-postgres-dump + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --network={{ matrix_docker_network }} --env-file={{ matrix_postgres_base_path }}/env-postgres-psql @@ -123,7 +123,7 @@ - name: Generate Postgres database import command set_fact: matrix_postgres_import_command: >- - /usr/bin/docker run --rm --name matrix-postgres-import + {{ matrix_host_command_docker }} run --rm --name matrix-postgres-import --user={{ matrix_user_uid }}:{{ matrix_user_gid }} --cap-drop=ALL --network={{ matrix_docker_network }} diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 1e86bd49..78136785 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -36,7 +36,7 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" + shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" register: password_hash - name: Update user password hash From 74df10633a295fa4f4402e523e8f4bfea4a95dd8 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 27 May 2020 22:52:51 +0200 Subject: [PATCH 50/84] Remove hardcoded command paths in playbook cron usage --- roles/matrix-base/defaults/main.yml | 1 + roles/matrix-coturn/tasks/setup_coturn.yml | 2 +- roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index c8ea52c7..1aa09800 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -37,6 +37,7 @@ matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" matrix_host_command_openssl: "/usr/bin/env openssl" +matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_ntpd_package: "ntp" matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}" diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 52db0e3e..272a36f2 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -99,7 +99,7 @@ hour: "4" minute: "20" day: "*/5" - job: /bin/systemctl reload matrix-coturn.service + job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service" when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index e6542545..08dc6e58 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -84,7 +84,7 @@ hour: "5" minute: "20" day: "*" - job: /bin/systemctl reload matrix-nginx-proxy.service + job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service" when: matrix_nginx_proxy_enabled|bool when: "matrix_ssl_retrieval_method == 'lets-encrypt'" From 45ba01510dd3a88d8ac1ffb586d0ef5e5a275305 Mon Sep 17 00:00:00 2001 From: tctovsli Date: Thu, 28 May 2020 14:04:37 +0200 Subject: [PATCH 51/84] Synapse v.1.14.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 50d7d824..77397850 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.14.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 8bae39050e8637769d3373f46e231599da070ed6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 28 May 2020 15:23:05 +0300 Subject: [PATCH 52/84] Update settings for Synapse v1.14.0 --- roles/matrix-synapse/defaults/main.yml | 6 +- .../synapse-simple-antispam/setup_install.yml | 13 +- .../matrix-synapse/tasks/validate_config.yml | 1 + .../templates/synapse/homeserver.yaml.j2 | 290 ++++++++++++++++-- .../synapse/systemd/matrix-synapse.service.j2 | 1 - 5 files changed, 273 insertions(+), 38 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 77397850..ef8cca83 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true # Controls the number of events that Synapse caches in memory. matrix_synapse_event_cache_size: "100K" -# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable. +# Controls cache sizes for Synapse. # Raise this to increase cache sizes or lower it to potentially lower memory use. # To learn more, see: # - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram # - https://github.com/matrix-org/synapse/issues/3939 -matrix_synapse_cache_factor: 0.5 +matrix_synapse_caches_global_factor: 0.5 # Controls whether Synapse will federate at all. # Disable this to completely isolate your server from the rest of the Matrix network. @@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5" # # If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime. # If not, you can also control its value manually. -matrix_synapse_spam_checker: ~ +matrix_synapse_spam_checker: [] matrix_synapse_trusted_key_servers: - server_name: "matrix.org" diff --git a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml index 69e55a39..2599e7f1 100644 --- a/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml +++ b/roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml @@ -38,10 +38,15 @@ become_user: "{{ matrix_user_username }}" - set_fact: - matrix_synapse_spam_checker: - module: "synapse_simple_antispam.AntiSpamInvites" - config: - blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}" + matrix_synapse_spam_checker: > + {{ matrix_synapse_spam_checker }} + + + [{ + "module": "synapse_simple_antispam.AntiSpamInvites", + "config": { + "blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }} + } + }] matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index f3a4a869..01368cc8 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -31,3 +31,4 @@ - {'old': 'matrix_synapse_container_expose_client_api_port', 'new': ''} - {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': ''} - {'old': 'matrix_synapse_container_expose_metrics_port', 'new': ''} + - {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e729c733..15b06c87 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -320,22 +320,27 @@ listeners: # Used by phonehome stats to group together related servers. #server_context: context -# Resource-constrained homeserver Settings +# Resource-constrained homeserver settings # -# If limit_remote_rooms.enabled is True, the room complexity will be -# checked before a user joins a new remote room. If it is above -# limit_remote_rooms.complexity, it will disallow joining or -# instantly leave. +# When this is enabled, the room "complexity" will be checked before a user +# joins a new remote room. If it is above the complexity limit, the server will +# disallow joining, or will instantly leave. # -# limit_remote_rooms.complexity_error can be set to customise the text -# displayed to the user when a room above the complexity threshold has -# its join cancelled. +# Room complexity is an arbitrary measure based on factors such as the number of +# users in the room. # -# Uncomment the below lines to enable: -#limit_remote_rooms: -# enabled: True -# complexity: 1.0 -# complexity_error: "This room is too complex." +limit_remote_rooms: + # Uncomment to enable room complexity checking. + # + #enabled: true + + # the limit above which rooms cannot be joined. The default is 1.0. + # + #complexity: 0.5 + + # override the error which is returned when the room is too complex. + # + #complexity_error: "This room is too complex." # Whether to require a user to be in the room to add an alias to it. # Defaults to 'true'. @@ -605,6 +610,50 @@ acme: +## Caching ## + +# Caching can be configured through the following options. +# +# A cache 'factor' is a multiplier that can be applied to each of +# Synapse's caches in order to increase or decrease the maximum +# number of entries that can be stored. + +# The number of events to cache in memory. Not affected by +# caches.global_factor. +# +event_cache_size: "{{ matrix_synapse_event_cache_size }}" + +caches: + # Controls the global cache factor, which is the default cache factor + # for all caches if a specific factor for that cache is not otherwise + # set. + # + # This can also be set by the "SYNAPSE_CACHE_FACTOR" environment + # variable. Setting by environment variable takes priority over + # setting through the config file. + # + # Defaults to 0.5, which will half the size of all caches. + # + global_factor: {{ matrix_synapse_caches_global_factor }} + + # A dictionary of cache name to cache factor for that individual + # cache. Overrides the global cache factor for a given cache. + # + # These can also be set through environment variables comprised + # of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital + # letters and underscores. Setting by environment variable + # takes priority over setting through the config file. + # Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0 + # + # Some caches have '*' and other characters that are not + # alphanumeric or underscores. These caches can be named with or + # without the special characters stripped. For example, to specify + # the cache factor for `*stateGroupCache*` via an environment + # variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`. + # + per_cache_factors: + #get_users_who_share_room_with_user: 2.0 + ## Database ## database: @@ -618,10 +667,6 @@ database: cp_min: 5 cp_max: 10 -# Number of events to cache in memory. -# -event_cache_size: "{{ matrix_synapse_event_cache_size }}" - ## Logging ## @@ -884,25 +929,28 @@ url_preview_accept_language: ## Captcha ## -# See docs/CAPTCHA_SETUP for full details of configuring this. +# See docs/CAPTCHA_SETUP.md for full details of configuring this. -# This homeserver's ReCAPTCHA public key. +# This homeserver's ReCAPTCHA public key. Must be specified if +# enable_registration_captcha is enabled. # #recaptcha_public_key: "YOUR_PUBLIC_KEY" -# This homeserver's ReCAPTCHA private key. +# This homeserver's ReCAPTCHA private key. Must be specified if +# enable_registration_captcha is enabled. # #recaptcha_private_key: "YOUR_PRIVATE_KEY" -# Enables ReCaptcha checks when registering, preventing signup +# Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha -# public/private key. +# public/private key. Defaults to 'false'. # -#enable_registration_captcha: false +#enable_registration_captcha: true # The API endpoint to use for verifying m.login.recaptcha responses. +# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". # -#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" +#recaptcha_siteverify_api: "https://my.recaptcha.site" ## TURN ## @@ -1182,6 +1230,7 @@ metrics_flags: #known_servers: true # Whether or not to report anonymized homeserver usage statistics. +# report_stats: {{ matrix_synapse_report_stats|to_json }} # The endpoint to report the anonymized homeserver usage statistics to. @@ -1448,6 +1497,94 @@ saml2_config: #template_dir: "res/templates" +# Enable OpenID Connect for registration and login. Uses authlib. +# +oidc_config: + # enable OpenID Connect. Defaults to false. + # + #enabled: true + + # use the OIDC discovery mechanism to discover endpoints. Defaults to true. + # + #discover: true + + # the OIDC issuer. Used to validate tokens and discover the providers endpoints. Required. + # + #issuer: "https://accounts.example.com/" + + # oauth2 client id to use. Required. + # + #client_id: "provided-by-your-issuer" + + # oauth2 client secret to use. Required. + # + #client_secret: "provided-by-your-issuer" + + # auth method to use when exchanging the token. + # Valid values are "client_secret_basic" (default), "client_secret_post" and "none". + # + #client_auth_method: "client_secret_basic" + + # list of scopes to ask. This should include the "openid" scope. Defaults to ["openid"]. + # + #scopes: ["openid"] + + # the oauth2 authorization endpoint. Required if provider discovery is disabled. + # + #authorization_endpoint: "https://accounts.example.com/oauth2/auth" + + # the oauth2 token endpoint. Required if provider discovery is disabled. + # + #token_endpoint: "https://accounts.example.com/oauth2/token" + + # the OIDC userinfo endpoint. Required if discovery is disabled and the "openid" scope is not asked. + # + #userinfo_endpoint: "https://accounts.example.com/userinfo" + + # URI where to fetch the JWKS. Required if discovery is disabled and the "openid" scope is used. + # + #jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + + # skip metadata verification. Defaults to false. + # Use this if you are connecting to a provider that is not OpenID Connect compliant. + # Avoid this in production. + # + #skip_verification: false + + + # An external module can be provided here as a custom solution to mapping + # attributes returned from a OIDC provider onto a matrix user. + # + user_mapping_provider: + # The custom module's class. Uncomment to use a custom module. + # Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. + # + #module: mapping_provider.OidcMappingProvider + + # Custom configuration values for the module. Below options are intended + # for the built-in provider, they should be changed if using a custom + # module. This section will be passed as a Python dictionary to the + # module's `parse_config` method. + # + # Below is the config of the default mapping provider, based on Jinja2 + # templates. Those templates are used to render user attributes, where the + # userinfo object is available through the `user` variable. + # + config: + # name of the claim containing a unique identifier for the user. + # Defaults to `sub`, which OpenID Connect compliant providers should provide. + # + #subject_claim: "sub" + + # Jinja2 template for the localpart of the MXID + # + localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}" + + # Jinja2 template for the display name to set on first login. Optional. + # + #display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}" + + # Enable CAS for registration and login. # @@ -1455,10 +1592,96 @@ saml2_config: # enabled: true # server_url: "https://cas-server.com" # service_url: "https://homeserver.domain.com:8448" +# #displayname_attribute: name # #required_attributes: # # name: value +# Additional settings to use with single-sign on systems such as SAML2 and CAS. +# +sso: + # A list of client URLs which are whitelisted so that the user does not + # have to confirm giving access to their account to the URL. Any client + # whose URL starts with an entry in the following list will not be subject + # to an additional confirmation step after the SSO login is completed. + # + # WARNING: An entry such as "https://my.client" is insecure, because it + # will also match "https://my.client.evil.site", exposing your users to + # phishing attacks from evil.site. To avoid this, include a slash after the + # hostname: "https://my.client/". + # + # If public_baseurl is set, then the login fallback page (used by clients + # that don't natively support the required login flows) is whitelisted in + # addition to any URLs in this list. + # + # By default, this list is empty. + # + #client_whitelist: + # - https://riot.im/develop + # - https://my.custom.client/ + + # Directory in which Synapse will try to find the template files below. + # If not set, default templates from within the Synapse package will be used. + # + # DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates. + # If you *do* uncomment it, you will need to make sure that all the templates + # below are in the directory. + # + # Synapse will look for the following templates in this directory: + # + # * HTML page for a confirmation step before redirecting back to the client + # with the login token: 'sso_redirect_confirm.html'. + # + # When rendering, this template is given three variables: + # * redirect_url: the URL the user is about to be redirected to. Needs + # manual escaping (see + # https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). + # + # * display_url: the same as `redirect_url`, but with the query + # parameters stripped. The intention is to have a + # human-readable URL to show to users, not to use it as + # the final address to redirect to. Needs manual escaping + # (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). + # + # * server_name: the homeserver's name. + # + # * HTML page which notifies the user that they are authenticating to confirm + # an operation on their account during the user interactive authentication + # process: 'sso_auth_confirm.html'. + # + # When rendering, this template is given the following variables: + # * redirect_url: the URL the user is about to be redirected to. Needs + # manual escaping (see + # https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping). + # + # * description: the operation which the user is being asked to confirm + # + # * HTML page shown after a successful user interactive authentication session: + # 'sso_auth_success.html'. + # + # Note that this page must include the JavaScript which notifies of a successful authentication + # (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback). + # + # This template has no additional variables. + # + # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database) + # attempts to login: 'sso_account_deactivated.html'. + # + # This template has no additional variables. + # + # * HTML page to display to users if something goes wrong during the + # OpenID Connect authentication process: 'sso_error.html'. + # + # When rendering, this template is given two variables: + # * error: the technical name of the error + # * error_description: a human-readable message for the error + # + # You can see the default templates at: + # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates + # + #template_dir: "res/templates" + + # The JWT needs to contain a globally unique "sub" (subject) claim. # #jwt_config: @@ -1501,8 +1724,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # - # smtp_user: "exampleusername" - # smtp_pass: "examplepassword" + #smtp_user: "exampleusername" + #smtp_pass: "examplepassword" # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to @@ -1681,10 +1904,17 @@ push: include_content: {{ matrix_synapse_push_include_content|to_json }} -#spam_checker: -# module: "my_custom_project.SuperSpamChecker" -# config: -# example_option: 'things' +# Spam checkers are third-party modules that can block specific actions +# of local users, such as creating rooms and registering undesirable +# usernames, as well as remote users by redacting incoming events. +# +# spam_checker: + #- module: "my_custom_project.SuperSpamChecker" + # config: + # example_option: 'things' + #- module: "some_other_project.BadEventStopper" + # config: + # example_stop_events_from: ['@bad:example.com'] spam_checker: {{ matrix_synapse_spam_checker|to_json }} # Uncomment to allow non-server-admin users to create groups on this server diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index e7b7f1c6..874450cf 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ --read-only \ --tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \ --network={{ matrix_docker_network }} \ - -e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \ {% if matrix_synapse_container_client_api_host_bind_port %} -p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \ {% endif %} From 2952b2e7f34abc6414d417768da50643c8cb2c99 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 29 May 2020 10:38:12 +0300 Subject: [PATCH 53/84] Mention pwgen for generating a strong shared secret --- docs/configuring-playbook-shared-secret-auth.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-shared-secret-auth.md b/docs/configuring-playbook-shared-secret-auth.md index 87b151a4..21d1c332 100644 --- a/docs/configuring-playbook-shared-secret-auth.md +++ b/docs/configuring-playbook-shared-secret-auth.md @@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE ``` +You can generate a strong shared secret with a command like this: `pwgen -s 64 1` + ## Authenticating only using a password provider From de1164d0a2d09c272196c27e81e70a20e266082e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 1 Jun 2020 22:32:19 +0300 Subject: [PATCH 54/84] Fix typos and improve wording --- docs/maintenance-upgrading-services.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/maintenance-upgrading-services.md b/docs/maintenance-upgrading-services.md index 8530d8bc..fe289a86 100644 --- a/docs/maintenance-upgrading-services.md +++ b/docs/maintenance-upgrading-services.md @@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org). -To upgrade the services: +To upgrade services: - update your playbook directory (`git pull`), so you'd obtain everything new we've done -- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of +- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of - re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all` - restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start` -**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). +**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql). From 4d8ca303d6bb07ac1d32226cdb642f0333d66761 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Jun 2020 00:22:15 +0300 Subject: [PATCH 55/84] Fix typos --- docs/alternative-architectures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 01f6946f..07510d8a 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -3,7 +3,7 @@ As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is sup To that end add the following variable to your `vars.yaml` file: ``` -matrix_architecture = +matrix_architecture: ``` Currently supported architectures are the following: - `amd64` (the default) @@ -12,7 +12,7 @@ Currently supported architectures are the following: so for the Raspberry Pi the following should be in your `vars.yaml` file: ``` -matrix_architecture = "arm32" +matrix_architecture: "arm32" ``` ## Implementation details From 0b7d6744bfd64b1c6be1131d3d68bd93fba2f9b2 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 2 Jun 2020 08:39:30 +0200 Subject: [PATCH 56/84] added more docs and timeout value --- docs/configuring-playbook-matrix-sms-bridge.md | 6 ++++++ roles/matrix-sms-bridge/defaults/main.yml | 3 +++ .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md index ef2aeb08..00aaecec 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -5,6 +5,8 @@ The playbook can install and configure See the project page to learn what it does and why it might be useful to you. +First you need to ensure, that the bridge has unix read and write rights to your modem. On debian based distributions there is nothing to do. On others distributions you either add a group `dialout` to your host and assign it to your modem or you give the matrix user or group access to your modem. + To enable the bridge just use the following playbook configuration: @@ -16,6 +18,10 @@ matrix_sms_bridge_gammu_modem: "/path/to/modem" matrix_sms_bridge_database_password: "" # (optional) a room id to a default room matrix_sms_bridge_default_room: "" +# (optional) gammu reset frequency (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency) +matrix_sms_bridge_gammu_reset_frequency: 3600 +# (optional) group with unix read and write rights to modem +matrix_sms_bridge_modem_group: 'dialout' ``` diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index faf2b6fc..610b8f46 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -48,6 +48,8 @@ matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' matrix_sms_bridge_gammu_modem: '' +matrix_sms_bridge_modem_group: 'dialout' +matrix_sms_bridge_gammu_reset_frequency: 0 matrix_sms_bridge_configuration_yaml: | @@ -122,6 +124,7 @@ matrix_sms_bridge_gammu_configuration: | InboxFormat = detail OutboxFormat = detail TransmitFormat = auto + ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }} debugLevel = 1 LogFile = /data/log/smsd.log DeliveryReport = log diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 5c3b9544..cf8ab9fe 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -20,7 +20,7 @@ ExecStartPre=/bin/sleep 5 ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --group-add dialout \ + --group-add {{ matrix_sms_bridge_modem_group }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ {% if matrix_sms_bridge_container_http_host_bind_port %} From f383b152da8f0c5fcc68fcbf237fc8054465c41b Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 2 Jun 2020 14:49:55 +0200 Subject: [PATCH 57/84] removed gammu reset frequency because the tty port will change --- docs/configuring-playbook-matrix-sms-bridge.md | 4 +--- roles/matrix-sms-bridge/defaults/main.yml | 3 --- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md index 00aaecec..b3629ce5 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -17,9 +17,7 @@ matrix_sms_bridge_gammu_modem: "/path/to/modem" # generate a secret passwort e.g. with pwgen -s 64 1 matrix_sms_bridge_database_password: "" # (optional) a room id to a default room -matrix_sms_bridge_default_room: "" -# (optional) gammu reset frequency (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency) -matrix_sms_bridge_gammu_reset_frequency: 3600 +matrix_sms_bridge_default_room: "" # (optional) group with unix read and write rights to modem matrix_sms_bridge_modem_group: 'dialout' ``` diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 610b8f46..1e0bfaa3 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -49,8 +49,6 @@ matrix_sms_bridge_default_room: '' matrix_sms_bridge_gammu_modem: '' matrix_sms_bridge_modem_group: 'dialout' -matrix_sms_bridge_gammu_reset_frequency: 0 - matrix_sms_bridge_configuration_yaml: | #jinja2: lstrip_blocks: "True" @@ -124,7 +122,6 @@ matrix_sms_bridge_gammu_configuration: | InboxFormat = detail OutboxFormat = detail TransmitFormat = auto - ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }} debugLevel = 1 LogFile = /data/log/smsd.log DeliveryReport = log From cd179288053b628e7e2962744e1d56094e4902e8 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 2 Jun 2020 14:56:22 +0200 Subject: [PATCH 58/84] revert remove of frequency --- docs/configuring-playbook-matrix-sms-bridge.md | 4 +++- roles/matrix-sms-bridge/defaults/main.yml | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md index b3629ce5..00aaecec 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -17,7 +17,9 @@ matrix_sms_bridge_gammu_modem: "/path/to/modem" # generate a secret passwort e.g. with pwgen -s 64 1 matrix_sms_bridge_database_password: "" # (optional) a room id to a default room -matrix_sms_bridge_default_room: "" +matrix_sms_bridge_default_room: "" +# (optional) gammu reset frequency (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency) +matrix_sms_bridge_gammu_reset_frequency: 3600 # (optional) group with unix read and write rights to modem matrix_sms_bridge_modem_group: 'dialout' ``` diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 1e0bfaa3..610b8f46 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -49,6 +49,8 @@ matrix_sms_bridge_default_room: '' matrix_sms_bridge_gammu_modem: '' matrix_sms_bridge_modem_group: 'dialout' +matrix_sms_bridge_gammu_reset_frequency: 0 + matrix_sms_bridge_configuration_yaml: | #jinja2: lstrip_blocks: "True" @@ -122,6 +124,7 @@ matrix_sms_bridge_gammu_configuration: | InboxFormat = detail OutboxFormat = detail TransmitFormat = auto + ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }} debugLevel = 1 LogFile = /data/log/smsd.log DeliveryReport = log From 2fd8216fbc4d0525da3d65b7abb44e266baca5f9 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 2 Jun 2020 18:27:33 +0200 Subject: [PATCH 59/84] try to fix device reconnect issues --- docs/configuring-playbook-matrix-sms-bridge.md | 4 +++- roles/matrix-sms-bridge/defaults/main.yml | 3 ++- .../templates/systemd/matrix-sms-bridge.service.j2 | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md index 00aaecec..4a486774 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -13,7 +13,7 @@ playbook configuration: ```yaml matrix_sms_bridge_enabled: true -matrix_sms_bridge_gammu_modem: "/path/to/modem" +matrix_sms_bridge_gammu_modem: "/dev/serial/by-id/myDeviceId" # generate a secret passwort e.g. with pwgen -s 64 1 matrix_sms_bridge_database_password: "" # (optional) a room id to a default room @@ -22,6 +22,8 @@ matrix_sms_bridge_default_room: "" matrix_sms_bridge_gammu_reset_frequency: 3600 # (optional) group with unix read and write rights to modem matrix_sms_bridge_modem_group: 'dialout' +# (optional) cgroup major number to allow access to devices, that gets reconnected (e.g. due to reset) +matrix_sms_bridge_cgroup_major_number: '188' ``` diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 610b8f46..0bbdc5a0 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -48,6 +48,7 @@ matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' matrix_sms_bridge_gammu_modem: '' +matrix_sms_bridge_cgroup_major_number: '188' matrix_sms_bridge_modem_group: 'dialout' matrix_sms_bridge_gammu_reset_frequency: 0 @@ -110,7 +111,7 @@ matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_y matrix_sms_bridge_gammu_configuration: | [gammu] - Device = /dev/ttyModem + Device = {{ matrix_sms_bridge_gammu_modem }} LogFile = /data/log/gammu.log debugLevel = 1 diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index cf8ab9fe..bb43a4b8 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -29,7 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ - --device {{ matrix_sms_bridge_gammu_modem }}:/dev/ttyModem \ + --device-cgroup-rule='c {{ matrix_sms_bridge_cgroup_major_number }}:* rmw' \ + --device {{ matrix_sms_bridge_gammu_modem }}:{{ matrix_sms_bridge_gammu_modem }} \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From 26846a5f6c4e9293dede8001f20828e2be227125 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Tue, 2 Jun 2020 22:04:52 +0200 Subject: [PATCH 60/84] try privileged way --- docs/configuring-playbook-matrix-sms-bridge.md | 2 -- roles/matrix-sms-bridge/defaults/main.yml | 1 - .../templates/systemd/matrix-sms-bridge.service.j2 | 4 ++-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-sms-bridge.md index 4a486774..31a85228 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-sms-bridge.md @@ -22,8 +22,6 @@ matrix_sms_bridge_default_room: "" matrix_sms_bridge_gammu_reset_frequency: 3600 # (optional) group with unix read and write rights to modem matrix_sms_bridge_modem_group: 'dialout' -# (optional) cgroup major number to allow access to devices, that gets reconnected (e.g. due to reset) -matrix_sms_bridge_cgroup_major_number: '188' ``` diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 0bbdc5a0..6465a9d4 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -48,7 +48,6 @@ matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}" matrix_sms_bridge_default_room: '' matrix_sms_bridge_gammu_modem: '' -matrix_sms_bridge_cgroup_major_number: '188' matrix_sms_bridge_modem_group: 'dialout' matrix_sms_bridge_gammu_reset_frequency: 0 diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index bb43a4b8..f0634dbe 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_config_path }}:/config:z \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ - --device-cgroup-rule='c {{ matrix_sms_bridge_cgroup_major_number }}:* rmw' \ - --device {{ matrix_sms_bridge_gammu_modem }}:{{ matrix_sms_bridge_gammu_modem }} \ + --privileged \ + -v /dev:/dev \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From 5da31ba57989e5cc97a3fa1c57849daa55ec80d2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Jun 2020 09:33:28 +0300 Subject: [PATCH 61/84] Move configuration templates outside of defaults/main.yml files --- .../defaults/main.yml | 95 +---- .../templates/config.yaml.j2 | 93 ++++ .../defaults/main.yml | 136 +----- .../templates/config.yaml.j2 | 134 ++++++ .../defaults/main.yml | 16 +- .../templates/config.yaml.j2 | 14 + .../defaults/main.yml | 30 +- .../templates/config.yaml.j2 | 28 ++ .../defaults/main.yml | 159 +------ .../templates/config.yaml.j2 | 157 +++++++ .../defaults/main.yml | 147 +------ .../templates/config.yaml.j2 | 145 +++++++ .../defaults/main.yml | 400 +----------------- .../templates/config.yaml.j2 | 397 +++++++++++++++++ .../defaults/main.yml | 170 +------- .../templates/config.yaml.j2 | 169 ++++++++ .../defaults/main.yml | 140 +----- .../templates/config.yaml.j2 | 138 ++++++ .../defaults/main.yml | 94 +--- .../templates/config.yaml.j2 | 92 ++++ roles/matrix-dimension/defaults/main.yml | 84 +--- .../matrix-dimension/templates/config.yaml.j2 | 81 ++++ roles/matrix-ma1sd/defaults/main.yml | 71 +--- roles/matrix-ma1sd/templates/ma1sd.yaml.j2 | 69 +++ 24 files changed, 1529 insertions(+), 1530 deletions(-) create mode 100644 roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 create mode 100644 roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 create mode 100644 roles/matrix-dimension/templates/config.yaml.j2 create mode 100644 roles/matrix-ma1sd/templates/ma1sd.yaml.j2 diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 0192f97d..97ad8e89 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}" matrix_appservice_discord_bridge_disablePresence: false matrix_appservice_discord_bridge_enableSelfServiceBridging: false -matrix_appservice_discord_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - bridge: - # Domain part of the bridge, e.g. matrix.org - domain: {{ matrix_appservice_discord_bridge_domain }} - # This should be your publically facing URL because Discord may use it to - # fetch media from the media store. - homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }} - # Interval at which to process users in the 'presence queue'. If you have - # 5 users, one user will be processed every 500 milliseconds according to the - # value below. This has a minimum value of 250. - # WARNING: This has a high chance of spamming the homeserver with presence - # updates since it will send one each time somebody changes state or is online. - presenceInterval: 500 - # Disable setting presence for 'ghost users' which means Discord users on Matrix - # will not be shown as away or online. - disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} - # Disable sending typing notifications when somebody on Discord types. - disableTypingNotifications: false - # Disable deleting messages on Discord if a message is redacted on Matrix. - disableDeletionForwarding: false - # Enable users to bridge rooms using !discord commands. See - # https://t2bot.io/discord for instructions. - enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} - # Disable sending of read receipts for Matrix events which have been - # successfully bridged to Discord. - disableReadReceipts: false - # Disable Join Leave echos from matrix - disableJoinLeaveNotifications: false - # Authentication configuration for the discord bot. - auth: - clientID: {{ matrix_appservice_discord_client_id|string|to_json }} - botToken: {{ matrix_appservice_discord_bot_token }} - logging: - # What level should the logger output to the console at. - console: "warn" #silly, verbose, info, http, warn, error, silent - lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format - # files: - # - file: "debug.log" - # disable: - # - "PresenceHandler" # Will not capture presence logging - # - file: "warn.log" # Will capture warnings - # level: "warn" - # - file: "botlogs.log" # Will capture logs from DiscordBot - # level: "info" - # enable: - # - "DiscordBot" - database: - userStorePath: "/data/user-store.db" - roomStorePath: "/data/room-store.db" - # You may either use SQLite or Postgresql for the bridge database, which contains - # important mappings for events and user puppeting configurations. - # Use the filename option for SQLite, or connString for Postgresql. - # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite - # WARNING: You will almost certainly be fine with sqlite unless your bridge - # is in heavy demand and you suffer from IO slowness. - filename: "/data/discord.db" - # connString: "postgresql://user:password@localhost/database_name" - room: - # Set the default visibility of alias rooms, defaults to "public". - # One of: "public", "private" - defaultVisibility: "public" - channel: - # Pattern of the name given to bridged rooms. - # Can use :guild for the guild name and :name for the channel name. - namePattern: "[Discord] :guild :name" - # Changes made to rooms when a channel is deleted. - deleteOptions: - # Prefix the room name with a string. - #namePrefix: "[Deleted]" - # Prefix the room topic with a string. - #topicPrefix: "This room has been deleted" - # Disable people from talking in the room by raising the event PL to 50 - disableMessaging: false - # Remove the discord alias from the room. - unsetRoomAlias: true - # Remove the room from the directory. - unlistFromDirectory: true - # Set the room to be unavaliable for joining without an invite. - setInviteOnly: true - # Make all the discord users leave the room. - ghostsLeave: true - limits: - # Delay in milliseconds between discord users joining a room. - roomGhostJoinDelay: 6000 - # Delay in milliseconds before sending messages to discord to avoid echos. - # (Copies of a sent message may arrive from discord before we've - # fininished handling it, causing us to echo it back to the room) - discordSendDelay: 750 - ghosts: - # Pattern for the ghosts nick, available is :nick, :username, :tag and :id - nickPattern: ":nick" - # Pattern for the ghosts username, available is :username, :tag and :id - usernamePattern: ":username#:tag" +matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_appservice_discord_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 new file mode 100644 index 00000000..e91c60de --- /dev/null +++ b/roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 @@ -0,0 +1,93 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Domain part of the bridge, e.g. matrix.org + domain: {{ matrix_appservice_discord_bridge_domain }} + # This should be your publically facing URL because Discord may use it to + # fetch media from the media store. + homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }} + # Interval at which to process users in the 'presence queue'. If you have + # 5 users, one user will be processed every 500 milliseconds according to the + # value below. This has a minimum value of 250. + # WARNING: This has a high chance of spamming the homeserver with presence + # updates since it will send one each time somebody changes state or is online. + presenceInterval: 500 + # Disable setting presence for 'ghost users' which means Discord users on Matrix + # will not be shown as away or online. + disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }} + # Disable sending typing notifications when somebody on Discord types. + disableTypingNotifications: false + # Disable deleting messages on Discord if a message is redacted on Matrix. + disableDeletionForwarding: false + # Enable users to bridge rooms using !discord commands. See + # https://t2bot.io/discord for instructions. + enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }} + # Disable sending of read receipts for Matrix events which have been + # successfully bridged to Discord. + disableReadReceipts: false + # Disable Join Leave echos from matrix + disableJoinLeaveNotifications: false +# Authentication configuration for the discord bot. +auth: + clientID: {{ matrix_appservice_discord_client_id|string|to_json }} + botToken: {{ matrix_appservice_discord_bot_token }} +logging: + # What level should the logger output to the console at. + console: "warn" #silly, verbose, info, http, warn, error, silent + lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format + # files: + # - file: "debug.log" + # disable: + # - "PresenceHandler" # Will not capture presence logging + # - file: "warn.log" # Will capture warnings + # level: "warn" + # - file: "botlogs.log" # Will capture logs from DiscordBot + # level: "info" + # enable: + # - "DiscordBot" +database: + userStorePath: "/data/user-store.db" + roomStorePath: "/data/room-store.db" + # You may either use SQLite or Postgresql for the bridge database, which contains + # important mappings for events and user puppeting configurations. + # Use the filename option for SQLite, or connString for Postgresql. + # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite + # WARNING: You will almost certainly be fine with sqlite unless your bridge + # is in heavy demand and you suffer from IO slowness. + filename: "/data/discord.db" + # connString: "postgresql://user:password@localhost/database_name" +room: + # Set the default visibility of alias rooms, defaults to "public". + # One of: "public", "private" + defaultVisibility: "public" +channel: + # Pattern of the name given to bridged rooms. + # Can use :guild for the guild name and :name for the channel name. + namePattern: "[Discord] :guild :name" + # Changes made to rooms when a channel is deleted. + deleteOptions: + # Prefix the room name with a string. + #namePrefix: "[Deleted]" + # Prefix the room topic with a string. + #topicPrefix: "This room has been deleted" + # Disable people from talking in the room by raising the event PL to 50 + disableMessaging: false + # Remove the discord alias from the room. + unsetRoomAlias: true + # Remove the room from the directory. + unlistFromDirectory: true + # Set the room to be unavaliable for joining without an invite. + setInviteOnly: true + # Make all the discord users leave the room. + ghostsLeave: true +limits: + # Delay in milliseconds between discord users joining a room. + roomGhostJoinDelay: 6000 + # Delay in milliseconds before sending messages to discord to avoid echos. + # (Copies of a sent message may arrive from discord before we've + # fininished handling it, causing us to echo it back to the room) + discordSendDelay: 750 +ghosts: + # Pattern for the ghosts nick, available is :nick, :username, :tag and :id + nickPattern: ":nick" + # Pattern for the ghosts username, available is :username, :tag and :id + usernamePattern: ":username#:tag" diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 819691f6..2cbb3e5f 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: [] matrix_appservice_irc_appservice_token: '' matrix_appservice_irc_homeserver_token: '' -matrix_appservice_irc_configuration_yaml: | - #jinja2: lstrip_blocks: True - homeserver: - # The URL to the home server for client-server API calls, also used to form the - # media URLs as displayed in bridged IRC channels: - url: {{ matrix_appservice_irc_homeserver_url }} - # - # The URL of the homeserver hosting media files. This is only used to transform - # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By - # default, this is the homeserver URL, specified above. - # - media_url: {{ matrix_appservice_irc_homeserver_media_url }} - - # Drop Matrix messages which are older than this number of seconds, according to - # the event's origin_server_ts. - # If the bridge is down for a while, the homeserver will attempt to send all missed - # events on reconnection. These events may be hours old, which can be confusing to - # IRC users if they are then bridged. This option allows these old messages to be - # dropped. - # CAUTION: This is a very coarse heuristic. Federated homeservers may have different - # clock times and hence produce different origin_server_ts values, which may be old - # enough to cause *all* events from the homeserver to be dropped. - # Default: 0 (don't ever drop) - # dropMatrixMessagesAfterSecs: 300 # 5 minutes - - # The 'domain' part for user IDs on this home server. Usually (but not always) - # is the "domain name" part of the HS URL. - domain: {{ matrix_appservice_irc_homeserver_domain }} - - # Should presence be enabled for matrix clients on this bridge. If disabled on the - # homeserver then it should also be disabled here to avoid excess traffic. - # Default: true - enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} - - ircService: - # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot - # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in - # the database. - # - # To generate a .pem file: - # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 - # - # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords - # for storage in the database. Passwords are stored by using the admin room command - # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of - # the Matrix user, this password will be sent as the server password (PASS command). - passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification - - # Config for Matrix -> IRC bridging - matrixHandler: - # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). - eventCacheSize: 4096 - - servers: {{ matrix_appservice_irc_ircService_servers|to_json }} - - # Configuration for an ident server. If you are running a public bridge it is - # advised you setup an ident server so IRC mods can ban specific matrix users - # rather than the application service itself. - ident: - # True to listen for Ident requests and respond with the - # matrix user's user_id (converted to ASCII, respecting RFC 1413). - # Default: false. - enabled: false - # The port to listen on for incoming ident requests. - # Ports below 1024 require root to listen on, and you may not want this to - # run as root. Instead, you can get something like an Apache to yank up - # incoming requests to 113 to a high numbered port. Set the port to listen - # on instead of 113 here. - # Default: 113. - port: 1113 - # The address to listen on for incoming ident requests. - # Default: 0.0.0.0 - address: "::" - - # Configuration for logging. Optional. Default: console debug level logging - # only. - logging: - # Level to log on console/logfile. One of error|warn|info|debug - level: "debug" - # The file location to log to. This is relative to the project directory. - #logfile: "debug.log" - # The file location to log errors to. This is relative to the project - # directory. - #errfile: "errors.log" - # Whether to log to the console or not. - toConsole: true - # The max number of files to keep. Files will be overwritten eventually due - # to rotations. - maxFiles: 5 - - # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: - # $ npm install prom-client@6.3.0 - # Metrics will then be available via GET /metrics on the bridge listening port (-p). - metrics: - # Whether to actually enable the metric endpoint. Default: false - enabled: true - # When collecting remote user active times, which "buckets" should be used. Defaults are given below. - # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). - remoteUserAgeBuckets: - - "1h" - - "1d" - - "1w" - - # Configuration for the provisioning API. - # - # GET /_matrix/provision/link - # GET /_matrix/provision/unlink - # GET /_matrix/provision/listlinks - # - provisioning: - # True to enable the provisioning HTTP endpoint. Default: false. - enabled: false - # The number of seconds to wait before giving up on getting a response from - # an IRC channel operator. If the channel operator does not respond within the - # allotted time period, the provisioning request will fail. - # Default: 300 seconds (5 mins) - requestTimeoutSeconds: 300 - - # Options here are generally only applicable to large-scale bridges and may have - # consequences greater than other options in this configuration file. - advanced: - # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited - # however for large bridges it is important to rate limit the bridge to avoid - # accidentally overloading the homeserver. Defaults to 1000, which should be - # enough for the vast majority of use cases. - maxHttpSockets: 1000 - - # Use an external database to store bridge state. - database: - # database engine (must be 'postgres' or 'nedb'). Default: nedb - engine: "nedb" - # Either a PostgreSQL connection string, or a path to the NeDB storage directory. - # For postgres, it must start with postgres:// - # For NeDB, it must start with nedb://. The path is relative to the project directory. - connectionString: "nedb:///data" +matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_appservice_irc_configuration_extension_yaml: | # Your custom YAML configuration for Appservice IRC servers goes here. diff --git a/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 new file mode 100644 index 00000000..3daa1898 --- /dev/null +++ b/roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 @@ -0,0 +1,134 @@ +#jinja2: lstrip_blocks: True +homeserver: + # The URL to the home server for client-server API calls, also used to form the + # media URLs as displayed in bridged IRC channels: + url: {{ matrix_appservice_irc_homeserver_url }} + # + # The URL of the homeserver hosting media files. This is only used to transform + # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By + # default, this is the homeserver URL, specified above. + # + media_url: {{ matrix_appservice_irc_homeserver_media_url }} + + # Drop Matrix messages which are older than this number of seconds, according to + # the event's origin_server_ts. + # If the bridge is down for a while, the homeserver will attempt to send all missed + # events on reconnection. These events may be hours old, which can be confusing to + # IRC users if they are then bridged. This option allows these old messages to be + # dropped. + # CAUTION: This is a very coarse heuristic. Federated homeservers may have different + # clock times and hence produce different origin_server_ts values, which may be old + # enough to cause *all* events from the homeserver to be dropped. + # Default: 0 (don't ever drop) + # dropMatrixMessagesAfterSecs: 300 # 5 minutes + + # The 'domain' part for user IDs on this home server. Usually (but not always) + # is the "domain name" part of the HS URL. + domain: {{ matrix_appservice_irc_homeserver_domain }} + + # Should presence be enabled for matrix clients on this bridge. If disabled on the + # homeserver then it should also be disabled here to avoid excess traffic. + # Default: true + enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} + +ircService: + # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot + # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in + # the database. + # + # To generate a .pem file: + # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + # + # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords + # for storage in the database. Passwords are stored by using the admin room command + # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of + # the Matrix user, this password will be sent as the server password (PASS command). + passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification + + # Config for Matrix -> IRC bridging + matrixHandler: + # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). + eventCacheSize: 4096 + + servers: {{ matrix_appservice_irc_ircService_servers|to_json }} + + # Configuration for an ident server. If you are running a public bridge it is + # advised you setup an ident server so IRC mods can ban specific matrix users + # rather than the application service itself. + ident: + # True to listen for Ident requests and respond with the + # matrix user's user_id (converted to ASCII, respecting RFC 1413). + # Default: false. + enabled: false + # The port to listen on for incoming ident requests. + # Ports below 1024 require root to listen on, and you may not want this to + # run as root. Instead, you can get something like an Apache to yank up + # incoming requests to 113 to a high numbered port. Set the port to listen + # on instead of 113 here. + # Default: 113. + port: 1113 + # The address to listen on for incoming ident requests. + # Default: 0.0.0.0 + address: "::" + + # Configuration for logging. Optional. Default: console debug level logging + # only. + logging: + # Level to log on console/logfile. One of error|warn|info|debug + level: "debug" + # The file location to log to. This is relative to the project directory. + #logfile: "debug.log" + # The file location to log errors to. This is relative to the project + # directory. + #errfile: "errors.log" + # Whether to log to the console or not. + toConsole: true + # The max number of files to keep. Files will be overwritten eventually due + # to rotations. + maxFiles: 5 + + # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: + # $ npm install prom-client@6.3.0 + # Metrics will then be available via GET /metrics on the bridge listening port (-p). + metrics: + # Whether to actually enable the metric endpoint. Default: false + enabled: true + # When collecting remote user active times, which "buckets" should be used. Defaults are given below. + # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). + remoteUserAgeBuckets: + - "1h" + - "1d" + - "1w" + + # Configuration for the provisioning API. + # + # GET /_matrix/provision/link + # GET /_matrix/provision/unlink + # GET /_matrix/provision/listlinks + # + provisioning: + # True to enable the provisioning HTTP endpoint. Default: false. + enabled: false + # The number of seconds to wait before giving up on getting a response from + # an IRC channel operator. If the channel operator does not respond within the + # allotted time period, the provisioning request will fail. + # Default: 300 seconds (5 mins) + requestTimeoutSeconds: 300 + +# Options here are generally only applicable to large-scale bridges and may have +# consequences greater than other options in this configuration file. +advanced: + # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited + # however for large bridges it is important to rate limit the bridge to avoid + # accidentally overloading the homeserver. Defaults to 1000, which should be + # enough for the vast majority of use cases. + maxHttpSockets: 1000 + +# Use an external database to store bridge state. +database: + # database engine (must be 'postgres' or 'nedb'). Default: nedb + engine: "nedb" + # Either a PostgreSQL connection string, or a path to the NeDB storage directory. + # For postgres, it must start with postgres:// + # For NeDB, it must start with nedb://. The path is relative to the project directory. + connectionString: "nedb:///data" diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index d68c1178..58dde6a0 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: '' matrix_appservice_slack_homeserver_token: '' matrix_appservice_slack_id_token: '' -matrix_appservice_slack_configuration_yaml: | - slack_hook_port: {{ matrix_appservice_slack_slack_port }} - inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}" - bot_username: "{{ matrix_appservice_slack_bot_name }}" - username_prefix: {{ matrix_appservice_slack_user_prefix }} - - homeserver: - media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" - url: "{{ matrix_appservice_slack_homeserver_url }}" - server_name: "{{ matrix_domain }}" - - dbdir: "/data" - - matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}" - +matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_appservice_slack_configuration_extension_yaml: | #slack_hook_port: 9898 diff --git a/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 new file mode 100644 index 00000000..8f48d317 --- /dev/null +++ b/roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 @@ -0,0 +1,14 @@ +#jinja2: lstrip_blocks: True +slack_hook_port: {{ matrix_appservice_slack_slack_port }} +inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}" +bot_username: "{{ matrix_appservice_slack_bot_name }}" +username_prefix: {{ matrix_appservice_slack_user_prefix }} + +homeserver: + media_url: "{{ matrix_appservice_slack_homeserver_media_url }}" + url: "{{ matrix_appservice_slack_homeserver_url }}" + server_name: "{{ matrix_domain }}" + +dbdir: "/data" + +matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}" diff --git a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml index 1b2c9940..0fb5abbc 100644 --- a/roles/matrix-bridge-appservice-webhooks/defaults/main.yml +++ b/roles/matrix-bridge-appservice-webhooks/defaults/main.yml @@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: '' # Logging information (info and verbose is available) default is: info matrix_appservice_webhooks_log_level: 'info' -matrix_appservice_webhooks_configuration_yaml: | - - # Configuration specific to the application service. All fields (unless otherwise marked) are required. - homeserver: - # The domain for the client-server API calls. - url: "{{ matrix_appservice_webhooks_homeserver_url }}" - - # The domain part for user IDs on this home server. Usually, but not always, this is the same as the - # home server's URL. - domain: "{{ matrix_domain }}" - - # Configuration specific to the bridge. All fields (unless otherwise marked) are required. - webhookBot: - # The localpart to use for the bot. May require re-registering the application service. - localpart: "_webhook" - - # Provisioning API options - provisioning: - # Your secret for the API. Required for all provisioning API requests. - secret: '{{ matrix_appservice_webhooks_api_secret }}' - - # Configuration related to the web portion of the bridge. Handles the inbound webhooks - web: - hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}" - - logging: - console: true - consoleLevel: {{ matrix_appservice_webhooks_log_level }} - writeFiles: false +matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_appservice_webhooks_configuration_extension_yaml: | # diff --git a/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 new file mode 100644 index 00000000..49751624 --- /dev/null +++ b/roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 @@ -0,0 +1,28 @@ +#jinja2: lstrip_blocks: True +# Configuration specific to the application service. All fields (unless otherwise marked) are required. +homeserver: + # The domain for the client-server API calls. + url: "{{ matrix_appservice_webhooks_homeserver_url }}" + + # The domain part for user IDs on this home server. Usually, but not always, this is the same as the + # home server's URL. + domain: "{{ matrix_domain }}" + +# Configuration specific to the bridge. All fields (unless otherwise marked) are required. +webhookBot: + # The localpart to use for the bot. May require re-registering the application service. + localpart: "_webhook" + +# Provisioning API options +provisioning: + # Your secret for the API. Required for all provisioning API requests. + secret: '{{ matrix_appservice_webhooks_api_secret }}' + +# Configuration related to the web portion of the bridge. Handles the inbound webhooks +web: + hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}" + +logging: + console: true + consoleLevel: {{ matrix_appservice_webhooks_log_level }} + writeFiles: false diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 2f737afd..610bcc11 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -38,164 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: '' # # For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mautrix_facebook_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - # Homeserver details - homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_facebook_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_facebook_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - - # Application service host/registration related details - # Changing these values requires regeneration of the registration. - appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_facebook_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 29319 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: sqlite:////data/mautrix-facebook.db - - # Public part of web server for out-of-Matrix interaction with the bridge. - public: - # Whether or not the public-facing endpoints should be enabled. - enabled: false - # The prefix to use in the public-facing endpoints. - prefix: /public - # The base URL where the public-facing endpoints are available. The prefix is not added - # implicitly. - external: https://example.com/public - - # The unique ID of this appservice. - id: facebook - # Username of the appservice bot. - bot_username: facebookbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Facebook bridge bot - bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_facebook_appservice_token }}" - hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" - - # Bridge config - bridge: - # Localpart template of MXIDs for Facebook users. - # {userid} is replaced with the user ID of the Facebook user. - username_template: "facebook_{userid}" - # Localpart template for per-user room grouping community IDs. - # The bridge will create these communities and add all of the specific user's portals to the community. - # {localpart} is the MXID localpart and {server} is the MXID server part of the user. - # - # `facebook_{localpart}={server}` is a good value. - community_template: null - # Displayname template for Facebook users. - # {displayname} is replaced with the display name of the Facebook user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: '{displayname} (FB)' - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" - - # Number of chats to sync (and create portals for) on startup/login. - # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 10 - # Whether or not the Facebook users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Facebook account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }} - # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast - # presence, but then it won't send other users' presence to the client. - presence: true - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - - # Whether or not the bridge should send a read receipt from the bridge bot when a message has - # been sent to Facebook. - delivery_receipts: false - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_facebook_homeserver_domain }}': user - - # Python logging configuration. - # - # See section 16.7.2 of the Python documentation for more info: - # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema - logging: - version: 1 - formatters: - colored: - (): mautrix_facebook.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - fbchat: - level: DEBUG - hbmqtt: - level: INFO - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] +matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mautrix_facebook_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 new file mode 100644 index 00000000..887f3df8 --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -0,0 +1,157 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_facebook_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_facebook_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_facebook_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 29319 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: sqlite:////data/mautrix-facebook.db + + # Public part of web server for out-of-Matrix interaction with the bridge. + public: + # Whether or not the public-facing endpoints should be enabled. + enabled: false + # The prefix to use in the public-facing endpoints. + prefix: /public + # The base URL where the public-facing endpoints are available. The prefix is not added + # implicitly. + external: https://example.com/public + + # The unique ID of this appservice. + id: facebook + # Username of the appservice bot. + bot_username: facebookbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Facebook bridge bot + bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv + + # Authentication tokens for AS <-> HS communication. + as_token: "{{ matrix_mautrix_facebook_appservice_token }}" + hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Facebook users. + # {userid} is replaced with the user ID of the Facebook user. + username_template: "facebook_{userid}" + # Localpart template for per-user room grouping community IDs. + # The bridge will create these communities and add all of the specific user's portals to the community. + # {localpart} is the MXID localpart and {server} is the MXID server part of the user. + # + # `facebook_{localpart}={server}` is a good value. + community_template: null + # Displayname template for Facebook users. + # {displayname} is replaced with the display name of the Facebook user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: '{displayname} (FB)' + # Available keys: + # "name" (full name) + # "first_name" + # "last_name" + # "nickname" + # "own_nickname" (user-specific!) + displayname_preference: + - name + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!fb" + + # Number of chats to sync (and create portals for) on startup/login. + # Maximum 20, set 0 to disable automatic syncing. + initial_chat_sync: 10 + # Whether or not the Facebook users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications when using + # your own Matrix account as the Matrix puppet for your Facebook account. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }} + # Whether or not to bridge presence in both directions. Facebook allows users not to broadcast + # presence, but then it won't send other users' presence to the client. + presence: true + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to Facebook. + delivery_receipts: false + + # Permissions for using the bridge. + # Permitted values: + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + '{{ matrix_mautrix_facebook_homeserver_domain }}': user + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): mautrix_facebook.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + fbchat: + level: DEBUG + hbmqtt: + level: INFO + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 8de4576f..31f4fe98 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: '' # # For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mautrix_hangouts_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - # Homeserver details - homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_hangouts_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_hangouts_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - - # Application service host/registration related details - # Changing these values requires regeneration of the registration. - appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_hangouts_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: sqlite:////data/mautrix-hangouts.db - - # The unique ID of this appservice. - id: hangouts - # Username of the appservice bot. - bot_username: hangoutsbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Hangouts bridge bot - bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" - hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" - - # Bridge config - bridge: - # Localpart template of MXIDs for Hangouts users. - # {userid} is replaced with the user ID of the Hangouts user. - username_template: "hangouts_{userid}" - # Displayname template for Hangouts users. - # {displayname} is replaced with the display name of the Hangouts user - # as defined below in displayname_preference. - # Keys available for displayname_preference are also available here. - displayname_template: '{full_name} (Hangouts)' - # Available keys: - # "name" (full name) - # "first_name" - # "last_name" - # "nickname" - # "own_nickname" (user-specific!) - displayname_preference: - - name - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" - - # Number of chats to sync (and create portals for) on startup/login. - # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 20 - # Whether or not the Hangouts users of logged in Matrix users should be - # invited to private chats when the user sends a message from another client. - invite_own_puppet_to_pm: false - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Hangouts account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} - # Whether or not to update avatars when syncing all contacts at startup. - update_avatar_initial_sync: true - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - - # Public website and API configs - web: - # Auth server config - auth: - # Publicly accessible base URL for the login endpoints. - # The prefix below is not implicitly added. This URL and all subpaths should be proxied - # or otherwise pointed to the appservice's webserver to the path specified below (prefix). - # This path should usually include a trailing slash. - # Internal prefix in the appservice web server for the login endpoints. - public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" - prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" - - - # Permissions for using the bridge. - # Permitted values: - # user - Use the bridge with puppeting. - # admin - Use and administrate the bridge. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - - # Python logging configuration. - # - # See section 16.7.2 of the Python documentation for more info: - # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema - logging: - version: 1 - formatters: - colored: - (): mautrix_hangouts.util.ColorFormatter - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - normal: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: colored - loggers: - mau: - level: DEBUG - hangups: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] +matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mautrix_hangouts_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 new file mode 100644 index 00000000..f274b203 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -0,0 +1,145 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_hangouts_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_hangouts_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_hangouts_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: sqlite:////data/mautrix-hangouts.db + + # The unique ID of this appservice. + id: hangouts + # Username of the appservice bot. + bot_username: hangoutsbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Hangouts bridge bot + bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy + + # Authentication tokens for AS <-> HS communication. + as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" + hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Hangouts users. + # {userid} is replaced with the user ID of the Hangouts user. + username_template: "hangouts_{userid}" + # Displayname template for Hangouts users. + # {displayname} is replaced with the display name of the Hangouts user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: '{full_name} (Hangouts)' + # Available keys: + # "name" (full name) + # "first_name" + # "last_name" + # "nickname" + # "own_nickname" (user-specific!) + displayname_preference: + - name + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!HO" + + # Number of chats to sync (and create portals for) on startup/login. + # Maximum 20, set 0 to disable automatic syncing. + initial_chat_sync: 20 + # Whether or not the Hangouts users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications when using + # your own Matrix account as the Matrix puppet for your Hangouts account. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + + # Public website and API configs + web: + # Auth server config + auth: + # Publicly accessible base URL for the login endpoints. + # The prefix below is not implicitly added. This URL and all subpaths should be proxied + # or otherwise pointed to the appservice's webserver to the path specified below (prefix). + # This path should usually include a trailing slash. + # Internal prefix in the appservice web server for the login endpoints. + public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" + prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" + + + # Permissions for using the bridge. + # Permitted values: + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): mautrix_hangouts.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + hangups: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 1e77eb02..d3990b68 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: '' # # For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mautrix_telegram_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - # Homeserver details - homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_telegram_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_telegram_homeserver_domain }} - # Whether or not to verify the SSL certificate of the homeserver. - # Only applies if address starts with https:// - verify_ssl: true - - # Application service host/registration related details - # Changing these values requires regeneration of the registration. - appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_telegram_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - # The maximum body size of appservice API requests (from the homeserver) in mebibytes - # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s - max_body_size: 1 - - # The full URI to the database. SQLite and Postgres are fully supported. - # Other DBMSes supported by SQLAlchemy may or may not work. - # Format examples: - # SQLite: sqlite:///filename.db - # Postgres: postgres://username:password@hostname/dbname - database: sqlite:////data/mautrix-telegram.db - - # Public part of web server for out-of-Matrix interaction with the bridge. - # Used for things like login if the user wants to make sure the 2FA password isn't stored in - # the HS database. - public: - # Whether or not the public-facing endpoints should be enabled. - enabled: true - # The prefix to use in the public-facing endpoints. - prefix: {{ matrix_mautrix_telegram_public_endpoint }} - # The base URL where the public-facing endpoints are available. The prefix is not added - # implicitly. - external: {{ matrix_mautrix_telegram_appservice_public_external }} - - # Provisioning API part of the web server for automated portal creation and fetching information. - # Used by things like Dimension (https://dimension.t2bot.io/). - provisioning: - # Whether or not the provisioning API should be enabled. - enabled: false - # The prefix to use in the provisioning API endpoints. - prefix: /_matrix/provision/v1 - # The shared secret to authorize users of the API. - # Set to "generate" to generate and save a new token. - shared_secret: generate - - # The unique ID of this appservice. - id: telegram - # Username of the appservice bot. - bot_username: telegrambot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - bot_displayname: Telegram bridge bot - bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX - - # Authentication tokens for AS <-> HS communication. - as_token: "{{ matrix_mautrix_telegram_appservice_token }}" - hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}" - - # Bridge config - bridge: - # Localpart template of MXIDs for Telegram users. - # {userid} is replaced with the user ID of the Telegram user. - username_template: "telegram_{userid}" - # Localpart template of room aliases for Telegram portal rooms. - # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) - alias_template: "telegram_{groupname}" - # Displayname template for Telegram users. - # {displayname} is replaced with the display name of the Telegram user. - displayname_template: "{displayname} (Telegram)" - - # Set the preferred order of user identifiers which to use in the Matrix puppet display name. - # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user - # ID is used. - # - # If the bridge is working properly, a phone number or an username should always be known, but - # the other one can very well be empty. - # - # Valid keys: - # "full name" (First and/or last name) - # "full name reversed" (Last and/or first name) - # "first name" - # "last name" - # "username" - # "phone number" - displayname_preference: - - full name - - username - - phone number - # Maximum length of displayname - displayname_max_length: 100 - - # Maximum number of members to sync per portal when starting up. Other members will be - # synced when they send messages. The maximum is 10000, after which the Telegram server - # will not send any more members. - # Defaults to no local limit (-> limited to 10000 by server) - max_initial_member_sync: -1 - # Whether or not to sync the member list in channels. - # If no channel admins have logged into the bridge, the bridge won't be able to sync the member - # list regardless of this setting. - sync_channel_members: true - # Whether or not to skip deleted members when syncing members. - skip_deleted_members: true - # Whether or not to automatically synchronize contacts and chats of Matrix users logged into - # their Telegram account at startup. - startup_sync: true - # Number of most recently active dialogs to check when syncing chats. - # Dialogs include groups and private chats, but only groups are synced. - # Set to 0 to remove limit. - sync_dialog_limit: 30 - # Whether or not to sync and create portals for direct chats at startup. - sync_direct_chats: false - # The maximum number of simultaneous Telegram deletions to handle. - # A large number of simultaneous redactions could put strain on your homeserver. - max_telegram_delete: 10 - # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) - # at startup and when creating a bridge. - sync_matrix_state: true - # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix - # login website (see appservice.public config section) - allow_matrix_login: true - # Whether or not to bridge plaintext highlights. - # Only enable this if your displayname_template has some static part that the bridge can use to - # reliably identify what is a plaintext highlight. - plaintext_highlights: false - # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. - public_portals: true - # Whether or not to use /sync to get presence, read receipts and typing notifications when using - # your own Matrix account as the Matrix puppet for your Telegram account. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} - # Set to false to disable link previews in messages sent to Telegram. - telegram_link_preview: true - # Use inline images instead of a separate message for the caption. - # N.B. Inline images are not supported on all clients (e.g. Riot iOS). - inline_images: false - # Maximum size of image in megabytes before sending to Telegram as a document. - image_as_file_size: 10 - # Maximum size of Telegram documents in megabytes to bridge. - max_document_size: 100 - # Enable experimental parallel file transfer, which makes uploads/downloads much faster by - # streaming from/to Matrix and using many connections for Telegram. - # Note that generating HQ thumbnails for videos is not possible with streamed transfers. - parallel_file_transfer: false - # Whether or not created rooms should have federation enabled. - # If false, created portal rooms will never be federated. - federate_rooms: true - # Settings for converting animated stickers. - animated_sticker: - # Format to which animated stickers should be converted. - # disable - No conversion, send as-is (gzipped lottie) - # png - converts to non-animated png (fastest), - # gif - converts to animated gif, but loses transparency - # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support - target: gif - # Arguments for converter. All converters take width and height. - # GIF converter takes background as a hex color. - args: - width: 256 - height: 256 - background: "020202" # only for gif - fps: 30 # only for webm - # End-to-bridge encryption support options. These require matrix-nio to be installed with pip - # and login_shared_secret to be configured in order to get a device for the bridge bot. - # - # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal - # application service. - encryption: - # Allow encryption, work in group chat rooms with e2ee enabled - allow: false - # Default to encryption, force-enable encryption in all portals the bridge creates - # This will cause the bridge bot to be in private chats for the encryption to work properly. - default: false - - # Overrides for base power levels. - initial_power_level_overrides: - user: {} - group: {} - - # Whether to bridge Telegram bot messages as m.notices or m.texts. - bot_messages_as_notices: true - bridge_notices: - # Whether or not Matrix bot messages (type m.notice) should be bridged. - default: false - # List of user IDs for whom the previous flag is flipped. - # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but - # notices from users listed here will be bridged. - exceptions: [] - - # Some config options related to Telegram message deduplication. - # The default values are usually fine, but some debug messages/warnings might recommend you - # change these. - deduplication: - # Whether or not to check the database if the message about to be sent is a duplicate. - pre_db_check: false - # The number of latest events to keep when checking for duplicates. - # You might need to increase this on high-traffic bridge instances. - cache_queue_length: 20 - - - # The formats to use when sending messages to Telegram via the relay bot. - # - # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users. - # - # Available variables: - # $sender_displayname - The display name of the sender (e.g. Example User) - # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) - # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) - # $message - The message content as HTML - message_formats: - m.text: "$sender_displayname: $message" - m.notice: "$sender_displayname: $message" - m.emote: "* $sender_displayname $message" - m.file: "$sender_displayname sent a file: $message" - m.image: "$sender_displayname sent an image: $message" - m.audio: "$sender_displayname sent an audio file: $message" - m.video: "$sender_displayname sent a video: $message" - m.location: "$sender_displayname sent a location: $message" - # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated - # users are sent to telegram. All fields in message_formats are supported. Additionally, the - # Telegram user info is available in the following variables: - # $displayname - Telegram displayname - # $username - Telegram username (may not exist) - # $mention - Telegram @username or displayname mention (depending on which exists) - emote_format: "* $mention $formatted_body" - - # The formats to use when sending state events to Telegram via the relay bot. - # - # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. - # In name_change events, `$prev_displayname` is the previous displayname. - # - # Set format to an empty string to disable the messages for that event. - state_event_formats: - join: "$displayname joined the room." - leave: "$displayname left the room." - name_change: "$prev_displayname changed their name to $displayname" - - # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and - # `filter-mode` management commands. - # - # Filters do not affect direct chats. - # An empty blacklist will essentially disable the filter. - filter: - # Filter mode to use. Either "blacklist" or "whitelist". - # If the mode is "blacklist", the listed chats will never be bridged. - # If the mode is "whitelist", only the listed chats can be bridged. - mode: blacklist - # The list of group/channel IDs to filter. - list: [] - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" - - # Permissions for using the bridge. - # Permitted values: - # relaybot - Only use the bridge via the relaybot, no access to commands. - # user - Relaybot level + access to commands to create bridges. - # puppeting - User level + logging in with a Telegram account. - # full - Full access to use the bridge, i.e. previous levels + Matrix login. - # admin - Full access to use the bridge and some extra administration commands. - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_telegram_homeserver_domain }}': full - - # Options related to the message relay Telegram bot. - relaybot: - private_chat: - # List of users to invite to the portal when someone starts a private chat with the bot. - # If empty, private chats with the bot won't create a portal. - invite: [] - # Whether or not to bridge state change messages in relaybot private chats. - state_changes: true - # When private_chat_invite is empty, this message is sent to users /starting the - # relaybot. Telegram's "markdown" is supported. - message: This is a Matrix bridge relaybot and does not support direct chats - # List of users to invite to all group chat portals created by the bridge. - group_chat_invite: [] - # Whether or not the relaybot should not bridge events in unbridged group chats. - # If false, portals will be created when the relaybot receives messages, just like normal - # users. This behavior is usually not desirable, as it interferes with manually bridging - # the chat to another room. - ignore_unbridged_group_chat: true - # Whether or not to allow creating portals from Telegram. - authless_portals: true - # Whether or not to allow Telegram group admins to use the bot commands. - whitelist_group_admins: true - # Whether or not to ignore incoming events sent by the relay bot. - ignore_own_incoming_events: true - # List of usernames/user IDs who are also allowed to use the bot commands. - whitelist: [] - - # Telegram config - telegram: - # Get your own API keys at https://my.telegram.org/apps - api_id: {{ matrix_mautrix_telegram_api_id }} - api_hash: {{ matrix_mautrix_telegram_api_hash }} - # (Optional) Create your own bot at https://t.me/BotFather - bot_token: {{ matrix_mautrix_telegram_bot_token }} - - # Telethon connection options. - connection: - # The timeout in seconds to be used when connecting. - timeout: 120 - # How many times the reconnection should retry, either on the initial connection or when - # Telegram disconnects us. May be set to a negative or null value for infinite retries, but - # this is not recommended, since the program can get stuck in an infinite loop. - retries: 5 - # The delay in seconds to sleep between automatic reconnections. - retry_delay: 1 - # The threshold below which the library should automatically sleep on flood wait errors - # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold - # is 20s, the library will sleep automatically. If the error was for 21s, it would raise - # the error instead. Values larger than a day (86400) will be changed to a day. - flood_sleep_threshold: 60 - # How many times a request should be retried. Request are retried when Telegram is having - # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when - # there's a migrate error. May take a negative or null value for infinite retries, but this - # is not recommended, since some requests can always trigger a call fail (such as searching - # for messages). - request_retries: 5 - - # Device info sent to Telegram. - device_info: - # "auto" = OS name+version. - device_model: auto - # "auto" = Telethon version. - system_version: auto - # "auto" = mautrix-telegram version. - app_version: auto - lang_code: en - system_lang_code: en - - # Custom server to connect to. - server: - # Set to true to use these server settings. If false, will automatically - # use production server assigned by Telegram. Set to false in production. - enabled: false - # The DC ID to connect to. - dc: 2 - # The IP to connect to. - ip: 149.154.167.40 - # The port to connect to. 443 may not work, 80 is better and both are equally secure. - port: 80 - - # Telethon proxy configuration. - # You must install PySocks from pip for proxies to work. - proxy: - # Allowed types: disabled, socks4, socks5, http - type: disabled - # Proxy IP address and port. - address: 127.0.0.1 - port: 1080 - # Whether or not to perform DNS resolving remotely. - rdns: true - # Proxy authentication (optional). - username: "" - password: "" - - # Python logging configuration. - # - # See section 16.7.2 of the Python documentation for more info: - # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema - logging: - version: 1 - formatters: - precise: - format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" - handlers: - console: - class: logging.StreamHandler - formatter: precise - loggers: - mau: - level: DEBUG - telethon: - level: DEBUG - aiohttp: - level: INFO - root: - level: DEBUG - handlers: [console] - +matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mautrix_telegram_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 new file mode 100644 index 00000000..2a5b5785 --- /dev/null +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -0,0 +1,397 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_telegram_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_telegram_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_telegram_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: sqlite:////data/mautrix-telegram.db + + # Public part of web server for out-of-Matrix interaction with the bridge. + # Used for things like login if the user wants to make sure the 2FA password isn't stored in + # the HS database. + public: + # Whether or not the public-facing endpoints should be enabled. + enabled: true + # The prefix to use in the public-facing endpoints. + prefix: {{ matrix_mautrix_telegram_public_endpoint }} + # The base URL where the public-facing endpoints are available. The prefix is not added + # implicitly. + external: {{ matrix_mautrix_telegram_appservice_public_external }} + + # Provisioning API part of the web server for automated portal creation and fetching information. + # Used by things like Dimension (https://dimension.t2bot.io/). + provisioning: + # Whether or not the provisioning API should be enabled. + enabled: false + # The prefix to use in the provisioning API endpoints. + prefix: /_matrix/provision/v1 + # The shared secret to authorize users of the API. + # Set to "generate" to generate and save a new token. + shared_secret: generate + + # The unique ID of this appservice. + id: telegram + # Username of the appservice bot. + bot_username: telegrambot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Telegram bridge bot + bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX + + # Authentication tokens for AS <-> HS communication. + as_token: "{{ matrix_mautrix_telegram_appservice_token }}" + hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for Telegram users. + # {userid} is replaced with the user ID of the Telegram user. + username_template: "telegram_{userid}" + # Localpart template of room aliases for Telegram portal rooms. + # {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} ) + alias_template: "telegram_{groupname}" + # Displayname template for Telegram users. + # {displayname} is replaced with the display name of the Telegram user. + displayname_template: "{displayname} (Telegram)" + + # Set the preferred order of user identifiers which to use in the Matrix puppet display name. + # In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user + # ID is used. + # + # If the bridge is working properly, a phone number or an username should always be known, but + # the other one can very well be empty. + # + # Valid keys: + # "full name" (First and/or last name) + # "full name reversed" (Last and/or first name) + # "first name" + # "last name" + # "username" + # "phone number" + displayname_preference: + - full name + - username + - phone number + # Maximum length of displayname + displayname_max_length: 100 + + # Maximum number of members to sync per portal when starting up. Other members will be + # synced when they send messages. The maximum is 10000, after which the Telegram server + # will not send any more members. + # Defaults to no local limit (-> limited to 10000 by server) + max_initial_member_sync: -1 + # Whether or not to sync the member list in channels. + # If no channel admins have logged into the bridge, the bridge won't be able to sync the member + # list regardless of this setting. + sync_channel_members: true + # Whether or not to skip deleted members when syncing members. + skip_deleted_members: true + # Whether or not to automatically synchronize contacts and chats of Matrix users logged into + # their Telegram account at startup. + startup_sync: true + # Number of most recently active dialogs to check when syncing chats. + # Dialogs include groups and private chats, but only groups are synced. + # Set to 0 to remove limit. + sync_dialog_limit: 30 + # Whether or not to sync and create portals for direct chats at startup. + sync_direct_chats: false + # The maximum number of simultaneous Telegram deletions to handle. + # A large number of simultaneous redactions could put strain on your homeserver. + max_telegram_delete: 10 + # Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames) + # at startup and when creating a bridge. + sync_matrix_state: true + # Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix + # login website (see appservice.public config section) + allow_matrix_login: true + # Whether or not to bridge plaintext highlights. + # Only enable this if your displayname_template has some static part that the bridge can use to + # reliably identify what is a plaintext highlight. + plaintext_highlights: false + # Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix. + public_portals: true + # Whether or not to use /sync to get presence, read receipts and typing notifications when using + # your own Matrix account as the Matrix puppet for your Telegram account. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }} + # Set to false to disable link previews in messages sent to Telegram. + telegram_link_preview: true + # Use inline images instead of a separate message for the caption. + # N.B. Inline images are not supported on all clients (e.g. Riot iOS). + inline_images: false + # Maximum size of image in megabytes before sending to Telegram as a document. + image_as_file_size: 10 + # Maximum size of Telegram documents in megabytes to bridge. + max_document_size: 100 + # Enable experimental parallel file transfer, which makes uploads/downloads much faster by + # streaming from/to Matrix and using many connections for Telegram. + # Note that generating HQ thumbnails for videos is not possible with streamed transfers. + parallel_file_transfer: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Settings for converting animated stickers. + animated_sticker: + # Format to which animated stickers should be converted. + # disable - No conversion, send as-is (gzipped lottie) + # png - converts to non-animated png (fastest), + # gif - converts to animated gif, but loses transparency + # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support + target: gif + # Arguments for converter. All converters take width and height. + # GIF converter takes background as a hex color. + args: + width: 256 + height: 256 + background: "020202" # only for gif + fps: 30 # only for webm + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + + # Overrides for base power levels. + initial_power_level_overrides: + user: {} + group: {} + + # Whether to bridge Telegram bot messages as m.notices or m.texts. + bot_messages_as_notices: true + bridge_notices: + # Whether or not Matrix bot messages (type m.notice) should be bridged. + default: false + # List of user IDs for whom the previous flag is flipped. + # e.g. if bridge_notices.default is false, notices from other users will not be bridged, but + # notices from users listed here will be bridged. + exceptions: [] + + # Some config options related to Telegram message deduplication. + # The default values are usually fine, but some debug messages/warnings might recommend you + # change these. + deduplication: + # Whether or not to check the database if the message about to be sent is a duplicate. + pre_db_check: false + # The number of latest events to keep when checking for duplicates. + # You might need to increase this on high-traffic bridge instances. + cache_queue_length: 20 + + + # The formats to use when sending messages to Telegram via the relay bot. + # + # Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content as HTML + message_formats: + m.text: "$sender_displayname: $message" + m.notice: "$sender_displayname: $message" + m.emote: "* $sender_displayname $message" + m.file: "$sender_displayname sent a file: $message" + m.image: "$sender_displayname sent an image: $message" + m.audio: "$sender_displayname sent an audio file: $message" + m.video: "$sender_displayname sent a video: $message" + m.location: "$sender_displayname sent a location: $message" + # Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated + # users are sent to telegram. All fields in message_formats are supported. Additionally, the + # Telegram user info is available in the following variables: + # $displayname - Telegram displayname + # $username - Telegram username (may not exist) + # $mention - Telegram @username or displayname mention (depending on which exists) + emote_format: "* $mention $formatted_body" + + # The formats to use when sending state events to Telegram via the relay bot. + # + # Variables from `message_formats` that have the `sender_` prefix are available without the prefix. + # In name_change events, `$prev_displayname` is the previous displayname. + # + # Set format to an empty string to disable the messages for that event. + state_event_formats: + join: "$displayname joined the room." + leave: "$displayname left the room." + name_change: "$prev_displayname changed their name to $displayname" + + # Filter rooms that can/can't be bridged. Can also be managed using the `filter` and + # `filter-mode` management commands. + # + # Filters do not affect direct chats. + # An empty blacklist will essentially disable the filter. + filter: + # Filter mode to use. Either "blacklist" or "whitelist". + # If the mode is "blacklist", the listed chats will never be bridged. + # If the mode is "whitelist", only the listed chats can be bridged. + mode: blacklist + # The list of group/channel IDs to filter. + list: [] + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!tg" + + # Permissions for using the bridge. + # Permitted values: + # relaybot - Only use the bridge via the relaybot, no access to commands. + # user - Relaybot level + access to commands to create bridges. + # puppeting - User level + logging in with a Telegram account. + # full - Full access to use the bridge, i.e. previous levels + Matrix login. + # admin - Full access to use the bridge and some extra administration commands. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + '{{ matrix_mautrix_telegram_homeserver_domain }}': full + + # Options related to the message relay Telegram bot. + relaybot: + private_chat: + # List of users to invite to the portal when someone starts a private chat with the bot. + # If empty, private chats with the bot won't create a portal. + invite: [] + # Whether or not to bridge state change messages in relaybot private chats. + state_changes: true + # When private_chat_invite is empty, this message is sent to users /starting the + # relaybot. Telegram's "markdown" is supported. + message: This is a Matrix bridge relaybot and does not support direct chats + # List of users to invite to all group chat portals created by the bridge. + group_chat_invite: [] + # Whether or not the relaybot should not bridge events in unbridged group chats. + # If false, portals will be created when the relaybot receives messages, just like normal + # users. This behavior is usually not desirable, as it interferes with manually bridging + # the chat to another room. + ignore_unbridged_group_chat: true + # Whether or not to allow creating portals from Telegram. + authless_portals: true + # Whether or not to allow Telegram group admins to use the bot commands. + whitelist_group_admins: true + # Whether or not to ignore incoming events sent by the relay bot. + ignore_own_incoming_events: true + # List of usernames/user IDs who are also allowed to use the bot commands. + whitelist: [] + +# Telegram config +telegram: + # Get your own API keys at https://my.telegram.org/apps + api_id: {{ matrix_mautrix_telegram_api_id }} + api_hash: {{ matrix_mautrix_telegram_api_hash }} + # (Optional) Create your own bot at https://t.me/BotFather + bot_token: {{ matrix_mautrix_telegram_bot_token }} + + # Telethon connection options. + connection: + # The timeout in seconds to be used when connecting. + timeout: 120 + # How many times the reconnection should retry, either on the initial connection or when + # Telegram disconnects us. May be set to a negative or null value for infinite retries, but + # this is not recommended, since the program can get stuck in an infinite loop. + retries: 5 + # The delay in seconds to sleep between automatic reconnections. + retry_delay: 1 + # The threshold below which the library should automatically sleep on flood wait errors + # (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold + # is 20s, the library will sleep automatically. If the error was for 21s, it would raise + # the error instead. Values larger than a day (86400) will be changed to a day. + flood_sleep_threshold: 60 + # How many times a request should be retried. Request are retried when Telegram is having + # internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when + # there's a migrate error. May take a negative or null value for infinite retries, but this + # is not recommended, since some requests can always trigger a call fail (such as searching + # for messages). + request_retries: 5 + + # Device info sent to Telegram. + device_info: + # "auto" = OS name+version. + device_model: auto + # "auto" = Telethon version. + system_version: auto + # "auto" = mautrix-telegram version. + app_version: auto + lang_code: en + system_lang_code: en + + # Custom server to connect to. + server: + # Set to true to use these server settings. If false, will automatically + # use production server assigned by Telegram. Set to false in production. + enabled: false + # The DC ID to connect to. + dc: 2 + # The IP to connect to. + ip: 149.154.167.40 + # The port to connect to. 443 may not work, 80 is better and both are equally secure. + port: 80 + + # Telethon proxy configuration. + # You must install PySocks from pip for proxies to work. + proxy: + # Allowed types: disabled, socks4, socks5, http + type: disabled + # Proxy IP address and port. + address: 127.0.0.1 + port: 1080 + # Whether or not to perform DNS resolving remotely. + rdns: true + # Proxy authentication (optional). + username: "" + password: "" + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + precise: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: precise + loggers: + mau: + level: DEBUG + telethon: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [console] diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index f83c78f0..e9929f96 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: '' # # For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mautrix_whatsapp_configuration_yaml: | - # Homeserver details. - homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_whatsapp_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} - # Application service host/registration related details. - # Changing these values requires regeneration of the registration. - - appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_whatsapp_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - - # Database config. - database: - # The database type. "sqlite3" and "postgres" are supported. - type: sqlite3 - # The database URI. - # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string - # Postgres: Connection string. For example, postgres://user:password@host/database - uri: mautrix-whatsapp.db - # Maximum number of connections. Mostly relevant for Postgres. - max_open_conns: 20 - max_idle_conns: 2 - - # Path to the Matrix room state store. - state_store_path: ./mx-state.json - - # The unique ID of this appservice. - id: whatsapp - # Appservice bot details. - bot: - # Username of the appservice bot. - username: whatsappbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: WhatsApp bridge bot - avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" - hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" - - # Bridge config - bridge: - # Localpart template of MXIDs for WhatsApp users. - # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. - username_template: "{{ 'whatsapp_{{.}}' }}" - # Displayname template for WhatsApp users. - # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user - # {{ '{{.Jid}}' }} - phone number (international format) - # The following variables are also available, but will cause problems on multi-user instances: - # {{ '{{.Name}}' }} - display name from contact list - # {{ '{{.Short}}' }} - short display name from contact list - displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" - # WhatsApp connection timeout in seconds. - connection_timeout: 20 - # Maximum number of times to retry connecting on connection error. - max_connection_attempts: 3 - # Number of seconds to wait between connection attempts. - # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts - connection_retry_delay: -1 - # Whether or not the bridge should send a notice to the user's management room when it retries connecting. - # If false, it will only report when it stops retrying. - report_connection_retry: true - # Maximum number of seconds to wait for chats to be sent at startup. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - chat_list_wait: 30 - # Maximum number of seconds to wait to sync portals before force unlocking message processing. - # If this is too low and you have lots of chats, it could cause backfilling to fail. - portal_sync_wait: 600 - - # Whether or not to send call start/end notices to Matrix. - call_notices: - start: true - end: true - - # Number of chats to sync for new users. - initial_chat_sync_count: 10 - # Number of old messages to fill when creating new portal rooms. - initial_history_fill_count: 20 - # Maximum number of chats to sync when recovering from downtime. - # Set to -1 to sync all new chats during downtime. - recovery_chat_sync_limit: -1 - # Whether or not to sync history when recovering from downtime. - recovery_history_backfill: true - # Maximum number of seconds since last message in chat to skip - # syncing the chat in any case. This setting will take priority - # over both recovery_chat_sync_limit and initial_chat_sync_count. - # Default is 3 days = 259200 seconds - sync_max_chat_age: 259200 - - # Whether or not to sync with custom puppets to receive EDUs that - # are not normally sent to appservices. - sync_with_custom_puppets: true - # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth - # - # If set, custom puppets will be enabled automatically for local users - # instead of users having to find an access token and run `login-matrix` - # manually. - login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} - - # Whether or not to invite own WhatsApp user's Matrix puppet into private - # chat portals when backfilling if needed. - # This always uses the default puppet instead of custom puppets due to - # rate limits and timestamp massaging. - invite_own_puppet_for_backfilling: true - # Whether or not to explicitly set the avatar and room name for private - # chat portal rooms. This can be useful if the previous field works fine, - # but causes room avatar/name bugs. - private_chat_portal_meta: false - - # Allow invite permission for user. User can invite any bots to room with whatsapp - # users (private chat and groups) - allow_user_invite: false - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" - - # Permissions for using the bridge. - # Permitted values: - # user - Access to use the bridge to chat with a WhatsApp account. - # admin - User level and some additional administration tools - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - - relaybot: - # Whether or not relaybot support is enabled. - enabled: false - # The management room for the bot. This is where all status notifications are posted and - # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting - # the command prefix completely like in user management rooms is not possible. - management: '!foo:example.com' - # List of users to invite to all created rooms that include the relaybot. - invites: [] - # The formats to use when sending messages to WhatsApp via the relaybot. - message_formats: - m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" - m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" - m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" - m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" - m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" - m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" - m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" - m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" - # Logging config. - logging: - # The directory for log files. Will be created if not found. - directory: ./logs - # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" - # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants - file_date_format: "2006-01-02" - # Log file permissions. - file_mode: 0600 - # Timestamp format for log entries in the Go time format. - timestamp_format: "Jan _2, 2006 15:04:05" - # Minimum severity for log messages. - # Options: debug, info, warn, error, fatal - print_level: debug +matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mautrix_whatsapp_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 new file mode 100644 index 00000000..a527a188 --- /dev/null +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -0,0 +1,169 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_whatsapp_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. + +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_whatsapp_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: sqlite3 + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database + uri: mautrix-whatsapp.db + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + + # Path to the Matrix room state store. + state_store_path: ./mx-state.json + + # The unique ID of this appservice. + id: whatsapp + # Appservice bot details. + bot: + # Username of the appservice bot. + username: whatsappbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: WhatsApp bridge bot + avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" + hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" + +# Bridge config +bridge: + # Localpart template of MXIDs for WhatsApp users. + # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. + username_template: "{{ 'whatsapp_{{.}}' }}" + # Displayname template for WhatsApp users. + # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user + # {{ '{{.Jid}}' }} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{ '{{.Name}}' }} - display name from contact list + # {{ '{{.Short}}' }} - short display name from contact list + displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" + # WhatsApp connection timeout in seconds. + connection_timeout: 20 + # Maximum number of times to retry connecting on connection error. + max_connection_attempts: 3 + # Number of seconds to wait between connection attempts. + # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts + connection_retry_delay: -1 + # Whether or not the bridge should send a notice to the user's management room when it retries connecting. + # If false, it will only report when it stops retrying. + report_connection_retry: true + # Maximum number of seconds to wait for chats to be sent at startup. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + chat_list_wait: 30 + # Maximum number of seconds to wait to sync portals before force unlocking message processing. + # If this is too low and you have lots of chats, it could cause backfilling to fail. + portal_sync_wait: 600 + + # Whether or not to send call start/end notices to Matrix. + call_notices: + start: true + end: true + + # Number of chats to sync for new users. + initial_chat_sync_count: 10 + # Number of old messages to fill when creating new portal rooms. + initial_history_fill_count: 20 + # Maximum number of chats to sync when recovering from downtime. + # Set to -1 to sync all new chats during downtime. + recovery_chat_sync_limit: -1 + # Whether or not to sync history when recovering from downtime. + recovery_history_backfill: true + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }} + + # Whether or not to invite own WhatsApp user's Matrix puppet into private + # chat portals when backfilling if needed. + # This always uses the default puppet instead of custom puppets due to + # rate limits and timestamp massaging. + invite_own_puppet_for_backfilling: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This can be useful if the previous field works fine, + # but causes room avatar/name bugs. + private_chat_portal_meta: false + + # Allow invite permission for user. User can invite any bots to room with whatsapp + # users (private chat and groups) + allow_user_invite: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to chat with a WhatsApp account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + + relaybot: + # Whether or not relaybot support is enabled. + enabled: false + # The management room for the bot. This is where all status notifications are posted and + # in this room, you can use `!wa ` instead of `!wa relaybot `. Omitting + # the command prefix completely like in user management rooms is not possible. + management: '!foo:example.com' + # List of users to invite to all created rooms that include the relaybot. + invites: [] + # The formats to use when sending messages to WhatsApp via the relaybot. + message_formats: + m.text: "{{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.notice: "{{ '{{ .Sender.Displayname }}' }}:: {{ '{{ .Message }}' }}" + m.emote: "* {{ '{{ .Sender.Displayname }}' }}: {{ '{{ .Message }}' }}" + m.file: "{{ '{{ .Sender.Displayname }}' }}: sent a file" + m.image: "{{ '{{ .Sender.Displayname }}' }}: sent an image" + m.audio: "{{ '{{ .Sender.Displayname }}' }}: sent an audio file" + m.video: "{{ '{{ .Sender.Displayname }}' }}: sent a video" + m.location: "{{ '{{ .Sender.Displayname }}' }}: sent a location" +# Logging config. +logging: + # The directory for log files. Will be created if not found. + directory: ./logs + # Available variables: .Date for the file date and .Index for different log files on the same day. + file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" + # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants + file_date_format: "2006-01-02" + # Log file permissions. + file_mode: 0600 + # Timestamp format for log entries in the Go time format. + timestamp_format: "Jan _2, 2006 15:04:05" + # Minimum severity for log messages. + # Options: debug, info, warn, error, fatal + print_level: debug diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 9d80ab04..8b977acf 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: '' # # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mx_puppet_skype_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - bridge: - # Address for the bridge to bind to; if running as a Docker container, you - # probably want 0.0.0.0 here - bindAddress: 0.0.0.0 - # Port to host the bridge on which your homeserver will connect to - port: {{ matrix_mx_puppet_skype_appservice_port }} - # Name of your homeserver - domain: {{ matrix_domain }} - # URL where the bridge can connect to your homeserver - homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} - # Optionally specify a different media URL used for the media store - mediaURL: https://{{ matrix_server_fqn_matrix }} - # This enabled automatic double-puppeting: - # A map for shared secrets of the homeserver URL to the shared secret - # See https://github.com/devture/matrix-synapse-shared-secret-auth - #loginSharedSecretMap: - # yourserver.com: supersecretsharedsecret - {% if matrix_mx_puppet_skype_login_shared_secret != '' %} - loginSharedSecretMap: - {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} - {% endif %} - # optionally override the display name of the bridge bot - #displayname: Protocol Bot - # optionally set the avatar of the bridge bot - #avatarUrl: mxc://yourserver.com/somefile - - logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Optionally, you can apply filters to the console logging - #console: - # level: info - # enabled: - # - Store - # disabled: - # - PresenceHandler - - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: - # Log file path - - file: "/data/bridge.log" - # Log level for this file - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - level: info - # Date and time formatting - datePattern: YYYY-MM-DD - # Maximum number of logs to keep. - # This can be a number of files or number of days. - # If using days, add 'd' as a suffix - maxFiles: 14d - # Maximum size of the file after which it will rotate. This can be a - # number of bytes, or units of kb, mb, and gb. If using the units, add - # 'k', 'm', or 'g' as the suffix - maxSize: 50m - # Optionally enable/disable logging for certain modules - #disabled: - # - PresenceHandler - # - module: bot-sdk-MatrixLiteClient - # regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log - #enabled: - # - Store - - database: - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" - # Use SQLite3 as a database backend - # The name of the database file - filename: /data/database.db - - provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} - - presence: - # Bridge online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - # if the im.vector.user_status state setting should be diabled - #disableStatusState: false - # A blacklist of remote user IDs for the im.vector.user_status state setting - #statusStateBlacklist: - # - baduser - - relay: - # Regex of Matrix IDs to allow to use the relay mode - # Same format as in provisioning - #whitelist: - #- "@.*:yourserver\\.com" - whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} - - #blacklist: - #- "@user:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} - - # Map certain homeserver URLs to the C-S API endpoint - # Useful for double-puppeting if .well-known is unavailable for some reason - #homeserverUrlMap: - # yourserver.com: http://localhost:1234 - - namePatterns: - # Override the protocols set default name patterns - # Which variables are available depends on protocol implementation - user: :name - room: :name - - limits: - # Up to how many users should be auto-joined on room creation? -1 to disable - # Defaults to 200 - maxAutojoinUsers: 200 - # How long the delay between two autojoin users should be, in millisectonds. - # Defaults to 5000 - roomUserAutojoinDelay: 5000 +matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mx_puppet_skype_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 new file mode 100644 index 00000000..c7b5c870 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 @@ -0,0 +1,138 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Address for the bridge to bind to; if running as a Docker container, you + # probably want 0.0.0.0 here + bindAddress: 0.0.0.0 + # Port to host the bridge on which your homeserver will connect to + port: {{ matrix_mx_puppet_skype_appservice_port }} + # Name of your homeserver + domain: {{ matrix_domain }} + # URL where the bridge can connect to your homeserver + homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} + # Optionally specify a different media URL used for the media store + mediaURL: https://{{ matrix_server_fqn_matrix }} + # This enabled automatic double-puppeting: + # A map for shared secrets of the homeserver URL to the shared secret + # See https://github.com/devture/matrix-synapse-shared-secret-auth + #loginSharedSecretMap: + # yourserver.com: supersecretsharedsecret + {% if matrix_mx_puppet_skype_login_shared_secret != '' %} + loginSharedSecretMap: + {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} + {% endif %} + # optionally override the display name of the bridge bot + #displayname: Protocol Bot + # optionally set the avatar of the bridge bot + #avatarUrl: mxc://yourserver.com/somefile + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Optionally, you can apply filters to the console logging + #console: + # level: info + # enabled: + # - Store + # disabled: + # - PresenceHandler + + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m + # Optionally enable/disable logging for certain modules + #disabled: + # - PresenceHandler + # - module: bot-sdk-MatrixLiteClient + # regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log + #enabled: + # - Store + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} + +presence: + # Bridge online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + # if the im.vector.user_status state setting should be diabled + #disableStatusState: false + # A blacklist of remote user IDs for the im.vector.user_status state setting + #statusStateBlacklist: + # - baduser + +relay: + # Regex of Matrix IDs to allow to use the relay mode + # Same format as in provisioning + #whitelist: + #- "@.*:yourserver\\.com" + whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} + + #blacklist: + #- "@user:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} + +# Map certain homeserver URLs to the C-S API endpoint +# Useful for double-puppeting if .well-known is unavailable for some reason +#homeserverUrlMap: +# yourserver.com: http://localhost:1234 + +namePatterns: + # Override the protocols set default name patterns + # Which variables are available depends on protocol implementation + user: :name + room: :name + +limits: + # Up to how many users should be auto-joined on room creation? -1 to disable + # Defaults to 200 + maxAutojoinUsers: 200 + # How long the delay between two autojoin users should be, in millisectonds. + # Defaults to 5000 + roomUserAutojoinDelay: 5000 diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml index 083910b1..13aa5b7a 100644 --- a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -57,99 +57,7 @@ matrix_mx_puppet_slack_homeserver_token: '' # # For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_mx_puppet_slack_configuration_yaml: | - #jinja2: lstrip_blocks: "True" - bridge: - # Port to host the bridge on - # Used for communication between the homeserver and the bridge - port: {{ matrix_mx_puppet_slack_appservice_port }} - # The host connections to the bridge's webserver are allowed from - bindAddress: 0.0.0.0 - # Public domain of the homeserver - domain: {{ matrix_mx_puppet_slack_homeserver_domain }} - # Reachable URL of the Matrix homeserver - homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} - - - # Slack OAuth settings. Create a slack app at https://api.slack.com/apps - oauth: - enabled: true - # Slack app credentials. - # N.B. This must be quoted so YAML wouldn't parse it as a float. - clientId: "{{ matrix_mx_puppet_slack_client_id }}" - clientSecret: {{ matrix_mx_puppet_slack_client_secret }} - # Path where to listen for OAuth redirect callbacks. - redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} - # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, - # then set this field and the Slack app redirect URI field to the former. - redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} - - presence: - # Bridge Discord online/offline status - enabled: true - # How often to send status to the homeserver in milliseconds - interval: 500 - - provisioning: - # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} - # Allow a specific user - #- "@user:server\\.com" - # Allow users on a specific homeserver - #- "@.*:yourserver\\.com" - # Allow anyone - #- ".*" - # Regex of Matrix IDs forbidden from using the puppet bridge - #blacklist: - # Disallow a specific user - #- "@user:server\\.com" - # Disallow users on a specific homeserver - #- "@.*:yourserver\\.com" - blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} - - # Shared secret for the provisioning API for use by integration managers. - # If this is not set, the provisioning API will not be enabled. - #sharedSecret: random string - # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. - apiPrefix: /_matrix/provision - - database: - # Use Postgres as a database backend - # If set, will be used instead of SQLite3 - # Connection string to connect to the Postgres instance - # with username "user", password "pass", host "localhost" and database name "dbname". - # Modify each value as necessary - #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" - # Use SQLite3 as a database backend - # The name of the database file - filename: /data/database.db - - logging: - # Log level of console output - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - console: info - # Date and time formatting - lineDateFormat: MMM-D HH:mm:ss.SSS - # Logging files - # Log files are rotated daily by default - files: - # Log file path - - file: "/data/bridge.log" - # Log level for this file - # Allowed values starting with most verbose: - # silly, debug, verbose, info, warn, error - level: info - # Date and time formatting - datePattern: YYYY-MM-DD - # Maximum number of logs to keep. - # This can be a number of files or number of days. - # If using days, add 'd' as a suffix - maxFiles: 14d - # Maximum size of the file after which it will rotate. This can be a - # number of bytes, or units of kb, mb, and gb. If using the units, add - # 'k', 'm', or 'g' as the suffix - maxSize: 50m +matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_mx_puppet_slack_configuration_extension_yaml: | # Your custom YAML configuration goes here. diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 new file mode 100644 index 00000000..bcf4e2d1 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 @@ -0,0 +1,92 @@ +#jinja2: lstrip_blocks: "True" +bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_slack_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_slack_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} + + +# Slack OAuth settings. Create a slack app at https://api.slack.com/apps +oauth: + enabled: true + # Slack app credentials. + # N.B. This must be quoted so YAML wouldn't parse it as a float. + clientId: "{{ matrix_mx_puppet_slack_client_id }}" + clientSecret: {{ matrix_mx_puppet_slack_client_secret }} + # Path where to listen for OAuth redirect callbacks. + redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} + # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, + # then set this field and the Slack app redirect URI field to the former. + redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} + +presence: + # Bridge Discord online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + +provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + +database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + +logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index fafe289d..770f5bcb 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" # # For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_dimension_configuration_yaml: | - #jinja2: lstrip_blocks: True - # The web settings for the service (API and UI). - # It is best to have this run on localhost and use a reverse proxy to access Dimension. - web: - port: 8184 - address: '0.0.0.0' - - # Homeserver configuration - homeserver: - # The domain name of the homeserver. This is used in many places, such as with go-neb - # setups, to identify the homeserver. - name: "{{ matrix_domain }}" - - # The URL that Dimension, go-neb, and other services provisioned by Dimension should - # use to access the homeserver with. - clientServerUrl: "http://matrix-synapse:8008" - - # The URL that Dimension should use when trying to communicate with federated APIs on - # the homeserver. If not supplied or left empty Dimension will try to resolve the address - # through the normal federation process. - federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" - - # The URL that Dimension will redirect media requests to for downloading media such as - # stickers. If not supplied or left empty Dimension will use the clientServerUrl. - mediaUrl: "https://{{ matrix_server_fqn_matrix }}" - - # The access token Dimension should use for miscellaneous access to the homeserver. This - # should be for a user on the configured homeserver: any user will do, however it is - # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on - # how to acquire an access token, visit https://t2bot.io/docs/access_tokens - accessToken: "{{ matrix_dimension_access_token }}" - - # These users can modify the integrations this Dimension supports. - # To access the admin interface, open Dimension in Riot and click the settings icon. - admins: {{ matrix_dimension_admins|to_json }} - - # IPs and CIDR ranges listed here will be blocked from being widgets. - # Note: Widgets may still be embedded with restricted content, although not through Dimension directly. - widgetBlacklist: - - 10.0.0.0/8 - - 172.16.0.0/12 - - 192.168.0.0/16 - - 127.0.0.0/8 - - # Where the database for Dimension is - database: - file: "dimension.db" - - # Display settings that apply to self-hosted go-neb instances - goneb: - # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver - # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, - # make the bot's avatar an empty string. - avatars: - giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" - imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" - github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" - wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" - travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" - rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" - google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" - guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" - echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" - circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" - jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" - - # Settings for how Dimension is represented to the public - dimension: - # This is where Dimension is accessible from clients. Be sure to set this - # to your own Dimension instance. - publicUrl: "https://{{ matrix_server_fqn_dimension }}" - - # Settings for controlling how logging works - logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 - +matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" matrix_dimension_configuration_extension_yaml: | # Your custom YAML configuration for Dimension goes here. diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 new file mode 100644 index 00000000..576c4e8a --- /dev/null +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -0,0 +1,81 @@ +#jinja2: lstrip_blocks: True +# The web settings for the service (API and UI). +# It is best to have this run on localhost and use a reverse proxy to access Dimension. +web: + port: 8184 + address: '0.0.0.0' + +# Homeserver configuration +homeserver: + # The domain name of the homeserver. This is used in many places, such as with go-neb + # setups, to identify the homeserver. + name: "{{ matrix_domain }}" + + # The URL that Dimension, go-neb, and other services provisioned by Dimension should + # use to access the homeserver with. + clientServerUrl: "http://matrix-synapse:8008" + + # The URL that Dimension should use when trying to communicate with federated APIs on + # the homeserver. If not supplied or left empty Dimension will try to resolve the address + # through the normal federation process. + federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" + + # The URL that Dimension will redirect media requests to for downloading media such as + # stickers. If not supplied or left empty Dimension will use the clientServerUrl. + mediaUrl: "https://{{ matrix_server_fqn_matrix }}" + + # The access token Dimension should use for miscellaneous access to the homeserver. This + # should be for a user on the configured homeserver: any user will do, however it is + # recommended to use a dedicated user (such as @dimension:t2bot.io). For information on + # how to acquire an access token, visit https://t2bot.io/docs/access_tokens + accessToken: "{{ matrix_dimension_access_token }}" + +# These users can modify the integrations this Dimension supports. +# To access the admin interface, open Dimension in Riot and click the settings icon. +admins: {{ matrix_dimension_admins|to_json }} + +# IPs and CIDR ranges listed here will be blocked from being widgets. +# Note: Widgets may still be embedded with restricted content, although not through Dimension directly. +widgetBlacklist: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 127.0.0.0/8 + +# Where the database for Dimension is +database: + file: "dimension.db" + +# Display settings that apply to self-hosted go-neb instances +goneb: + # The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver + # is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot, + # make the bot's avatar an empty string. + avatars: + giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27" + imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513" + github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1" + wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1" + travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8" + rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3" + google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142" + guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526" + echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13" + circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee" + jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329" + +# Settings for how Dimension is represented to the public +dimension: + # This is where Dimension is accessible from clients. Be sure to set this + # to your own Dimension instance. + publicUrl: "https://{{ matrix_server_fqn_dimension }}" + +# Settings for controlling how logging works +logging: + file: /dev/null + console: true + consoleLevel: verbose + fileLevel: info + rotate: + size: 52428800 # bytes, default is 50mb + count: 5 diff --git a/roles/matrix-ma1sd/defaults/main.yml b/roles/matrix-ma1sd/defaults/main.yml index ff2f72d4..64cf7c9a 100644 --- a/roles/matrix-ma1sd/defaults/main.yml +++ b/roles/matrix-ma1sd/defaults/main.yml @@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true # # For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`) # or completely replace this variable with your own template. -matrix_ma1sd_configuration_yaml: | - #jinja2: lstrip_blocks: True - matrix: - domain: {{ matrix_domain }} - v1: {{ matrix_ma1sd_v1_enabled|to_json }} - v2: {{ matrix_ma1sd_v2_enabled|to_json }} - - server: - name: {{ matrix_server_fqn_matrix }} - - key: - path: /var/ma1sd/sign.key - - storage: - provider: - sqlite: - database: /var/ma1sd/ma1sd.db - - {% if matrix_ma1sd_dns_overwrite_enabled %} - dns: - overwrite: - homeserver: - client: - - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} - value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} - {% endif %} - - {% if matrix_ma1sd_matrixorg_forwarding_enabled %} - forward: - servers: ['matrix-org'] - {% endif %} - - threepid: - medium: - email: - identity: - from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} - connectors: - smtp: - host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} - port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} - tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} - login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} - password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} - {% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} - generators: - template: - {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} - invite: '/var/ma1sd/invite-template.eml' - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} - session: - {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} - validation: '/var/ma1sd/validate-template.eml' - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} - unbind: - frandulent: '/var/ma1sd/unbind-fraudulent.eml' - {% endif %} - {% endif %} - {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} - generic: - matrixId: '/var/ma1sd/mxid-template.eml' - {% endif %} - {% endif %} - - synapseSql: - enabled: {{ matrix_ma1sd_synapsesql_enabled }} - type: {{ matrix_ma1sd_synapsesql_type }} - connection: {{ matrix_ma1sd_synapsesql_connection }} +matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}" matrix_ma1sd_configuration_extension_yaml: | # Your custom YAML configuration for ma1sd goes here. diff --git a/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 b/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 new file mode 100644 index 00000000..0deef3d8 --- /dev/null +++ b/roles/matrix-ma1sd/templates/ma1sd.yaml.j2 @@ -0,0 +1,69 @@ +#jinja2: lstrip_blocks: True +matrix: + domain: {{ matrix_domain }} + v1: {{ matrix_ma1sd_v1_enabled|to_json }} + v2: {{ matrix_ma1sd_v2_enabled|to_json }} + +server: + name: {{ matrix_server_fqn_matrix }} + +key: + path: /var/ma1sd/sign.key + +storage: + provider: + sqlite: + database: /var/ma1sd/ma1sd.db + +{% if matrix_ma1sd_dns_overwrite_enabled %} +dns: + overwrite: + homeserver: + client: + - name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }} + value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }} +{% endif %} + +{% if matrix_ma1sd_matrixorg_forwarding_enabled %} +forward: + servers: ['matrix-org'] +{% endif %} + +threepid: + medium: + email: + identity: + from: {{ matrix_ma1sd_threepid_medium_email_identity_from }} + connectors: + smtp: + host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }} + port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }} + tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }} + login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }} + password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }} +{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %} + generators: + template: + {% if matrix_ma1sd_threepid_medium_email_custom_invite_template %} + invite: '/var/ma1sd/invite-template.eml' + {% endif %} + {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} + session: + {% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %} + validation: '/var/ma1sd/validate-template.eml' + {% endif %} + {% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %} + unbind: + frandulent: '/var/ma1sd/unbind-fraudulent.eml' + {% endif %} + {% endif %} + {% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %} + generic: + matrixId: '/var/ma1sd/mxid-template.eml' + {% endif %} +{% endif %} + +synapseSql: + enabled: {{ matrix_ma1sd_synapsesql_enabled }} + type: {{ matrix_ma1sd_synapsesql_type }} + connection: {{ matrix_ma1sd_synapsesql_connection }} From c00a7c2fe91f75340102f94de6ebb6e951d4aef9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 3 Jun 2020 09:35:31 +0300 Subject: [PATCH 62/84] Update mautrix-facebook configuration (invitation, backfilling support) --- .../templates/config.yaml.j2 | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 887f3df8..d484823d 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -111,10 +111,24 @@ bridge: # Default to encryption, force-enable encryption in all portals the bridge creates # This will cause the bridge bot to be in private chats for the encryption to work properly. default: false - # Whether or not the bridge should send a read receipt from the bridge bot when a message has # been sent to Facebook. delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + # Settings for backfilling messages from Facebook. + backfill: + # Whether or not the Facebook users of logged in Matrix users should be + # invited to private chats when backfilling history from Facebook. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages. + missed_limit: 1000 # Permissions for using the bridge. # Permitted values: From 0967bc3cd9500bc75363996e0c16f09e7099201b Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 3 Jun 2020 12:03:44 +0200 Subject: [PATCH 63/84] added missing z flag --- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index f0634dbe..087e678a 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -30,7 +30,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --privileged \ - -v /dev:/dev \ + -v /dev:/dev:z \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From 41b1925b2a20c302ff2c6b7e13858030d22fb629 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 3 Jun 2020 13:07:36 +0200 Subject: [PATCH 64/84] remove dev mount --- .../templates/systemd/matrix-sms-bridge.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 087e678a..6bb6449e 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -30,7 +30,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --privileged \ - -v /dev:/dev:z \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From 3a3b95abfc6c67457e349170c81e90f203b3cdfe Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 3 Jun 2020 13:13:25 +0200 Subject: [PATCH 65/84] added dev volume to find serial by id --- .../templates/systemd/matrix-sms-bridge.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 6bb6449e..087e678a 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -30,6 +30,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --privileged \ + -v /dev:/dev:z \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From b60a4ac6433cbb7467c450135511f9368e72a565 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 3 Jun 2020 14:25:23 +0200 Subject: [PATCH 66/84] mount as slave --- .../templates/systemd/matrix-sms-bridge.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 index 087e678a..7bf91700 100644 --- a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 +++ b/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 @@ -30,7 +30,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \ -v {{ matrix_sms_bridge_data_path }}:/data:z \ -v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \ --privileged \ - -v /dev:/dev:z \ + -v /dev:/dev:slave \ {% for arg in matrix_sms_bridge_container_extra_arguments %} {{ arg }} \ {% endfor %} From 85c6befc041b7365ff1c9200a837358f706b413d Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Wed, 3 Jun 2020 20:02:37 +0200 Subject: [PATCH 67/84] removed unused delivery report --- roles/matrix-sms-bridge/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-sms-bridge/defaults/main.yml index 6465a9d4..4019f7be 100644 --- a/roles/matrix-sms-bridge/defaults/main.yml +++ b/roles/matrix-sms-bridge/defaults/main.yml @@ -127,8 +127,7 @@ matrix_sms_bridge_gammu_configuration: | ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }} debugLevel = 1 LogFile = /data/log/smsd.log - DeliveryReport = log - DeliveryReportDelay = 7200 + DeliveryReport = no HangupCalls = 1 CheckBattery = 0 From 0fce642179c5ae876d069dac3c61c94ab6d533a6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jun 2020 19:52:55 +0300 Subject: [PATCH 68/84] Upgrade riot-web (1.6.2 -> 1.6.3) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 1dc1be04..04440c60 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.2" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.3" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From f68e47d3c4175b3b1ba2727ecf33326774c92ca6 Mon Sep 17 00:00:00 2001 From: benkuly <12199167+benkuly@users.noreply.github.com> Date: Fri, 5 Jun 2020 12:25:41 +0200 Subject: [PATCH 69/84] renamed role matrix-sms-bridge to matrix-bridge-sms --- ...-sms-bridge.md => configuring-playbook-matrix-bridge-sms.md} | 2 +- docs/configuring-playbook.md | 2 +- .../{matrix-sms-bridge => matrix-bridge-sms}/defaults/main.yml | 0 roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/init.yml | 0 roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/main.yml | 0 .../tasks/setup_install.yml | 0 .../tasks/setup_uninstall.yml | 0 .../tasks/validate_config.yml | 0 .../templates/systemd/matrix-sms-bridge-database.service.j2 | 0 .../templates/systemd/matrix-sms-bridge.service.j2 | 0 setup.yml | 2 +- 11 files changed, 3 insertions(+), 3 deletions(-) rename docs/{configuring-playbook-matrix-sms-bridge.md => configuring-playbook-matrix-bridge-sms.md} (96%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/defaults/main.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/init.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/main.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/setup_install.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/setup_uninstall.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/tasks/validate_config.yml (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/templates/systemd/matrix-sms-bridge-database.service.j2 (100%) rename roles/{matrix-sms-bridge => matrix-bridge-sms}/templates/systemd/matrix-sms-bridge.service.j2 (100%) diff --git a/docs/configuring-playbook-matrix-sms-bridge.md b/docs/configuring-playbook-matrix-bridge-sms.md similarity index 96% rename from docs/configuring-playbook-matrix-sms-bridge.md rename to docs/configuring-playbook-matrix-bridge-sms.md index 31a85228..2809fb03 100644 --- a/docs/configuring-playbook-matrix-sms-bridge.md +++ b/docs/configuring-playbook-matrix-bridge-sms.md @@ -1,4 +1,4 @@ -# Setting up matrix-sms-bridge (optional) +# Setting up matrix-bridge-sms (optional) The playbook can install and configure [matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) for you. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 90771cf3..208db5bb 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -103,4 +103,4 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) -- [Setting up Matrix SMS bridging](configuring-playbook-matrix-sms-bridge.md) (optional) +- [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional) diff --git a/roles/matrix-sms-bridge/defaults/main.yml b/roles/matrix-bridge-sms/defaults/main.yml similarity index 100% rename from roles/matrix-sms-bridge/defaults/main.yml rename to roles/matrix-bridge-sms/defaults/main.yml diff --git a/roles/matrix-sms-bridge/tasks/init.yml b/roles/matrix-bridge-sms/tasks/init.yml similarity index 100% rename from roles/matrix-sms-bridge/tasks/init.yml rename to roles/matrix-bridge-sms/tasks/init.yml diff --git a/roles/matrix-sms-bridge/tasks/main.yml b/roles/matrix-bridge-sms/tasks/main.yml similarity index 100% rename from roles/matrix-sms-bridge/tasks/main.yml rename to roles/matrix-bridge-sms/tasks/main.yml diff --git a/roles/matrix-sms-bridge/tasks/setup_install.yml b/roles/matrix-bridge-sms/tasks/setup_install.yml similarity index 100% rename from roles/matrix-sms-bridge/tasks/setup_install.yml rename to roles/matrix-bridge-sms/tasks/setup_install.yml diff --git a/roles/matrix-sms-bridge/tasks/setup_uninstall.yml b/roles/matrix-bridge-sms/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-sms-bridge/tasks/setup_uninstall.yml rename to roles/matrix-bridge-sms/tasks/setup_uninstall.yml diff --git a/roles/matrix-sms-bridge/tasks/validate_config.yml b/roles/matrix-bridge-sms/tasks/validate_config.yml similarity index 100% rename from roles/matrix-sms-bridge/tasks/validate_config.yml rename to roles/matrix-bridge-sms/tasks/validate_config.yml diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 similarity index 100% rename from roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge-database.service.j2 rename to roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2 diff --git a/roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 b/roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 similarity index 100% rename from roles/matrix-sms-bridge/templates/systemd/matrix-sms-bridge.service.j2 rename to roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2 diff --git a/setup.yml b/setup.yml index fc0ddc2c..4831873e 100755 --- a/setup.yml +++ b/setup.yml @@ -18,7 +18,7 @@ - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype - matrix-bridge-mx-puppet-slack - - matrix-sms-bridge + - matrix-bridge-sms - matrix-synapse - matrix-riot-web - matrix-jitsi From d6c44879984dc9a69e1780a35cfff4508e36e7fb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 5 Jun 2020 14:52:24 +0300 Subject: [PATCH 70/84] Fix some typos --- docs/configuring-playbook-matrix-bridge-sms.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-matrix-bridge-sms.md b/docs/configuring-playbook-matrix-bridge-sms.md index 2809fb03..c208bb81 100644 --- a/docs/configuring-playbook-matrix-bridge-sms.md +++ b/docs/configuring-playbook-matrix-bridge-sms.md @@ -1,7 +1,7 @@ -# Setting up matrix-bridge-sms (optional) +# Setting up matrix-sms-bridge (optional) The playbook can install and configure -[matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) for you. +[matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for you. See the project page to learn what it does and why it might be useful to you. From 8d786713a6b8efb998a1313ca3fd1d9401e984cc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 5 Jun 2020 15:05:48 +0300 Subject: [PATCH 71/84] Update changelog --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index de86333d..a3899f35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-06-05 + +## SMS bridging support + +Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge). + +See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started. + + # 2020-05-19 ## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server From b0b744dede94da789339051615c6106a0215d583 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 5 Jun 2020 15:21:41 +0300 Subject: [PATCH 72/84] Add periodic reconnection configuration to mautrix-facebook bridge --- .../templates/config.yaml.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index d484823d..3c7b7e62 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -129,6 +129,16 @@ bridge: # the bridge was disconnected. # Set to 0 to disable backfilling missed messages. missed_limit: 1000 + # Interval in seconds in which to automatically reconnect all users. + # This can be used to automatically mitigate the bug where Facebook stops sending messages. + # Set to -1 to disable periodic reconnections entirely. + periodic_reconnect_interval: -1 + # What to do in periodic reconnects. Either "refresh" or "reconnect" + periodic_reconnect_mode: refresh + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 # Permissions for using the bridge. # Permitted values: From 88a4a3ab55a6fbf844741daa8d36d4922f31e081 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Jun 2020 08:25:27 +0300 Subject: [PATCH 73/84] Update components --- docs/ansible.md | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- roles/matrix-riot-web/defaults/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/ansible.md b/docs/ansible.md index 5f27a7c7..1ba430f4 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -49,7 +49,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.9.7-r0 +devture/ansible:2.9.9-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 07dd2038..ae54ea4e 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" @@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 04440c60..700e0ec3 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -2,7 +2,7 @@ matrix_riot_web_enabled: true matrix_riot_web_container_image_self_build: false -matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.3" +matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From e4edfd5b1254ebc76ce826c726cb8ae35922b773 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 6 Jun 2020 08:47:56 +0300 Subject: [PATCH 74/84] Remove now-unnecessary /dev/null hacks from riot-web `/etc/nginx/conf.d/default.conf` was previously causing some issues when used with our `--user`. It's not the case anymore, so we can remove it. Fixes #369 (Github Issue). --- .../matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 index 37aff5cd..a15cb55e 100644 --- a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 @@ -22,7 +22,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \ {% endif %} --tmpfs=/tmp:rw,noexec,nosuid,size=10m \ -v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \ - -v /dev/null:/etc/nginx/conf.d/default.conf:ro \ -v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \ -v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \ {% if matrix_riot_web_embedded_pages_home_path is not none %} From 331c77a6510b8b15f9d8e603c7f43e5f74ce74cd Mon Sep 17 00:00:00 2001 From: dasTholo Date: Sat, 6 Jun 2020 12:42:25 +0200 Subject: [PATCH 75/84] Add Docker Network for matrix-mautrix-telegram-db for Telegram Bridge with Postgress Postgres setup like matrix_mautrix_telegram_configuration_extension_yaml: | appservice: database: "postgres://XXX:XXX@matrix-postgres:5432/mxtg" will fail without the right Dockernetwork --- .../templates/systemd/matrix-mautrix-telegram.service.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 2c9986b4..b0b4f643 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -17,6 +17,7 @@ ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-tel --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_telegram_config_path }}:/config:z \ -v {{ matrix_mautrix_telegram_data_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ From 201292cdc527eb33f4caa81c5e5ea9113a9caff4 Mon Sep 17 00:00:00 2001 From: kristbaum Date: Sun, 7 Jun 2020 19:56:12 +0200 Subject: [PATCH 76/84] typo --- docs/configuring-well-known.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 826a7494..21a4343e 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -136,7 +136,7 @@ backend matrix-backend reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2 # Rewrite redirects as ProxyPassReverse does acl response-is-redirect res.hdr(Location) -m found - rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect + rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect ``` Make sure to: From 01138525045df9c2cafe28b281d51ed0d741f3e4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Jun 2020 09:27:31 +0300 Subject: [PATCH 77/84] Upgrade matrix-synapse-shared-secret-auth (1.0.1 -> 1.0.2) There's no change in the source code. Just a release bump for packaing reasons. It doesn't matter much for us here, but let's be on the latest tag anyway. --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ef8cca83..6d09add5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals # Enable this to activate the Shared Secret Auth password provider module. # See: https://github.com/devture/matrix-synapse-shared-secret-auth matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false -matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py" +matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py" matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "" # Enable this to activate LDAP password provider From 1f414a44ff65c30ab1cbb317cb0615bc7ff8d367 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Jun 2020 09:37:28 +0300 Subject: [PATCH 78/84] Upgrade matrix-mailer --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index 8364ee2c..c1ffb0cf 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -2,7 +2,7 @@ matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" -matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0" +matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" # The user/group that the container runs with. From ab32f6adf6a7473cb0fc835bce720e23bc139a4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Jun 2020 09:52:34 +0300 Subject: [PATCH 79/84] Add self-building support to matrix-mailer (exim-relay) --- docs/alternative-architectures.md | 6 ++--- docs/self-building.md | 1 + group_vars/matrix_servers | 4 ++- roles/matrix-mailer/defaults/main.yml | 5 ++++ roles/matrix-mailer/tasks/setup_mailer.yml | 29 +++++++++++++++++++--- 5 files changed, 37 insertions(+), 8 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 07510d8a..43c14b67 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -19,6 +19,6 @@ matrix_architecture: "arm32" This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: -- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, -- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, -- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. +- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well +- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well +- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling. diff --git a/docs/self-building.md b/docs/self-building.md index 85d09812..e4912090 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible: - `matrix-riot-web` - `matrix-coturn` - `matrix-ma1sd` +- `matrix-mailer` - `matrix-mautrix-facebook` - `matrix-mautrix-hangouts` - `matrix-mx-puppet-skype` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8ff5ce96..6835c93a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -537,11 +537,13 @@ matrix_jitsi_web_stun_servers: | # ###################################################################### -# By default, this playbook sets up a postfix mailer server (running in a container). +# By default, this playbook sets up an exim mailer server (running in a container). # This is so that Synapse can send email reminders for unread messages. # Other services (like ma1sd), also use the mailer. matrix_mailer_enabled: true +matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + ###################################################################### # # /matrix-mailer diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index c1ffb0cf..0a8fd13c 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -2,6 +2,11 @@ matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" +matrix_mailer_container_image_self_build: false +matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay" +matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" +matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" + matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 6104edfe..99370638 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -6,12 +6,15 @@ - name: Ensure mailer base path exists file: - path: "{{ matrix_mailer_base_path }}" + path: "{{ item.path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_groupname }}" - when: matrix_mailer_enabled|bool + with_items: + - { path: "{{ matrix_mailer_base_path }}", when: true } + - { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" } + when: "matrix_mailer_enabled|bool and item.when" - name: Ensure mailer environment variables file created template: @@ -20,13 +23,31 @@ mode: 0640 when: matrix_mailer_enabled|bool -- name: Ensure mailer image is pulled +- name: Ensure exim-relay repository is present on self-build + git: + repo: "{{ matrix_mailer_container_image_self_build_repository_url }}" + dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}" + version: "{{ matrix_mailer_container_image_self_build_version }}" + force: "yes" + when: "matrix_mailer_container_image_self_build|bool" + +- name: Ensure exim-relay Docker image is built + docker_image: + name: "{{ matrix_mailer_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mailer_container_image_self_build_src_files_path }}" + pull: yes + when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool" + +- name: Ensure exim-relay image is pulled docker_image: name: "{{ matrix_mailer_docker_image }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}" - when: matrix_mailer_enabled|bool + when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool" - name: Ensure matrix-mailer.service installed template: From 831c3f4e6400c8d9e776a5139a21bd45de1e33d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jun 2020 07:54:42 +0300 Subject: [PATCH 80/84] Fix certbot/cerbot image pulling for ARM32 and ARM64 Related to #529 (Github Issue). --- docs/alternative-architectures.md | 13 +++++++++---- group_vars/matrix_servers | 8 +++++++- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 43c14b67..4ca9646e 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -1,22 +1,27 @@ # Alternative architectures + As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. To that end add the following variable to your `vars.yaml` file: -``` + +```yaml matrix_architecture: ``` + Currently supported architectures are the following: - `amd64` (the default) - `arm64` - `arm32` -so for the Raspberry Pi the following should be in your `vars.yaml` file: -``` +so for the Raspberry Pi, the following should be in your `vars.yaml` file: + +```yaml matrix_architecture: "arm32" ``` ## Implementation details -This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. + +This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection. On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: - `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 6835c93a..90c249a6 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -675,7 +675,13 @@ matrix_ssl_domains_to_obtain_certificates_for: | ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} -matrix_ssl_architecture: "{{ matrix_architecture }}" +matrix_ssl_architecture: "{{ + { + 'amd64': 'amd64', + 'arm32': 'arm32v6', + 'arm64': 'arm64v8', + }[matrix_architecture] +}}" ###################################################################### # From e48cfa4bccaeafb72d94315f1213ae36215f54c2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jun 2020 08:02:13 +0300 Subject: [PATCH 81/84] Improve documentation on joining Discord rooms --- docs/configuring-playbook-bridge-appservice-discord.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index dbd11226..96f8377e 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" 4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. 5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`) 6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended. -7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id` +7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. From 65e50205969eaf4170b37115d6845b43a806797a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jun 2020 08:12:58 +0300 Subject: [PATCH 82/84] Proxy other /_synapse endpoints to the client API Besides /_synapse/admin, there are other things like /_synapse/oidc, etc. We should just proxy everything. Fixes #534 (Github Issue). --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 99662515..8fd87958 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -150,7 +150,7 @@ } {% endif %} - location /_synapse/admin { + location /_synapse { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; From 10b3ceff7229abebdd3d41fed38fefc7a64421a0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 9 Jun 2020 08:29:03 +0300 Subject: [PATCH 83/84] Make Matrix federation port configurable Fixes #523 (Github Issue). --- group_vars/matrix_servers | 4 +++- roles/matrix-base/defaults/main.yml | 2 ++ .../templates/static-files/well-known/matrix-server.j2 | 2 +- roles/matrix-synapse/tasks/self_check_federation_api.yml | 2 +- roles/matrix-synapse/vars/main.yml | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 90c249a6..ff69cd8f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -638,6 +638,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048" matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048" +matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}" + matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}" matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}" @@ -788,7 +790,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}" # # For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces. -matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" +matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}" # # For exposing the Synapse Metrics API's port (plain HTTP) to the local host. matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}" diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 1aa09800..76c363e4 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" # This is where you access Jitsi. matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" +matrix_federation_public_port: 8448 + matrix_user_username: "matrix" matrix_user_groupname: "matrix" diff --git a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 b/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 index de0f5722..8349a15c 100644 --- a/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 +++ b/roles/matrix-base/templates/static-files/well-known/matrix-server.j2 @@ -1,4 +1,4 @@ #jinja2: lstrip_blocks: "True" { - "m.server": "{{ matrix_server_fqn_matrix }}:8448" + "m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}" } diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index fd4b338c..2a716d6b 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -11,7 +11,7 @@ - name: Fail if Matrix Federation API not working fail: - msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" + msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index bb0a06f2..b53dceb8 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -3,7 +3,7 @@ matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" -matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version" +matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version" # Tells whether this role had executed or not. Toggled to `true` during runtime. matrix_synapse_role_executed: false From 440569c47b6f6f2704a23fba215882d13e470eb3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 10 Jun 2020 09:20:06 +0300 Subject: [PATCH 84/84] Update mautrix-facebook configuration --- .../templates/config.yaml.j2 | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 3c7b7e62..7da7b588 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -129,16 +129,29 @@ bridge: # the bridge was disconnected. # Set to 0 to disable backfilling missed messages. missed_limit: 1000 - # Interval in seconds in which to automatically reconnect all users. - # This can be used to automatically mitigate the bug where Facebook stops sending messages. - # Set to -1 to disable periodic reconnections entirely. - periodic_reconnect_interval: -1 - # What to do in periodic reconnects. Either "refresh" or "reconnect" - periodic_reconnect_mode: refresh + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + periodic_reconnect: + # Interval in seconds in which to automatically reconnect all users. + # This can be used to automatically mitigate the bug where Facebook stops sending messages. + # Set to -1 to disable periodic reconnections entirely. + interval: -1 + # What to do in periodic reconnects. Either "refresh" or "reconnect" + mode: refresh + # Should even disconnected users be reconnected? + always: false # The number of seconds that a disconnection can last without triggering an automatic re-sync # and missed message backfilling when reconnecting. # Set to 0 to always re-sync, or -1 to never re-sync automatically. resync_max_disconnected_time: 5 + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Whether or not the bridge should try to "refresh" the connection if a normal reconnection + # attempt fails. + refresh_on_reconnection_fail: false # Permissions for using the bridge. # Permitted values: