From fef6d5762642777778fc630bf6590755140e21c1 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Feb 2021 18:42:09 +0200 Subject: [PATCH 01/30] Remove alembic migrations for mautrix-facebook They're gone now: https://github.com/tulir/mautrix-facebook/commit/b8ce80e476ac49c8b4d538321b74fe2b014d6460 --- .../systemd/matrix-mautrix-facebook.service.j2 | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index acd2c885..f3af4b9f 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -16,20 +16,6 @@ Environment="HOME={{ matrix_systemd_unit_home_path }}" ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null' ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null' -# This bridge uses another mechanism for migrations now (migrations happen automatically during regular startup), -# so going forward, running this alembic stuff will not necessary. -# People who are upgrading from an older version of the bridge should go through this migration -# first though, so we're keeping it around for now. -ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \ - --log-driver=none \ - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_facebook_config_path }}:/config:z \ - -v {{ matrix_mautrix_facebook_data_path }}:/data:z \ - {{ matrix_mautrix_facebook_docker_image }} \ - alembic -x config=/config/config.yaml upgrade head - # Intentional delay, so that the homeserver (we likely depend on) can manage to start. ExecStartPre={{ matrix_host_command_sleep }} 5 From c527f2930e758b0a392519d1785d170f3f1874eb Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 1 Mar 2021 15:53:54 +0200 Subject: [PATCH 02/30] Upgrade Element (1.7.21 -> 1.7.22) --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index fc6f30f9..634c0894 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.7.21 +matrix_client_element_version: v1.7.22 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From a25b8135b8adab3adac78a49d43c2c25ae3faa95 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 1 Mar 2021 20:27:45 +0200 Subject: [PATCH 03/30] Fix point overlap between matrix-domain and Jitsi Mostly affects people who disable the integrated `matrix-nginx-proxy`. Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456 and more specifically 4d62a75f6f46becb0ece. --- examples/caddy2/Caddyfile | 12 ++++++------ group_vars/matrix_servers | 4 ++-- roles/matrix-jitsi/defaults/main.yml | 2 +- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/caddy2/Caddyfile b/examples/caddy2/Caddyfile index d13b9788..8999f299 100644 --- a/examples/caddy2/Caddyfile +++ b/examples/caddy2/Caddyfile @@ -101,7 +101,7 @@ element.DOMAIN.tld { # creates letsencrypt certificate # tls your@email.com - + header { # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -128,10 +128,10 @@ element.DOMAIN.tld { } #dimension.DOMAIN.tld { -# +# # # creates letsencrypt certificate # # tls your@email.com -# +# # header { # # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS # Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" @@ -160,7 +160,7 @@ element.DOMAIN.tld { #jitsi.DOMAIN.tld { -# +# # creates letsencrypt certificate # tls your@email.com # @@ -193,7 +193,7 @@ element.DOMAIN.tld { # handle { # encode zstd gzip # -# reverse_proxy 127.0.0.1:12080 { +# reverse_proxy 127.0.0.1:13080 { # header_up X-Forwarded-Port {http.request.port} # header_up X-Forwarded-Proto {http.request.scheme} # header_up X-Forwarded-TlsProto {tls_protocol} @@ -201,4 +201,4 @@ element.DOMAIN.tld { # header_up X-Forwarded-HttpsProto {proto} # } # } -#} \ No newline at end of file +#} diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 13172a63..3cd906e8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -905,9 +905,9 @@ matrix_jitsi_enabled: false # Normally, matrix-nginx-proxy is enabled and nginx can reach jitsi/web over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose # the Jitsi HTTP port to the local host. -matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12080' }}" +matrix_jitsi_web_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:13080' }}" -matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:12090' }}" +matrix_jitsi_jvb_container_colibri_ws_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:13090' }}" matrix_jitsi_jibri_xmpp_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jibri') | to_uuid }}" matrix_jitsi_jicofo_auth_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'jicofo') | to_uuid }}" diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index b7434dd3..16206840 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -73,7 +73,7 @@ matrix_jitsi_etherpad_enabled: false # Controls whether the matrix-jitsi-web container exposes its HTTP port (tcp/80 in the container). # -# Takes an ":" or "" value (e.g. "127.0.0.1:12080"), or empty string to not expose. +# Takes an ":" or "" value (e.g. "127.0.0.1:13080"), or empty string to not expose. matrix_jitsi_web_container_http_host_bind_port: '' # A list of extra arguments to pass to the container diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index eb3d67b1..a20d8a73 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -17,7 +17,7 @@ proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:12080; + proxy_pass http://127.0.0.1:13080; {% endif %} proxy_set_header Host $host; @@ -32,7 +32,7 @@ proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} - proxy_pass http://127.0.0.1:12090; + proxy_pass http://127.0.0.1:13090; {% endif %} proxy_set_header Host $host; From 009efdad4944a32f88ed754c8095617a9d473af9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Mar 2021 07:59:59 +0200 Subject: [PATCH 04/30] Fix matrix.DOMAIN/_synapse/metrics exposing This is something that got lost during https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456 and more specifically 4d62a75f6f46becb0ece. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/914 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index a4fbd002..720d9150 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -193,6 +193,8 @@ matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_prefix_regexes: | (['/_synapse/oidc'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled else []) + (['/_synapse/admin'] if matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled else []) + + + (['/_synapse/metrics'] if matrix_nginx_proxy_proxy_synapse_metrics else []) }} # Specifies where requests for the root URI (`/`) on the `matrix.` domain should be redirected. From 31d2e013f72053f0248db69e51a7c56227cfcaf2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Mar 2021 08:02:31 +0200 Subject: [PATCH 05/30] Fix typo --- docs/configuring-playbook-prometheus-grafana.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 98d1f604..310eac6a 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -59,7 +59,7 @@ Name | Description `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable) -## More inforation +## More information - [Understanding Synapse Performance Issues Through Grafana Graphs](https://github.com/matrix-org/synapse/wiki/Understanding-Synapse-Performance-Issues-Through-Grafana-Graphs) at the Synapse Github Wiki - [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2) From 0de0716527923731e7fc474d3d184eeb7590b37d Mon Sep 17 00:00:00 2001 From: SierraKiloBravo Date: Tue, 2 Mar 2021 11:30:09 +0100 Subject: [PATCH 06/30] Added nginx proxy worker configuration to template and defaults --- roles/matrix-nginx-proxy/defaults/main.yml | 6 ++++++ roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 | 5 ++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 720d9150..3234a44c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -364,3 +364,9 @@ matrix_nginx_proxy_synapse_generic_worker_federation_locations: [] matrix_nginx_proxy_synapse_media_repository_locations: [] matrix_nginx_proxy_synapse_user_dir_locations: [] matrix_nginx_proxy_synapse_frontend_proxy_locations: [] + +# The amount of worker processes and connections +# Consider increasing these when you are expecting high amounts of traffic +# http://nginx.org/en/docs/ngx_core_module.html#worker_connections +matrix_nginx_proxy_worker_processes: 1 +matrix_nginx_proxy_worker_connections: 1024 diff --git a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 index facb0901..c35f9b24 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/nginx.conf.j2 @@ -8,14 +8,13 @@ # - various temp paths are changed to `/tmp`, so that a non-root user can write to them # - the `user` directive was removed, as we don't want nginx to switch users -worker_processes 1; - +worker_processes {{ matrix_nginx_proxy_worker_processes }}; error_log /var/log/nginx/error.log warn; pid /tmp/nginx.pid; events { - worker_connections 1024; + worker_connections {{ matrix_nginx_proxy_worker_connections }}; } From 7d1522d884e52c50724edb8a953d4b62b6d29342 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 2 Mar 2021 13:28:59 +0200 Subject: [PATCH 07/30] Add Ko-fi donation link --- .github/FUNDING.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index bc3c8e75..6e7102bf 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,3 +2,5 @@ # https://liberapay.com/s.pantaleev/ liberapay: s.pantaleev +# https://ko-fi.com/spantaleev +ko_fi: spantaleev From be23249f4b32383d6bb1c6d81e742a4bc3a9c108 Mon Sep 17 00:00:00 2001 From: Markus Ullmann Date: Tue, 2 Mar 2021 20:07:59 +0100 Subject: [PATCH 08/30] Adjust wait timeout During first setup postgres takes its time to get up and running, resulting in "postgres in startup" exceptions from synapse if you run without additional services that come in between. Hence suggesting increasing the time a bit to avoid having an error which heals itself and thus is hard to spot for newcomers. --- roles/matrix-common-after/tasks/start.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-common-after/tasks/start.yml b/roles/matrix-common-after/tasks/start.yml index b1477cf6..300de94c 100644 --- a/roles/matrix-common-after/tasks/start.yml +++ b/roles/matrix-common-after/tasks/start.yml @@ -30,7 +30,7 @@ # as we may run into systemd's automatic restart logic retrying the service. - name: Wait a bit, so that services can start (or fail) wait_for: - timeout: 5 + timeout: 15 delegate_to: 127.0.0.1 become: false From df5cbcc2e18f6c039179cdae9bb5a0ce6e712213 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 6 Mar 2021 12:35:12 -0600 Subject: [PATCH 09/30] Make steps in configuring-playbook.md numbered instead of bullet points which make it more difficult to tell whether or not you completed all of the steps --- docs/configuring-playbook.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 34c52efc..1c836786 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -8,15 +8,15 @@ To configure the playbook, you need to have done the following things: You can then follow these steps inside the playbook directory: -- create a directory to hold your configuration (`mkdir inventory/host_vars/matrix.`) +1. create a directory to hold your configuration (`mkdir inventory/host_vars/matrix.`) -- copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix./vars.yml`) +1. copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix./vars.yml`) -- edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. +1. edit the configuration file (`inventory/host_vars/matrix./vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file. -- copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) +1. copy the sample inventory hosts file (`cp examples/hosts inventory/hosts`) -- edit the inventory hosts file (`inventory/hosts`) to your liking +1. edit the inventory hosts file (`inventory/hosts`) to your liking For a basic Matrix installation, that's all you need. From f0698ee6414d5006e6d904a96c1f6927a8efb124 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Mar 2021 17:10:10 +0200 Subject: [PATCH 10/30] Do not overwrite X-Forwarded-For when reverse-proxying to Synapse We have a flow like this: 1. matrix.DOMAIN vhost (matrix-domain.conf) 2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled 3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled 4. matrix-synapse container We are setting `X-Forwarded-For` correctly in step #1, but were overwriting it in step #2 with something inaccurate. Not doing anything in step #2 is better than doing the wrong thing. It's probably best if we append another reverse-proxy address there though, although what we're doing now (with this patch) seems to yield the correct result (when matrix-corporal is not enabled). When matrix-corporal is enabled, we still seem to do the wrong thing for some reason. It's something to be fixed later on. --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 7041468e..4a3a355d 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -79,7 +79,6 @@ server { location ~ {{ location }} { proxy_pass http://generic_worker_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; } {% endfor %} {% endif %} @@ -90,7 +89,6 @@ server { location ~ {{ location }} { proxy_pass http://media_repository_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; @@ -106,7 +104,6 @@ server { location ~ {{ location }} { proxy_pass http://user_dir_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; } {% endfor %} {% endif %} @@ -117,7 +114,6 @@ server { location ~ {{ location }} { proxy_pass http://frontend_proxy_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; } {% endfor %} {% if matrix_nginx_proxy_synapse_presence_disabled %} @@ -125,7 +121,6 @@ server { location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status { proxy_pass http://frontend_proxy_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; } {% endif %} {% endif %} @@ -150,7 +145,6 @@ server { {% endif %} proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; {% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %} auth_basic "protected"; @@ -172,7 +166,6 @@ server { {% endif %} proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; @@ -199,7 +192,6 @@ server { location ~ {{ location }} { proxy_pass http://generic_worker_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; } {% endfor %} {% endif %} @@ -209,7 +201,6 @@ server { location ~ {{ location }} { proxy_pass http://media_repository_upstream$request_uri; proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; @@ -231,7 +222,6 @@ server { {% endif %} proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $remote_addr; client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M; From 9b72384df7a7663079b41ad17768ff9e9b4b9320 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 8 Mar 2021 17:19:01 +0200 Subject: [PATCH 11/30] Upgrade Synapse (1.28.0 -> 1.29.0) --- .../nginx/conf.d/matrix-domain.conf.j2 | 4 ++ roles/matrix-synapse/defaults/main.yml | 4 +- .../templates/synapse/homeserver.yaml.j2 | 56 ++++++++++++++----- 3 files changed, 49 insertions(+), 15 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 41497416..9d582618 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -47,6 +47,7 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; } {% endif %} @@ -64,6 +65,7 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; } {% endif %} @@ -98,6 +100,7 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; } {% endif %} @@ -122,6 +125,7 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; client_body_buffer_size 25M; client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M; diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9086884b..9c8bfc69 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont # amd64 gets released first. # arm32 relies on self-building, so the same version can be built immediately. # arm64 users need to wait for a prebuilt image to become available. -matrix_synapse_version: v1.28.0 -matrix_synapse_version_arm64: v1.28.0 +matrix_synapse_version: v1.29.0 +matrix_synapse_version_arm64: v1.29.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 09e11f7b..e03b3065 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -77,6 +77,14 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} # #limit_profile_requests_to_users_who_share_rooms: true +# Uncomment to prevent a user's profile data from being retrieved and +# displayed in a room until they have joined it. By default, a user's +# profile data is included in an invite event, regardless of the values +# of the above two settings, and whether or not the users share a server. +# Defaults to 'true'. +# +#include_profile_data_on_invite: false + # If set to 'true', removes the need for authentication to access the server's # public rooms directory through the client API, meaning that anyone can # query the room directory. Defaults to 'false'. @@ -725,6 +733,12 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # - matrix.org # - example.com +# Uncomment to disable profile lookup over federation. By default, the +# Federation API allows other homeservers to obtain profile data of any user +# on this homeserver. Defaults to 'true'. +# +#allow_profile_lookup_over_federation: false + ## Caching ## @@ -2578,19 +2592,35 @@ enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }} # User Directory configuration # -# 'enabled' defines whether users can search the user directory. If -# false then empty responses are returned to all queries. Defaults to -# true. -# -# 'search_all_users' defines whether to search all users visible to your HS -# when searching the user directory, rather than limiting to users visible -# in public rooms. Defaults to false. If you set it True, you'll have to -# rebuild the user_directory search indexes, see -# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md -# -#user_directory: -# enabled: true -# search_all_users: false +user_directory: + # Defines whether users can search the user directory. If false then + # empty responses are returned to all queries. Defaults to true. + # + # Uncomment to disable the user directory. + # + #enabled: false + + # Defines whether to search all users visible to your HS when searching + # the user directory, rather than limiting to users visible in public + # rooms. Defaults to false. + # + # If you set it true, you'll have to rebuild the user_directory search + # indexes, see: + # https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md + # + # Uncomment to return search results containing all known users, even if that + # user does not share a room with the requester. + # + #search_all_users: true + + # Defines whether to prefer local users in search query results. + # If True, local users are more likely to appear above remote users + # when searching the user directory. Defaults to false. + # + # Uncomment to prefer local over remote users in user directory search + # results. + # + #prefer_local_users: true # User Consent configuration From 51e25474843c9ac572016e9d53d87537695e1a51 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Thu, 11 Mar 2021 19:23:01 +0100 Subject: [PATCH 12/30] Added support for the Go-NEB bot --- docs/configuring-dns.md | 3 + docs/configuring-playbook-bot-go-neb.md | 218 +++++++++++++++++ group_vars/matrix_servers | 24 ++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-bot-go-neb/defaults/main.yml | 225 ++++++++++++++++++ roles/matrix-bot-go-neb/tasks/init.yml | 3 + roles/matrix-bot-go-neb/tasks/main.yml | 21 ++ .../matrix-bot-go-neb/tasks/setup_install.yml | 50 ++++ .../tasks/setup_uninstall.yml | 35 +++ .../tasks/validate_config.yml | 13 + .../templates/config.yaml.j2 | 44 ++++ .../systemd/matrix-bot-go-neb.service.j2 | 46 ++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 + .../tasks/setup_nginx_proxy.yml | 13 + .../nginx/conf.d/matrix-bot-go-neb.conf.j2 | 77 ++++++ setup.yml | 1 + 16 files changed, 783 insertions(+) create mode 100644 docs/configuring-playbook-bot-go-neb.md create mode 100644 roles/matrix-bot-go-neb/defaults/main.yml create mode 100644 roles/matrix-bot-go-neb/tasks/init.yml create mode 100644 roles/matrix-bot-go-neb/tasks/main.yml create mode 100644 roles/matrix-bot-go-neb/tasks/setup_install.yml create mode 100644 roles/matrix-bot-go-neb/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bot-go-neb/tasks/validate_config.yml create mode 100644 roles/matrix-bot-go-neb/templates/config.yaml.j2 create mode 100644 roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index c25b079e..a3815953 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -34,6 +34,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `dimension` (*) | - | - | - | `matrix.` | | CNAME | `jitsi` (*) | - | - | - | `matrix.` | | CNAME | `stats` (*) | - | - | - | `matrix.` | +| CNAME | `goneb` (*) | - | - | - | `matrix.` | ## Subdomains setup @@ -48,6 +49,8 @@ The `jitsi.` subdomain may be necessary, because this playbook coul The `stats.` subdomain may be necessary, because this playbook could install [Grafana](https://grafana.com/) and setup performance metrics for you. Grafana installation is disabled by default, it is not a core required component. To learn how to install it, see our [metrics and graphs guide](configuring-playbook-prometheus-grafana.md). If you do not wish to set up Grafana, feel free to skip the `stats.` DNS record. It is possible to install Prometheus without installing Grafana, this would also not require the `stats.` subdomain. +The `goneb.` subdomain may be necessary, because this playbook could install the [Go-NEB](https://github.com/matrix-org/go-neb) bot. The installation of Go-NEB is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Go-NEB guide](configuring-playbook-bot-go-neb.md). If you do not wish to set up Go-NEB, feel free to skip the `goneb.` DNS record. + ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md new file mode 100644 index 00000000..d91dafa6 --- /dev/null +++ b/docs/configuring-playbook-bot-go-neb.md @@ -0,0 +1,218 @@ +# Setting up Go-NEB (optional) + +The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go-neb) for you. + +Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. + +See the project's [documentation](https://github.com/matrix-org/go-neb) to learn what it does and why it might be useful to you. + + +## Registering the bot users + +The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver. + +You **need to register the bot user manually** before setting up the bot. + +Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. + +If you use curl, you can immediatly copy/paste the access token into the configuration file. + +``` +curl -X POST --header 'Content-Type: application/json' -d '{ + "identifier": { "type": "m.id.user", "user": "bot.go-neb" }, + "password": "a strong password", + "type": "m.login.password" +}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' +``` + +You can use also use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + +And then log in via element, but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start) + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +matrix_bot_go_neb_enabled: true + +# You need at least 1 client. +matrix_bot_go_neb_clients: + - UserID: "@goneb:localhost" + AccessToken: "MDASDASJDIASDJASDAFGFRGER" + DeviceID: "DEVICE1" + HomeserverURL: "{{ matrix_homeserver_container_url }}" + Sync: true + AutoJoinRooms: true + DisplayName: "Go-NEB!" + AcceptVerificationFromUsers: [":localhost:8008"] + + - UserID: "@another_goneb:localhost" + AccessToken: "MDASDASJDIASDJASDAFGFRGER" + DeviceID: "DEVICE2" + HomeserverURL: "{{ matrix_homeserver_container_url }}" + Sync: false + AutoJoinRooms: false + DisplayName: "Go-NEB!" + AcceptVerificationFromUsers: ["^@admin:localhost:8008$"] + +# Optional, for use with the github_cmd, github_webhooks or jira services +matrix_bot_go_neb_realms: + - ID: "github_realm" + Type: "github" + Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs + +# Optional. The list of *authenticated* sessions which Go-NEB is aware of. +matrix_bot_go_neb_sessions: + - SessionID: "your_github_session" + RealmID: "github_realm" + UserID: "@YOUR_USER_ID:localhost" # This needs to be the username of the person that's allowed to use the !github commands + Config: + # Populate these fields by generating a "Personal Access Token" on github.com + AccessToken: "YOUR_GITHUB_ACCESS_TOKEN" + Scopes: "admin:org_hook,admin:repo_hook,repo,user" + +# The list of services which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureService for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest +# You need at least 1 service. +matrix_bot_go_neb_services: + - ID: "echo_service" + Type: "echo" + UserID: "@goneb:localhost" + Config: {} + +# Can be obtained from https://developers.giphy.com/dashboard/ + - ID: "giphy_service" + Type: "giphy" + UserID: "@goneb:localhost" # requires a Syncing client + Config: + api_key: "qwg4672vsuyfsfe" + use_downsized: false + +# This service has been dead for over a year :/ + - ID: "guggy_service" + Type: "guggy" + UserID: "@goneb:localhost" # requires a Syncing client + Config: + api_key: "2356saaqfhgfe" + +# API Key via https://developers.google.com/custom-search/v1/introduction +# CX via http://www.google.com/cse/manage/all +# https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python +# 'Search the entire web' and 'Image search' enabled for best results + - ID: "google_service" + Type: "google" + UserID: "@goneb:localhost" # requires a Syncing client + Config: + api_key: "AIzaSyA4FD39m9" + cx: "AIASDFWSRRtrtr" + +# Get a key via https://api.imgur.com/oauth2/addclient +# Select "oauth2 without callback url" and use the clientid as api_key value + - ID: "imgur_service" + Type: "imgur" + UserID: "@imgur:localhost" # requires a Syncing client + Config: + api_key: "AIzaSyA4FD39m9" + + - ID: "wikipedia_service" + Type: "wikipedia" + UserID: "@goneb:localhost" # requires a Syncing client + Config: + + - ID: "rss_service" + Type: "rssbot" + UserID: "@another_goneb:localhost" + Config: + feeds: + "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60": + rooms: ["!qmElAGdFYCHoCJuaNt:localhost"] + must_include: + author: + - author1 + description: + - lorem + - ipsum + must_not_include: + title: + - Lorem + - Ipsum + + - ID: "github_cmd_service" + Type: "github" + UserID: "@goneb:localhost" # requires a Syncing client + Config: + RealmID: "github_realm" + + # Make sure your BASE_URL can be accessed by Github! + - ID: "github_webhook_service" + Type: "github-webhook" + UserID: "@another_goneb:localhost" + Config: + RealmID: "github_realm" + ClientUserID: "@YOUR_USER_ID:localhost" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. + Rooms: + "!someroom:id": + Repos: + "matrix-org/synapse": + Events: ["push", "issues"] + "matrix-org/dendron": + Events: ["pull_request"] + "!anotherroom:id": + Repos: + "matrix-org/synapse": + Events: ["push", "issues"] + "matrix-org/dendron": + Events: ["pull_request"] + + - ID: "slackapi_service" + Type: "slackapi" + UserID: "@slackapi:localhost" + Config: + Hooks: + "hook1": + RoomID: "!someroom:id" + MessageType: "m.text" # default is m.text + + - ID: "alertmanager_service" + Type: "alertmanager" + UserID: "@alertmanager:localhost" + Config: + # This is for information purposes only. It should point to Go-NEB path as follows: + # `/services/hooks/` + # Where in this case "service ID" is "alertmanager_service" + # Make sure your BASE_URL can be accessed by the Alertmanager instance! + webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U" + # Each room will get the notification with the alert rendered with the given template + rooms: + "!someroomid:domain.tld": + text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}" + html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}" + msg_type: "m.text" # Must be either `m.text` or `m.notice` +``` + + +## Installing + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To use the bot, invite it to any existing Matrix room (`/invite @whatever_you_chose:DOMAIN` where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain, make sure you have permission from the room owner if that's not you). + +Basic usage is like this: `!echo hi` or `!imgur puppies` or `!giphy matrix` + +If you enabled the github_cmd service you can get the supported commands via `!github help` + +You can also refer to the upstream [Documentation](https://github.com/matrix-org/go-neb). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 3cd906e8..88e16d2a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -729,6 +729,27 @@ matrix_bot_matrix_reminder_bot_database_password: "{{ matrix_synapse_macaroon_se ###################################################################### +###################################################################### +# +# matrix-bot-go-neb +# +###################################################################### + +# We don't enable bots by default. +matrix_bot_go_neb_enabled: false + +matrix_bot_go_neb_systemd_required_services_list: | + {{ + ['docker.service'] + }} + +###################################################################### +# +# /matrix-bot-go-neb +# +###################################################################### + + ###################################################################### # # matrix-corporal @@ -1053,6 +1074,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "{{ matrix_s matrix_nginx_proxy_proxy_matrix_enabled: true matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}" matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}" +matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" @@ -1123,6 +1145,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_dimension] if matrix_dimension_enabled else []) + + ([matrix_server_fqn_bot_go_neb] if matrix_bot_go_neb_enabled else []) + + ([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else []) + ([matrix_server_fqn_grafana] if matrix_grafana_enabled else []) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 39a8cffc..5f1cf433 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -18,6 +18,9 @@ matrix_server_fqn_element: "element.{{ matrix_domain }}" # This is where you access the Dimension. matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}" +# For use with Go-NEB! (github callback url for example) +matrix_server_fqn_bot_go_neb: "goneb.{{ matrix_domain }}" + # This is where you access Jitsi. matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}" diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml new file mode 100644 index 00000000..98478ce8 --- /dev/null +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -0,0 +1,225 @@ +# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. +# See: https://github.com/matrix-org/go-neb + +matrix_bot_go_neb_enabled: false +matrix_bot_go_neb_version: latest +matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}" +matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}" + +matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb" +matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config" +matrix_bot_go_neb_config_path_in_container: "/config/config.yaml" +matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data" +matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store" + +# A list of extra arguments to pass to the container +matrix_bot_go_neb_container_extra_arguments: [] + +# List of systemd services that matrix-bot-go-neb.service depends on +matrix_bot_go_neb_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-bot-go-neb.service wants +matrix_bot_go_neb_systemd_wanted_services_list: [] + +# Database-related configuration fields. +# +# MUST be "sqlite3". No other type is supported. +matrix_bot_go_neb_database_engine: 'sqlite3' + +matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db" +matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db" + +matrix_bot_go_neb_storage_database: "{{ + { + 'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'), + }[matrix_bot_go_neb_database_engine] +}}" + +# The bot's username(s). These users need to be created manually beforehand. +# The access tokens that the bot uses to authenticate. +# Generate one as described in +# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token +# via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start) +matrix_bot_go_neb_clients: {} +# - UserID: "@goneb:localhost" +# AccessToken: "MDASDASJDIASDJASDAFGFRGER" +# DeviceID: "DEVICE1" +# HomeserverURL: "http://localhost:8008" +# Sync: true +# AutoJoinRooms: true +# DisplayName: "Go-NEB!" +# AcceptVerificationFromUsers: [":localhost:8008"] +# +# - UserID: "@another_goneb:localhost" +# AccessToken: "MDASDASJDIASDJASDAFGFRGER" +# DeviceID: "DEVICE2" +# HomeserverURL: "http://localhost:8008" +# Sync: false +# AutoJoinRooms: false +# DisplayName: "Go-NEB!" +# AcceptVerificationFromUsers: ["^@admin:localhost:8008$"] + +# The list of realms which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureAuthRealm for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest +matrix_bot_go_neb_realms: {} +# - ID: "github_realm" +# Type: "github" +# Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs + +# The list of *authenticated* sessions which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# The full list of options are shown below: there is no single HTTP endpoint +# which maps to this section. +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session +matrix_bot_go_neb_sessions: {} +# - SessionID: "your_github_session" +# RealmID: "github_realm" +# UserID: "@YOUR_USER_ID:localhost" # This needs to be the username of the person that's allowed to use the !github commands +# Config: +# # Populate these fields by generating a "Personal Access Token" on github.com +# AccessToken: "YOUR_GITHUB_ACCESS_TOKEN" +# Scopes: "admin:org_hook,admin:repo_hook,repo,user" + +# The list of services which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureService for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest +matrix_bot_go_neb_services: {} +# - ID: "echo_service" +# Type: "echo" +# UserID: "@goneb:localhost" +# Config: {} + +## Can be obtained from https://developers.giphy.com/dashboard/ +# - ID: "giphy_service" +# Type: "giphy" +# UserID: "@goneb:localhost" # requires a Syncing client +# Config: +# api_key: "qwg4672vsuyfsfe" +# use_downsized: false +# +## This service has been dead for over a year :/ +# - ID: "guggy_service" +# Type: "guggy" +# UserID: "@goneb:localhost" # requires a Syncing client +# Config: +# api_key: "2356saaqfhgfe" +# +## API Key via https://developers.google.com/custom-search/v1/introduction +## CX via http://www.google.com/cse/manage/all +## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python +## 'Search the entire web' and 'Image search' enabled for best results +# - ID: "google_service" +# Type: "google" +# UserID: "@goneb:localhost" # requires a Syncing client +# Config: +# api_key: "AIzaSyA4FD39m9" +# cx: "AIASDFWSRRtrtr" +# +## Get a key via https://api.imgur.com/oauth2/addclient +## Select "oauth2 without callback url" and use the clientid as api_key value +# - ID: "imgur_service" +# Type: "imgur" +# UserID: "@imgur:localhost" # requires a Syncing client +# Config: +# api_key: "AIzaSyA4FD39m9" +# +# - ID: "wikipedia_service" +# Type: "wikipedia" +# UserID: "@goneb:localhost" # requires a Syncing client +# Config: +# +# - ID: "rss_service" +# Type: "rssbot" +# UserID: "@another_goneb:localhost" +# Config: +# feeds: +# "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60": +# rooms: ["!qmElAGdFYCHoCJuaNt:localhost"] +# must_include: +# author: +# - author1 +# description: +# - lorem +# - ipsum +# must_not_include: +# title: +# - Lorem +# - Ipsum +# +# - ID: "github_cmd_service" +# Type: "github" +# UserID: "@goneb:localhost" # requires a Syncing client +# Config: +# RealmID: "github_realm" +# +# # Make sure your BASE_URL can be accessed by Github! +# - ID: "github_webhook_service" +# Type: "github-webhook" +# UserID: "@another_goneb:localhost" +# Config: +# RealmID: "github_realm" +# ClientUserID: "@YOUR_USER_ID:localhost" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. +# Rooms: +# "!someroom:id": +# Repos: +# "matrix-org/synapse": +# Events: ["push", "issues"] +# "matrix-org/dendron": +# Events: ["pull_request"] +# "!anotherroom:id": +# Repos: +# "matrix-org/synapse": +# Events: ["push", "issues"] +# "matrix-org/dendron": +# Events: ["pull_request"] +# +# - ID: "slackapi_service" +# Type: "slackapi" +# UserID: "@slackapi:localhost" +# Config: +# Hooks: +# "hook1": +# RoomID: "!someroom:id" +# MessageType: "m.text" # default is m.text +# +# - ID: "alertmanager_service" +# Type: "alertmanager" +# UserID: "@alertmanager:localhost" +# Config: +# # This is for information purposes only. It should point to Go-NEB path as follows: +# # `/services/hooks/` +# # Where in this case "service ID" is "alertmanager_service" +# # Make sure your BASE_URL can be accessed by the Alertmanager instance! +# webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U" +# # Each room will get the notification with the alert rendered with the given template +# rooms: +# "!someroomid:domain.tld": +# text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}" +# html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} [FIRING - CRITICAL] {{ else if eq $severity \"warning\"}} [FIRING - WARNING] {{ else }} [FIRING - {{ $severity }}] {{ end }} {{ else }} [RESOLVED] {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} source
{{end -}}" +# msg_type: "m.text" # Must be either `m.text` or `m.notice` + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_bot_go_neb_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_bot_go_neb_configuration_yaml`. + +matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. +matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" + diff --git a/roles/matrix-bot-go-neb/tasks/init.yml b/roles/matrix-bot-go-neb/tasks/init.yml new file mode 100644 index 00000000..169f5978 --- /dev/null +++ b/roles/matrix-bot-go-neb/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" + when: matrix_bot_go_neb_enabled|bool diff --git a/roles/matrix-bot-go-neb/tasks/main.yml b/roles/matrix-bot-go-neb/tasks/main.yml new file mode 100644 index 00000000..1a4fe70a --- /dev/null +++ b/roles/matrix-bot-go-neb/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" + tags: + - setup-all + - setup-bot-go-neb + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_bot_go_neb_enabled|bool" + tags: + - setup-all + - setup-bot-go-neb + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool" + tags: + - setup-all + - setup-bot-go-neb diff --git a/roles/matrix-bot-go-neb/tasks/setup_install.yml b/roles/matrix-bot-go-neb/tasks/setup_install.yml new file mode 100644 index 00000000..e26be080 --- /dev/null +++ b/roles/matrix-bot-go-neb/tasks/setup_install.yml @@ -0,0 +1,50 @@ +--- + +- set_fact: + matrix_bot_go_neb_requires_restart: false + +- name: Ensure go-neb paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - { path: "{{ matrix_bot_go_neb_config_path }}", when: true } + - { path: "{{ matrix_bot_go_neb_data_path }}", when: true } + - { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } + when: "item.when|bool" + +- name: Ensure go-neb image is pulled + docker_image: + name: "{{ matrix_bot_go_neb_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}" + +- name: Ensure go-neb config installed + copy: + content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}" + dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-bot-go-neb.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + mode: 0644 + register: matrix_bot_go_neb_systemd_service_result + +- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation + service: + daemon_reload: yes + when: "matrix_bot_go_neb_systemd_service_result.changed|bool" + +- name: Ensure matrix-bot-go-neb.service restarted, if necessary + service: + name: "matrix-bot-go-neb.service" + state: restarted + when: "matrix_bot_go_neb_requires_restart|bool" diff --git a/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml new file mode 100644 index 00000000..49ad1fe7 --- /dev/null +++ b/roles/matrix-bot-go-neb/tasks/setup_uninstall.yml @@ -0,0 +1,35 @@ +--- + +- name: Check existence of matrix-go-neb service + stat: + path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + register: matrix_bot_go_neb_service_stat + +- name: Ensure matrix-go-neb is stopped + service: + name: matrix-bot-go-neb + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + +- name: Ensure matrix-bot-go-neb.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service" + state: absent + when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + +- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal + service: + daemon_reload: yes + when: "matrix_bot_go_neb_service_stat.stat.exists|bool" + +- name: Ensure Matrix go-neb paths don't exist + file: + path: "{{ matrix_bot_go_neb_base_path }}" + state: absent + +- name: Ensure go-neb Docker image doesn't exist + docker_image: + name: "{{ matrix_bot_go_neb_docker_image }}" + state: absent diff --git a/roles/matrix-bot-go-neb/tasks/validate_config.yml b/roles/matrix-bot-go-neb/tasks/validate_config.yml new file mode 100644 index 00000000..7b292250 --- /dev/null +++ b/roles/matrix-bot-go-neb/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- + +- name: Fail if there's not at least 1 client + fail: + msg: >- + You need at least 1 client in the matrix_bot_go_neb_clients block. + when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined + +- name: Fail if there's not at least 1 service + fail: + msg: >- + You need at least 1 service in the matrix_bot_go_neb_services block. + when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined diff --git a/roles/matrix-bot-go-neb/templates/config.yaml.j2 b/roles/matrix-bot-go-neb/templates/config.yaml.j2 new file mode 100644 index 00000000..4dfa18ca --- /dev/null +++ b/roles/matrix-bot-go-neb/templates/config.yaml.j2 @@ -0,0 +1,44 @@ +# Go-NEB Configuration File +# +# This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs. +# +# This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`. +# It will force Go-NEB to operate in "config" mode. This means: +# - Go-NEB will ONLY use the data contained inside this file. +# - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime. +# - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead. +# +# This file is broken down into 4 sections which matches the following HTTP APIs: +# - /configureClient +# - /configureAuthRealm +# - /configureService +# - /requestAuthSession (redirects not supported) + +# The list of clients which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureClient for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig +clients: + {{ matrix_bot_go_neb_clients }} + +# The list of realms which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureAuthRealm for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest +realms: + {{ matrix_bot_go_neb_realms }} + +# The list of *authenticated* sessions which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# The full list of options are shown below: there is no single HTTP endpoint +# which maps to this section. +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session +sessions: + {{ matrix_bot_go_neb_sessions }} + +# The list of services which Go-NEB is aware of. +# Delete or modify this list as appropriate. +# See the docs for /configureService for the full list of options: +# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest +services: + {{ matrix_bot_go_neb_services }} diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 new file mode 100644 index 00000000..4ae19d5b --- /dev/null +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -0,0 +1,46 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix reminder bot +{% for service in matrix_bot_go_neb_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_bot_go_neb_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + -e 'BIND_ADDRESS=:4050' \ + -e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \ + -e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \ + -e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \ + -e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \ + --mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \ + --entrypoint=/bin/sh \ + {% for arg in matrix_bot_go_neb_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_bot_go_neb_docker_image }} \ + -c "go-neb /config/config.yaml" + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-bot-go-neb + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3234a44c..3178fece 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -120,6 +120,10 @@ matrix_nginx_proxy_proxy_matrix_federation_port: 8448 matrix_nginx_proxy_proxy_dimension_enabled: false matrix_nginx_proxy_proxy_dimension_hostname: "{{ matrix_server_fqn_dimension }}" +# Controls whether proxying the goneb domain should be done. +matrix_nginx_proxy_proxy_bot_go_neb_enabled: false +matrix_nginx_proxy_proxy_bot_go_neb_hostname: "{{ matrix_server_fqn_bot_go_neb }}" + # Controls whether proxying the jitsi domain should be done. matrix_nginx_proxy_proxy_jitsi_enabled: false matrix_nginx_proxy_proxy_jitsi_hostname: "{{ matrix_server_fqn_jitsi }}" @@ -236,6 +240,9 @@ matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Dimension's server configuration (matrix-dimension.conf). matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to GoNEB's server configuration (matrix-bot-go-neb.conf). +matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to Jitsi's server configuration (matrix-jitsi.conf). matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 233fe4a9..c7e15c95 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -79,6 +79,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_dimension_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for goneb domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for jitsi domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2" @@ -196,6 +203,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for goneb domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 new file mode 100644 index 00000000..3c3231f4 --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2 @@ -0,0 +1,77 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Content-Type-Options nosniff; +{% for configuration_block in matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-bot-go-neb:4050"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:4050; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + server_name {{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_bot_go_neb_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index d9f25ecf..0414b1cc 100755 --- a/setup.yml +++ b/setup.yml @@ -32,6 +32,7 @@ - matrix-bridge-mx-puppet-instagram - matrix-bridge-sms - matrix-bot-matrix-reminder-bot + - matrix-bot-go-neb - matrix-synapse - matrix-synapse-admin - matrix-prometheus-node-exporter From 7d1d3b47bc1135311f253106b3dc73b6e53e64e7 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 10:31:08 +0100 Subject: [PATCH 13/30] Fix the description on the service file --- .../templates/systemd/matrix-bot-go-neb.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 4ae19d5b..27cfcdcc 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -1,6 +1,6 @@ #jinja2: lstrip_blocks: "True" [Unit] -Description=Matrix reminder bot +Description=Matrix Go-NEB bot {% for service in matrix_bot_go_neb_systemd_required_services_list %} Requires={{ service }} After={{ service }} From ce14e3e8af7fbd884c4b7ab1b40b7e662a31548d Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 11:03:13 +0100 Subject: [PATCH 14/30] Enable the bot in the role and disable it in the group_vars --- roles/matrix-bot-go-neb/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index 98478ce8..a448c2c5 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -1,7 +1,7 @@ # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. # See: https://github.com/matrix-org/go-neb -matrix_bot_go_neb_enabled: false +matrix_bot_go_neb_enabled: true matrix_bot_go_neb_version: latest matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}" matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}" From 20c6bd686e5200d5a6b42b6d24b7edde385861e3 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 11:10:00 +0100 Subject: [PATCH 15/30] Added the matrix_bot_go_neb_container_http_host_bind_port variable to allow the container to expose its listen port --- group_vars/matrix_servers | 2 ++ roles/matrix-bot-go-neb/defaults/main.yml | 5 +++++ .../templates/systemd/matrix-bot-go-neb.service.j2 | 3 +++ 3 files changed, 10 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 88e16d2a..a40c83ad 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -743,6 +743,8 @@ matrix_bot_go_neb_systemd_required_services_list: | ['docker.service'] }} +matrix_bot_go_neb_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:4050' }}" + ###################################################################### # # /matrix-bot-go-neb diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index a448c2c5..0a934811 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -12,6 +12,11 @@ matrix_bot_go_neb_config_path_in_container: "/config/config.yaml" matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data" matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store" +# Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:4050"), or empty string to not expose. +matrix_bot_go_neb_container_http_host_bind_port: '' + # A list of extra arguments to pass to the container matrix_bot_go_neb_container_extra_arguments: [] diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index 27cfcdcc..cb529848 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -22,6 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ --cap-drop=ALL \ --read-only \ --network={{ matrix_docker_network }} \ + {% if matrix_bot_go_neb_container_http_host_bind_port %} + -p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \ + {% endif %} -e 'BIND_ADDRESS=:4050' \ -e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \ -e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \ From aaf93cb9fdacb138e1c02d5df31697651f1225d3 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 11:11:10 +0100 Subject: [PATCH 16/30] Fix indentation spaces to tabs --- .../templates/systemd/matrix-bot-go-neb.service.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 index cb529848..eabf1137 100644 --- a/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 +++ b/roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2 @@ -22,9 +22,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \ --cap-drop=ALL \ --read-only \ --network={{ matrix_docker_network }} \ - {% if matrix_bot_go_neb_container_http_host_bind_port %} - -p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \ - {% endif %} + {% if matrix_bot_go_neb_container_http_host_bind_port %} + -p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \ + {% endif %} -e 'BIND_ADDRESS=:4050' \ -e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \ -e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \ From 49028f1b0588bf5aefdd2985e5749958b043b4b7 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 14:55:57 +0100 Subject: [PATCH 17/30] Added |to_json to the config.yaml template --- roles/matrix-bot-go-neb/templates/config.yaml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bot-go-neb/templates/config.yaml.j2 b/roles/matrix-bot-go-neb/templates/config.yaml.j2 index 4dfa18ca..c72dbf8d 100644 --- a/roles/matrix-bot-go-neb/templates/config.yaml.j2 +++ b/roles/matrix-bot-go-neb/templates/config.yaml.j2 @@ -19,14 +19,14 @@ # See the docs for /configureClient for the full list of options: # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig clients: - {{ matrix_bot_go_neb_clients }} + {{ matrix_bot_go_neb_clients|to_json }} # The list of realms which Go-NEB is aware of. # Delete or modify this list as appropriate. # See the docs for /configureAuthRealm for the full list of options: # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest realms: - {{ matrix_bot_go_neb_realms }} + {{ matrix_bot_go_neb_realms|to_json }} # The list of *authenticated* sessions which Go-NEB is aware of. # Delete or modify this list as appropriate. @@ -34,11 +34,11 @@ realms: # which maps to this section. # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session sessions: - {{ matrix_bot_go_neb_sessions }} + {{ matrix_bot_go_neb_sessions|to_json }} # The list of services which Go-NEB is aware of. # Delete or modify this list as appropriate. # See the docs for /configureService for the full list of options: # https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest services: - {{ matrix_bot_go_neb_services }} + {{ matrix_bot_go_neb_services|to_json }} From 9689948e7340f1f33f45a4d5bd727191c6fc8839 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 14:59:42 +0100 Subject: [PATCH 18/30] Use the matrix_domain var for the AcceptVerificationFromUsers field --- roles/matrix-bot-go-neb/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index 0a934811..1dbfab7b 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -53,7 +53,7 @@ matrix_bot_go_neb_clients: {} # Sync: true # AutoJoinRooms: true # DisplayName: "Go-NEB!" -# AcceptVerificationFromUsers: [":localhost:8008"] +# AcceptVerificationFromUsers: [":{{ matrix_domain }}"] # # - UserID: "@another_goneb:localhost" # AccessToken: "MDASDASJDIASDJASDAFGFRGER" @@ -62,7 +62,7 @@ matrix_bot_go_neb_clients: {} # Sync: false # AutoJoinRooms: false # DisplayName: "Go-NEB!" -# AcceptVerificationFromUsers: ["^@admin:localhost:8008$"] +# AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"] # The list of realms which Go-NEB is aware of. # Delete or modify this list as appropriate. From a640d8f9a6f2a862e42a5653d6c64a3ca6348989 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 15:36:13 +0100 Subject: [PATCH 19/30] Remove hard coded references to homeserver and matrix domain --- roles/matrix-bot-go-neb/defaults/main.yml | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index 1dbfab7b..516ab83e 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -46,19 +46,19 @@ matrix_bot_go_neb_storage_database: "{{ # https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token # via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start) matrix_bot_go_neb_clients: {} -# - UserID: "@goneb:localhost" +# - UserID: "@goneb:{{ matrix_domain }}" # AccessToken: "MDASDASJDIASDJASDAFGFRGER" # DeviceID: "DEVICE1" -# HomeserverURL: "http://localhost:8008" +# HomeserverURL: "{{ matrix_homeserver_container_url }}" # Sync: true # AutoJoinRooms: true # DisplayName: "Go-NEB!" # AcceptVerificationFromUsers: [":{{ matrix_domain }}"] # -# - UserID: "@another_goneb:localhost" +# - UserID: "@another_goneb:{{ matrix_domain }}" # AccessToken: "MDASDASJDIASDJASDAFGFRGER" # DeviceID: "DEVICE2" -# HomeserverURL: "http://localhost:8008" +# HomeserverURL: "{{ matrix_homeserver_container_url }}" # Sync: false # AutoJoinRooms: false # DisplayName: "Go-NEB!" @@ -81,7 +81,7 @@ matrix_bot_go_neb_realms: {} matrix_bot_go_neb_sessions: {} # - SessionID: "your_github_session" # RealmID: "github_realm" -# UserID: "@YOUR_USER_ID:localhost" # This needs to be the username of the person that's allowed to use the !github commands +# UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands # Config: # # Populate these fields by generating a "Personal Access Token" on github.com # AccessToken: "YOUR_GITHUB_ACCESS_TOKEN" @@ -94,13 +94,13 @@ matrix_bot_go_neb_sessions: {} matrix_bot_go_neb_services: {} # - ID: "echo_service" # Type: "echo" -# UserID: "@goneb:localhost" +# UserID: "@goneb:{{ matrix_domain }}" # Config: {} ## Can be obtained from https://developers.giphy.com/dashboard/ # - ID: "giphy_service" # Type: "giphy" -# UserID: "@goneb:localhost" # requires a Syncing client +# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client # Config: # api_key: "qwg4672vsuyfsfe" # use_downsized: false @@ -108,7 +108,7 @@ matrix_bot_go_neb_services: {} ## This service has been dead for over a year :/ # - ID: "guggy_service" # Type: "guggy" -# UserID: "@goneb:localhost" # requires a Syncing client +# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client # Config: # api_key: "2356saaqfhgfe" # @@ -118,7 +118,7 @@ matrix_bot_go_neb_services: {} ## 'Search the entire web' and 'Image search' enabled for best results # - ID: "google_service" # Type: "google" -# UserID: "@goneb:localhost" # requires a Syncing client +# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client # Config: # api_key: "AIzaSyA4FD39m9" # cx: "AIASDFWSRRtrtr" @@ -127,18 +127,18 @@ matrix_bot_go_neb_services: {} ## Select "oauth2 without callback url" and use the clientid as api_key value # - ID: "imgur_service" # Type: "imgur" -# UserID: "@imgur:localhost" # requires a Syncing client +# UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client # Config: # api_key: "AIzaSyA4FD39m9" # # - ID: "wikipedia_service" # Type: "wikipedia" -# UserID: "@goneb:localhost" # requires a Syncing client +# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client # Config: # # - ID: "rss_service" # Type: "rssbot" -# UserID: "@another_goneb:localhost" +# UserID: "@another_goneb:{{ matrix_domain }}" # Config: # feeds: # "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60": @@ -156,17 +156,17 @@ matrix_bot_go_neb_services: {} # # - ID: "github_cmd_service" # Type: "github" -# UserID: "@goneb:localhost" # requires a Syncing client +# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client # Config: # RealmID: "github_realm" # # # Make sure your BASE_URL can be accessed by Github! # - ID: "github_webhook_service" # Type: "github-webhook" -# UserID: "@another_goneb:localhost" +# UserID: "@another_goneb:{{ matrix_domain }}" # Config: # RealmID: "github_realm" -# ClientUserID: "@YOUR_USER_ID:localhost" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. +# ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. # Rooms: # "!someroom:id": # Repos: @@ -183,7 +183,7 @@ matrix_bot_go_neb_services: {} # # - ID: "slackapi_service" # Type: "slackapi" -# UserID: "@slackapi:localhost" +# UserID: "@slackapi:{{ matrix_domain }}" # Config: # Hooks: # "hook1": @@ -192,7 +192,7 @@ matrix_bot_go_neb_services: {} # # - ID: "alertmanager_service" # Type: "alertmanager" -# UserID: "@alertmanager:localhost" +# UserID: "@alertmanager:{{ matrix_domain }}" # Config: # # This is for information purposes only. It should point to Go-NEB path as follows: # # `/services/hooks/` From 86cf5d8c74a246613b256f564cb452dc63c784c2 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 15:57:23 +0100 Subject: [PATCH 20/30] api_key doesn't seem to work for the imgur service, using client_id works --- roles/matrix-bot-go-neb/defaults/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bot-go-neb/defaults/main.yml b/roles/matrix-bot-go-neb/defaults/main.yml index 516ab83e..758f9f01 100644 --- a/roles/matrix-bot-go-neb/defaults/main.yml +++ b/roles/matrix-bot-go-neb/defaults/main.yml @@ -124,12 +124,13 @@ matrix_bot_go_neb_services: {} # cx: "AIASDFWSRRtrtr" # ## Get a key via https://api.imgur.com/oauth2/addclient -## Select "oauth2 without callback url" and use the clientid as api_key value +## Select "oauth2 without callback url" # - ID: "imgur_service" # Type: "imgur" # UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client # Config: -# api_key: "AIzaSyA4FD39m9" +# client_id: "AIzaSyA4FD39m9" +# client_secret: "somesecret" # # - ID: "wikipedia_service" # Type: "wikipedia" From 7d6bf446a33377c2c1badef31cc797794096ef63 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Fri, 12 Mar 2021 16:57:49 +0100 Subject: [PATCH 21/30] Added a link to the doc in the README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 463a1504..dde8d924 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation +- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation + - (optional) [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin), a web UI tool for administrating users and rooms on your Matrix server - see [docs/configuring-playbook-synapse-admin.md](docs/configuring-playbook-synapse-admin.md) for setup documentation - (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation From 52fe8a05b022592bc062984939be60567d5878c2 Mon Sep 17 00:00:00 2001 From: Pablo Montepagano Date: Sun, 14 Mar 2021 00:39:44 -0300 Subject: [PATCH 22/30] Adding vars to synapse for private servers. --- roles/matrix-synapse/defaults/main.yml | 20 +++++++++++++++++++ .../templates/synapse/homeserver.yaml.j2 | 6 +++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 9c8bfc69..d9139da1 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -181,6 +181,26 @@ matrix_synapse_allow_public_rooms_without_auth: false # For private servers, you most likely wish to forbid it. matrix_synapse_allow_public_rooms_over_federation: false +# Whether to require authentication to retrieve profile data (avatars, +# display names) of other users through the client API. Defaults to +# 'false'. Note that profile data is also available via the federation +# API, so this setting is of limited value if federation is enabled on +# the server. +matrix_synapse_require_auth_for_profile_requests: false + +# Set to true to require a user to share a room with another user in order +# to retrieve their profile information. Only checked on Client-Server +# requests. Profile requests from other servers should be checked by the +# requesting server. Defaults to 'false'. +matrix_synapse_limit_profile_requests_to_users_who_share_rooms: false + +# Set to false to prevent a user's profile data from being retrieved and +# displayed in a room until they have joined it. By default, a user's +# profile data is included in an invite event, regardless of the values +# of the above two settings, and whether or not the users share a server. +# Defaults to 'true'. +matrix_synapse_include_profile_data_on_invite: true + # Controls whether people with access to the homeserver can register by themselves. matrix_synapse_enable_registration: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e03b3065..63e497d0 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -68,14 +68,14 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} # API, so this setting is of limited value if federation is enabled on # the server. # -#require_auth_for_profile_requests: true +require_auth_for_profile_requests: {{ matrix_synapse_require_auth_for_profile_requests|to_json }} # Uncomment to require a user to share a room with another user in order # to retrieve their profile information. Only checked on Client-Server # requests. Profile requests from other servers should be checked by the # requesting server. Defaults to 'false'. # -#limit_profile_requests_to_users_who_share_rooms: true +limit_profile_requests_to_users_who_share_rooms: {{ matrix_synapse_limit_profile_requests_to_users_who_share_rooms|to_json }} # Uncomment to prevent a user's profile data from being retrieved and # displayed in a room until they have joined it. By default, a user's @@ -83,7 +83,7 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} # of the above two settings, and whether or not the users share a server. # Defaults to 'true'. # -#include_profile_data_on_invite: false +include_profile_data_on_invite: {{ matrix_synapse_include_profile_data_on_invite|to_json }} # If set to 'true', removes the need for authentication to access the server's # public rooms directory through the client API, meaning that anyone can From bfe0ca6cf816191ff7e80a445288834215f0f8b5 Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Mon, 15 Mar 2021 13:04:31 +0100 Subject: [PATCH 23/30] Update docs, remove hard coded matrix_domain --- docs/configuring-playbook-bot-go-neb.md | 41 +++++++++++++------------ 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index d91dafa6..478a9b4d 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -42,23 +42,23 @@ matrix_bot_go_neb_enabled: true # You need at least 1 client. matrix_bot_go_neb_clients: - - UserID: "@goneb:localhost" + - UserID: "@goneb:{{ matrix_domain }}" AccessToken: "MDASDASJDIASDJASDAFGFRGER" DeviceID: "DEVICE1" HomeserverURL: "{{ matrix_homeserver_container_url }}" Sync: true AutoJoinRooms: true DisplayName: "Go-NEB!" - AcceptVerificationFromUsers: [":localhost:8008"] + AcceptVerificationFromUsers: [":{{ matrix_domain }}"] - - UserID: "@another_goneb:localhost" + - UserID: "@another_goneb:{{ matrix_domain }}" AccessToken: "MDASDASJDIASDJASDAFGFRGER" DeviceID: "DEVICE2" HomeserverURL: "{{ matrix_homeserver_container_url }}" Sync: false AutoJoinRooms: false DisplayName: "Go-NEB!" - AcceptVerificationFromUsers: ["^@admin:localhost:8008$"] + AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"] # Optional, for use with the github_cmd, github_webhooks or jira services matrix_bot_go_neb_realms: @@ -70,7 +70,7 @@ matrix_bot_go_neb_realms: matrix_bot_go_neb_sessions: - SessionID: "your_github_session" RealmID: "github_realm" - UserID: "@YOUR_USER_ID:localhost" # This needs to be the username of the person that's allowed to use the !github commands + UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands Config: # Populate these fields by generating a "Personal Access Token" on github.com AccessToken: "YOUR_GITHUB_ACCESS_TOKEN" @@ -84,13 +84,13 @@ matrix_bot_go_neb_sessions: matrix_bot_go_neb_services: - ID: "echo_service" Type: "echo" - UserID: "@goneb:localhost" + UserID: "@goneb:{{ matrix_domain }}" Config: {} # Can be obtained from https://developers.giphy.com/dashboard/ - ID: "giphy_service" Type: "giphy" - UserID: "@goneb:localhost" # requires a Syncing client + UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client Config: api_key: "qwg4672vsuyfsfe" use_downsized: false @@ -98,7 +98,7 @@ matrix_bot_go_neb_services: # This service has been dead for over a year :/ - ID: "guggy_service" Type: "guggy" - UserID: "@goneb:localhost" # requires a Syncing client + UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client Config: api_key: "2356saaqfhgfe" @@ -108,31 +108,32 @@ matrix_bot_go_neb_services: # 'Search the entire web' and 'Image search' enabled for best results - ID: "google_service" Type: "google" - UserID: "@goneb:localhost" # requires a Syncing client + UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client Config: api_key: "AIzaSyA4FD39m9" cx: "AIASDFWSRRtrtr" # Get a key via https://api.imgur.com/oauth2/addclient -# Select "oauth2 without callback url" and use the clientid as api_key value +# Select "oauth2 without callback url" - ID: "imgur_service" Type: "imgur" - UserID: "@imgur:localhost" # requires a Syncing client + UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client Config: - api_key: "AIzaSyA4FD39m9" + client_id: "AIzaSyA4FD39m9" + client_secret: "AIzaSyA4FD39m9" - ID: "wikipedia_service" Type: "wikipedia" - UserID: "@goneb:localhost" # requires a Syncing client + UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client Config: - ID: "rss_service" Type: "rssbot" - UserID: "@another_goneb:localhost" + UserID: "@another_goneb:{{ matrix_domain }}" Config: feeds: "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60": - rooms: ["!qmElAGdFYCHoCJuaNt:localhost"] + rooms: ["!qmElAGdFYCHoCJuaNt:{{ matrix_domain }}"] must_include: author: - author1 @@ -146,17 +147,17 @@ matrix_bot_go_neb_services: - ID: "github_cmd_service" Type: "github" - UserID: "@goneb:localhost" # requires a Syncing client + UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client Config: RealmID: "github_realm" # Make sure your BASE_URL can be accessed by Github! - ID: "github_webhook_service" Type: "github-webhook" - UserID: "@another_goneb:localhost" + UserID: "@another_goneb:{{ matrix_domain }}" Config: RealmID: "github_realm" - ClientUserID: "@YOUR_USER_ID:localhost" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. + ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions. Rooms: "!someroom:id": Repos: @@ -173,7 +174,7 @@ matrix_bot_go_neb_services: - ID: "slackapi_service" Type: "slackapi" - UserID: "@slackapi:localhost" + UserID: "@slackapi:{{ matrix_domain }}" Config: Hooks: "hook1": @@ -182,7 +183,7 @@ matrix_bot_go_neb_services: - ID: "alertmanager_service" Type: "alertmanager" - UserID: "@alertmanager:localhost" + UserID: "@alertmanager:{{ matrix_domain }}" Config: # This is for information purposes only. It should point to Go-NEB path as follows: # `/services/hooks/` From 9f95cef49499e333c961905f7c936f971ae65a6e Mon Sep 17 00:00:00 2001 From: Yannick Goossens Date: Mon, 15 Mar 2021 13:08:59 +0100 Subject: [PATCH 24/30] Change value of client_secret to avoid confusion --- docs/configuring-playbook-bot-go-neb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index 478a9b4d..56bc4e89 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -120,7 +120,7 @@ matrix_bot_go_neb_services: UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client Config: client_id: "AIzaSyA4FD39m9" - client_secret: "AIzaSyA4FD39m9" + client_secret: "somesecret" - ID: "wikipedia_service" Type: "wikipedia" From 28c255539c1d51cc236e256cbf64b78538925e5b Mon Sep 17 00:00:00 2001 From: Alexandros Afentoulis Date: Mon, 15 Mar 2021 11:22:37 +0200 Subject: [PATCH 25/30] matrix-nginx-proxy: specify Origin header, comply with CORS Self-checks against the .well-known URIs look for the HTTP header "Access-Control-Allow-Origin" indicating that the remode endpoint supports CORS. But the remote server is not required to include said header in the response if the HTTP request does not include the "Origin" header. This is in accordance with the specification [1] stating: 'A CORS request is an HTTP request that includes an "Origin" header.' This is in fact true for Gitlab pages hosting and that's why the issue was identified. Let's specify "Origin" header in the respective uri tasks performing the HTTP request and ensure a CORS request. [1] https://fetch.spec.whatwg.org/#http-requests --- roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml index 2cf1ef06..6f831a29 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml @@ -12,6 +12,8 @@ follow_redirects: none return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + headers: + Origin: example.com check_mode: no register: result_well_known_matrix ignore_errors: true @@ -40,6 +42,8 @@ follow_redirects: "{{ well_known_file_check.follow_redirects }}" return_content: true validate_certs: "{{ well_known_file_check.validate_certs }}" + headers: + Origin: example.com check_mode: no register: result_well_known_identity ignore_errors: true From 15fc7ac007669defa113635147d36b5bc043162b Mon Sep 17 00:00:00 2001 From: rakshazi Date: Mon, 15 Mar 2021 17:55:27 +0200 Subject: [PATCH 26/30] Updated Element 1.22 -> 1.23 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 634c0894..1b45306e 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -3,7 +3,7 @@ matrix_client_element_enabled: true matrix_client_element_container_image_self_build: false matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" -matrix_client_element_version: v1.7.22 +matrix_client_element_version: v1.7.23 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 38b3fbd6f9ae84d6edc7d8ebec144453775aca0b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Mar 2021 07:49:43 +0200 Subject: [PATCH 27/30] Mention DNS setup This may be especially helpful to existing playbook users who happen to find themselves installing Go-NEB later on. --- docs/configuring-playbook-bot-go-neb.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index 56bc4e89..db682bd2 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -201,6 +201,8 @@ matrix_bot_go_neb_services: ## Installing +Don't forget to add `goneb.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + After configuring the playbook, run the [installation](installing.md) command again: ``` From 6cbfee539cda91528b67147db69933b6a9cbf5d3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Mar 2021 07:54:26 +0200 Subject: [PATCH 28/30] Announce Go-NEB support --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook.md | 2 ++ docs/container-images.md | 2 ++ 3 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 329b2ea8..aeff7b0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2021-03-16 + +## Go-NEB support + +Thanks to [Zir0h](https://github.com/Zir0h), the playbook can now install and configure the [Go-NEB](https://github.com/matrix-org/go-neb) bot. + +Additional details are available in [Setting up Go-NEB](docs/configuring-playbook-bot-go-neb.md). + + # 2021-02-19 ## GroupMe bridging support via mx-puppet-groupme diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 1c836786..a25f8585 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -130,3 +130,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bots - [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) (optional) + +- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index a5e304f4..5bccc2d4 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -88,6 +88,8 @@ These services are not part of our default installation, but can be enabled by [ - [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional) +- [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional) + - [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional) - [prom/prometheus](https://hub.docker.com/r/prom/prometheus/) - [Prometheus](https://github.com/prometheus/prometheus/) is a systems and service monitoring system From b46ef46663041ee65f380a926f3b6d519c06c901 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Mar 2021 08:02:20 +0200 Subject: [PATCH 29/30] Do not mention login before registration --- docs/configuring-playbook-bot-go-neb.md | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bot-go-neb.md b/docs/configuring-playbook-bot-go-neb.md index db682bd2..ab84e017 100644 --- a/docs/configuring-playbook-bot-go-neb.md +++ b/docs/configuring-playbook-bot-go-neb.md @@ -7,7 +7,7 @@ Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the ori See the project's [documentation](https://github.com/matrix-org/go-neb) to learn what it does and why it might be useful to you. -## Registering the bot users +## Registering the bot user The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver. @@ -15,7 +15,16 @@ You **need to register the bot user manually** before setting up the bot. Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. -If you use curl, you can immediatly copy/paste the access token into the configuration file. +You can use the playbook to [register a new user](registering-users.md): + +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user +``` + + +## Getting an access token + +If you use curl, you can get an access token like this: ``` curl -X POST --header 'Content-Type: application/json' -d '{ @@ -25,13 +34,8 @@ curl -X POST --header 'Content-Type: application/json' -d '{ }' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login' ``` -You can use also use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user -``` +Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start). -And then log in via element, but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start) ## Adjusting the playbook configuration @@ -41,6 +45,7 @@ Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars. matrix_bot_go_neb_enabled: true # You need at least 1 client. +# Use the access token you obtained in the step above. matrix_bot_go_neb_clients: - UserID: "@goneb:{{ matrix_domain }}" AccessToken: "MDASDASJDIASDJASDAFGFRGER" From c890e351fcce6b389f80ab501a82ef9c25f0aec3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 16 Mar 2021 09:56:29 +0200 Subject: [PATCH 30/30] Remove some whitespace --- roles/matrix-awx/tasks/backup_server.yml | 5 ++--- roles/matrix-awx/tasks/create_user.yml | 6 +++--- .../tasks/customise_website_access_export.yml | 7 +++---- .../tasks/load_matrix_variables.yml | 1 - roles/matrix-awx/tasks/main.yml | 7 +++---- roles/matrix-awx/tasks/self_check.yml | 13 ++++++------- .../tasks/set_variables_corporal.yml | 19 +++++++++---------- .../tasks/set_variables_element.yml | 3 +-- .../matrix-awx/tasks/set_variables_jitsi.yml | 1 - .../matrix-awx/tasks/set_variables_ma1sd.yml | 7 +++---- .../tasks/set_variables_synapse.yml | 5 ++--- .../tasks/set_variables_synapse_admin.yml | 2 -- 12 files changed, 32 insertions(+), 44 deletions(-) diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml index 556c4497..2459fc8a 100644 --- a/roles/matrix-awx/tasks/backup_server.yml +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -33,7 +33,7 @@ curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' register: tower_token no_log: True - + - name: Recreate 'Backup Server' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -62,8 +62,7 @@ - name: Set boolean value to exit playbook set_fact: end_playbook: true - + - name: End playbook if this task list is called. meta: end_play when: end_playbook is defined and end_playbook|bool - diff --git a/roles/matrix-awx/tasks/create_user.yml b/roles/matrix-awx/tasks/create_user.yml index 0993d61f..13a30596 100755 --- a/roles/matrix-awx/tasks/create_user.yml +++ b/roles/matrix-awx/tasks/create_user.yml @@ -10,10 +10,10 @@ when: admin_access == 'false' - name: Examine if server admin set - set_fact: + set_fact: admin_bool: 1 when: admin_access == 'true' - + - name: Set boolean value to exit playbook set_fact: end_playbook: true @@ -25,7 +25,7 @@ - name: Result debug: msg="{{ cmd.stdout }}" - + - name: End playbook if this task list is called. meta: end_play when: end_playbook is defined and end_playbook|bool diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index 4b775105..40ae1bfd 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -21,7 +21,7 @@ with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' when: customise_base_domain_website|bool == true - + - name: Record custom 'Customise Website + Access Export' variables locally on AWX delegate_to: 127.0.0.1 lineinfile: @@ -34,7 +34,7 @@ 'sftp_auth_method': '"{{ sftp_auth_method }}"' 'sftp_password': '"{{ sftp_password }}"' 'sftp_public_key': '"{{ sftp_public_key }}"' - + - name: Copy new 'matrix_vars.yml' to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' @@ -170,7 +170,7 @@ group: sftp mode: '0644' when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key") - + - name: Alter SSH Subsystem State 1 lineinfile: path: /etc/ssh/sshd_config @@ -227,4 +227,3 @@ service: name: ssh.service state: restarted - diff --git a/roles/matrix-awx/tasks/load_matrix_variables.yml b/roles/matrix-awx/tasks/load_matrix_variables.yml index 0174e0e6..ff0986d7 100755 --- a/roles/matrix-awx/tasks/load_matrix_variables.yml +++ b/roles/matrix-awx/tasks/load_matrix_variables.yml @@ -3,4 +3,3 @@ include_vars: file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' no_log: True - diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index f7f5bf1f..4c2c5285 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -16,7 +16,7 @@ when: run_setup|bool and matrix_awx_enabled|bool tags: - create-user - + # Perform extra self-check functions - import_tasks: "{{ role_path }}/tasks/self_check.yml" when: run_setup|bool and matrix_awx_enabled|bool @@ -58,12 +58,12 @@ when: run_setup|bool and matrix_awx_enabled|bool tags: - setup-ma1sd - + # Additional playbook to set the variable file during Corporal configuration - import_tasks: "{{ role_path }}/tasks/set_variables_corporal.yml" when: run_setup|bool and matrix_awx_enabled|bool tags: - - setup-corporal + - setup-corporal # Additional playbook to set the variable file during Synapse Admin configuration - import_tasks: "{{ role_path }}/tasks/set_variables_synapse_admin.yml" @@ -76,4 +76,3 @@ when: run_setup|bool and matrix_awx_enabled|bool tags: - always - diff --git a/roles/matrix-awx/tasks/self_check.yml b/roles/matrix-awx/tasks/self_check.yml index 977293d0..8d647574 100644 --- a/roles/matrix-awx/tasks/self_check.yml +++ b/roles/matrix-awx/tasks/self_check.yml @@ -1,21 +1,21 @@ - name: Install prerequisite apt packages on target apt: - name: + name: - sysstat state: present - + - name: Install prerequisite yum packages on AWX delegate_to: 127.0.0.1 yum: - name: + name: - bind-utils state: present - + - name: Install prerequisite pip packages on AWX delegate_to: 127.0.0.1 pip: - name: + name: - dnspython state: present @@ -23,7 +23,7 @@ shell: iostat -c register: cpu_usage_stat no_log: True - + - name: Print CPU usage statistics debug: msg: "{{ cpu_usage_stat.stdout.split('\n') }}" @@ -91,4 +91,3 @@ debug: msg: "{{ docker_stats.stdout.split('\n') }}" when: docker_stats is defined - diff --git a/roles/matrix-awx/tasks/set_variables_corporal.yml b/roles/matrix-awx/tasks/set_variables_corporal.yml index efc44a42..d8ac038d 100755 --- a/roles/matrix-awx/tasks/set_variables_corporal.yml +++ b/roles/matrix-awx/tasks/set_variables_corporal.yml @@ -8,7 +8,7 @@ insertafter: '# Corporal Settings' with_dict: 'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' - + - name: Enable Shared Secret Auth if Corporal enabled delegate_to: 127.0.0.1 lineinfile: @@ -19,7 +19,7 @@ with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' when: matrix_corporal_enabled|bool - + - name: Disable Shared Secret Auth if Corporal disabled delegate_to: 127.0.0.1 lineinfile: @@ -30,7 +30,7 @@ with_dict: 'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' when: not matrix_corporal_enabled|bool - + - name: Enable Rest Auth Endpoint if Corporal enabled delegate_to: 127.0.0.1 lineinfile: @@ -97,7 +97,7 @@ "Type": "static_file", "Path": "/etc/matrix-corporal/corporal-policy.json" } - when: matrix_corporal_policy_provider_mode == "Simple Static File" + when: matrix_corporal_policy_provider_mode == "Simple Static File" - name: Touch the /matrix/corporal/ directory file: @@ -130,7 +130,7 @@ owner: matrix group: matrix mode: '660' - + - name: Touch the last-policy.json file to ensure it exists file: path: "/matrix/corporal/config/last-policy.json" @@ -138,7 +138,7 @@ owner: matrix group: matrix mode: '660' - + - name: Record 'Simple Static File' configuration content in corporal-policy.json copy: content: "{{ matrix_corporal_simple_static_config | string }}" @@ -211,16 +211,16 @@ src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' dest: '/matrix/awx/configure_corporal.json' mode: '0660' - + - debug: msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" - + - debug: msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" - debug: msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" - + - debug: msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" @@ -251,4 +251,3 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - diff --git a/roles/matrix-awx/tasks/set_variables_element.yml b/roles/matrix-awx/tasks/set_variables_element.yml index 892c1bac..a21a9dd8 100755 --- a/roles/matrix-awx/tasks/set_variables_element.yml +++ b/roles/matrix-awx/tasks/set_variables_element.yml @@ -53,7 +53,7 @@ curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' register: tower_token no_log: True - + - name: Recreate 'Configure Element' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: @@ -74,4 +74,3 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - diff --git a/roles/matrix-awx/tasks/set_variables_jitsi.yml b/roles/matrix-awx/tasks/set_variables_jitsi.yml index e35beab7..4a871a18 100755 --- a/roles/matrix-awx/tasks/set_variables_jitsi.yml +++ b/roles/matrix-awx/tasks/set_variables_jitsi.yml @@ -55,4 +55,3 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - diff --git a/roles/matrix-awx/tasks/set_variables_ma1sd.yml b/roles/matrix-awx/tasks/set_variables_ma1sd.yml index 256a2410..32dadc0a 100755 --- a/roles/matrix-awx/tasks/set_variables_ma1sd.yml +++ b/roles/matrix-awx/tasks/set_variables_ma1sd.yml @@ -44,14 +44,14 @@ regexp: '^.*\n' after: '# Start ma1sd Extension' before: '# End ma1sd Extension' - + - name: Replace conjoined ma1sd configuration extension limiters delegate_to: 127.0.0.1 replace: path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' regexp: '^# Start ma1sd Extension# End ma1sd Extension' replace: '# Start ma1sd Extension\n# End ma1sd Extension' - + - name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd delegate_to: 127.0.0.1 lineinfile: @@ -125,6 +125,5 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - -# ^ This playbook isn't executing so the survey isn't being updated! :P +# ^ This playbook isn't executing so the survey isn't being updated! :P diff --git a/roles/matrix-awx/tasks/set_variables_synapse.yml b/roles/matrix-awx/tasks/set_variables_synapse.yml index 979190ce..a8cc418b 100755 --- a/roles/matrix-awx/tasks/set_variables_synapse.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse.yml @@ -15,7 +15,7 @@ 'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' 'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' 'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' - + - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty delegate_to: 127.0.0.1 replace: @@ -143,7 +143,7 @@ line: " - {{ item }}" with_items: "{{ ext_federation_whitelist_raw.splitlines() }}" when: ext_federation_whitelist_raw|length > 0 - + - name: Record Synapse Custom variables locally on AWX delegate_to: 127.0.0.1 lineinfile: @@ -220,4 +220,3 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - diff --git a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml index 30cf12b4..42084ad7 100644 --- a/roles/matrix-awx/tasks/set_variables_synapse_admin.yml +++ b/roles/matrix-awx/tasks/set_variables_synapse_admin.yml @@ -54,5 +54,3 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes - -