jowj
/
matrix-docker-ansible-deploy
forked from mirrors/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.awful.club:mirrors/matrix-docker-ansible-deploy

Browse Source
master
josiah 3 years ago
parent 6dc39ee6a7 9bc0eb36ab
commit 7d2f42cd22
205 changed files with 6287 additions and 1041 deletions
Show Stats Download Patch File Download Diff File

193
CHANGELOG.md
Unescape View File

@ -1,3 +1,196 @@
# 2021-02-19
## GroupMe bridging support via mx-puppet-groupme
Thanks to [Cody Neiman](https://github.com/xangelix), the playbook can now install the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for bridging to [GroupMe](https://groupme.com).
This brings the total number of bridges supported by the playbook up to 18. See all supported bridges [here](docs/configuring-playbook.md#bridging-other-networks).
To get started, follow our [Setting up MX Puppet GroupMe](docs/configuring-playbook-bridge-mx-puppet-groupme.md) docs.
## Mautrix Instagram bridging support
The playbook now supports bridging with [Instagram](https://www.instagram.com/) by installing the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge. This playbook functionality is available thanks to [@MarcProe](https://github.com/MarcProe).
Additional details are available in [Setting up Mautrix Instagram bridging](docs/configuring-playbook-bridge-mautrix-instagram.md).
## Synapse workers support
After [lots and lots of work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/456) (done over many months by [Marcel Partap](https://github.com/eMPee584), [Max Klenk](https://github.com/maxklenk), a few others from the [Technical University of Dresden, Germany](https://tu-dresden.de/) and various other contributors), support for Synapse workers has finally landed.
Having support for workers makes the playbook suitable for larger homeserver deployments.
Our setup is not yet perfect (we don't support all types of workers; scaling some of them (like `pusher`, `federation_sender`) beyond a single instance is not yet supported). Still, it's a great start and can already power homeservers with thousands of users, like the [Matrix deployment at TU Dresden](https://doc.matrix.tu-dresden.de/en/) discussed in [Matrix Live S06E09 - TU Dresden on their Matrix deployment](https://www.youtube.com/watch?v=UHJX2pmT2gk).
By default, workers are disabled and Synapse runs as a single process (homeservers don't necessarily need the complexity and increased memory requirements of running a worker-based setup).
To enable Synapse workers, follow our [Load balancing with workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) documentation.
# 2021-02-12
## (Potential Breaking Change) Monitoring/metrics support using Prometheus and Grafana
Thanks to [@Peetz0r](https://github.com/Peetz0r), the playbook can now install a bunch of tools for monitoring your Matrix server: the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI.
To get get these installed, follow our [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) docs page.
This update comes with a **potential breaking change** for people who were already exposing Synapse metrics (for consumption via another Prometheus installation). From now on, `matrix_synapse_metrics_enabled: true` no longer exposes metrics publicly via matrix-nginx-proxy (at `https://matrix.DOMAIN/_synapse/metrics`). To do so, you'd need to explicitly set `matrix_nginx_proxy_proxy_synapse_metrics: true`.
# 2021-01-31
## Etherpad support
Thanks to [@pushytoxin](https://github.com/pushytoxin), the playbook can now install the [Etherpad](https://etherpad.org) realtime collaborative text editor. It can be used in a [Jitsi](https://jitsi.org/) audio/video call or integrated as a widget into Matrix chat rooms via the [Dimension](https://dimension.t2bot.io) integration manager.
To get it installed, follow [our Etherpad docs page](docs/configuring-playbook-etherpad.md).
# 2021-01-22
## (Breaking Change) Postgres changes that require manual intervention
We've made a lot of changes to our Postgres setup and some manual action is required (described below). Sorry about the hassle.
**TLDR**: people running an [external Postgres server](docs/configuring-playbook-external-postgres.md) don't need to change anything for now. Everyone else (the common/default case) is affected and manual intervention is required.
### Why?
- we had a default Postgres password (`matrix_postgres_connection_password: synapse-password`), which we think is **not ideal for security anymore**. We now ask you to generate/provide a strong password yourself. Postgres is normally not exposed outside the container network, making it relatively secure, but still:
- by tweaking the configuration, you may end up intentionally or unintentionally exposing your Postgres server to the local network (or even publicly), while still using the default default credentials (`synapse` + `synapse-password`)
- we can't be sure we trust all these services (bridges, etc). Some of them may try to talk to or attack `matrix-postgres` using the default credentials (`synapse` + `synapse-password`)
- you may have other containers running on the same Docker network, which may try to talk to or attack `matrix-postgres` using the default credentials (`synapse` + `synapse-password`)
- our Postgres usage **was overly-focused on Synapse** (default username of `synapse` and default/main database of `homeserver`). Additional homeserver options are likely coming in the future ([Dendrite](https://matrix.org/docs/projects/server/dendrite), [Conduit](https://matrix.org/docs/projects/server/conduit), [The Construct](https://matrix.org/docs/projects/server/construct)), so being too focused on `matrix-synapse` is not great. From now on, Synapse is just another component of this playbook, which happens to have an *additional database* (called `synapse`) on the Postgres server.
- we try to reorganize things a bit, to make the playbook even friendlier to people running an [external Postgres server](docs/configuring-playbook-external-postgres.md). Work on this will proceed in the future.
So, this is some **effort to improve security** and to **prepare for a brighter future of having more homeserver options** than just Synapse.
### What has really changed?
- the default superuser Postgres username is now `matrix` (used to be `synapse`)
- the default Postgres database is now `matrix` (used to be `homeserver`)
- Synapse's database is now `synapse` (used to be `homeserver`). This is now just another "additional database" that the playbook manages for you
- Synapse's user called `synapse` is just a regular user that can only use the `synapse` database (not a superuser anymore)
### What do I do if I'm using the integrated Postgres server (default)?
By default, the playbook runs an integrated Postgres server for you in a container (`matrix-postgres`). Unless you've explicitly configured an [external Postgres server](docs/configuring-playbook-external-postgres.md), these steps are meant for you.
To migrate to the new setup, expect a few minutes of downtime, while you follow these steps:
1. We believe the steps below are safe and you won't encounter any data loss, but consider [making a Postgres backup](docs/maintenance-postgres.md#backing-up-postgresql) anyway. If you've never backed up Postgres, now would be a good time to try it.
2. Generate a strong password to be used for your superuser Postgres user (called `matrix`). You can use `pwgen -s 64 1` to generate it, or some other tool. The **maximum length** for a Postgres password is 100 bytes (characters). Don't go crazy!
3. Update your playbook's `inventory/host_vars/matrix.DOMAIN/vars.yml` file, adding a line like this:
```yaml
matrix_postgres_connection_password: 'YOUR_POSTGRES_PASSWORD_HERE'
```
.. where `YOUR_POSTGRES_PASSWORD_HERE` is to be replaced with the password you generated during step #2.
4. Stop all services: `ansible-playbook -i inventory/hosts setup.yml --tags=stop`
5. Log in to the server via SSH. The next commands will be performed there.
6. Start the Postgres database server: `systemctl start matrix-postgres`
7. Open a Postgres shell: `/usr/local/bin/matrix-postgres-cli`
8. Execute the following query, while making sure to **change the password inside** (**don't forget the ending `;`**):
```sql
CREATE ROLE matrix LOGIN SUPERUSER PASSWORD 'YOUR_POSTGRES_PASSWORD_HERE';
```
.. where `YOUR_POSTGRES_PASSWORD_HERE` is to be replaced with the password you generated during step #2.
9. Execute the following queries as you see them (no modifications necessary, so you can just **paste them all at once**):
```sql
CREATE DATABASE matrix OWNER matrix;
ALTER DATABASE postgres OWNER TO matrix;
ALTER DATABASE template0 OWNER TO matrix;
ALTER DATABASE template1 OWNER TO matrix;
\c matrix;
ALTER DATABASE homeserver RENAME TO synapse;
ALTER ROLE synapse NOSUPERUSER NOCREATEDB NOCREATEROLE;
\quit
```
You may need to press *Enter* after pasting the lines above.
10. Re-run the playbook normally: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
### What do I do if I'm using an external Postgres server?
If you've explicitly configured an [external Postgres server](docs/configuring-playbook-external-postgres.md), there are **no changes** that you need to do at this time.
The fact that we've renamed Synapse's database from `homeserver` to `synapse` (in our defaults) should not affect you, as you're already explicitly defining `matrix_synapse_database_database` (if you've followed our guide, that is). If you're not explicitly defining this variable, you may wish to do so (`matrix_synapse_database_database: homeserver`), to avoid the new `synapse` default and keep things as they were.
# 2021-01-20
## (Breaking Change) The mautrix-facebook bridge now requires a Postgres database
A new version of the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge has been released. It's a full rewrite of its backend and the bridge now requires Postgres. New versions of the bridge can no longer run on SQLite.
**TLDR**: if you're NOT using an [external Postgres server](docs/configuring-playbook-external-postgres.md) and have NOT forcefully kept the bridge on SQLite during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous), you will be automatically upgraded without manual intervention. All you need to do is send a `login` message to the Facebook bridge bot again.
Whether this change requires your intervention depends mostly on:
- whether you're using an [external Postgres server](docs/configuring-playbook-external-postgres.md). If yes, then [you need to do something](#upgrade-path-for-people-running-an-external-postgres-server).
- or whether you've force-changed the bridge's database engine to SQLite (`matrix_mautrix_facebook_database_engine: 'sqlite'` in your `vars.yml`) some time in the past (likely during [The big move to all-on-Postgres (potentially dangerous)](#the-big-move-to-all-on-postgres-potentially-dangerous)).
As already mentioned above, you most likely don't need to do anything. If you rerun the playbook and don't get an error, you've been automatically upgraded. Just send a `login` message to the Facebook bridge bot again. Otherwise, read below for a solution.
### Upgrade path for people NOT running an external Postgres server (default for the playbook)
If you're **not running an external Postgres server**, then this bridge either already works on Postgres for you, or you've intentionally kept it back on SQLite with custom configuration (`matrix_mautrix_facebook_database_engine: 'sqlite'` in your `vars.yml`) .
Simply remove that custom configuration from your `vars.yml` file (if it's there) and re-run the playbook. It should upgrade you automatically.
You'll need to send a `login` message to the Facebook bridge bot again.
Alternatively, [you can stay on SQLite for a little longer](#staying-on-sqlite-for-a-little-longer-temporary-solution).
### Upgrade path for people running an external Postgres server
For people using the internal Postgres server (the default for the playbook):
- we automatically create an additional `matrix_mautrix_facebook` Postgres database and credentials to access it
- we automatically adjust the bridge's `matrix_mautrix_facebook_database_*` variables to point the bridge to that Postgres database
- we use [pgloader](https://pgloader.io/) to automatically import the existing SQLite data for the bridge into the `matrix_mautrix_facebook` Postgres database
If you are using an [external Postgres server](docs/configuring-playbook-external-postgres.md), unfortunately we currently can't do any of that for you.
You have 3 ways to proceed:
- contribute to the playbook to make this possible (difficult)
- or, do the migration "steps" manually:
- stop the bridge (`systemctl stop matrix-mautrix-facebook`)
- create a new `matrix_mautrix_facebook` Postgres database for it
- run [pgloader](https://pgloader.io/) manually (we import this bridge's data using default settings and it works well)
- define `matrix_mautrix_facebook_database_*` variables in your `vars.yml` file (credentials, etc.) - you can find their defaults in `roles/matrix-mautrix-facebook/defaults/main.yml`
- switch the bridge to Postgres (`matrix_mautrix_facebook_database_engine: 'postgres'` in your `vars.yml` file)
- re-run the playbook (`--tags=setup-all,start`) and ensure the bridge works (`systemctl status matrix-mautrix-facebook` and `journalctl -fu matrix-mautrix-facebook`)
- send a `login` message to the Facebook bridge bot again
- or, [stay on SQLite for a little longer (temporary solution)](#staying-on-sqlite-for-a-little-longer-temporary-solution)
### Staying on SQLite for a little longer (temporary solution)
To keep using this bridge with SQLite for a little longer (**not recommended**), use the following configuration in your `vars.yml` file:
```yaml
# Force-change the database engine to SQLite.
matrix_mautrix_facebook_database_engine: 'sqlite'
# Force-downgrade to the last bridge version which supported SQLite.
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:da1b4ec596e334325a1589e70829dea46e73064b"
```
If you do this, keep in mind that **you can't run this forever**. This SQLite-supporting bridge version is not getting any updates and will break sooner or later. The playbook will also drop support for SQLite at some point in the future.
# 2021-01-17
## matrix-corporal goes 2.0

140
README.md
Unescape View File

@ -4,9 +4,16 @@
## Purpose
This Ansible playbook is meant to easily let you run your own [Matrix](http://matrix.org/) homeserver.
This [Ansible](https://www.ansible.com/) playbook is meant to help you run your own [Matrix](http://matrix.org/) homeserver, along with the [various services](#supported-services) related to that.
That is, it lets you join the Matrix network with your own `@<username>:<your-domain>` identifier, all hosted on your own server.
That is, it lets you join the Matrix network using your own `@<username>:<your-domain>` identifier, all hosted on your own server (see [prerequisites](docs/prerequisites.md)).
We run all services in [Docker](https://www.docker.com/) containers (see [the container images we use](docs/container-images.md)), which lets us have a predictable and up-to-date setup, across multiple supported distros (see [prerequisites](docs/prerequisites.md)) and [architectures](docs/alternative-architectures.md) (x86/amd64 being recommended).
[Installation](docs/README.md) (upgrades) and some maintenance tasks are automated using [Ansible](https://www.ansible.com/) (see [our Ansible guide](docs/ansible.md)).
## Supported services
Using this playbook, you can get the following services configured on your server:
@ -46,6 +53,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge for bridging your Matrix server to [Instagram](https://instagram.com/)
- (optional) the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
@ -56,20 +65,28 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS - see [docs/configuring-playbook-bridge-matrix-bridge-sms.md](docs/configuring-playbook-bridge-matrix-bridge-sms.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms - see [docs/configuring-playbook-email2matrix.md](docs/configuring-playbook-email2matrix.md) for setup documentation
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients - see [docs/configuring-playbook-dimension.md](docs/configuring-playbook-dimension.md) for setup documentation
- (optional) [Etherpad](https://etherpad.org), an open source collaborative text editor - see [docs/configuring-playbook-etherpad.md](docs/configuring-playbook-etherpad.md) for setup documentation
- (optional) [Jitsi](https://jitsi.org/), an open source video-conferencing platform - see [docs/configuring-playbook-jitsi.md](docs/configuring-playbook-jitsi.md) for setup documentation
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
@ -78,6 +95,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) [matrix-registration](https://github.com/ZerataX/matrix-registration), a simple python application to have a token based matrix registration - see [docs/configuring-playbook-matrix-registration.md](docs/configuring-playbook-matrix-registration.md) for setup documentation
- (optional) the [Prometheus](https://prometheus.io) time-series database server, the Prometheus [node-exporter](https://prometheus.io/docs/guides/node-exporter/) host metrics exporter, and the [Grafana](https://grafana.com/) web UI - see [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](docs/configuring-playbook-prometheus-grafana.md) for setup documentation
Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else.
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.
@ -85,33 +104,6 @@ Sticking with the defaults (which install a subset of the above components) is t
You can always re-run the playbook later to add or remove components.
## What's different about this Ansible playbook?
This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
- this one is a complete Ansible playbook (instead of just a role), so it's **easier to run** - especially for folks not familiar with Ansible
- this one installs and hooks together **a lot more Matrix-related services** for you (see above)
- this one **can be executed more than once** without causing trouble
- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up nginx for you there, but you can also [use your own webserver](docs/configuring-playbook-own-webserver.md)
- this one **runs everything in Docker containers**, so it's likely more predictable and less fragile (see [Docker images used by this playbook](#docker-images-used-by-this-playbook))
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
- this one optionally can store the `media_store` content repository files on [Amazon S3](https://aws.amazon.com/s3/) (but defaults to storing files on the server's filesystem)
- this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
## Installation
To configure and install Matrix on your own server, follow the [README in the docs/ directory](docs/README.md).
@ -124,88 +116,6 @@ This playbook evolves over time, sometimes with backward-incompatible changes.
When updating the playbook, refer to [the changelog](CHANGELOG.md) to catch up with what's new.
## Docker images used by this playbook
This playbook sets up your server using the following Docker images:
- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional)
- [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
- [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional)
- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
- [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional)
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
- [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional)
- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional)
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
- [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
- [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) - the [certbot](https://certbot.eff.org/) tool for obtaining SSL certificates from [Let's Encrypt](https://letsencrypt.org/) (optional)
- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional)
- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional)
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) (optional)
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional)
- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional)
- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
## Deficiencies
This Ansible playbook can be improved in the following ways:
- setting up automatic backups to one or more storage providers
## Support
- Matrix room: [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com)

4
ansible.cfg
Unescape View File

@ -2,6 +2,10 @@
pipelining = True
retry_files_enabled = False
stdout_callback = yaml
# trying allow world readable to bypass a weird issue with ansible
# see: https://github.com/georchestra/ansible/issues/55
allow_world_readable_tmpfiles=true
vault_password_file=open_the_vault.sh
ansible_python_interpreter=/usr/bin/python3
interpreter_python=/usr/bin/python3

4
docs/README.md
Unescape View File

@ -1,6 +1,8 @@
# Table of Contents
- [Prerequisites](prerequisites.md)
- [FAQ](faq.md) - lots of questions and answers. Jump to [Prerequisites](prerequisites.md) to avoid reading too much and to just start a guided installation.
- [Prerequisites](prerequisites.md) - go here to a guided installation using this Ansible playbook
- [Configuring your DNS server](configuring-dns.md)

2
docs/alternative-architectures.md
Unescape View File

@ -21,6 +21,6 @@ matrix_architecture: "arm32"
## Implementation details
For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture).
For `amd64`, prebuilt container images (see the [container images we use](container-images.md)) are used everywhere, because all images are available for this architecture.
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

17
docs/configuring-dns.md
Unescape View File

@ -15,20 +15,25 @@ As we discuss in [Server Delegation](howto-server-delegation.md), there are 2 di
This playbook mostly discusses the well-known file method, because it's easier to manage with regard to certificates.
If you decide to go with the alternative method ([Server Delegation via a DNS SRV record (advanced)](howto-server-delegation.md#server-delegation-via-a-dns-srv-record-advanced)), please be aware that the general flow that this playbook guides you through may not match what you need to do.
## General outline of DNS settings you need to do
## Required DNS settings for services enabled by default
| Type | Host | Priority | Weight | Port | Target |
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
| A | `matrix` | - | - | - | `matrix-server-IP` |
| CNAME | `element` | - | - | - | `matrix.<your-domain>` |
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
| SRV | `_matrix-identity._tcp` | 10 | 0 | 443 | `matrix.<your-domain>` |
Be mindful as to how long it will take for the DNS records to propagate.
DNS records marked with `(*)` above are optional. They refer to services that will not be installed by default (see the section below). If you won't be installing these services, feel free to skip creating these DNS records. Also be mindful as to how long it will take for the DNS records to propagate.
If you are using Cloudflare DNS, make sure to disable the proxy and set all records to `DNS only`. Otherwise, fetching certificates will fail.
## Required DNS settings for optional services
| Type | Host | Priority | Weight | Port | Target |
| ----- | ---------------------------- | -------- | ------ | ---- | ---------------------- |
| CNAME | `dimension` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `jitsi` (*) | - | - | - | `matrix.<your-domain>` |
| CNAME | `stats` (*) | - | - | - | `matrix.<your-domain>` |
## Subdomains setup
@ -41,6 +46,8 @@ The `dimension.<your-domain>` subdomain may be necessary, because this playbook
The `jitsi.<your-domain>` subdomain may be necessary, because this playbook could install the [Jitsi video-conferencing platform](https://jitsi.org/) for you. Jitsi installation is disabled by default, because it may be heavy and is not a core required component. To learn how to install it, see our [Jitsi](configuring-playbook-jitsi.md) guide. If you do not wish to set up Jitsi, feel free to skip the `jitsi.<your-domain>` DNS record.
The `stats.<your-domain>` subdomain may be necessary, because this playbook could install [Grafana](https://grafana.com/) and setup performance metrics for you. Grafana installation is disabled by default, it is not a core required component. To learn how to install it, see our [metrics and graphs guide](configuring-playbook-prometheus-grafana.md). If you do not wish to set up Grafana, feel free to skip the `stats.<your-domain>` DNS record. It is possible to install Prometheus without installing Grafana, this would also not require the `stats.<your-domain>` subdomain.
## `_matrix-identity._tcp` SRV record setup

5
docs/configuring-playbook-bridge-appservice-discord.md
Unescape View File

@ -38,8 +38,9 @@ To [adjust room access privileges](#adjusting-room-access-privileges) or do vari
There's the Discord bridge's guide for [setting privileges on bridge managed rooms](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#set-privileges-on-bridge-managed-rooms). To do the same with our container setup, run the following command on the server:
```
docker exec -it matrix-appservice-discord /bin/sh -c 'cp /build/tools/adminme.js /tmp/adminme.js && cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /tmp/adminme.js -c /cfg/config.yaml -r "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100'
```sh
docker exec -it matrix-appservice-discord \
/bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "!ROOM_ID:SERVER" -u "@USER:SERVER" -p 100'
```

2
docs/configuring-playbook-bridge-appservice-slack.md
Unescape View File

@ -27,7 +27,7 @@ matrix_appservice_slack_control_room_id: "Your matrix admin room id"
Note that the bot's domain is your server's domain **without the `matrix.` prefix.**
5. Create a new Slack App [here](https://api.slack.com/apps).
5. Create a Classic Slack App [here](https://api.slack.com/apps?new_classic_app=1).
Name the app "matrixbot" (or anything else you'll remember).

4
docs/configuring-playbook-bridge-appservice-webhooks.md
Unescape View File

@ -45,7 +45,7 @@ matrix_appservice_webhooks_log_level: '<log_level>'
"text": "Hello world!",
"format": "plain",
"displayName": "My Cool Webhook",
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
"avatar_url": "http://i.imgur.com/IDOBtEJ.png"
}
```
@ -57,7 +57,7 @@ curl --header "Content-Type: application/json" \
"text": "Hello world!",
"format": "plain",
"displayName": "My Cool Webhook",
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
"avatar_url": "http://i.imgur.com/IDOBtEJ.png"
}' \
<the link you've gotten in 5.>
```

17
docs/configuring-playbook-bridge-mautrix-instagram.md
Unescape View File

@ -0,0 +1,17 @@
# Setting up Mautrix Instagram (optional)
The playbook can install and configure [mautrix-instagram](https://github.com/tulir/mautrix-instagram) for you.
See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/index.html) to learn what it does and why it might be useful to you.
```yaml
matrix_mautrix_instagram_enabled: true
```
## Usage
You then need to start a chat with `@instagrambot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login YOUR_INSTAGRAM_EMAIL_ADDRESS YOUR_INSTAGRAM_PASSWORD` to the bridge bot to enable bridging for your instagram/Messenger account.
You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/instagram/authentication.html).

2
docs/configuring-playbook-bridge-mautrix-signal.md
Unescape View File

@ -14,7 +14,7 @@ matrix_mautrix_signal_enabled: true
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-whatsapp/wiki/Authentication#replacing-whatsapp-accounts-matrix-puppet-with-matrix-account) (hint: you most likely do), you have 2 ways of going about it.
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-signal/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth

38
docs/configuring-playbook-bridge-mx-puppet-groupme.md
Unescape View File

@ -0,0 +1,38 @@
# Setting up MX Puppet GroupMe (optional)
The playbook can install and configure
[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [GroupMe](https://groupme.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_groupme_enabled: true
matrix_mx_puppet_groupme_client_id: ""
matrix_mx_puppet_groupme_client_secret: ""
```
## Usage
Once the bot is enabled you need to start a chat with `GroupMe Puppet Bridge` with
the handle `@_groupmepuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
One authentication method is available.
To link your GroupMe account, go to [dev.groupme.com](https://dev.groupme.com/), sign in, and select "Access Token" from the top menu. Copy the token and message the bridge with:
```
link <access token>
```
Once logged in, send `listrooms` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.

31
docs/configuring-playbook-etherpad.md
Unescape View File

@ -0,0 +1,31 @@
# Setting up Etherpad (optional)
[Etherpad](https://etherpad.org) is is an open source collaborative text editor that can be embedded in a Matrix chat room using the [Dimension integrations manager](https://dimension.t2bot.io)
When enabled together with the Jitsi audio/video conferencing system (see [our docs on Jitsi](configuring-playbook-jitsi.md)), it will be made available as an option during the conferences.
## Prerequisites
For the self-hosted Etherpad instance to be available to your users, you must first enable and configure the **Dimension integrations manager** as described in [the playbook documentation](configuring-playbook-dimension.md)
## Installing
[Etherpad](https://etherpad.org) installation is disabled by default. You can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_etherpad_enabled: true
```
## Set Dimension default to the self-hosted Etherpad
The Dimension administrator users can configure the default URL template. The Dimension configuration menu can be accessed with the sprocket icon as you begin to add a widget to a room in Element. There you will find the Etherpad Widget Configuration action beneath the _Widgets_ tab. Replace `scalar.vector.im` with your own Dimension domain.
### Removing the integrated Etherpad chat
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`
## Known issues
If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.
`$roomId_$padName` can end up being longer than 50 characters. You can avoid having this problem by altering the template so it only contains the three word random identifier `$padName`.

1
docs/configuring-playbook-external-postgres.md
Unescape View File

@ -4,6 +4,7 @@ By default, this playbook would set up a PostgreSQL database server on your mach
If that's alright, you can skip this.
If you'd like to use an external PostgreSQL server that you manage, you can edit your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`).
It should be something like this:
```yaml

2
docs/configuring-playbook-matrix-corporal.md
Unescape View File

@ -89,4 +89,4 @@ The following local filesystem paths are mounted in the `matrix-corporal` contai
- `/matrix/corporal/cache` is mounted at `/var/cache/matrix-corporal` (read and write)
As an example: you can create your own configuration files in `/matrix/corporal/config` and they will appear in `/etc/matrix-corporal` in the Docker container. Your configuration (stuff in `matrix_corporal_policy_provider_config`) needs to refer to these files via the local container path `/etc/matrix-corporal`
As an example: you can create your own configuration files in `/matrix/corporal/config` and they will appear in `/etc/matrix-corporal` in the Docker container. Your configuration (stuff in `matrix_corporal_policy_provider_config`) needs to refer to these files via the local container paths - `/etc/matrix-corporal` (read-only), `/var/matrix-corporal` (read and write), `/var/cache/matrix-corporal` (read and write).

26
docs/configuring-playbook-nginx.md
Unescape View File

@ -34,8 +34,7 @@ Possible values are:
- `"intermediate"` (**default**) - Recommended configuration for a general-purpose server
- `"old"` - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities. The
[Federarion tester](https://federationtester.matrix.org/) also won't work.
**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities.
Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also directly override these 3 variables:
@ -60,3 +59,26 @@ This will disable the access logging for nginx.
```yaml
matrix_nginx_proxy_access_log_enabled: false
```
## Additional configuration
This playbook also allows for additional configuration to be applied to the nginx server.
If you want this playbook to obtain and renew certificates for other domains, then you can set the `matrix_ssl_additional_domains_to_obtain_certificates_for` variable (as mentioned in the [Obtaining SSL certificates for additional domains](configuring-playbook-ssl-certificates.md#obtaining-ssl-certificates-for-additional-domains) documentation as well). Make sure that you have set the DNS configuration for the domains you want to include to point at your server.
```yaml
matrix_ssl_additional_domains_to_obtain_certificates_for:
- domain.one.example
- domain.two.example
```
You can include additional nginx configuration by setting the `matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks` variable.
```yaml
matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks:
- |
# These lines will be included in the nginx configuration.
# This is at the top level of the file, so you will need to define all of the `server { ... }` blocks.
- |
# For advanced use, have a look at the template files in `roles/matrix-nginx-proxy/templates/nginx/conf.d`
```

66
docs/configuring-playbook-prometheus-grafana.md
Unescape View File

@ -0,0 +1,66 @@
# Enabling metrics and graphs for your Matrix server (optional)
It can be useful to have some (visual) insight into the performance of your homeserver.
You can enable this with the following settings in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_prometheus_enabled: true
matrix_prometheus_node_exporter_enabled: true
matrix_grafana_enabled: true
matrix_grafana_anonymous_access: false
# This has no relation to your Matrix user id. It can be any username you'd like.
# Changing the username subsequently won't work.
matrix_grafana_default_admin_user: some_username_chosen_by_you
# Passwords containing special characters may be troublesome.
# Changing the password subsequently won't work.
matrix_grafana_default_admin_password: some_strong_password_chosen_by_you
```
By default, a [Grafana](https://grafana.com/) web user-interface will be available at `https://stats.<your-domain>`.
## What does it do?
Name | Description
-----|----------
`matrix_prometheus_enabled`|[Prometheus](https://prometheus.io) is a time series database. It holds all the data we're going to talk about.
`matrix_prometheus_node_exporter_enabled`|[Node Exporter](https://prometheus.io/docs/guides/node-exporter/) is an addon of sorts to Prometheus that collects generic system information such as CPU, memory, filesystem, and even system temperatures
`matrix_grafana_enabled`|[Grafana](https://grafana.com/) is the visual component. It shows (on the `stats.<your-domain>` subdomain) the dashboards with the graphs that we're interested in
`matrix_grafana_anonymous_access`|By default you need to log in to see graphs. If you want to publicly share your graphs (e.g. when asking for help in [`#synapse:matrix.org`](https://matrix.to/#/#synapse:matrix.org?via=matrix.org&via=privacytools.io&via=mozilla.org)) you'll want to enable this option.
`matrix_grafana_default_admin_user`<br>`matrix_grafana_default_admin_password`|By default Grafana creates a user with `admin` as the username and password. If you feel this is insecure and you want to change it beforehand, you can do that here
## Security and privacy
Metrics and resulting graphs can contain a lot of information. This includes system specs but also usage patterns. This applies especially to small personal/family scale homeservers. Someone might be able to figure out when you wake up and go to sleep by looking at the graphs over time. Think about this before enabling anonymous access. And you should really not forget to change your Grafana password.
Most of our docker containers run with limited system access, but the `prometheus-node-exporter` has access to the host network stack and (readonly) root filesystem. This is required to report on them. If you don't like that, you can set `matrix_prometheus_node_exporter_enabled: false` (which is actually the default). You will still get Synapse metrics with this container disabled. Both of the dashboards will always be enabled, so you can still look at historical data after disabling either source.
## Collecting metrics to an external Prometheus server
If you wish, you could expose homeserver metrics without enabling (installing) Prometheus and Grafana via the playbook. This may be useful for hooking Matrix services to an external Prometheus/Grafana installation.
To do this, you may be interested in the following variables:
Name | Description
-----|----------
`matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network)
`matrix_nginx_proxy_proxy_synapse_metrics`|Set this to `true` to make matrix-nginx-proxy expose the Synapse metrics at `https://matrix.DOMAIN/_synapse/metrics`
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled`|Set this to `true` to password-protect (using HTTP Basic Auth) `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus`, the password is defined in `matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`)
`matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key`|Set this to a password to use for HTTP Basic Auth for protecting `https://matrix.DOMAIN/_synapse/metrics` (the username is always `prometheus` - it's not configurable)
## More inforation
- [Understanding Synapse Performance Issues Through Grafana Graphs](https://github.com/matrix-org/synapse/wiki/Understanding-Synapse-Performance-Issues-Through-Grafana-Graphs) at the Synapse Github Wiki
- [The Prometheus scraping rules](https://github.com/matrix-org/synapse/tree/master/contrib/prometheus) (we use v2)
- [The Synapse Grafana dashboard](https://github.com/matrix-org/synapse/tree/master/contrib/grafana)
- [The Node Exporter dashboard](https://github.com/rfrail3/grafana-dashboards) (for generic non-synapse performance graphs)

135
docs/configuring-playbook-s3.md
Unescape View File

@ -6,6 +6,11 @@ If that's alright, you can skip this.
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
Using a Goofys-backed media store works, but performance may not be ideal. If possible, try to use a region which is close to your Matrix server.
If you'd like to move your locally-stored media store data to Amazon S3 (or another S3-compatible object store), we also provide some migration instructions below.
## Amazon S3
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
@ -50,3 +55,133 @@ matrix_s3_media_store_custom_endpoint_enabled: true
# Example: "https://storage.googleapis.com"
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
```
### Backblaze B2
To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html):
- create a new **private** bucket through its user interface (you can call it something like `matrix-DOMAIN-media-store`)
- note the **Endpoint** for your bucket (something like `s3.us-west-002.backblazeb2.com`)
- adjust its lifecycle rules to use the following **custom** rules:
- File Path: *empty value*
- Days Till Hide: *empty value*
- Days Till Delete: `1`
- go to [App Keys](https://secure.backblaze.com/app_keys.htm) and use the **Add a New Application Key** to create a new one
- restrict it to the previously created bucket (e.g. `matrix-DOMAIN-media-store`)
- give it *Read & Write* access
Copy the `keyID` and `applicationKey`.
You need the following *additional* playbook configuration (on top of what you see above):
```yaml
matrix_s3_media_store_bucket_name: "YOUR_BUCKET_NAME_GOES_HERE"
matrix_s3_media_store_aws_access_key: "YOUR_keyID_GOES_HERE"
matrix_s3_media_store_aws_secret_key: "YOUR_applicationKey_GOES_HERE"
matrix_s3_media_store_custom_endpoint_enabled: true
matrix_s3_media_store_custom_endpoint: "https://s3.us-west-002.backblazeb2.com" # this may be different for your bucket
```
If you have local media store files and wish to migrate to Backblaze B2 subsequently, follow our [migration guide to Backblaze B2](#migrating-to-backblaze-b2) below instead of applying this configuration as-is.
## Migrating from local filesystem storage to S3
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before migrating your local media store to an S3-backed one.
Follow one of the guides below for a migration path from a locally-stored media store to one stored on S3-compatible storage:
- [Migrating to any S3-compatible storage (universal, but likely slow)](#migrating-to-any-s3-compatible-storage-universal-but-likely-slow)
- [Migrating to Backblaze B2](#migrating-to-backblaze-b2)
### Migrating to any S3-compatible storage (universal, but likely slow)
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
1. Proceed with the steps below without stopping Matrix services
2. Start by adding the base S3 configuration in your `vars.yml` file (seen above, may be different depending on the S3 provider of your choice)
3. In addition to the base configuration you see above, add this to your `vars.yml` file:
```yaml
matrix_s3_media_store_path: /matrix/s3-media-store
```
This enables S3 support, but mounts the S3 storage bucket to `/matrix/s3-media-store` without hooking it to your homeserver yet. Your homeserver will still continue using your local filesystem for its media store.
5. Run the playbook to apply the changes: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
6. Do an **initial sync of your files** by running this **on the server** (it may take a very long time):
```sh
sudo -u matrix -- rsync --size-only --ignore-existing -avr /matrix/synapse/storage/media-store/. /matrix/s3-media-store/.
```
You may need to install `rsync` manually.
7. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
8. Start the S3 service by running this **on the server**: `systemctl start matrix-goofys`
9. Sync the files again by re-running the `rsync` command you see in step #6
10. Stop the S3 service by running this **on the server**: `systemctl stop matrix-goofys`
11. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
12. Remove the `matrix_s3_media_store_path` configuration from your `vars.yml` file (undoing step #3 above)
13. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
14. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
15. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`
### Migrating to Backblaze B2
It's a good idea to [make a complete server backup](faq.md#how-do-i-backup-the-data-on-my-server) before doing this.
1. While all Matrix services are running, run the following command on the server:
(you need to adjust the 3 `--env` line below with your own data)
```sh
docker run -it --rm -w /work \
--env='B2_KEY_ID=YOUR_KEY_GOES_HERE' \
--env='B2_KEY_SECRET=YOUR_SECRET_GOES_HERE' \
--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \
-v /matrix/synapse/storage/media-store/:/work \
--entrypoint=/bin/sh \
docker.io/tianon/backblaze-b2:2.1.0 \
-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET > /dev/null && b2 sync /work/ b2://$B2_BUCKET_NAME'
```
This is some initial file sync, which may take a very long time.
2. Stop all Matrix services (`ansible-playbook -i inventory/hosts setup.yml --tags=stop`)
3. Run the command from step #1 again.
Doing this will sync any new files that may have been created locally in the meantime.
Now that Matrix services aren't running, we're sure to get Backblaze B2 and your local media store fully in sync.
4. Get the old media store out of the way by running this command on the server:
```sh
mv /matrix/synapse/storage/media-store /matrix/synapse/storage/media-store-local-backup
```
5. Put the [Backblaze B2 settings seen above](#backblaze-b2) in your `vars.yml` file
6. Run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
7. You're done! Verify that loading existing (old) media files works and that you can upload new ones.
8. When confident that it all works, get rid of the local media store directory: `rm -rf /matrix/synapse/storage/media-store-local-backup`

15
docs/configuring-playbook-ssl-certificates.md
Unescape View File

@ -74,15 +74,12 @@ If you are hosting other domains on the Matrix machine, you can make the playboo
To do that, simply define your own custom configuration like this:
```yaml
# Note: we need to explicitly list the aforementioned Matrix domains that you use (Matrix, Element, Dimension).
# In this example, we retrieve an extra certificate - one for the base domain (in the `matrix_domain` variable).
# In this example, we retrieve 2 extra certificates,
# one for the base domain (in the `matrix_domain` variable) and one for a hardcoded domain.
# Adding any other additional domains (hosted on the same machine) is possible.
matrix_ssl_domains_to_obtain_certificates_for:
- '{{ matrix_server_fqn_matrix }}'
- '{{ matrix_server_fqn_element }}'
- '{{ matrix_server_fqn_dimension }}'
- '{{ matrix_server_fqn_jitsi }}'
matrix_ssl_additional_domains_to_obtain_certificates_for:
- '{{ matrix_domain }}'
- 'another.domain.example.com'
```
After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually obtain certificates you should:
@ -91,9 +88,9 @@ After redefining `matrix_ssl_domains_to_obtain_certificates_for`, to actually ob
- re-run the SSL part of the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-ssl,start`
The certificate files would be available in `/matrix/ssl/config/live/<your-other-domain>/...`.
The certificate files would be made available in `/matrix/ssl/config/live/<your-other-domain>/...`.
For automated certificate renewal to work, each port `80` vhost for each domain you are obtaining certificates for needs to forward requests for `/.well-known/acme-challenge` to the certbot container we use for renewal.
See how this is configured for the `matrix.` subdomain in `/matrix/nginx-proxy/conf.d/matrix-synapse.conf`
Don't be alarmed if the above configuraiton file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.
Don't be alarmed if the above configuration file says port `8080`, instead of port `80`. It's due to port mapping due to our use of containers.

29
docs/configuring-playbook-synapse.md
Unescape View File

@ -18,6 +18,35 @@ Alternatively, **if there is no pre-defined variable** for a Synapse setting you
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_synapse_configuration` (or `matrix_synapse_configuration_yaml`). You can find information about this in [`roles/matrix-synapse/defaults/main.yml`](../roles/matrix-synapse/defaults/main.yml).
## Load balancing with workers
To have Synapse gracefully handle thousands of users, worker support should be enabled. It factors out some homeserver tasks and spreads the load of incoming client and server-to-server traffic between multiple processes. More information can be found in the [official Synapse workers documentation](https://github.com/matrix-org/synapse/blob/master/docs/workers.md).
To enable Synapse worker support, update your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_synapse_workers_enabled: true
```
We support a few configuration presets (`matrix_synapse_workers_preset: one-of-each` being the default configuration):
- `little-federation-helper` - a very minimal worker configuration to improve federation performance
- `one-of-each` - one worker of each supported type
If you'd like more customization power, you can start with one of the presets and tweak various `matrix_synapse_workers_*_count` variables manually.
If you increase worker counts too much, you may need to increase the maximum number of Postgres connections too (example):
```yaml
matrix_postgres_process_extra_arguments: [
"-c 'max_connections=200'"
]
```
If you're using the default setup (the `matrix-nginx-proxy` webserver being enabled) or you're using your own `nginx` server (which imports the configuration files generated by the playbook), you're good to go. If you use some other webserver, you may need to tweak your reverse-proxy setup manually to forward traffic to the various workers.
In case any problems occur, make sure to have a look at the [list of synapse issues about workers](https://github.com/matrix-org/synapse/issues?q=workers+in%3Atitle) and your `journalctl --unit 'matrix-*'`.
## Synapse Admin
Certain Synapse administration tasks (managing users and rooms, etc.) can be performed via a web user-interace, if you install [Synapse Admin](configuring-playbook-synapse-admin.md).

10
docs/configuring-playbook.md
Unescape View File

@ -10,7 +10,7 @@ You can then follow these steps inside the playbook directory:
- create a directory to hold your configuration (`mkdir inventory/host_vars/matrix.<your-domain>`)
- copy the sample configuration file (`cp examples/host-vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml`)
- copy the sample configuration file (`cp examples/vars.yml inventory/host_vars/matrix.<your-domain>/vars.yml`)
- edit the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) to your liking. You may also take a look at the various `roles/ROLE_NAME_HERE/defaults/main.yml` files and see if there's something you'd like to copy over and override in your `vars.yml` configuration file.
@ -33,7 +33,9 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional)
- [Setting Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
- [Setting up Dynamic DNS](configuring-playbook-dynamic-dns.md) (optional)
- [Enabling metrics and graphs (Prometheus, Grafana) for your Matrix server](configuring-playbook-prometheus-grafana.md) (optional)
### Core service adjustments
@ -94,6 +96,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional)
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
@ -114,6 +118,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional)
- [Setting up MX Puppet GroupMe bridging](configuring-playbook-bridge-mx-puppet-groupme.md) (optional)
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)

7
docs/configuring-well-known.md
Unescape View File

@ -148,6 +148,13 @@ backend matrix-backend
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
```
**For Netlify**, it would be something like this:
```
# In the _redirects file in the website's root
/.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200!
```
Make sure to:
- **replace `DOMAIN`** in the server configuration with your actual domain name

97
docs/container-images.md
Unescape View File

@ -0,0 +1,97 @@
# Container Images used by the playbook
This page summarizes the container ([Docker](https://www.docker.com/)) images used by the playbook when setting up your server.
We try to stick to official images (provided by their respective projects) as much as possible.
## Container images used by default
These services are enabled and used by default, but you can turn them off, if you wish.
- [matrixdotorg/synapse](https://hub.docker.com/r/matrixdotorg/synapse/) - the official [Synapse](https://github.com/matrix-org/synapse) Matrix homeserver (optional)
- [instrumentisto/coturn](https://hub.docker.com/r/instrumentisto/coturn/) - the [Coturn](https://github.com/coturn/coturn) STUN/TURN server (optional)
- [vectorim/element-web](https://hub.docker.com/r/vectorim/element-web/) - the [Element](https://element.io/) web client (optional)
- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
- [postgres](https://hub.docker.com/_/postgres/) - the [Postgres](https://www.postgresql.org/) database server (optional)
- [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional)
- [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional)
- [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) - the [certbot](https://certbot.eff.org/) tool for obtaining SSL certificates from [Let's Encrypt](https://letsencrypt.org/) (optional)
## Optional other container images we may use
These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later):
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
- [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) - the [Etherpad](https://etherpad.org) realtime collaborative text editor that can be used in a Jitsi audio/video call or integrated as a widget into Matrix chat rooms via the Dimension integration manager (optional)
- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional)
- [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional)
- [zeratax/matrix-registration](https://hub.docker.com/r/devture/zeratax-matrix-registration/) - [matrix-registration](https://github.com/ZerataX/matrix-registration): a simple python application to have a token based matrix registration (optional)
- [tulir/mautrix-telegram](https://mau.dev/tulir/mautrix-telegram/container_registry) - the [mautrix-telegram](https://github.com/tulir/mautrix-telegram) bridge to [Telegram](https://telegram.org/) (optional)
- [tulir/mautrix-whatsapp](https://mau.dev/tulir/mautrix-whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [tulir/mautrix-facebook](https://mau.dev/tulir/mautrix-facebook/container_registry) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts/container_registry) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [tulir/mautrix-instagram](https://mau.dev/tulir/mautrix-instagram/container_registry) - the [mautrix-instagram](https://github.com/tulir/mautrix-instagram) bridge to [Instagram](https://instagram.com/) (optional)
- [tulir/mautrix-signal](https://mau.dev/tulir/mautrix-signal/container_registry) - the [mautrix-signal](https://github.com/tulir/mautrix-signal) bridge to [Signal](https://www.signal.org/) (optional)
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) (optional)
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https://www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https://slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
- [jitsi/jicofo](https://hub.docker.com/r/jitsi/jicofo) - the [Jitsi](https://jitsi.org/) Focus component (optional)
- [jitsi/prosody](https://hub.docker.com/r/jitsi/prosody) - the [Jitsi](https://jitsi.org/) Prosody XMPP server component (optional)
- [jitsi/jvb](https://hub.docker.com/r/jitsi/jvb) - the [Jitsi](https://jitsi.org/) Video Bridge component (optional)
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [awesometechnologies/synapse-admin](https://hub.docker.com/r/awesometechnologies/synapse-admin) - the [synapse-admin](https://github.com/Awesome-Technologies/synapse-admin) web UI tool for administrating users and rooms on your Matrix server (optional)
- [prom/prometheus](https://hub.docker.com/r/prom/prometheus/) - [Prometheus](https://github.com/prometheus/prometheus/) is a systems and service monitoring system
- [prom/node-exporter](https://hub.docker.com/r/prom/node-exporter/) - [Prometheus Node Exporter](https://github.com/prometheus/node_exporter/) is an addon for Prometheus that gathers standard system metrics
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)

460
docs/faq.md
Unescape View File

@ -0,0 +1,460 @@
# Frequently Asked Questions
This documentation page tries to answer various Frequently Asked Questions about all things [Matrix](https://matrix.org/), with a focus on this [Ansible](https://www.ansible.com/) playbook ([What is Ansible? How does it work?](#what-is-ansible-how-does-it-work)).
This FAQ page does not intend to replace the [matrix.org FAQ](https://matrix.org/faq/) (please see that one too).
We've only started this FAQ recently, so it's still somewhat empty.
Also, we encourage you to not dig yourself into a hole by reading way too much. When you've heard enough, proceed to [Prerequisites](prerequisites.md) to get guided into installing Matrix.
## Introductory
## Where do I find more questions and answers about Matrix?
This is a Frequently Asked Questions page focused on this [Ansible](https://www.ansible.com/) playbook ([What is Ansible? How does it work?](#what-is-ansible-how-does-it-work)) for deploying a [Matrix](https://matrix.org/) server.
For a lot more generic questions and answers, see the [matrix.org FAQ](https://matrix.org/faq/).
## What is Matrix? What is Element? What is Synapse? Why are you confusing me with so many terms?
[Matrix](https://matrix.org/) is a new type of realtime communication (chat) network, the closest analogy to which is probably "email".
You don't just use the "email" protocols (SMTP, POP3, IMAP) directly though. There's a *server* somewhere which stores your data (`@gmail.com`, `@yahoo.com`, `@hotmail.com`, `@your-company.com`) and you access it by using these "email" protocols via some *client* program (Outlook, Thunderbird, some website, etc).
In the world of the Matrix chat protocol, there are various client programs. The first and currently most full-featured one is called [Element](https://element.io/) (used to be called Riot.im and Vector.im in the past). There are [many other clients](https://matrix.org/clients/). You can switch clients as much as you want until you find the one that is right for you on a given platform (you may use Element on your desktop, but Fluffychat on your phone, etc).
Matrix is also like email due to the fact that there are many servers around the world which can all talk to each other (you can send email from `@gmail.com` addresses to `@yahoo.com` and `@hotmail.com` addresses). It's the same with Matrix (`@bob:his-domain.com` can talk to `@alice:her-domain.org`).
If someone else is hosting your Matrix server (you being `@user:matrix.org` or some other public server like this), all you need is a Matrix client program, like Element.
If you'd like to host your own server (you being `@user:your-own-domain.com`), you'd need to set up a Matrix server program, like Synapse.
In short:
- Matrix is the protocol - a set of rules about how the chat network operates
- Element is a client program you can use to participate on the Matrix chat network via some server (yours or someone else's). There are also [many other client programs](https://matrix.org/clients/).
- Synapse is a server program you can use to host your very own Matrix server.
This FAQ here mostly focuses on installing various Matrix services using the Ansible automation tool. You can learn much more about Matrix in the [matrix.org FAQ](https://matrix.org/faq/).
## People I wish to talk to are not on Matrix. Can I talk to them?
You most likely can. Besides Matrix-native chats, Matrix also supports the concept of "bridging", which allows you to plug other networks into it.
This Ansible playbook can help you install [tens of bridges for various networks](configuring-playbook.md#bridging-other-networks).
Besides setting up your own bridges (preferable), you can also use some [public bridges hosted by others](https://publiclist.anchel.nl/#bridges).
## How do I get started with Matrix?
One of [Matrix](https://matrix.org/)'s distinguishing strengths (compared to other chat networks) is its decentralized nature. There's not just one entity (company, organization) controlling the servers. Rather there's thousands of servers operated by different people - one server being insecure, slow or disrespective toward its users does not affect the rest of the network. To participate in that decentralization in its fullest, consider hosting your own server or using some public server other than the largest/default one (`matrix.org`).
There are 3 ways to get into Martix, depending on your technical ability and needs:
- **using the existing default server** - the easiest way is to use an existing server. The largest public Matrix server is `matrix.org` and it's configured as a default server in clients such as [Element](https://element.io) and many others. Just use Element on the browser via that link (or download the Element app on a smartphone), create an account and start chatting.
- **using some other server** - instead of using the largest public server (`matrix.org`), you can use another public one. Here's a [list of public Matrix servers](https://publiclist.anchel.nl/) to choose from. Again, you download [Element](https://element.io) or [some other client](https://matrix.org/clients/) of your choosing and adjust the homeserver URL during login.
- **using your own server** - running your own server puts you in ultimate control of your data. It also lets you have your own user identifiers (e.g. `@bob:your-domain.com`). See [How do I set up my own Matrix server](#how-do-i-set-up-my-own-matrix-server).
### How do I set up my own Matrix server?
Normally, you'd first choose the [Matrix](https://matrix.org/) server software you'd like to run. At the time of this writing (January/2021), there's only one fully-featured server program, so there's only one reasonable choice. That's [Synapse](https://github.com/matrix-org/synapse).
There are [many guides about installing Synapse](https://matrix.org/docs/guides/#installing-synapse). Using this Ansible playbook is just one way of doing it.
Naturally, we're biased, so our usual recommendation is to go with this [Ansible](https://www.ansible.com/) playbook, instead of installing Synapse (and many many other things around it) manually.
To get started with the playbook, start at the [Prerequisites](prerequisites.md) page.
### What is Ansible? How does it work?
[Ansible](https://www.ansible.com/) is an automation program. This "playbook" is a collection of tasks/scripts that will set up a [Matrix](https://matrix.org/) server for you, so you don't have to perform these tasks manually.
We have written these automated tasks for you and all you need to do is execute them using the Ansible program.
You can install Ansible and this playbook code repository on your own computer and tell it to install Matrix services at the server living at `matrix.DOMAIN`. We recommend installing Ansible on your own computer.
Alternatively, you can download Ansible and the playbook itself directly on the `matrix.DOMAIN` server.
To learn more, see our [dedicated Ansible documentation page](ansible.md).
### Why use this playbook and not install Synapse and other things manually?
There are various guides telling you how easy it is to install [Synapse](https://github.com/matrix-org/synapse).
Reading the documentation of this Ansible playbook, you may also be thinking:
> I don't know what [Ansible](https://www.ansible.com/) is. I don't know what [Docker](https://www.docker.com/) is. This looks more complicated.
.. so you may be leaning toward [installing Synapse manually](https://github.com/matrix-org/synapse/blob/master/INSTALL.md).
The problem with a manual installation is:
- Synapse is written in Python. If not packaged for your distribution, you'd need to install various Python modules, etc., and keep them updated.
- Synapse requires a [Postgres](https://www.postgresql.org/) database (it can run on SQLite, but that's very much discouraged). So you'd need to install Postgres as well.
- you may also need a reverse-proxy server in front of it (nginx, Apache), so you'd need to be familiar with that
- SSL is required, so you'd need to obtain Let's Encrypt (or other free or non-free) certificates for one or more domain names. You'd need to be familiar with [certbot](https://certbot.eff.org/) (when using Let's Encrypt) or similar software.
- for each additional component you'd like to add (client like [Element](https://element.io), bridge to some other chat network, Integration Manager (sitckers, other services), Identity Manager, etc.), you'll need to spend extra time installing and wiring it with the rest of the system in a way that works.
- you'll likely get slower updates for all of these components, depending on your distro packaging or your own time and ability
The playbook, on the other hand, installs a bunch of components for you by default, obtains SSL certificates for you, etc. If you'd like, you can enable various bridges and other services with very little effort. All the components are wired to work together.
All services run in Docker containers (most being officially provided by each component's developers), so we're not at the mercy of distro packaging.
### Why use this playbook and not just use the Docker image directly?
Reasons are similar to the reasons for not installing manually.
Besides Synapse, you'd need other things - a Postgres database, likely the [Element](https://element.io) client, etc., etc.
Using the playbook, you get all these components in a way that works well together out of the box.
### What's different about this Ansible playbook compared to [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy)?
This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EMnify/matrix-synapse-auto-deploy) Ansible deployment, but:
- this one is a complete Ansible playbook (instead of just a role), so it's **easier to run** - especially for folks not familiar with Ansible
- this one installs and hooks together **a lot more Matrix-related services** for you (see above)
- this one **can be executed more than once** without causing trouble
- works on various distros: **CentOS** (7.0+), Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+), **Archlinux**
- this one installs everything in a single directory (`/matrix` by default) and **doesn't "contaminate" your server** with files all over the place
- this one **doesn't necessarily take over** ports 80 and 443. By default, it sets up nginx for you there, but you can also [use your own webserver](configuring-playbook-own-webserver.md)
- this one **runs everything in Docker containers**, so it's likely more predictable and less fragile (see [Docker images used by this playbook](container-images.md))
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
- this one optionally can store the `media_store` content repository files on [Amazon S3](https://aws.amazon.com/s3/) (but defaults to storing files on the server's filesystem)
- this one optionally **allows you to use an external PostgreSQL server** for Synapse's database (but defaults to running one in a container)
- helps you **import data from a previous installation** (so you can migrate your manual virtualenv/Docker setup to a more managed one)
- this one is actually **maintained**
## Server-related
### What kind of server do I need to install Matrix using this Ansible playbook?
We list our server requirements in [Prerequisites](prerequisites.md).
### Why not run Matrix on Kubernetes?
There's no reason not to run Matrix on [Kubernetes](https://kubernetes.io/).
However, that's overly complicated for thousands of us who just want to run a single small (and sometimes not so small) Matrix server, either using "cloud" servers or even a [Raspberry Pi](https://www.raspberrypi.org/) at home.
For us, a Kubernetes-based setup which requires a cluster of multiple computers and is more technically-involved is a no-go.
There are others working on automating a Matrix-on-Kubernetes setup, such as this [Helm](https://helm.sh/) chart: https://github.com/dacruz21/matrix-chart.
### Why don't you use Podman instead of Docker?
We like the philosophy of a daemonless container runtime, but [Podman](https://podman.io) is just not ready for our use case yet.
Learn more about our past experiences/attempts to give Podman a chance, by reading [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/520).
In short, `alias podman=docker` is a lie (for us).
### Why use Docker?
[Docker](https://www.docker.com/) is one of our 2 hard dependencies (the other one being [systemd](https://systemd.io/)).
It lets us run services in an isolated manner and independently of the (usually old) packages available for distributions.
It also lets us have a unified setup which runs the same across various supported distros (see them on [Prerequisites](prerequisites.md)).
### Is Docker a hard requirement?
Yes. See [Why don't you use Podman instead of Docker?](#why-dont-you-use-podman-instead-of-docker) for why we're not using another container runtime.
All of our services run in containers. It's how we achieve predictability and also how we support tens of different services across lots of distros.
The only thing we need on the distro is systemd and Python (we install Docker ourselves, unless you ask us not to).
### Why don't you use docker-compose?
Instead of using [docker-compose](https://docs.docker.com/compose/), we prefer installing systemd services and scheduling those independently.
There are people who have worked on turning this setup into a docker-compose-based one. See these experiments [here](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/64#issuecomment-603164625).
### Can I run this on a distro without systemd?
No. [systemd](https://systemd.io/) is one of our 2 hard dependencies (the other one being [Docker](https://www.docker.com/)).
### Can I install this on a Raspberry Pi?
Yes, you can. See our [Alternative Architectures](alternative-architectures.md) documentation page.
Whether a Raspberry Pi has enough power to give you a good experience is another question. It depends on your use case.
Also see: [What kind of server specs do I need?](#what-kind-of-server-specs-do-i-need).
### What kind of server specs do I need?
This largely depends on your use case. It's not so much the number of users that you plan to host, but rather the number of large rooms they will join.
Federated rooms with lots of history and containing hundreds of other servers are very heavy CPU-wise and memory-wise.
You can probably use a 1 CPU + 1GB memory server to host hundreds of local users just fine, but as soon as one of them joins a federated room like `#matrix:matrix.org` (Matrix HQ) or some IRC-bridged room (say `##linux`), your server will get the need for a lot more power (at least 2GB RAM, etc).
Running Matrix on a server with 1GB of memory is possible (especially if you disable some not-so-important services). See [How do I optimize this setup for a low-power server?](#how-do-i-optimize-this-setup-for-a-low-power-server).
**We recommend starting with a server having at least 2GB of memory** and even then using it sparingly. If you know for sure you'll be joining various large rooms, etc., then going for 4GB of memory or more is a good idea.
Besides the regular Matrix stuff, we also support things like video-conferencing using [Jitsi](configuring-playbook-jitsi.md) and other additional services which (when installed) may use up a lot of memory. Things do add up. Besides the Synapse Matrix server, Jitsi is especially notorious for consuming a lot of resources. If you plan on running Jitsi, we recommend a server with at least 2GB of memory (preferrably more). See our [Jitsi documentation page](configuring-playbook-jitsi.md) to learn how to optimize its memory/CPU usage.
### Can I run this in an LXC container?
If your distro runs within an [LXC container](https://linuxcontainers.org/), you may hit [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/703). It can be worked around, if absolutely necessary, but we suggest that you avoid running from within an LXC container.
## Configuration
### Why install my server at matrix.DOMAIN and not at the base DOMAIN?
It's the same with email servers. Your email address is likely `name@company.com`, not `name@mail.company.com`, even though it's `mail.company.com` that is really handling your data for `@company.com` email to work.
Using a separate domain name is easier to manage (although it's a little hard to get right at first) and keeps your Matrix server isolated from your website (if you have one), from your email server (if you have one), etc.
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain).
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
If you're not in control of your base domain (or the server handling it) at all, you can take a look at [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
### I can't set up HTTPS on the base domain. How will I get Matrix federating?
If you really can't obtain an HTTPS certificate for your base domain, you can take a look at [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
### How do I install on matrix.DOMAIN without involving the base DOMAIN?
This Ansible playbook guides you into installing a server for `DOMAIN` (user identifiers are like this: `@user:DOMAIN`), while the server is at `matrix.DOMAIN`.
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
If you're fine with uglier identifiers (`@user:matrix.DOMAIN`, which is the equivalent of having an email address like `bob@mail.company.com`, instead of just `bob@company.com`), you can do that as well using the following configuration in your `vars.yml` file:
```yaml
# This is what your identifiers are like (e.g. `@bob:matrix.YOUR_BASE_DOMAIN`).
matrix_domain: "matrix.YOUR_BASE_DOMAIN"
# This is where Matrix services
matrix_server_fqn_matrix: "matrix.YOUR_BASE_DOMAIN"
# This is where you access the Element web UI from (if enabled via `matrix_client_element_enabled: true`; enabled by default).
# This and the Matrix FQN (see above) are expected to be on the same server.
#
# Feel free to use `element.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
matrix_server_fqn_element: "element.YOUR_BASE_DOMAIN"
# This is where you access Dimension (if enabled via `matrix_dimension_enabled: true`; NOT enabled by default).
#
# Feel free to use `dimension.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
matrix_server_fqn_dimension: "dimension.YOUR_BASE_DOMAIN"
# This is where you access Jitsi (if enabled via `matrix_jitsi_enabled: true`; NOT enabled by default).
#
# Feel free to use `jitsi.matrix.YOUR_BASE_DOMAIN`, if you'd prefer that.
matrix_server_fqn_jitsi: "jitsi.YOUR_BASE_DOMAIN"
```
### I don't use the base domain for anything. How am I supposed to set up Server Delegation for Matrix services?
If you don't use your base domain for anything, then it's hard for you to "serve files over HTTPS" on it -- something we ask you to do for the [.well-known](configuring-well-known.md) setup (needed for [Server Delegation](howto-server-delegation.md)).
Luckily, the playbook can set up your Matrix server (at `matrix.DOMAIN`) to also handle traffic for the base domain (`DOMAIN`).
See [Serving the base domain](configuring-playbook-base-domain-serving.md).
### How do I optimize this setup for a low-power server?
You can disable some not-so-important services to save on memory.
```yaml
# An identity server is not a must.
matrix_ma1sd_enabled: false
# Disabling this will prevent email-notifications and other such things from working.
matrix_mailer_enabled: false
# You can also disable this to save more RAM,
# at the expense of audio/video calls being unreliable.
matrix_coturn_enabled: true
# This makes Synapse not keep track of who is online/offline.
#
# Keeping track of this and announcing such online-status in federated rooms with
# hundreds of servers inside is insanely heavy (https://github.com/matrix-org/synapse/issues/3971).
#
# If your server does not federate with hundreds of others, enabling this doesn't hurt much.
matrix_synapse_use_presence: false
```
You can also consider implementing a restriction on room complexity, in order to prevent users from joining very heavy rooms:
```yaml
matrix_synapse_configuration_extension_yaml: |
limit_remote_rooms:
enabled: true
complexity: 1.0 # this limits joining complex (~large) rooms, can be
# increased, but larger values can require more RAM
```
If you've installed [Jitsi](configuring-playbook-jitsi.md) (not installed by default), there are additional optimizations listed on its documentation page that you can perform.
### I already have Docker on my server. Can you stop installing Docker via the playbook?
Yes, we can stop installing Docker ourselves. Just use this in your `vars.yml` file:
```yaml
matrix_docker_installation_enabled: true
```
### I run another webserver on the same server where I wish to install Matrix. What now?
By default, we install a webserver for you (nginx), but you can also use [your own webserver](configuring-playbook-own-webserver.md).
### How is the effective configuration determined?
Configuration variables are defined in multiple places in this playbook and are considered in this order:
- there are defaults coming from each role's defaults file (`role/matrix*/defaults/main.yml`). These variable values aim to be good defaults for when the role is used standalone (outside of this collection of roles, also called playbook).
- then, there are overrides in `group_vars/matrix_servers`, which aim to adjust these "standalone role defaults" to something which better fits the playbook in its entirety.
- finally, there's your `inventory/host_vars/matrix.DOMAIN/vars.yml` file, which is the ultimate override
### What configuration variables are available?
You can discover the variables you can override in each role (`role/matrix*/defaults/main.yml`).
As described in [How is the effective configuration determined?](#how-is-the-effective-configuration-determined), these role-defaults may be overriden by values defined in `group_vars/matrix_servers`.
Refer to both of these for inspiration. Still, as mentioned in [Configuring the playbook](configuring-playbook.md), you're only ever supposed to edit your own `inventory/host_vars/matrix.DOMAIN/vars.yml` file and nothing else inside the playbook (unless you're meaning to contribute new features).
### I'd like to adjust some configuration which doesn't have a corresponding variable. How do I do it?
The playbook doesn't aim to expose all configuration settings for all services using variables.
Doing so would amount to hundreds of variables that we have to create and maintain.
Instead, we only try to make some important basics configurable using dedicated variables you can see in each role.
See [What configuration variables are available?](#what-configuration-variables-are-available).
Besides that, each role (component) aims to provide a `matrix_SOME_COMPONENT_configuration_extension_yaml` (or `matrix_SOME_COMPONENT_configuration_extension_json`) variable, which can be used to override the configuration.
Check each role's `role/matrix*/defaults/main.yml` for the corresponding variable and an example for how use it.
## Installation
### How do I run the installation?
See [Installing](installing.md) to learn how to use Ansible to install Matrix services.
Of course, don't just jump straight to Installing. Rather, start at [Prerequisites](prerequisites.md) and get guided from there (into [setting up DNS](configuring-dns.md), [configuring the playbook](configuring-playbook.md), etc).
### I installed Synapse some other way. Can I migrate such a setup to the playbook?
Yes, you can.
You generally need to do a playbook installation (start at the [Prerequisites](prerequisites.md) page), followed by importing your existing data into it.
This Ansible playbook guides you into installing a server for `DOMAIN` (user identifiers are like this: `@user:DOMAIN`), while the server is at `matrix.DOMAIN`. If your existing setup has a server name (`server_name` configuration setting in Synapse's `homeserver.yaml` file) other than the base `DOMAIN`, you may need to tweak some additional variables. This FAQ entry may be of use if you're dealing with a more complicated setup - [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
After configuring the playbook and installing and **before starting** services (done with `ansible-playbook ... --tags=start`) you'd import [your SQLite](importing-synapse-sqlite.md) (or [Postgres](importing-postgres.md)) database and also [import your media store](importing-synapse-media-store.md).
### I've downloaded Ansible and the playbook on the server. It can't connect using SSH.
If you're using the playbook directly on the server, then Ansible doesn't need to connect using SSH.
It can perform a local connection instead. Just set `ansible_connection=local` at the end of the server line in `inventory/hosts` and re-run the playbook.
If you're running Ansible from within a container (one of the possibilities we list on our [dedicated Ansible documentation page](ansible.md)), then using `ansible_connection=local` is not possible.
## Troubleshooting
### I get "Error response from daemon: configured logging driver does not support reading" when I do `docker logs matrix-synapse`.
See [How can I see the logs?](#how-can-i-see-the-logs).
### How can I see the logs?
We utilize [systemd/journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html#Description) for logging.
To see logs for Synapse, run `journalctl -fu matrix-synapse.service`. You may wish to see the [manual page for journalctl](https://www.commandlinux.com/man-page/man1/journalctl.1.html).
Available service names can be seen by doing `ls /etc/systemd/system/matrix*.service` on the server.
Some services also log to files in `/matrix/*/data/..`, but we're slowly moving away from that.
We also disable Docker logging, so you can't use `docker logs matrix-*` either. We do this to prevent useless double (or even triple) logging and to avoid having to rotate log files.
We just simply delegate logging to journald and it takes care of persistence and expiring old data.
Also see: [How long do systemd/journald logs persist for?](#how-long-do-systemdjournald-logs-persist-for)
### How long do systemd/journald logs persist for?
On some distros, the journald logs are just in-memory and not persisted to disk.
Consult (and feel free to adjust) your distro's journald logging configuration in `/etc/systemd/journald.conf`.
To enable persistence and put some limits on how large the journal log files can become, adjust your configuration like this:
```ini
[Journal]
RuntimeMaxUse=200M
SystemMaxUse=1G
RateLimitInterval=0
RateLimitBurst=0
Storage=persistent
```
## Maintenance
### Do I need to do anything to keep my Matrix server updated?
Yes. We don't update anything for you automatically.
See our [documentation page about upgrading services](maintenance-upgrading-services.md).
### How do I move my existing installation to another (VM) server?
If you have an existing installation done using this Ansible playbook, you can easily migrate that to another server using [our dedicated server migration guide](maintenance-migrating.md).
If your previous installation is done in some other way (not using this Ansible playbook), see [I installed Synapse some other way. Can I migrate such a setup to the playbook?](#i-installed-synapse-some-other-way-can-i-migrate-such-a-setup-to-the-playbook).
### How do I back up the data on my server?
We haven't documented this properly yet, but the general advice is to:
- back up Postgres by making a database dump. See [Backing up PostgreSQL](maintenance-postgres.md#backing-up-postgresql)
- back up all `/matrix` files, except for `/matrix/postgres/data` (you already have a dump) and `/matrix/postgres/data-auto-upgrade-backup` (this directory may exist and contain your old data if you've [performed a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql)).
You can later restore these roughly like this:
- restore the `/matrix` directory and files on the new server manually
- run the playbook again (see [Installing](installing.md)), but **don't** start services yet (**don't run** `... --tags=start`). This step will fix any file permission mismatches and will also set up additional software (Docker, etc.) and files on the server (systemd service, etc.).
- perform a Postgres database import (see [Importing Postgres](importing-postgres.md)) to restore your database backup
- start services (see [Starting the services](installing.md#starting-the-services))
If your server's IP address has changed, you may need to [set up DNS](configuring-dns.md) again.
### What is this `/matrix/postgres/data-auto-upgrade-backup` directory that is taking up so much space?
When you [perform a major Postgres upgrade](maintenance-postgres.md#upgrading-postgresql), we save the the old data files in `/matrix/postgres/data-auto-upgrade-backup`, just so you could easily restore them should something have gone wrong.
After verifying that everything still works after the Postgres upgrade, you can safely delete `/matrix/postgres/data-auto-upgrade-backup`

13
docs/importing-postgres.md
Unescape View File

@ -7,8 +7,8 @@ Run this if you'd like to import your database from a previous installation.
## Prerequisites
For this to work, **the database name in Postgres must match** what this playbook uses.
This playbook uses a Postgres database name of `homeserver` by default (controlled by the `matrix_postgres_db_name` variable).
If your database name differs, be sure to change `matrix_postgres_db_name` to your desired name and to re-run the playbook before proceeding.
This playbook uses a Postgres database name of `synapse` by default (controlled by the `matrix_synapse_database_database` variable).
If your database name differs, be sure to change `matrix_synapse_database_database` to your desired name and to re-run the playbook before proceeding.
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
@ -21,10 +21,17 @@ Before doing the actual import, **you need to upload your Postgres dump file to
To import, run this command (make sure to replace `<server-path-to-postgres-dump.sql>` with a file path on your server):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='server_path_postgres_dump=<server-path-to-postgres-dump.sql>' --tags=import-postgres
```sh
ansible-playbook -i inventory/hosts setup.yml \
--extra-vars='postgres_default_import_database=synapse server_path_postgres_dump=<server-path-to-postgres-dump.sql>' \
--tags=import-postgres
```
We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too).
**Note**: `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!).
## Troubleshooting
A table ownership issue can occur if you are importing from a Synapse installation which was both:

24
docs/installing.md
Unescape View File

@ -36,11 +36,19 @@ When you're ready to start the Matrix services (and set them up to auto-start in
ansible-playbook -i inventory/hosts setup.yml --tags=start
```
Now that the services are running, you might want to:
- **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md)
- or [create your first user account](registering-users.md)
- or [set up the Dimension Integrations Manager](configuring-playbook-dimension.md)
- or [check if services work](maintenance-checking-services.md)
- or learn how to [upgrade your services when new versions are released](maintenance-upgrading-services.md)
- or learn how to [migrate to another server](maintenance-migrating.md)
Now that services are running, you need to **finalize the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md)
## Things to do next
If you have started services and **finalized the installation process** (required for federation to work!) by [Configuring Service Discovery via .well-known](configuring-well-known.md), you can:
- [check if services work](maintenance-checking-services.md)
- or [create your first Matrix user account](registering-users.md)
- or [set up additional services](configuring-playbook.md#other-configuration-options) (bridges to other chat networks, bots, etc.)
- or learn how to [upgrade services when new versions are released](maintenance-upgrading-services.md)
- or learn how to [maintain your server](faq.md#maintenance)
- or join some Matrix rooms:
* via the *Explore rooms* feature in Element or some other client, or by discovering them using this [matrix-static list](https://view.matrix.org). Note: joining large rooms may overload small servers.
* or come say Hi in our support room - [#matrix-docker-ansible-deploy:devture.com](https://matrix.to/#/#matrix-docker-ansible-deploy:devture.com). You might learn something or get to help someone else new to Matrix hosting.
- or help make this playbook better by contributing (code, documentation, or [coffee/beer](https://liberapay.com/s.pantaleev/donate))

13
docs/maintenance-postgres.md
Unescape View File

@ -19,6 +19,17 @@ You can use the `/usr/local/bin/matrix-postgres-cli` tool to get interactive ter
If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above tool will not be available.
By default, this tool puts you in the `matrix` database, which contains nothing.
To see the available databases, run `\list` (or just `\l`).
To change to another database (for example `synapse`), run `\connect synapse` (or just `\c synapse`).
You can then proceed to write queries. Example: `SELECT COUNT(*) FROM users;`
**Be careful**. Modifying the database directly (especially as services are running) is dangerous and may lead to irreversible database corruption.
When in doubt, consider [making a backup](#backing-up-postgresql).
## Vacuuming PostgreSQL
@ -53,6 +64,8 @@ pg_dumpall -h matrix-postgres \
If you are using an [external Postgres server](configuring-playbook-external-postgres.md), the above command will not work, because the credentials file (`/matrix/postgres/env-postgres-psql`) is not available.
If your server is on the ARM32 [architecture](alternative-architectures.md), you may need to remove the `-alpine` suffix from the image name in the command above.
Restoring a backup made this way can be done by [importing it](importing-postgres.md).

10
docs/prerequisites.md
Unescape View File

@ -1,12 +1,14 @@
# Prerequisites
- An **x86** server running one of these operating systems:
To install Matrix services using this Ansible playbook, you need:
- (Recommended) An **x86** server ([What kind of server specs do I need?](faq.md#what-kind-of-server-specs-do-i-need)) running one of these operating systems:
- **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300))
- **Debian** (9/Stretch+)
- **Ubuntu** (16.04+, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
- **Debian** (9/Stretch or newer)
- **Ubuntu** (16.04 or newer, although [20.04 may be problematic](ansible.md#supported-ansible-versions))
- **Archlinux**
We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
Generally, newer is better. We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
This playbook somewhat supports running on non-`amd64` architectures like ARM. See [Alternative Architectures](alternative-architectures.md).

6
docs/self-building.md
Unescape View File

@ -2,13 +2,14 @@
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required.
The playbook supports self-building of various components, which don't have a container image for your architecture (see the [container images we use](container-images.md)). For `amd64`, self-building is not required.
For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image.
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it directly. If not, it will build the image on the server itself.
Note that **not all components support self-building yet**.
List of roles where self-building the Docker image is currently possible:
- `matrix-synapse`
- `matrix-synapse-admin`
@ -18,6 +19,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-corporal`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`

5
examples/hosts
Unescape View File

@ -9,10 +9,11 @@
# to the host line below or by adding `ansible_ssh_pipelining: False` to your variables file.
#
# If you're running this Ansible playbook on the same server as the one you're installing to,
# consider adding an additional `ansible_connection=local` argument below.
# consider adding an additional `ansible_connection=local` argument to the host line below.
#
# Ansible may fail to discover which Python interpreter to use on the host for some distros (like Ubuntu 20.04).
# You may sometimes need to explicitly add `ansible_python_interpreter=/usr/bin/python3` to lines below.
# You may sometimes need to explicitly add the argument `ansible_python_interpreter=/usr/bin/python3`
# to the host line below.
[matrix_servers]
matrix.<your-domain> ansible_host=<your-server's external IP address> ansible_ssh_user=root

14
examples/host-vars.yml → examples/vars.yml
Unescape View File

@ -4,7 +4,7 @@
# Note: this playbook does not touch the server referenced here.
# Installation happens on another server ("matrix.<matrix-domain>").
#
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# If you've deployed using the wrong domain, you'll have to run the Uninstalling step,
# because you can't change the Domain after deployment.
#
# Example value: example.com
@ -18,12 +18,18 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: YOUR_EMAIL_ADDRESS_HERE
matrix_ssl_lets_encrypt_support_email: ''
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ""
matrix_coturn_turn_static_auth_secret: ''
# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: ""
matrix_synapse_macaroon_secret_key: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
matrix_postgres_connection_password: ''

240
group_vars/all/vault.yml
Unescape View File

@ -1,118 +1,124 @@
$ANSIBLE_VAULT;1.1;AES256
66633865333931323532653061623366633536306531613738666236333563383462393236393565
3030643933643865303563613966663935616632306163380a353739306336386239346262373736
66353963373834393465363763643335623563303236366239643062366132623433623639643431
3432313830613565610a383938386133623966386631306530313865323234386534613665616262
35383266663431353736393337313631663739363634396364393135646562633432623330303434
32623238366437333237376437636333386130326636346462663165366465303232353937646161
36396466626630333963323131303336663337333061613531346563316666626461646138353931
65346135396266623434333362376162616166373163303734303033303634353031303762393338
32353833646439303233343230323131323765623863366663666337316332613339393337353634
62383131653363613938363834376235316330343064623234393062626134396365393761383339
35343035646133343733373339353763646562343765363135346233393466666239306333346264
37353962626132653032343332633936326166323138643134326563306263613234643636393938
30343566663135343037663138633566653762323037373936336663376132663266663731613731
64623237326563366439353065326531326136666564396537383462633132373530393131396666
37356132333764383239306261643163616164383466616463643135326365663763393437623837
61353134623336666233636563373538623562623132636264663930643661336561346535326262
34643832303365653839626161633162666565636536656338346332623461373935313030663964
64323366613130333264313136343135396562643561383235376130666334363536333265616361
31656165653838313964313864396439323266303439383838323931363161343132326163643264
31333933386164663438343739616138313064353338616366353237393131353234663634643964
31336437343261356636396162386434313332356461646561306435363734306634336264653839
39366138373162393163656437626634373533656137353266313633316239616337633066343863
32396138393731386131653131633566616161326363613638623635646136633234623664656631
65633063663330386330343461336133663165323337303534303435646330333066306230636464
36373061393663646262303832376235366635353535613730633835663236656138653534353134
31313334623530326534376332616562643139303265623761666438616362613134663533383230
64653961306565333337353731323135393965656232626630666431633435333531626431633832
33393138653431613830353635323165383265636661316430336461353034353536623164653764
39303332323066343266643966336633353561386234643139663539653435653036646665666163
38636261393361366437336535666563393632316332623366363536373564356238353436326639
61393533343936613531333439386162386162313138386536663037663936646135643765396664
34393533363137613039306335313462643437623861396566356338653734356361656233323332
63353163653162646131356439306662376266636438393435663961303239666339616266383864
66393837363739353665353234336534333965333735353335316531383963336233623430393432
66316531663661363362383965643461303339666436376637633233303733333636346365353239
64363433366135303530636461656165396530353134623536323631646564656236666161303065
65393438313864623633303365356430626133363165323433353837646139646566316431666233
35393562316137346331353637626134376138373266373233346136643336356238393065303265
38396432346539373066313763643137643165613563346536663164363635326635623835373736
62623231376562343138383563633266303733323937633738303330353436653434353838303563
34383963323331303932666566666137383366663364646334326632366136663763386138666461
36653764363931386465313134343638373935323061303063323262626133346562326535663330
64333662663837333931373038663165633730636332366235636364363335376233373565303330
61663432363233626236643130303135386334613464343861363338626632613731373231653337
61353933313935623965333461333662346364343639333362616165656634373031363532373764
38373139633038623934663639653430633564303830633864366134323835643039386439323961
37373733626534303764393362633561363933326366323265373335653135653432633664383838
39613964646361303761663535363837326263396432656565326232313135643335386239653030
38326562333533363738366161343936303732346439363266626365363833663036323065313563
33306435353632613862356531636331356538613633393932643165386361376361373434616630
33623431343031623336386136386661303166343838666330383036653462623339613962616266
33303536666237376135326139376236616138346231383932326566343537656530396464633963
37626239623230326137323061343961336561303434343963363530613263633466383232613364
61366263383434633139613831623738653434303162643738663836373931636136613631356237
64326133313833336364353164363032363539323630616337336663633238336636633130376138
37623933646230643439323934666564663132393233363135353630646630633065653839316665
30386439313965633061366232333764393538323862643130633937363239363338663034623333
37326564373538623661616637373434633961393361383965383439383065316462373763346465
64626662646538326532643839333435313066333462656634373832396439393236323865646239
33313032376166633861336366393036333431313565663266643133366631303034666464333566
37333631393639646438666665323937656262396665336561623866613766656363353762386265
30396533653231666439613239316564626236303635646538353335383534666339666566633837
35653961386135353735636434333830323564656466306365663763346633396530646536396135
36346133666665343334623536383931373435333562653634303538326136363062613732653832
31373239616337386332346434393339316563366365653933616161316130626639396134306636
64613037623539343061313961646263316134613632626165623532306563653639373263633032
39353864393734396537386134633561386262353837653931653362306139323538623639356539
61623131626662656531366433333363633766636662376366313537383930373434353865306562
37383462346264323936396461336365646663653732333765666364386331343339633366393835
34626533613736323962636236306265323665366163306430336261306130663464323931656133
34653538376439313036316632366231663264323739373032623332343038383364303335366562
34656133373465333665643238663665643137626261303938646466343463353562363330323638
61383232383038363961393636316161303366373237626665303532633336336436626662363733
34356466333330626337643437656239396566666362353130303836353262336534376564363830
30313737373730636130383363323737313531663961343438343061393138353765393830653566
39303439383738613662336663353764323932306632633932643165633431623063346166613966
62326438383037376435613861623530336161386535303566626461393737303263643932343862
65386537306235363837653139353130643638626662363166636463633030656339613865313738
36306365616334363933343165386265386163303432303233633333303134633566643561346661
38386436633061376437313464336333386332376337383136396638643261613832656133313366
63343134333030646331663466316331643432386363646134306462303664393165383563353264
37336465323638656664343830383431376361383535663632393363383234663462393332633438
36383134366236393834663237666138353661306564303631336330396634366338643034346331
37393962636165616462653632626333346537313131393261346632613166343663393265356537
39316633633633396236373532313338386536316337373037666661303030356564383632343065
62373438396666356336383963356263316531333032653666646162363139303336646431303430
65363662376130616436316435313464353038313338636239383665663432343930396238393764
38363734386662313061643139626335336462653635373861663633636364363964316162646235
62336238653337303863303761303262333666366237626464666666666230613863343631386464
37313234333561633534313564393932363865363635303434653236393036363033666431376261
63373234376361386166316238646462343765633331366166383864656130613466633435646338
38656438616238323638663636626430633766623538343735313631303963306663386331396331
36393333323938356433316132303637373165323532373363323837643866373034356133393832
34653437623333323835643865633865626663633362303535336565386636316232376164336432
65333839646264323939636662373035323231663733623034386135653436663261363634613439
34646331666633376461323430623862393736633635323266343334646135636434373235643263
63373733346537633662613832373566396163663864346630313766336166373733303565316534
62373832323433653464653133363764633565326435663230613966383562313638306235336433
65666636353331323865386437303035376264316633376637663562373739343636633235393232
33396534623036323831323065393236366662313263633339333034633231313434323238393834
37636433376465343334396632666636356665383163323236313633383530663632366232613763
32326134353936343233306262636163393734366631623861626266393765396230653662393434
66623335363232643933326333646364616532323434353464366138636335333138613636393435
34643534653766356539396536656336663537346637313437623835306132653532323963393337
65626462653939336335623262633262383636316565663661663538383330393233396634363531
65303331663662633236393664633166666661633735376263346235343362363662626232363232
66373661393031353064323932613361363734373638623531643863396361323232373265643361
62323033383431323431633235333535663262353938353064303765336139356134656364343433
39356232316436633165643361383135373962626536633662663230366662333262626530663633
66376630633036313537326634616337346466616333396665663063316334636436636438633938
66393934306562663431396665323238633761383333316665316535656161393862346535393436
36316462323636623539346666636639626438343539646230653934373764316539366465383135
36306664623039316336646135633530343235356630613161623638616339306262373466323830
35666531626530653435326333383831363239383564633531383437376566666232366431343865
37353430623138393664346237623839656666316638366532633933383534313734373166336464
37613139313338323962633735636332373265356132643437663137383035646332366330366163
32623538336565663061326237643763663637643735633431333232356330646533
34346166323534643061393764656165333234303064313338623564303233666666323136666331
3331353237396233323933373433343962356231346461370a383835396234396636343961663932
66383935653634633465383831636538653331393030323639306265333065376461323932396639
3537383434303562610a373930363836636262623031393561326135323738393033336239623831
66646563393232353738633539323664646635313961353534353238343866646139386634626562
38326239386539386362393532666434323561316437633464626465343936356138326664316662
34643133306639653237343135313835643236636631643034366263653164383535393037326365
31663166623737356430386665303236343333316362356361306339363664303166316134343834
35303064666163663431663432316366653961666464383965613837366666366638666262653237
32366338393966386661623734643633363532636135623330323835313064333962333066343033
62396362613564393035663063393038643238663263323464333333306538353634636663383962
61616331393034623365353636613030303037663663386663656237663263386334393730393964
62623433346264633332363764303964343836306365646466346137383031366261333065383162
63633039313932656363613632613839316437373634316462326136373537386461623064343565
33386161373764636661663166613339313438356232336466366230336237653931386562663535
64646630613738646666303663656132366537336563626265303230326662623366613138383436
64323431333139373639356438623832363335323632306661386436366562313732613135653439
66653337366263666433653837373761616365303435363366623661616464353736643365303962
39313836633839316461323837373232636639376438316338383039313931646130663831306333
38663039306464653863636437323730663731623535653239316266656561646639383561626337
31393131316463636266303537663135323238316262346435343437343635363932623738316466
63366364643534653365373565613038306230346131623061616263323035346139333836643439
37316565303262643762633765666163376663666137356431313963353639313738643932363166
62313837646164326133616362313238633334366238613136396165366635323564363434303130
64323532393234613461393436613364366331633364333265386532353062373338663563323033
35346332623762386430626238333830393339353766383663306632333639396139393834326239
32333965373861363232316162306132646435336562346563653361356139376539343266613264
33303765316137613232623136343938633534396235393936356664613864333961656536333636
39383730366439633861633166383830376134633835643435333039313237333862666665373136
33646330386434663539366135643132383333316531346264653731323536333464623133383835
34373936653033333565386335363538623930373539666236376362376433396337643762356535
37383039373334343230663338623339666365343865643137316531373839623035353937333562
34373439353761386230393936626164346437613565653835366438313732666466303131666638
39663664333362626163366339623738636133373262626366636364333735393730643231613061
34666434626461643837633861613736303239343133663663656265363465663038356165323562
64353731613931633536373262623137313535323262373532653233326564623264663032636666
36663537303930363132353463393735666438396131613536353938643039636238653465323066
65633261396433333332633465643239343930366631613436366361613366326434353534336165
39663535653638323334376333383031343832653132343162326137356435616262346330353462
39663266633235353831326462623333626631383364303039336631323131393265346335613036
61333430303837323135393631653233633066343264636439636561633465326333313838333737
38316364643262356535366438353830666364386635353835656539383434666633343831393331
61613132363062633133663631623134393465393561346235653763326631343935373330373832
39613935326535386463653563316331313638356165646461353931653439313163393166366463
38623262373939373066626239656130666164373837303665356566313636323830356539613339
66616263363738653138393532653539643766633162343838376362636362616335383365366633
33303038303332386239396534663164386564653637333338383838323232336337646330373761
62626562306239396163323934383566373831323933383231333365626436383135653431336364
39343637666638613438376162633365613365343837633863373931346664366163346335353333
30613265323034653461376461313231663731343438623331393739323961363862326233653931
36353739346134363261303536616235363331623539313432623062326433346238393663316139
61656530373164616564626236656232343036363337333362353532363132303066303032656630
61303431643763373839656135383730653533396434626166666365656262373231383265303564
34613065356538636339626137663964343462633135376463366262636338373666383861383035
65313139316430316533396365616138653536656561346636316565616636363434303762333364
30366331393566663436343839323562323432393631383939633631366435666363303037336536
66623736316539303836353935303738666366383533653863323733636365613233363634306438
35353332653134646663633838316264313434303639643937333531386335613537626161663035
33323935323035386364613238336335616532626462656265643531656464626232666133343439
39376263353764613033326363386134386338303734373761396361613266316466333663346636
38393136666333336437313731336533633133663631643837313366396531353164313264386238
39306532303161643864643434656538343030366334663737643036643565303534663130613566
38393661336637396433346166633731663265393864323565353464613337363238646532353765
61666633313235613839363762663737333234316562643837636164373536306435383634646161
35663134333837663964366237613035663733666463396132396533623833383663386532313830
61326436363431653934383234353034346434643433363933646538636636663661363362663662
62306636303139616138323365646437643135386131396237396132643362346566626463323937
39623731303766626431313062356335633135373031643266333438373964653538386265326637
35613730346137366664636433353062613735303035636265313566343131643834613861343762
61356237626533613366333462323632363731363066616361393536383064663566386536373533
62376631303666323031313666363631326636313938346564363137656532626330666362663065
35346662373164363031356430383838356136663764336336393532363561353535373838626135
65633339653837336238386331653030613362376133643038373839643361633036653039356235
37656136313839656264616637386538373734343962643261323031666366643837633863353433
39306236376230613566323562356631613763366130623964336364666132363863303032363863
63613138303735666539306464303564356234643266636432396561373566386265633531316363
64373334323837386531386233363935393035316362303661343535303033643739343235303563
36343064383337306534396565393164306436303861396639343937366330326536633935323136
36323633363634356265353333396166376634663161366438333035613162366366636239336366
63336635366438396534366234643332343231626466636464653761333763383062626234336635
37346332323363313138656539653264363531633331623435353666303536616561623863363962
35653732353239306437626265356434393930316534393365383931396337303166613237613433
39376531303862343630336461373839323436626236313535663339636638386566356535356430
35663331633137323166623864373437383265613030336261306563326232383839623965346239
37666135646631663763333035616637616661623034633530333033323266663234336130383632
30613437323365333938313364363331393364636435306231313535363237643735303539633036
34313833336661616334366265383565393332396131303866333462356638646139343739663838
30366630343233393161643431356339323565653431313166613836636635363764313261343066
35653934323030633262323333613265393461383034303266323934353334663832616461393564
36646663613062333137666635623137336163666363663237363064646437643835646164623665
65656465393133663663646536663332633732343635393637646634663632613864343334353933
61393238383336353635633334616530363831396431393337666438663163383538613137636238
39303261306339303633396166363838316330643238613939656335643431323065623764336465
30636330363036343164306564323732393331653465343038663466643031303235643130323339
37343334646435376564663030653032393165313337363165356466323035343530343261623632
33353533626635346433306130613862653061323438306439303664376563306565623736643034
63623432363031346639363234303866346462353536346431303539396632636332643739653934
33313836666637383363353166663363353535316535343334346164653939323632396263306637
39653663643238636633313736336236333531343362353430623964646366346261633663353930
32636364376436303264383562373462393461393432333366623834333164646136666133306337
31663733636162653466363134393163343035393533386132346235626435363336323163663863
31303435323032613462303163663836623135373330393631356334623730643266373063616133
35393862643738626530616365636665636462663235336337613339313431616435313535303365
66383332336662623964333434356333393636393134663034306432633638616439383739366634
61373864646634383563623632326131626430653334323362363637343238663836343136353930
63363239343539636365386566303933393431353064313064346663613930373737336632363935
38616131383034643363346236396564303936303437363133613432656239356463646130316438
66333739356565666433323839646436666630613132373164303933303431363231653630356262
38313766623133613837633232323137626164333138643834316431313666396462373532633338
62616561626236633136313261326563316662306632633438336139653338386361386632386362
65333933313832616562623739633037616634343333393731336265636266333934653638663039
35396334633932636163346662623961613463376135323938353333653631613064316539656164
32653833623965366135656635343465373935333534366466396132336561663831613661643862
61373037323766633539306161303234373539626133323763386664306261386634366136623832
64633266333634356132343462336236623637633539626531363866336230373138333836653566
62656231366234626561636564666331313863326266313630623734363132363663663365643666
33333033356334333061613539366163653731306639653664336635386130303339303737626338
38643630356666363065373734333031633033666530303763663461326135363336653334363933
38363336333164363633333431303935333336323237303536363062656237353262383739323063
31303662633033353639306634336338616539333932343164383732303437353766623532663232
36333961323232663661323439343330393061666661306130633738633331363935396363353533
63313965333435633865373137383031333738353263346538363236636639373265306634326266
363532356361373037656632383034323936

292
group_vars/matrix_servers
Unescape View File

@ -18,6 +18,10 @@
matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matrix_ma1sd_enabled else None }}"
# If Synapse workers are enabled and matrix-nginx-proxy is disabled, certain APIs may not work over 'http://matrix-synapse:8008'.
# This is because we explicitly disable them for the main Synapse process.
matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else 'http://matrix-synapse:8008' }}"
######################################################################
#
# /matrix-base
@ -149,6 +153,8 @@ matrix_appservice_slack_database_password: "{{ matrix_synapse_macaroon_secret_ke
# We don't enable bridges by default.
matrix_appservice_irc_enabled: false
matrix_appservice_irc_container_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# matrix-appservice-irc's client-server port to the local host.
@ -208,7 +214,8 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
matrix_mautrix_facebook_bridge_presence: "{{ matrix_synapse_use_presence if matrix_synapse_enabled else true }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_facebook_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_facebook_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.fb.db') | to_uuid }}"
@ -258,6 +265,46 @@ matrix_mautrix_hangouts_database_password: "{{ matrix_synapse_macaroon_secret_ke
######################################################################
######################################################################
#
# matrix-bridge-mautrix-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_instagram_enabled: false
matrix_mautrix_instagram_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_instagram_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_mautrix_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.as.token') | to_uuid }}"
matrix_mautrix_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ig.hs.token') | to_uuid }}"
matrix_mautrix_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mautrix_instagram_bridge_presence: "{{ matrix_synapse_use_presence if matrix_synapse_enabled else true }}"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_instagram_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_instagram_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.ig.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-instagram
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-signal
@ -280,7 +327,7 @@ matrix_mautrix_signal_systemd_required_services_list: |
matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_signal_homeserver_address: "{{ 'http://matrix-synapse:8008' if matrix_synapse_enabled else '' }}"
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signal_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'si.hs.token') | to_uuid }}"
@ -619,6 +666,41 @@ matrix_mx_puppet_steam_database_password: "{{ matrix_synapse_macaroon_secret_key
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-groupme
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_groupme_enabled: false
matrix_mx_puppet_groupme_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_groupme_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_mx_puppet_groupme_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.as.tok') | to_uuid }}"
matrix_mx_puppet_groupme_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxgro.hs.tok') | to_uuid }}"
matrix_mx_puppet_groupme_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mx_puppet_groupme_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mx_puppet_groupme_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxpup.groupme.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mx-puppet-groupme
#
######################################################################
######################################################################
#
@ -670,7 +752,8 @@ matrix_corporal_systemd_required_services_list: |
(['matrix-synapse.service'])
}}
matrix_corporal_matrix_homeserver_api_endpoint: "http://matrix-synapse:8008"
# This goes to Synapse's vhost
matrix_corporal_matrix_homeserver_api_endpoint: "{{ matrix_homeserver_container_url }}"
matrix_corporal_matrix_auth_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
@ -754,7 +837,30 @@ matrix_dimension_database_password: "{{ matrix_synapse_macaroon_secret_key | pas
#
######################################################################
######################################################################
#
# matrix-etherpad
#
######################################################################
matrix_etherpad_enabled: false
matrix_etherpad_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9001' }}"
matrix_etherpad_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_etherpad_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'etherpad.db') | to_uuid }}"
######################################################################
#
# /matrix-etherpad
#
######################################################################
######################################################################
#
@ -817,6 +923,13 @@ matrix_jitsi_web_stun_servers: |
else [ 'stun:meet-jit-si-turnrelay.jitsi.net:443']
}}
# If the self-hosted Etherpad instance is available, it will also show up in Jitsi conferences,
# unless explicitly disabled by setting `matrix_jitsi_etherpad_enabled` to false.
# Falls back to the scalar.vector.im etherpad in case someone sets `matrix_jitsi_etherpad_enabled` to true,
# while also setting `matrix_etherpad_enabled` to false.
matrix_jitsi_etherpad_enabled: "{{ matrix_etherpad_enabled }}"
matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enabled else 'https://scalar.vector.im/etherpad' }}"
######################################################################
#
# /matrix-jitsi
@ -882,7 +995,7 @@ matrix_ma1sd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matr
matrix_ma1sd_dns_overwrite_enabled: true
matrix_ma1sd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
matrix_ma1sd_dns_overwrite_homeserver_client_value: "http://{{ matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container }}"
# By default, we send mail through the `matrix-mailer` service.
matrix_ma1sd_threepid_medium_email_identity_from: "{{ matrix_mailer_sender_address }}"
@ -929,8 +1042,8 @@ matrix_ma1sd_database_password: "{{ matrix_synapse_macaroon_secret_key | passwor
# If that's not the case, you may wish to disable this and take care of proxying yourself.
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-synapse:8008' }}"
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:8008' }}"
matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container: "{{ 'matrix-corporal:41080' if matrix_corporal_enabled else 'matrix-nginx-proxy:12080' }}"
matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container: "{{ '127.0.0.1:41080' if matrix_corporal_enabled else '127.0.0.1:12080' }}"
matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: "{{ matrix_synapse_max_upload_size_mb }}"
matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: "{{ matrix_synapse_admin_enabled }}"
@ -941,6 +1054,7 @@ matrix_nginx_proxy_proxy_matrix_enabled: true
matrix_nginx_proxy_proxy_element_enabled: "{{ matrix_client_element_enabled }}"
matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled }}"
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
@ -953,12 +1067,19 @@ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container: "127.0.0.1:809
# By default, we do TLS termination for the Matrix Federation API (port 8448) at matrix-nginx-proxy.
# Unless this is handled there OR Synapse's federation listener port is disabled, we'll reverse-proxy.
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: "{{ matrix_synapse_federation_port_enabled and not matrix_synapse_tls_federation_listener_enabled }}"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088"
# Settings controlling matrix-synapse-proxy.conf
matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
matrix_nginx_proxy_proxy_synapse_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
# This used to be hooked to `matrix_synapse_metrics_enabled`, but we don't do it anymore.
# The fact that someone wishes to enable Synapse metrics does not necessarily mean they want to make them public.
# A local Prometheus can consume them over the container network.
matrix_nginx_proxy_proxy_synapse_metrics: false
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
@ -968,6 +1089,16 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ m
matrix_nginx_proxy_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"
matrix_nginx_proxy_synapse_presence_disabled: "{{ not matrix_synapse_use_presence }}"
matrix_nginx_proxy_synapse_workers_enabled: "{{ matrix_synapse_workers_enabled }}"
matrix_nginx_proxy_synapse_workers_list: "{{ matrix_synapse_workers_enabled_list }}"
matrix_nginx_proxy_synapse_generic_worker_client_server_locations: "{{ matrix_synapse_workers_generic_worker_client_server_endpoints }}"
matrix_nginx_proxy_synapse_generic_worker_federation_locations: "{{ matrix_synapse_workers_generic_worker_federation_endpoints }}"
matrix_nginx_proxy_synapse_media_repository_locations: "{{matrix_synapse_workers_media_repository_endpoints|default([]) }}"
matrix_nginx_proxy_synapse_user_dir_locations: "{{ matrix_synapse_workers_user_dir_endpoints|default([]) }}"
matrix_nginx_proxy_synapse_frontend_proxy_locations: "{{ matrix_synapse_workers_frontend_proxy_endpoints|default([]) }}"
matrix_nginx_proxy_systemd_wanted_services_list: |
{{
(['matrix-synapse.service'])
@ -991,7 +1122,11 @@ matrix_ssl_domains_to_obtain_certificates_for: |
+
([matrix_server_fqn_jitsi] if matrix_jitsi_enabled else [])
+
([matrix_server_fqn_grafana] if matrix_grafana_enabled else [])
+
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
+
matrix_ssl_additional_domains_to_obtain_certificates_for
}}
matrix_ssl_architecture: "{{
@ -1020,16 +1155,22 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
matrix_postgres_enabled: true
matrix_postgres_connection_hostname: "matrix-postgres"
matrix_postgres_connection_username: "synapse"
# Please note that the max length of the password is 99 characters
matrix_postgres_connection_password: "synapse-password"
matrix_postgres_db_name: "homeserver"
matrix_postgres_architecture: "{{ matrix_architecture }}"
# We unset this if internal Postgres disabled, which will cascade to some other variables
# and tell users they need to set it (either here or in those variables).
matrix_postgres_connection_hostname: "{{ 'matrix-postgres' if matrix_postgres_enabled else '' }}"
matrix_postgres_pgloader_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_postgres_additional_databases: |
{{
([{
'name': matrix_synapse_database_database,
'username': matrix_synapse_database_user,
'password': matrix_synapse_database_password,
}] if (matrix_synapse_enabled and matrix_synapse_database_database != matrix_postgres_db_name and matrix_synapse_database_host == 'matrix-postgres') else [])
+
([{
'name': matrix_ma1sd_database_name,
'username': matrix_ma1sd_database_username,
@ -1078,6 +1219,12 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_hangouts_database_password,
}] if (matrix_mautrix_hangouts_enabled and matrix_mautrix_hangouts_database_engine == 'postgres' and matrix_mautrix_hangouts_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_instagram_database_name,
'username': matrix_mautrix_instagram_database_username,
'password': matrix_mautrix_instagram_database_password,
}] if (matrix_mautrix_instagram_enabled and matrix_mautrix_instagram_database_engine == 'postgres' and matrix_mautrix_instagram_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_signal_database_name,
'username': matrix_mautrix_signal_database_username,
@ -1132,11 +1279,23 @@ matrix_postgres_additional_databases: |
'password': matrix_mx_puppet_steam_database_password,
}] if (matrix_mx_puppet_steam_enabled and matrix_mx_puppet_steam_database_engine == 'postgres' and matrix_mx_puppet_steam_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mx_puppet_groupme_database_name,
'username': matrix_mx_puppet_groupme_database_username,
'password': matrix_mx_puppet_groupme_database_password,
}] if (matrix_mx_puppet_groupme_enabled and matrix_mx_puppet_groupme_database_engine == 'postgres' and matrix_mx_puppet_groupme_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_dimension_database_name,
'username': matrix_dimension_database_username,
'password': matrix_dimension_database_password,
}] if (matrix_dimension_enabled and matrix_dimension_database_engine == 'postgres' and matrix_dimension_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_etherpad_database_name,
'username': matrix_etherpad_database_username,
'password': matrix_etherpad_database_password,
}] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else [])
}}
matrix_postgres_import_roles_to_ignore: |
@ -1161,6 +1320,22 @@ matrix_postgres_import_databases_to_ignore: |
######################################################################
#
# matrix-redis
#
######################################################################
matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
######################################################################
#
# /matrix-redis
#
######################################################################
######################################################################
#
# matrix-client-element
@ -1216,7 +1391,7 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
#
######################################################################
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm32', 'arm64', 'amd64'] }}"
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# When ma1sd is enabled, we can use it to validate email addresses and phone numbers.
# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server.
@ -1241,11 +1416,11 @@ matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (ma
#
# For exposing the Synapse Manhole port (plain HTTP) to the local host.
matrix_synapse_container_manhole_api_host_bind_port: "{{ '127.0.0.1:9000' if matrix_synapse_manhole_enabled else '' }}"
#
# For exposing the Synapse worker (and metrics) ports to the local host.
matrix_synapse_workers_container_host_bind_address: "{{ '127.0.0.1' if (matrix_synapse_workers_enabled and not matrix_nginx_proxy_enabled) else '' }}"
matrix_synapse_database_host: "{{ matrix_postgres_connection_hostname }}"
matrix_synapse_database_user: "{{ matrix_postgres_connection_username }}"
matrix_synapse_database_password: "{{ matrix_postgres_connection_password }}"
matrix_synapse_database_database: "{{ matrix_postgres_db_name }}"
matrix_synapse_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'synapse.db') | to_uuid }}"
# We do not enable TLS in Synapse by default.
# TLS is handled by the matrix-nginx-proxy, which proxies the requests to Synapse.
@ -1255,6 +1430,9 @@ matrix_synapse_tls_private_key_path: ~
matrix_synapse_federation_port_openid_resource_required: "{{ not matrix_synapse_federation_enabled and (matrix_dimension_enabled or matrix_ma1sd_enabled) }}"
# If someone instals Prometheus via the playbook, they most likely wish to monitor Synapse.
matrix_synapse_metrics_enabled: "{{ matrix_prometheus_enabled }}"
matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}"
matrix_synapse_email_smtp_host: "matrix-mailer"
matrix_synapse_email_smtp_port: 8025
@ -1295,6 +1473,11 @@ matrix_synapse_systemd_wanted_services_list: |
(['matrix-mailer.service'] if matrix_mailer_enabled else [])
}}
# Synapse workers (used for parallel load-scaling) need Redis for IPC.
matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}"
matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}"
matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}"
######################################################################
#
# /matrix-synapse
@ -1326,6 +1509,75 @@ matrix_synapse_admin_container_self_build: "{{ matrix_architecture != 'amd64' }}
######################################################################
#
# matrix-prometheus-node-exporter
#
######################################################################
matrix_prometheus_node_exporter_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus Node Exporter over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Prometheus' HTTP port to the local host.
matrix_prometheus_node_exporter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9100' }}"
######################################################################
#
# /matrix-prometheus-node-exporter
#
######################################################################
######################################################################
#
# matrix-prometheus
#
######################################################################
matrix_prometheus_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach Prometheus over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Prometheus' HTTP port to the local host.
matrix_prometheus_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9090' }}"
matrix_prometheus_scraper_synapse_enabled: "{{ matrix_synapse_enabled and matrix_synapse_metrics_enabled }}"
matrix_prometheus_scraper_synapse_targets: ['matrix-synapse:{{ matrix_synapse_metrics_port }}']
matrix_prometheus_scraper_synapse_rules_synapse_tag: "{{ matrix_synapse_docker_image_tag }}"
matrix_prometheus_scraper_node_enabled: "{{ matrix_prometheus_node_exporter_enabled }}"
######################################################################
#
# /matrix-prometheus
#
######################################################################
######################################################################
#
# matrix-grafana
#
######################################################################
matrix_grafana_enabled: false
# Normally, matrix-nginx-proxy is enabled and nginx can reach Grafana over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# Grafana's HTTP port to the local host.
matrix_grafana_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:3000' }}"
######################################################################
#
# /matrix-grafana
#
######################################################################
######################################################################
#
# matrix-registration
@ -1343,7 +1595,7 @@ matrix_registration_riot_instance: "{{ ('https://' + matrix_server_fqn_element)
matrix_registration_shared_secret: "{{ matrix_synapse_registration_shared_secret if matrix_synapse_enabled else '' }}"
matrix_registration_server_location: "{{ 'http://matrix-synapse:8008' if matrix_synapse_enabled else '' }}"
matrix_registration_server_location: "{{ matrix_homeserver_container_url }}"
matrix_registration_api_validate_certs: "{{ false if matrix_ssl_retrieval_method == 'self-signed' else true }}"

52
inventory/host_vars/matrix.awful.club/vars.yml
Unescape View File

@ -89,3 +89,55 @@ matrix_mx_puppet_twitter_consumer_secret: "{{ MATRIX_MX_PUPPET_TWITTER_CONSUMER_
matrix_mx_puppet_twitter_access_token: "{{ MATRIX_MX_PUPPET_TWITTER_ACCESS_TOKEN }}"
matrix_mx_puppet_twitter_access_token_secret: "{{ MATRIX_MX_PUPPET_TWITTER_ACCESS_TOKEN_SECRET }}"
matrix_mx_puppet_twitter_environment: "{{ MATRIX_MX_PUPPET_TWITTER_ENVIRONMENT }}"
# added by jlj -- irc bullshit
matrix_appservice_irc_enabled: true
matrix_appservice_irc_ircService_servers:
bouncer.awful.club:
name: "awful bouncer"
port: 5000
ssl: true
sasl: false
allowExpiredCerts: true
sendConnectionMessages: true
botConfig:
enabled: true
nick: "blindidiotgod"
joinChannelsIfNoUsers: true
privateMessages:
enabled: true
federate: false
dynamicChannels:
enabled: true
createAlias: true
published: true
joinRule: public
groupId: +myircnetwork:localhost
federate: true
aliasTemplate: "#irc_$CHANNEL"
membershipLists:
enabled: false
floodDelayMs: 10000
global:
ircToMatrix:
initial: false
incremental: false
matrixToIrc:
initial: false
incremental: false
matrixClients:
userTemplate: "@irc_$NICK"
displayName: "$NICK (IRC)"
joinAttempts: -1
ircClients:
nickTemplate: "$DISPLAY"
allowNickChanges: true
maxClients: 30
idleTimeout: 0
reconnectIntervalMs: 5000
concurrentReconnectLimit: 50
lineLimit: 3
# added by jlj 2/20/21 - synapse / psql updates require manual intervention
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"

9
roles/matrix-base/defaults/main.yml
Unescape View File

@ -21,6 +21,9 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access Jitsi.
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
# This is where you access Grafana.
matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
matrix_federation_public_port: 8448
# The architecture that your server runs.
@ -66,12 +69,18 @@ matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "ntp"
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
# Specifies where the homeserver is on the container network.
# Where this is depends on whether there's a reverse-proxy in front of it, etc.
# This likely gets overriden elsewhere.
matrix_homeserver_container_url: "http://matrix-synapse:8008"
matrix_identity_server_url: ~
matrix_integration_manager_rest_url: ~

9
roles/matrix-base/tasks/server_base/setup_debian.yml
Unescape View File

@ -23,7 +23,14 @@
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present
update_cache: yes
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and not ansible_distribution_release == 'bullseye'
- name: Ensure Docker repository is enabled (using Debian Buster on Debian Bullseye, for which there is no Docker yet)
apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} buster stable"
state: present
update_cache: yes
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and ansible_distribution_release == 'bullseye'
- name: Ensure APT packages are installed
apt:

7
roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
Unescape View File

@ -15,11 +15,14 @@ if [ "$sure" != "Yes, I really want to remove everything!" ]; then
exit 0
else
echo "Stop and remove matrix services"
for s in $(find {{ matrix_systemd_path }}/ -name "matrix-*" -printf "%f\n"); do
systemctl stop $s
for s in $(find {{ matrix_systemd_path }}/ -type f -name "matrix-*" -printf "%f\n"); do
systemctl disable --now $s
rm -f {{ matrix_systemd_path }}/$s
done
systemctl daemon-reload
echo "Remove matrix scripts"
find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
echo "Remove unused Docker images and resources"

2
roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
Unescape View File

@ -58,7 +58,7 @@ matrix_bot_matrix_reminder_bot_matrix_user_id: '@{{ matrix_bot_matrix_reminder_b
# The password that the bot uses to authenticate.
matrix_bot_matrix_reminder_bot_matrix_user_password: ''
matrix_bot_matrix_reminder_bot_matrix_homeserver_url: 'http://matrix-synapse:8008'
matrix_bot_matrix_reminder_bot_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}"
# The timezone to use when creating reminders.
# Examples: 'Europe/London', 'Etc/UTC'

2
roles/matrix-bot-matrix-reminder-bot/tasks/setup_uninstall.yml
Unescape View File

@ -7,7 +7,7 @@
- name: Ensure matrix-matrix-reminder-bot is stopped
service:
name: matrix-matrix-reminder-bot
name: matrix-bot-matrix-reminder-bot
state: stopped
daemon_reload: yes
register: stopping_result

8
roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-reminder-bot \
--log-driver=none \
@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
{{ matrix_bot_matrix_reminder_bot_docker_image }} \
-c "matrix-reminder-bot /config/config.yaml"
ExecStop=-{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot
ExecStop=-{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-matrix-reminder-bot

6
roles/matrix-bridge-appservice-discord/templates/config.yaml.j2
Unescape View File

@ -1,10 +1,10 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
domain: {{ matrix_appservice_discord_bridge_domain|to_json }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl|to_json }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
@ -33,7 +33,7 @@ bridge:
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
botToken: {{ matrix_appservice_discord_bot_token|to_json }}
# You must enable "Privileged Gateway Intents" in your bot settings on discord.com (e.g. https://discord.com/developers/applications/12345/bot)
# for this to work
usePrivilegedIntents: {{ matrix_appservice_discord_auth_usePrivilegedIntents|to_json }}

8
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-discord

8
roles/matrix-bridge-appservice-irc/defaults/main.yml
Unescape View File

@ -3,14 +3,18 @@
matrix_appservice_irc_enabled: true
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.17.1"
matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.23.0"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008'
matrix_appservice_irc_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
matrix_appservice_irc_homeserver_enablePresence: true

30
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
Unescape View File

@ -2,15 +2,17 @@
- name: Ensure Appservice IRC paths exist
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_appservice_irc_base_path }}"
- "{{ matrix_appservice_irc_config_path }}"
- "{{ matrix_appservice_irc_data_path }}"
- { path: "{{ matrix_appservice_irc_base_path }}", when: true }
- { path: "{{ matrix_appservice_irc_config_path }}", when: true }
- { path: "{{ matrix_appservice_irc_data_path }}", when: true }
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" }
when: item.when|bool
- name: Check if an old passkey file already exists
stat:
@ -59,6 +61,26 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool"
- name: Ensure matrix-appservice-irc repository is present when self-building
git:
repo: "{{ matrix_appservice_irc_docker_repo }}"
dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
force: "yes"
register: matrix_appservice_irc_git_pull_results
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool"
- name: Ensure matrix-appservice-irc Docker image is build
docker_image:
name: "{{ matrix_appservice_irc_docker_image }}"
source: build
force_source: yes
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: yes
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
- name: Ensure Matrix Appservice IRC config installed
copy:

8
roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-irc

2
roles/matrix-bridge-appservice-slack/tasks/setup_install.yml
Unescape View File

@ -2,7 +2,7 @@
- name: Ensure AppService Slack paths exist
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"

8
roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
{{ matrix_appservice_slack_docker_image }} \
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-slack

8
roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web
{{ matrix_appservice_webhooks_docker_image }} \
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-webhooks

20
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
Unescape View File

@ -7,7 +7,7 @@ matrix_mautrix_facebook_container_image_self_build: false
matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git"
# See: https://mau.dev/tulir/mautrix-facebook/container_registry
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:da1b4ec596e334325a1589e70829dea46e73064b"
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:latest"
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
@ -16,7 +16,7 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co
matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data"
matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src"
matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_facebook_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319'
@ -35,12 +35,15 @@ matrix_mautrix_facebook_homeserver_token: ''
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
# To use SQLite:
# - change the engine (`matrix_mautrix_facebook_database_engine: 'sqlite'`)
# - change to the last bridge version that supported SQLite:
# `matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:da1b4ec596e334325a1589e70829dea46e73064b"`
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
#
# To use Postgres:
# - change the engine (`matrix_mautrix_facebook_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
matrix_mautrix_facebook_database_engine: 'sqlite'
matrix_mautrix_facebook_database_engine: 'postgres'
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"
matrix_mautrix_facebook_sqlite_database_path_in_container: "/data/mautrix-facebook.db"
@ -66,6 +69,8 @@ matrix_mautrix_facebook_login_shared_secret: ''
matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}"
matrix_mautrix_facebook_appservice_bot_username: facebookbot
matrix_mautrix_facebook_bridge_presence: true
# Default configuration template which covers the generic use case.
@ -98,8 +103,11 @@ matrix_mautrix_facebook_registration_yaml: |
users:
- exclusive: true
regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_facebook_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_facebook_appservice_address }}
sender_localpart: facebookbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_facebook_appservice_bot_username }}
rate_limited: false
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}"

21
roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml
Unescape View File

@ -8,3 +8,24 @@
with_items:
- "matrix_mautrix_facebook_appservice_token"
- "matrix_mautrix_facebook_homeserver_token"
- block:
- name: Fail if on SQLite, unless on the last version supporting SQLite
fail:
msg: >-
You're trying to use the mautrix-facebook bridge with an SQLite database.
Going forward, this bridge only supports Postgres.
To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database
when: "not matrix_mautrix_facebook_docker_image.endswith(':da1b4ec596e334325a1589e70829dea46e73064b')"
- name: Inject warning if still on SQLite
set_fact:
matrix_playbook_runtime_results: |
{{
matrix_playbook_runtime_results|default([])
+
[
"NOTE: Your mautrix-facebook bridge setup is still on SQLite. Your bridge is not getting any updates and will likely stop working at some point. To learn more about this, see our changelog: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-the-mautrix-facebook-bridge-now-requires-a-postgres-database"
]
}}
when: "matrix_mautrix_facebook_database_engine == 'sqlite'"

44
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Unescape View File

@ -8,6 +8,10 @@ homeserver:
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Whether or not the homeserver supports asmux-specific endpoints,
# such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
# updating m.direct.
asmux: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
@ -22,11 +26,7 @@ appservice:
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
# The full URI to the database. Only Postgres is currently supported.
database: {{ matrix_mautrix_facebook_appservice_database|to_json }}
# Public part of web server for out-of-Matrix interaction with the bridge.
@ -38,20 +38,29 @@ appservice:
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# Shared secret for integration managers such as mautrix-manager.
# If set to "generate", a random string will be generated on the next startup.
# If null, integration manager access to the API will not be possible.
shared_secret: generate
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
bot_username: {{ matrix_mautrix_facebook_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
bot_avatar: mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
@ -76,6 +85,7 @@ bridge:
# "own_nickname" (user-specific!)
displayname_preference:
- name
- first_name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
@ -120,6 +130,18 @@ bridge:
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Facebook.
delivery_receipts: false
@ -161,6 +183,10 @@ bridge:
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
# attempt fails.
refresh_on_reconnection_fail: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Permissions for using the bridge.
# Permitted values:
@ -192,9 +218,7 @@ logging:
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
hbmqtt:
paho:
level: INFO
aiohttp:
level: INFO

15
roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
Unescape View File

@ -13,8 +13,13 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
# This bridge uses another mechanism for migrations now (migrations happen automatically during regular startup),
# so going forward, running this alembic stuff will not necessary.
# People who are upgrading from an older version of the bridge should go through this migration
# first though, so we're keeping it around for now.
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -39,10 +44,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /config/config.yaml
python3 -m mautrix_facebook -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-facebook

9
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
Unescape View File

@ -18,7 +18,7 @@ matrix_mautrix_hangouts_docker_src_files_path: "{{ matrix_mautrix_hangouts_base_
matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts'
matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
@ -71,6 +71,8 @@ matrix_mautrix_hangouts_appservice_database: "{{
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_hangouts_login_shared_secret: ''
matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -101,8 +103,11 @@ matrix_mautrix_hangouts_registration_yaml: |
users:
- exclusive: true
regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_hangouts_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_hangouts_appservice_address }}
sender_localpart: hangoutsbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_hangouts_appservice_bot_username }}
rate_limited: false
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}"

2
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Unescape View File

@ -32,7 +32,7 @@ appservice:
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
bot_username: {{ matrix_mautrix_hangouts_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot

10
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db 2>/dev/null'
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -42,10 +42,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml
python3 -m mautrix_hangouts -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts

103
roles/matrix-bridge-mautrix-instagram/defaults/main.yml
Unescape View File

@ -0,0 +1,103 @@
# mautrix-instagram is a Matrix <-> Instagram bridge
# See: https://github.com/tulir/mautrix-instagram
matrix_mautrix_instagram_enabled: true
matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/tulir/mautrix-instagram.git"
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}tulir/mautrix-instagram:latest"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_instagram_docker_image_force_pull: "{{ matrix_mautrix_instagram_docker_image.endswith(':latest') }}"
matrix_mautrix_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-instagram"
matrix_mautrix_instagram_config_path: "{{ matrix_mautrix_instagram_base_path }}/config"
matrix_mautrix_instagram_data_path: "{{ matrix_mautrix_instagram_base_path }}/data"
matrix_mautrix_instagram_docker_src_files_path: "{{ matrix_mautrix_instagram_base_path }}/docker-src"
matrix_mautrix_instagram_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330'
# A list of extra arguments to pass to the container
matrix_mautrix_instagram_container_extra_arguments: []
# List of systemd services that matrix-mautrix-instagram.service depends on.
matrix_mautrix_instagram_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-instagram.service wants
matrix_mautrix_instagram_systemd_wanted_services_list: []
matrix_mautrix_instagram_appservice_token: ''
matrix_mautrix_instagram_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables
matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'
matrix_mautrix_instagram_database_password: 'some-password'
matrix_mautrix_instagram_database_hostname: 'matrix-postgres'
matrix_mautrix_instagram_database_port: 5432
matrix_mautrix_instagram_database_name: 'matrix_mautrix_instagram'
matrix_mautrix_instagram_database_connection_string: 'postgres://{{ matrix_mautrix_instagram_database_username }}:{{ matrix_mautrix_instagram_database_password }}@{{ matrix_mautrix_instagram_database_hostname }}:{{ matrix_mautrix_instagram_database_port }}/{{ matrix_mautrix_instagram_database_name }}'
matrix_mautrix_instagram_appservice_database: "{{
{
'postgres': matrix_mautrix_instagram_database_connection_string,
}[matrix_mautrix_instagram_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_instagram_login_shared_secret: ''
matrix_mautrix_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_instagram_homeserver_domain: matrix_mautrix_instagram_login_shared_secret} if matrix_mautrix_instagram_login_shared_secret else {} }}"
matrix_mautrix_instagram_appservice_bot_username: instagrambot
matrix_mautrix_instagram_bridge_presence: true
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_instagram_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_instagram_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_instagram_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_instagram_configuration_yaml`.
matrix_mautrix_instagram_configuration_extension: "{{ matrix_mautrix_instagram_configuration_extension_yaml|from_yaml if matrix_mautrix_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_instagram_configuration_yaml`.
matrix_mautrix_instagram_configuration: "{{ matrix_mautrix_instagram_configuration_yaml|from_yaml|combine(matrix_mautrix_instagram_configuration_extension, recursive=True) }}"
matrix_mautrix_instagram_registration_yaml: |
id: instagram
as_token: "{{ matrix_mautrix_instagram_appservice_token }}"
hs_token: "{{ matrix_mautrix_instagram_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@instagram_.+:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_instagram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_instagram_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_instagram_appservice_address }}
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_instagram_appservice_bot_username }}
rate_limited: false
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml|from_yaml }}"

23
roles/matrix-bridge-mautrix-instagram/tasks/init.yml
Unescape View File

@ -0,0 +1,23 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-instagram.service'] }}"
when: matrix_mautrix_instagram_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-instagram-registration.yaml"] }}
when: matrix_mautrix_instagram_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix instagram image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_instagram_container_image_self_build"

21
roles/matrix-bridge-mautrix-instagram/tasks/main.yml
Unescape View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool"
tags:
- setup-all
- setup-mautrix-instagram
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_instagram_enabled|bool"
tags:
- setup-all
- setup-mautrix-instagram
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_instagram_enabled|bool"
tags:
- setup-all
- setup-mautrix-instagram

80
roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
Unescape View File

@ -0,0 +1,80 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-instagram role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Mautrix instagram image is pulled
docker_image:
name: "{{ matrix_mautrix_instagram_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_instagram_docker_image_force_pull }}"
when: matrix_mautrix_instagram_enabled|bool and not matrix_mautrix_instagram_container_image_self_build
- name: Ensure Mautrix instagram paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_instagram_base_path }}", when: true }
- { path: "{{ matrix_mautrix_instagram_config_path }}", when: true }
- { path: "{{ matrix_mautrix_instagram_data_path }}", when: true }
- {
path: "{{ matrix_mautrix_instagram_docker_src_files_path }}",
when: "{{ matrix_mautrix_instagram_container_image_self_build }}",
}
when: item.when|bool
- name: Ensure Mautrix instagram repository is present on self-build
git:
repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_instagram_git_pull_results
when: "matrix_mautrix_instagram_enabled|bool and matrix_mautrix_instagram_container_image_self_build"
- name: Ensure Mautrix instagram Docker image is built
docker_image:
name: "{{ matrix_mautrix_instagram_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_instagram_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_instagram_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_instagram_enabled|bool and matrix_mautrix_instagram_container_image_self_build|bool"
- name: Ensure mautrix-instagram config.yaml installed
copy:
content: "{{ matrix_mautrix_instagram_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_instagram_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-instagram registration.yaml installed
copy:
content: "{{ matrix_mautrix_instagram_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_instagram_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-instagram.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-instagram.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service"
mode: 0644
register: matrix_mautrix_instagram_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-instagram.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_instagram_systemd_service_result.changed"

23
roles/matrix-bridge-mautrix-instagram/tasks/setup_uninstall.yml
Unescape View File

@ -0,0 +1,23 @@
---
- name: Check existence of matrix-mautrix-instagram service
stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service"
register: matrix_mautrix_instagram_service_stat
- name: Ensure matrix-mautrix-instagram is stopped
service:
name: matrix-mautrix-instagram
state: stopped
daemon_reload: yes
when: "matrix_mautrix_instagram_service_stat.stat.exists"
- name: Ensure matrix-mautrix-instagram.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-instagram.service"
state: absent
when: "matrix_mautrix_instagram_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-instagram.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_instagram_service_stat.stat.exists"

9
roles/matrix-bridge-mautrix-instagram/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_instagram_appservice_token"
- "matrix_mautrix_instagram_homeserver_token"

234
roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
Unescape View File

@ -0,0 +1,234 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_instagram_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_instagram_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Whether or not the homeserver supports asmux-specific endpoints,
# such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
# updating m.direct.
asmux: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_instagram_appservice_address }}
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29330
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. Only Postgres is currently supported.
database: {{ matrix_mautrix_instagram_appservice_database|to_json }}
# Additional arguments for asyncpg.create_pool()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
database_opts:
min_size: 5
max_size: 10
# The unique ID of this appservice.
id: instagram
# Username of the appservice bot.
bot_username: {{ matrix_mautrix_instagram_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: instagram bridge bot
bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
# Community ID for bridged users (changes registration file) and rooms.
# Must be created manually.
#
# Example: "+instagram:example.com". Set to false to disable.
community_id: false
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_instagram_appservice_token }}"
hs_token: "{{ matrix_mautrix_instagram_homeserver_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
instagram:
# Seed for generating devices. This is secret because the seed is used to generate
# device IDs, which can apparently be used to bypass two-factor authentication after
# logging out, because Instagram is insecure.
device_seed: generate
# Bridge config
bridge:
# Localpart template of MXIDs for Instagram users.
# {userid} is replaced with the user ID of the Instagram user.
username_template: "instagram_{userid}"
# Displayname template for Instagram users.
# {displayname} is replaced with the display name of the Instagram user.
# {username} is replaced with the username of the Instagram user.
displayname_template: "{username} (Instagram)"
# Maximum length of displayname
displayname_max_length: 100
# Maximum number of seconds since the last activity in a chat to automatically create portals.
portal_create_max_age: 86400
# Maximum number of chats to fetch for startup sync
chat_sync_limit: 100
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: true
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map: {}
# example.com: https://example.com
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ matrix_mautrix_instagram_bridge_login_shared_secret_map|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Instagram.
backfill:
# Whether or not the Instagram users of logged in Matrix users should be
# invited to private chats when backfilling history from Instagram. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# Maximum number of messages to backfill if messages were missed while
# the bridge was disconnected.
# Set to 0 to disable backfilling missed messages.
missed_limit: 1000
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Instagram stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
interval: -1
# Whether or not the bridge should backfill chats when reconnecting.
resync: true
# Should even disconnected users be reconnected?
always: false
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Instagram.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Whether or not unimportant bridge notices should be sent to the user.
# (e.g. connected, disconnected but will retry)
unimportant_bridge_notices: true
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!ig"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_instagram_homeserver_domain }}": user
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_instagram.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
mauigpapi:
level: DEBUG
paho:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

42
roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2
Unescape View File

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Instagram bridge
{% for service in matrix_mautrix_instagram_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_instagram_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instagram \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_instagram_config_path }}:/config:z \
-v {{ matrix_mautrix_instagram_data_path }}:/data:z \
{% for arg in matrix_mautrix_instagram_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_instagram_docker_image }} \
python3 -m mautrix_instagram -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-instagram
[Install]
WantedBy=multi-user.target

4
roles/matrix-bridge-mautrix-signal/defaults/main.yml
Unescape View File

@ -43,6 +43,8 @@ matrix_mautrix_signal_daemon_systemd_wanted_services_list: []
matrix_mautrix_signal_appservice_token: ''
matrix_mautrix_signal_homeserver_token: ''
matrix_mautrix_signal_appservice_bot_username: signalbot
# Database-related configuration fields
#
# This bridge only supports postgres.
@ -59,7 +61,7 @@ matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_
matrix_mautrix_signal_appservice_database: "{{
{
'postgres': matrix_mautrix_facebook_database_connection_string,
'postgres': matrix_mautrix_signal_database_connection_string,
}[matrix_mautrix_signal_database_engine]
}}"

5
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
Unescape View File

@ -21,7 +21,7 @@
name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
when: matrix_mautrix_signal_enabled|bool
- name: Ensure Mautrix Signal paths exist
@ -35,6 +35,9 @@
- "{{ matrix_mautrix_signal_base_path }}"
- "{{ matrix_mautrix_signal_config_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}/avatars"
- "{{ matrix_mautrix_signal_daemon_path }}/attachments"
- "{{ matrix_mautrix_signal_daemon_path }}/data"
- name: Ensure mautrix-signal config.yaml installed
copy:

2
roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
Unescape View File

@ -43,7 +43,7 @@ appservice:
# The unique ID of this appservice.
id: signal
# Username of the appservice bot.
bot_username: signalbot
bot_username: {{ matrix_mautrix_signal_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Signal bridge bot

5
roles/matrix-bridge-mautrix-signal/templates/registration.yaml.j2
Unescape View File

@ -6,9 +6,12 @@ namespaces:
users:
- exclusive: true
regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_signal_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
aliases:
- exclusive: true
regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_signal_appservice_address }}
sender_localpart: signalbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
rate_limited: false

10
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
Unescape View File

@ -15,21 +15,23 @@ Wants={{ service }}
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
# We can't use `--read-only` for this bridge.
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
{{ matrix_mautrix_signal_daemon_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
Restart=always
RestartSec=30

15
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2
Unescape View File

@ -14,8 +14,8 @@ Wants={{ service }}
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -23,19 +23,22 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal \
--log-driver=none \
--network={{ matrix_docker_network }} \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
{% if matrix_mautrix_signal_container_http_host_bind_port %}
-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
{% endif %}
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
-v {{ matrix_mautrix_signal_config_path }}:/data:z \
-v {{ matrix_mautrix_signal_config_path }}:/config:z \
{% for arg in matrix_mautrix_signal_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_signal_docker_image }} \
python3 -m mautrix_signal -c /data/config.yaml
python3 -m mautrix_signal -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-signal
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-signal
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
Restart=always
RestartSec=30

9
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
Unescape View File

@ -25,11 +25,13 @@ matrix_mautrix_telegram_bot_token: disabled
# Example: /741a0483-ba17-4682-9900-30bd7269f1cc
matrix_mautrix_telegram_public_endpoint: ''
matrix_mautrix_telegram_homeserver_address: 'http://matrix-synapse:8008'
matrix_mautrix_telegram_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
matrix_mautrix_telegram_appservice_bot_username: telegrambot
# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
@ -109,11 +111,14 @@ matrix_mautrix_telegram_registration_yaml: |
users:
- exclusive: true
regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_telegram_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
aliases:
- exclusive: true
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }}
sender_localpart: telegrambot
rate_limited: false
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"

18
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Unescape View File

@ -13,7 +13,7 @@ homeserver:
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
address: {{ matrix_mautrix_telegram_appservice_address|to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
@ -36,10 +36,10 @@ appservice:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
external: {{ matrix_mautrix_telegram_appservice_public_external|to_json }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
@ -55,15 +55,15 @@ appservice:
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
bot_username: {{ matrix_mautrix_telegram_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
as_token: {{ matrix_mautrix_telegram_appservice_token|to_json }}
hs_token: {{ matrix_mautrix_telegram_homeserver_token|to_json }}
# Bridge config
bridge:
@ -330,10 +330,10 @@ bridge:
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
api_id: {{ matrix_mautrix_telegram_api_id|to_json }}
api_hash: {{ matrix_mautrix_telegram_api_hash|to_json }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
bot_token: {{ matrix_mautrix_telegram_bot_token|to_json }}
# Telethon connection options.
connection:

10
roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@ -42,10 +42,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_telegram_docker_image }} \
python3 -m mautrix_telegram -c /config/config.yaml
python3 -m mautrix_telegram -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-telegram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-telegram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-telegram

7
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
Unescape View File

@ -27,6 +27,8 @@ matrix_mautrix_whatsapp_systemd_wanted_services_list: []
matrix_mautrix_whatsapp_appservice_token: ''
matrix_mautrix_whatsapp_homeserver_token: ''
matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
# Database-related configuration fields.
#
@ -93,11 +95,14 @@ matrix_mautrix_whatsapp_registration_yaml: |
url: {{ matrix_mautrix_whatsapp_appservice_address }}
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
sender_localpart: whatsappbot
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_whatsapp_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_whatsapp_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"

2
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Unescape View File

@ -36,7 +36,7 @@ appservice:
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
username: {{ matrix_mautrix_whatsapp_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot

8
roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsa
{{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-whatsapp

2
roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
Unescape View File

@ -22,7 +22,7 @@ matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_bas
matrix_mx_puppet_discord_appservice_port: "8432"
matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'

18
roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
Unescape View File

@ -122,20 +122,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-disc
{% endfor %}
{{ matrix_mx_puppet_discord_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-discord

110
roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml
Unescape View File

@ -0,0 +1,110 @@
# Mx Puppet GroupMe is a Matrix <-> GroupMe bridge
# See: https://gitlab.com/robintown/mx-puppet-groupme
matrix_mx_puppet_groupme_enabled: true
matrix_mx_puppet_groupme_container_image_self_build: false
matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme"
# Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8437"), or empty string to not expose.
matrix_mx_puppet_groupme_container_http_host_bind_port: ''
matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:latest"
matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}"
matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme"
matrix_mx_puppet_groupme_config_path: "{{ matrix_mx_puppet_groupme_base_path }}/config"
matrix_mx_puppet_groupme_data_path: "{{ matrix_mx_puppet_groupme_base_path }}/data"
matrix_mx_puppet_groupme_docker_src_files_path: "{{ matrix_mx_puppet_groupme_base_path }}/docker-src"
matrix_mx_puppet_groupme_appservice_port: "8437"
matrix_mx_puppet_groupme_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_groupme_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_groupme_appservice_address: 'http://matrix-mx-puppet-groupme:{{ matrix_mx_puppet_groupme_appservice_port }}'
matrix_mx_puppet_groupme_client_id: ''
matrix_mx_puppet_groupme_client_secret: ''
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_groupme_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_groupme_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_groupme_container_extra_arguments: []
# List of systemd services that matrix-puppet-groupme.service depends on.
matrix_mx_puppet_groupme_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-puppet-groupme.service wants
matrix_mx_puppet_groupme_systemd_wanted_services_list: []
matrix_mx_puppet_groupme_appservice_token: ''
matrix_mx_puppet_groupme_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_groupme_login_shared_secret: ''
matrix_mx_puppet_groupme_database_engine: sqlite
matrix_mx_puppet_groupme_sqlite_database_path_local: "{{ matrix_mx_puppet_groupme_data_path }}/database.db"
matrix_mx_puppet_groupme_sqlite_database_path_in_container: "/data/database.db"
matrix_mx_puppet_groupme_database_username: matrix_mx_puppet_groupme
matrix_mx_puppet_groupme_database_password: ~
matrix_mx_puppet_groupme_database_hostname: 'matrix-postgres'
matrix_mx_puppet_groupme_database_port: 5432
matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme
matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode=disable'
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_groupme_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_groupme_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_groupme_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_groupme_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_groupme_configuration_yaml`.
matrix_mx_puppet_groupme_configuration_extension: "{{ matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml if matrix_mx_puppet_groupme_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_groupme_configuration_yaml`.
matrix_mx_puppet_groupme_configuration: "{{ matrix_mx_puppet_groupme_configuration_yaml|from_yaml|combine(matrix_mx_puppet_groupme_configuration_extension, recursive=True) }}"
matrix_mx_puppet_groupme_registration_yaml: |
as_token: "{{ matrix_mx_puppet_groupme_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_groupme_homeserver_token }}"
id: groupme-puppet
namespaces:
users:
- exclusive: true
regex: '@_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_groupmepuppet_.*:{{ matrix_mx_puppet_groupme_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _groupmepuppet_bot
url: {{ matrix_mx_puppet_groupme_appservice_address }}
matrix_mx_puppet_groupme_registration: "{{ matrix_mx_puppet_groupme_registration_yaml|from_yaml }}"

23
roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
Unescape View File

@ -0,0 +1,23 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-groupme.service'] }}"
when: matrix_mx_puppet_groupme_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-groupme-registration.yaml"] }}
when: matrix_mx_puppet_groupme_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_groupme_container_image_self_build"

21
roles/matrix-bridge-mx-puppet-groupme/tasks/main.yml
Unescape View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-groupme
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_groupme_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-groupme
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_groupme_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-groupme

127
roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
Unescape View File

@ -0,0 +1,127 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-groupme role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure MX Puppet Groupme paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mx_puppet_groupme_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_groupme_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_groupme_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}", when: "{{ matrix_mx_puppet_groupme_container_image_self_build }}" }
when: matrix_mx_puppet_groupme_enabled|bool and item.when|bool
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mx_puppet_groupme_base_path }}/database.db"
register: matrix_mx_puppet_groupme_stat_database
- name: (Data relocation) Ensure matrix-mx-puppet-groupme.service is stopped
service:
name: matrix-mx-puppet-groupme
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-groupme database file to ./data directory
command: "mv {{ matrix_mx_puppet_groupme_base_path }}/database.db {{ matrix_mx_puppet_groupme_data_path }}/database.db"
when: "matrix_mx_puppet_groupme_stat_database.stat.exists"
- set_fact:
matrix_mx_puppet_groupme_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
register: matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_mx_puppet_groupme_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mx-puppet-groupme.service']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_mx_puppet_groupme_requires_restart: true
when: "matrix_mx_puppet_groupme_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_mx_puppet_groupme_database_engine == 'postgres'"
- name: Ensure MX Puppet Groupme image is pulled
docker_image:
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_groupme_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_groupme_docker_image_force_pull }}"
when: matrix_mx_puppet_groupme_enabled|bool and not matrix_mx_puppet_groupme_container_image_self_build
- name: Ensure MX Puppet Groupme repository is present on self build
git:
repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_groupme_git_pull_results
when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build"
- name: Ensure MX Puppet Groupme Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_groupme_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_groupme_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build"
- name: Ensure mx-puppet-groupme config.yaml installed
copy:
content: "{{ matrix_mx_puppet_groupme_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_groupme_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mx-puppet-groupme groupme-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_groupme_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_groupme_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mx-puppet-groupme.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-groupme.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
mode: 0644
register: matrix_mx_puppet_groupme_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_groupme_systemd_service_result.changed"
- name: Ensure matrix-mx-puppet-groupme.service restarted, if necessary
service:
name: "matrix-mx-puppet-groupme.service"
state: restarted
when: "matrix_mx_puppet_groupme_requires_restart|bool"

24
roles/matrix-bridge-mx-puppet-groupme/tasks/setup_uninstall.yml
Unescape View File

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-groupme service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
register: matrix_mx_puppet_groupme_service_stat
- name: Ensure matrix-mx-puppet-groupme is stopped
service:
name: matrix-mx-puppet-groupme
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-groupme.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-groupme.service"
state: absent
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-groupme.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_groupme_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-groupme/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_groupme_appservice_token"
- "matrix_mx_puppet_groupme_homeserver_token"

86
roles/matrix-bridge-mx-puppet-groupme/templates/config.yaml.j2
Unescape View File

@ -0,0 +1,86 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_groupme_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_groupme_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_groupme_homeserver_address }}
{% if matrix_mx_puppet_groupme_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_groupme_login_shared_secret }}
{% endif %}
# Display name of the bridge bot
displayname: GroupMe Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where GroupMe will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence:
# Bridge GroupMe online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 5000
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
relay:
# Regex of Matrix IDs who are allowed to use the bridge in relay mode.
# Relay mode is when a single GroupMe bot account relays messages of
# multiple Matrix users
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
selfService:
# Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_groupme_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_groupme_provisioning_blacklist|to_json }}
database:
{% if matrix_mx_puppet_groupme_database_engine == 'postgres' %}
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
connString: {{ matrix_mx_puppet_groupme_database_connection_string|to_json }}
{% else %}
# Use SQLite3 as a database backend
# The name of the database file
filename: {{ matrix_mx_puppet_groupme_sqlite_database_path_in_container|to_json }}
{% endif %}
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files: []

43
roles/matrix-bridge-mx-puppet-groupme/templates/systemd/matrix-mx-puppet-groupme.service.j2
Unescape View File

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mx Puppet Groupme bridge
{% for service in matrix_mx_puppet_groupme_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_groupme_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-groupme \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_groupme_config_path }}:/config:z \
-v {{ matrix_mx_puppet_groupme_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_groupme_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_groupme_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-groupme 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-groupme 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-groupme
[Install]
WantedBy=multi-user.target

2
roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
Unescape View File

@ -16,7 +16,7 @@ matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }
matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src"
matrix_mx_puppet_instagram_appservice_port: "8440"
matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_instagram_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}'

18
roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2
Unescape View File

@ -66,20 +66,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-inst
{% endfor %}
{{ matrix_mx_puppet_instagram_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-instagram

2
roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
Unescape View File

@ -17,7 +17,7 @@ matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_pa
matrix_mx_puppet_skype_appservice_port: "8438"
matrix_mx_puppet_skype_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_skype_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}'
# "@user:server.com" to allow specific user

25
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Unescape View File

@ -42,30 +42,7 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
files: []
database:
{% if matrix_mx_puppet_skype_database_engine == 'postgres' %}

8
roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skyp
{% endfor %}
{{ matrix_mx_puppet_skype_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-skype

2
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
Unescape View File

@ -22,7 +22,7 @@ matrix_mx_puppet_slack_docker_src_files_path: "{{ matrix_mx_puppet_slack_base_pa
matrix_mx_puppet_slack_appservice_port: "8432"
matrix_mx_puppet_slack_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_slack_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}'

18
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Unescape View File

@ -80,20 +80,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slac
{% endfor %}
{{ matrix_mx_puppet_slack_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-slack

2
roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
Unescape View File

@ -22,7 +22,7 @@ matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_pa
matrix_mx_puppet_steam_appservice_port: "8432"
matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_steam_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'

18
roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2
Unescape View File

@ -83,20 +83,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

8
roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2
Unescape View File

@ -13,8 +13,8 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-stea
{% endfor %}
{{ matrix_mx_puppet_steam_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-steam

2
roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
Unescape View File

@ -22,7 +22,7 @@ matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_bas
matrix_mx_puppet_twitter_appservice_port: "8432"
matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_twitter_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}'

18
roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2
Unescape View File

@ -76,20 +76,4 @@ logging:
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
files: []

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save