jowj
/
matrix-docker-ansible-deploy
forked from mirrors/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Mergefix.

Browse Source
master
josiah 2 years ago
parent 7d963dc9d8 6df1d29ab9
commit 895c1e32f1
243 changed files with 4073 additions and 981 deletions
Show Stats Download Patch File Download Diff File

77
CHANGELOG.md
Unescape View File

@ -1,3 +1,80 @@
# 2022-01-07
## Dendrite support
**TLDR**: We now have optional experimental [Dendrite](https://github.com/matrix-org/dendrite) homeserver support for new installations. **Existing (Synapse) installations need to be updated**, because some internals changed. See [Adapting the configuration for existing Synapse installations](#adapting-the-configuration-for-existing-synapse-installations).
[Jip J. Dekker](https://github.com/Dekker1) did the [initial work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/818) of adding [Dendrite](https://github.com/matrix-org/dendrite) support to the playbook back in January 2021. Lots of work (and time) later, Dendrite support is finally ready for testing.
We believe that 2022 will be the year of the non-Synapse Matrix server!
The playbook was previously quite [Synapse](https://github.com/matrix-org/synapse)-centric, but can now accommodate multiple homeserver implementations. Only one homeserver implementation can be active (installed) at a given time.
**Synapse is still the default homeserver implementation** installed by the playbook. A new variable (`matrix_homeserver_implementation`) controls which server implementation is enabled (`synapse` or `dendrite` at the given moment).
### Adapting the configuration for existing Synapse installations
Because the playbook is not so Synapse-centric anymore, a small configuration change is necessary for existing installations to bring them up to date.
The `vars.yml` file for **existing installations will need to be updated** by adding this **additional configuration**:
```yaml
# All secrets keys are now derived from `matrix_homeserver_generic_secret_key`, not from `matrix_synapse_macaroon_secret_key`.
# To keep them all the same, define `matrix_homeserver_generic_secret_key` in terms of `matrix_synapse_macaroon_secret_key`.
# Using a new secret value for this configuration key is also possible and should not cause any problems.
#
# Fun fact: new installations (based on the new `examples/vars.yml` file) do this in reverse.
# That is, the Synapse macaroon secret is derived from `matrix_homeserver_generic_secret_key`.
matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"
```
### Trying out Dendrite
Finally, **to try out Dendrite**, we recommend that you **use a new server** and the following addition to your `vars.yml` configuration:
```yaml
matrix_homeserver_implementation: dendrite
```
**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse to Dendrite) without data loss.
We're excited to gain support for other homeserver implementations, like [Conduit](https://conduit.rs/), etc!
## Honoroit bot support
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now help you set up [Honoroit](https://gitlab.com/etke.cc/honoroit) - a helpdesk bot.
See our [Setting up Honoroit](docs/configuring-playbook-bot-honoroit.md) documentation to get started.
# 2022-01-06
## Cinny support
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook now supports [Cinny](https://cinny.in/) - a new simple, elegant and secure Matrix client.
By default, we still install Element. Still, people who'd like to try Cinny out can now install it via the playbook.
Additional details are available in [Setting up Cinny](docs/configuring-playbook-client-cinny.md).
# 2021-12-22
## Twitter bridging support via mautrix-twitter
Thanks to [Matthew Cengia](https://github.com/mattcen) and [Shreyas Ajjarapu](https://github.com/shreyasajj), besides [mx-puppet-twitter](docs/configuring-playbook-bridge-mx-puppet-twitter.md), bridging to [Twitter](https://twitter.com/) can now also happen with [mautrix-twitter](docs/configuring-playbook-bridge-mautrix-twitter.md).
# 2021-12-14
## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability
Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable.
One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md).
# 2021-11-11
## Dropped support for Postgres v9.6

8
README.md
Unescape View File

@ -19,6 +19,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
- (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
- (optional, default) [PostgreSQL](https://www.postgresql.org/) database for Synapse. [Using an external PostgreSQL server](docs/configuring-playbook-external-postgres.md) is also possible.
@ -51,6 +53,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)
@ -97,6 +101,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) for scheduling one-off & recurring reminders and alarms - see [docs/configuring-playbook-bot-matrix-reminder-bot.md](docs/configuring-playbook-bot-matrix-reminder-bot.md) for setup documentation
- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation
@ -111,6 +117,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client - see [docs/configuring-playbook-client-hydrogen.md](docs/configuring-playbook-client-hydrogen.md) for setup documentation
- (optional) the [Cinny](https://github.com/ajbura/cinny) web client - see [docs/configuring-playbook-client-cinny.md](docs/configuring-playbook-client-cinny.md) for setup documentation
Basically, this playbook aims to get you up-and-running with all the necessities around Matrix, without you having to do anything else.
**Note**: the list above is exhaustive. It includes optional or even some advanced components that you will most likely not need.

4
collections/requirements.yml
Unescape View File

@ -0,0 +1,4 @@
---
collections:
- name: community.general
- name: community.docker

2
docs/ansible.md
Unescape View File

@ -51,7 +51,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.10.7-r0
docker.io/devture/ansible:2.11.6-r1
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

14
docs/configuring-awx-system.md
Unescape View File

@ -4,7 +4,7 @@ An AWX setup for managing multiple Matrix servers.
This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. These playbooks are free to use in a commercial context with the 'MemberPress Plus' plugin. They can also be run in a non-commercial context.
The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
@ -21,12 +21,7 @@ The following repositories allow you to copy and use this setup:
[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
## Testing Fork For This Playbook
Updates to this section are trailed here:
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/matrix-docker-ansible-deploy)
[GMHosting External Tools](https://gitlab.com/GoMatrixHosting/gmhosting-external-tools) - Extra tools we run outside of AWX, some of which are experimental.
## Does I need an AWX setup to use this? How do I configure it?
@ -38,7 +33,6 @@ For simpler installation steps you can use to get started with this system, chec
## Does I need a front-end WordPress site? And a DigitalOcean account?
You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.
You do not need a front-end WordPress site or the MemberPress plugin to use this setup. It can be run on it's own in a non-commercial context.
You also don't need a DigitalOcean account, although this will limit you to only being able to connect 'On-Premises' servers.

2
docs/configuring-dns.md
Unescape View File

@ -37,6 +37,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
| CNAME | `goneb` | - | - | - | `matrix.<your-domain>` |
| CNAME | `sygnal` | - | - | - | `matrix.<your-domain>` |
| CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
| CNAME | `cinny` | - | - | - | `matrix.<your-domain>` |
## Subdomains setup
@ -57,6 +58,7 @@ The `sygnal.<your-domain>` subdomain may be necessary, because this playbook cou
The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
## `_matrix-identity._tcp` SRV record setup

4
docs/configuring-playbook-bot-go-neb.md
Unescape View File

@ -198,8 +198,8 @@ matrix_bot_go_neb_services:
# Each room will get the notification with the alert rendered with the given template
rooms:
"!someroomid:domain.tld":
text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
msg_type: "m.text" # Must be either `m.text` or `m.notice`
```

55
docs/configuring-playbook-bot-honoroit.md
Unescape View File

@ -0,0 +1,55 @@
# Setting up Honoroit (optional)
The playbook can install and configure [Honoroit](https://gitlab.com/etke.cc/honoroit) for you.
It's a bot you can use to setup **your own helpdesk on matrix**
See the project's [documentation](https://gitlab.com/etke.cc/honoroit#how-it-looks-like) to learn what it does with screenshots and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@honoroit:DOMAIN`.
(to use a different username, adjust the `matrix_bot_honoroit_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=honoroit password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_bot_honoroit_enabled: true
# Adjust this to whatever password you chose when registering the bot user
matrix_bot_honoroit_password: PASSWORD_FOR_THE_BOT
# Adjust this to your room ID
matrix_bot_honoroit_roomid: "!yourRoomID:DOMAIN"
```
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To use the bot, invite the `@honoroit:DOMAIN` to the room you specified in config, after that any matrix user can send a message to the `@honoroit:DOMAIN` to start a new thread in that room.
Send `!ho help` to the room to see the bot's help menu for additional commands.
You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/honoroit#features).

35
docs/configuring-playbook-bridge-mautrix-twitter.md
Unescape View File

@ -0,0 +1,35 @@
# Setting up Mautrix Twitter (optional)
**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) bridge supported by the playbook.
The playbook can install and configure [mautrix-twitter](https://github.com/mautrix/twitter) for you.
See the project's [documentation](https://github.com/mautrix/twitter) to learn what it does and why it might be useful to you.
```yaml
matrix_mautrix_twitter_enabled: true
```
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/mautrix/twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
## Usage
1. You then need to start a chat with `@twitterbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send login-cookie to start the login. The bot should respond with instructions on how to proceed.
You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

2
docs/configuring-playbook-bridge-mx-puppet-twitter.md
Unescape View File

@ -1,5 +1,7 @@
# Setting up MX Puppet Twitter (optional)
**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mautrix-twitter](configuring-playbook-bridge-mautrix-twitter.md) bridge supported by the playbook.
The playbook can install and configure
[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.

21
docs/configuring-playbook-client-cinny.md
Unescape View File

@ -0,0 +1,21 @@
# Configuring Cinny (optional)
This playbook can install the [cinny](https://github.com/ajbura/cinny) Matrix web client for you.
cinny is a web client focusing primarily on simple, elegant and secure interface.
cinny can be installed alongside or instead of Element.
If you'd like cinny to be installed, add the following to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_client_cinny_enabled: true
```
You will also need to add a DNS record so that cinny can be accessed.
By default cinny will use https://cinny.DOMAIN so you will need to create an CNAME record
for `cinny`. See [Configuring DNS](configuring-dns.md).
If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain):
```yaml
matrix_server_fqn_cinny: "app.{{ matrix_domain }}"
```

2
docs/configuring-playbook-dimension.md
Unescape View File

@ -58,7 +58,7 @@ curl -X POST --header 'Content-Type: application/json' -d '{
"type": "m.login.password"
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
```
*Change the "YourDimensionUser/Pass" URL accordigly*
*Change `YourDimensionUsername`, `YourDimensionPassword`, and `YOURDOMAIN` accordingly.*
**Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**

17
docs/configuring-playbook-etherpad.md
Unescape View File

@ -25,6 +25,23 @@ The Dimension administrator users can configure the default URL template. The Di
If you wish to disable the Etherpad chat button, you can do it by appending `?showChat=false` to the end of the pad URL, or the template.
Example: `https://dimension.<your-domain>/etherpad/p/$roomId_$padName?showChat=false`
### Etherpad Admin access (optional)
Etherpad comes with a admin web-UI which is disabled by default. You can enable it by setting a username and password in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_etherpad_admin_username: admin
matrix_etherpad_admin_password: some-password
```
The admin web-UI should then be available on: `https://dimension.<your-domain>/etherpad/admin`
### Managing / Deleting old pads
If you want to manage and remove old unused pads from Etherpad, you will first need to able Admin access as described above.
Then from the plugin manager page (`https://dimension.<your-domain>/etherpad/admin/plugins`), install the `adminpads2` plugin. Once installed, you should have a "Manage pads" section in the Admin web-UI.
## Known issues
If your Etherpad widget fails to load, this might be due to Dimension generating a Pad name so long, the Etherpad app rejects it.

25
docs/configuring-playbook-jitsi.md
Unescape View File

@ -41,13 +41,23 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes](
If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms.
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
matrix_jitsi_prosody_auth_internal_accounts:
- username: "jitsi-moderator"
password: "secret-password"
- username: "another-user"
password: "another-password"
```
**Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
### (Optional) LDAP authentication
The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be:
@ -122,19 +132,6 @@ You may want to **limit the maximum video resolution**, to save up resources on
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
## Required if configuring Jitsi with internal authentication: register new users
Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
```
Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
## Usage

11
docs/configuring-playbook-own-webserver.md
Unescape View File

@ -64,7 +64,7 @@ Once you've followed the [Preparation](#preparation) guide above, you can take a
### Using your own external caddy webserver
After following the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory for a sample configuration.
After following the [Preparation](#preparation) guide above, you can take a look at the [examples/caddy](../examples/caddy) directory and [examples/caddy2](../examples/caddy2) directory for a sample configuration for Caddy v1 and v2, respectively.
### Using your own HAproxy reverse proxy
After following the [Preparation](#preparation) guide above, you can take a look at the [examples/haproxy](../examples/haproxy) directory for a sample configuration. In this case HAproxy is used as a reverse proxy and a simple Nginx container is used to serve statically `.well-known` files.
@ -111,6 +111,9 @@ matrix_coturn_enabled: false
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
```
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
@ -136,6 +139,12 @@ matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: ''
matrix_nginx_proxy_container_federation_host_bind_port: ''
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
# Disable Coturn because it needs SSL certs
# (Clients can, though exposing IP address, use Matrix.org TURN)
matrix_coturn_enabled: false

5
docs/configuring-playbook.md
Unescape View File

@ -69,6 +69,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Adjusting email-sending settings](configuring-playbook-email.md) (optional)
- [Setting up Hydrogen](configuring-playbook-client-hydrogen.md) - a new lightweight matrix client with legacy and mobile browser support (optional)
- [Setting up Cinny](configuring-playbook-client-cinny.md) - a web client focusing primarily on simple, elegant and secure interface (optional)
### Authentication and user-related
@ -102,6 +103,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
@ -139,6 +142,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional)
- [Setting up honoroit](configuring-playbook-bot-honoroit.md) - a helpdesk bot (optional)
- [Setting up Go-NEB](configuring-playbook-bot-go-neb.md) - an extensible multifunctional bot (optional)
- [Setting up Mjolnir](configuring-playbook-bot-mjolnir.md) - a moderation tool/bot (optional)

6
docs/container-images.md
Unescape View File

@ -30,6 +30,8 @@ These services are enabled and used by default, but you can turn them off, if yo
These services are not part of our default installation, but can be enabled by [configuring the playbook](configuring-playbook.md) (either before the initial installation or any time later):
- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional)
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
- [etherpad/etherpad](https://hub.docker.com/r/etherpad/etherpad/) - the [Etherpad](https://etherpad.org) realtime collaborative text editor that can be used in a Jitsi audio/video call or integrated as a widget into Matrix chat rooms via the Dimension integration manager (optional)
@ -46,6 +48,8 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [mautrix/twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/mautrix/twitter) bridge to [Twitter](https://twitter.com/) (optional)
- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)
@ -90,6 +94,8 @@ These services are not part of our default installation, but can be enabled by [
- [anoa/matrix-reminder-bot](https://hub.docker.com/r/anoa/matrix-reminder-bot) - the [matrix-reminder-bot](https://github.com/anoadragon453/matrix-reminder-bot) bot for one-off & recurring reminders and alarms (optional)
- [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional)
- [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
- [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional)

30
docs/importing-postgres.md
Unescape View File

@ -12,7 +12,8 @@ If your database name differs, be sure to change `matrix_synapse_database_databa
The playbook supports importing Postgres dump files in **text** (e.g. `pg_dump > dump.sql`) or **gzipped** formats (e.g. `pg_dump | gzip -c > dump.sql.gz`).
Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
Importing multiple databases (as dumped by `pg_dumpall`) is also supported.
But the migration might be a good moment, to "reset" a not properly working bridge. Be aware, that it might affect all users (new link to bridge, new roomes, ...)
Before doing the actual import, **you need to upload your Postgres dump file to the server** (any path is okay).
@ -32,6 +33,7 @@ ansible-playbook -i inventory/hosts setup.yml \
## Troubleshooting
### Table Ownership
A table ownership issue can occur if you are importing from a Synapse installation which was both:
- migrated from SQLite to Postgres, and
@ -48,7 +50,7 @@ where `synapse_user` is the database username from the previous Synapse installa
This can be verified by examining the dump for ALTER TABLE statements which set OWNER TO that username:
```Shell
$ grep "ALTER TABLE" homeserver.sql"
$ grep "ALTER TABLE" homeserver.sql
ALTER TABLE public.access_tokens OWNER TO synapse_user;
ALTER TABLE public.account_data OWNER TO synapse_user;
ALTER TABLE public.account_data_max_stream_id OWNER TO synapse_user;
@ -60,10 +62,10 @@ ALTER TABLE public.application_services_state OWNER TO synapse_user;
It can be worked around by changing the username to `synapse`, for example by using `sed`:
```Shell
$ sed -i "s/synapse_user/synapse/g" homeserver.sql
$ sed -i "s/OWNER TO synapse_user;/OWNER TO synapse;/g" homeserver.sql
```
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead.
This uses sed to perform an 'in-place' (`-i`) replacement globally (`/g`), searching for `synapse_user` and replacing with `synapse` (`s/synapse_user/synapse`). If your database username was different, change `synapse_user` to that username instead. Expand search/replace statement as shown in example above, in case of old user name like `matrix` - replacing `matrix` only would... well - you can imagine.
Note that if the previous import failed with an error it may have made changes which are incompatible with re-running the import task right away; if you do so it may fail with an error such as:
@ -71,6 +73,8 @@ Note that if the previous import failed with an error it may have made changes w
ERROR: relation \"access_tokens\" already exists
```
### Repeat import
In this case you can use the command suggested in the import task to clear the database before retrying the import:
```Shell
@ -79,4 +83,20 @@ In this case you can use the command suggested in the import task to clear the d
# systemctl start matrix-postgres
```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
Now on your local machine run `ansible-playbook -i inventory/hosts setup.yml --tags=setup-postgres` to prepare the database roles etc.
If not, you probably get this error. `synapse` is the correct table owner, but the role is missing in database.
```
"ERROR: role synapse does not exist"
```
Once the database is clear and the ownership of the tables has been fixed in the SQL file, the import task should succeed.
Check, if `--dbname` is set to `synapse` (not `matrix`) and replace paths (or even better, copy this line from your terminal)
```
/usr/bin/env docker run --rm --name matrix-postgres-import --log-driver=none --user=998:1001 --cap-drop=ALL --network=matrix --env-file=/matrix/postgres/env-postgres-psql --mount type=bind,src=/migration/synapse_dump.sql,dst=/synapse_dump.sql,ro --entrypoint=/bin/sh docker.io/postgres:14.1-alpine -c "cat /synapse_dump.sql | grep -vE '^(CREATE|ALTER) ROLE (matrix)(;| WITH)' | grep -vE '^CREATE DATABASE (matrix)\s' | psql -v ON_ERROR_STOP=1 -h matrix-postgres --dbname=synapse"
```
### Hints
To open psql terminal run `/usr/local/bin/matrix-postgres-cli`

4
docs/self-building.md
Unescape View File

@ -15,14 +15,17 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-synapse-admin`
- `matrix-client-element`
- `matrix-client-hydrogen`
- `matrix-client-cinny`
- `matrix-registration`
- `matrix-coturn`
- `matrix-corporal`
- `matrix-dimension`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-appservice-webhooks`
- `matrix-bridge-beeper-linkedin`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-googlechat`
@ -31,6 +34,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-bridge-mautrix-whatsapp`
- `matrix-bridge-mx-puppet-skype`
- `matrix-bot-mjolnir`
- `matrix-bot-honoroit`
- `matrix-bot-matrix-reminder-bot`
- `matrix-email2matrix`

35
examples/caddy2/Caddyfile
Unescape View File

@ -27,6 +27,10 @@ matrix.DOMAIN.tld {
not path /matrix/static-files/*
}
@wellknown {
path /.well-known/matrix/*
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -69,6 +73,15 @@ matrix.DOMAIN.tld {
}
}
handle @wellknown {
encode zstd gzip
root * /matrix/static-files
header Cache-Control max-age=14400
header Content-Type application/json
header Access-Control-Allow-Origin *
file_server
}
handle {
encode zstd gzip
@ -102,17 +115,17 @@ element.DOMAIN.tld {
# tls your@email.com
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
handle {
encode zstd gzip

16
examples/vars.yml
Unescape View File

@ -10,6 +10,14 @@
# Example value: example.com
matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# The Matrix homeserver software to install.
# See `roles/matrix-base/defaults/main.yml` for valid options.
matrix_homeserver_implementation: synapse
# A secret used as a base, for generating various other secrets.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_homeserver_generic_secret_key: ''
# This is something which is provided to Let's Encrypt when retrieving SSL certificates for domains.
#
# In case SSL renewal fails at some point, you'll also get an email notification there.
@ -20,14 +28,6 @@ matrix_domain: YOUR_BARE_DOMAIN_NAME_HERE
# Example value: someone@example.com
matrix_ssl_lets_encrypt_support_email: ''
# A shared secret (between Coturn and Synapse) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ''
# A secret used to protect access keys issued by the server.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_synapse_macaroon_secret_key: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)

543
group_vars/matrix_servers
View File

File diff suppressed because it is too large Load Diff

5
roles/matrix-awx/defaults/main.yml
Unescape View File

@ -1 +1,6 @@
matrix_awx_enabled: true
# Defaults for 'Customise Website + Access Export' template
awx_sftp_auth_method: 'Disabled'
awx_sftp_password: ''
awx_sftp_public_key: ''

4
roles/matrix-awx/tasks/main.yml
Unescape View File

@ -8,9 +8,9 @@
tags:
- always
# Renames the variables if needed
# Renames or updates the vars.yml if needed
- include_tasks:
file: "rename_variables.yml"
file: "update_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool

11
roles/matrix-awx/tasks/purge_database_build_list.yml
Unescape View File

@ -1,11 +0,0 @@
---
- name: Collect entire room list into stdout
shell: |
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/rooms?from={{ item }}'
register: awx_rooms_output
- name: Print stdout to file
delegate_to: 127.0.0.1
shell: |
echo '{{ awx_rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json

4
roles/matrix-awx/tasks/purge_database_main.yml
Unescape View File

@ -29,9 +29,9 @@
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip
- name: Collect access token for janitor user
- name: Collect access token for @admin-janitor user
shell: |
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token
no_log: True

8
roles/matrix-awx/tasks/purge_media_main.yml
Unescape View File

@ -21,21 +21,22 @@
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: awx_synapse_container_ip
- name: Collect access token for janitor user
- name: Collect access token for @admin-janitor user
shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token
no_log: True
- name: Generate list of dates to purge to
delegate_to: 127.0.0.1
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
register: awx_purge_dates
- name: Calculate initial size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_before
when: awx_purge_media_type == "Local Media"
async: 600
ignore_errors: yes
no_log: True
@ -43,6 +44,7 @@
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_before
when: awx_purge_media_type == "Remote Media"
async: 600
ignore_errors: yes
no_log: True

8
roles/matrix-awx/tasks/rename_variables.yml
Unescape View File

@ -1,8 +0,0 @@
---
- name: Rename synapse presence variable
delegate_to: 127.0.0.1
replace:
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
regexp: 'matrix_synapse_use_presence'
replace: 'matrix_synapse_presence_enabled'

2
roles/matrix-awx/tasks/self_check.yml
Unescape View File

@ -50,12 +50,14 @@
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_stat
async: 600
ignore_errors: yes
no_log: True
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_stat
async: 600
ignore_errors: yes
no_log: True

4
roles/matrix-awx/tasks/set_variables_dimension.yml
Unescape View File

@ -12,9 +12,9 @@
- curl
state: present
- name: Collect access token of Dimension user
- name: Collect access token of @admin-dimension user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX

26
roles/matrix-awx/tasks/update_variables.yml
Unescape View File

@ -0,0 +1,26 @@
---
- name: Rename synapse presence variable
delegate_to: 127.0.0.1
replace:
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
regexp: 'matrix_synapse_use_presence'
replace: 'matrix_synapse_presence_enabled'
- name: Generate matrix_homeserver_generic_secret_key variable
delegate_to: 127.0.0.1
command: |
openssl rand -hex 16
register: generic_secret
no_log: True
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )
- name: Add new matrix_homeserver_generic_secret_key variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
insertbefore: '# Basic Settings End'
mode: '0600'
state: present
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )

91
roles/matrix-base/defaults/main.yml
Unescape View File

@ -7,6 +7,18 @@
# Example value: example.com
matrix_domain: ~
# This will contain the homeserver implementation that is in use.
# Valid values: synapse, dendrite
#
# By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
#
# This value automatically influences other variables (`matrix_synapse_enabled`, `matrix_dendrite_enabled`, etc.).
# The homeserver implementation of an existing server cannot be changed without data loss.
matrix_homeserver_implementation: synapse
# This contains a secret, which is used for generating various other secrets later on.
matrix_homeserver_generic_secret_key: ''
# This is where your data lives and what we set up.
# This and the Element FQN (see below) are expected to be on the same server.
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
@ -21,6 +33,9 @@ matrix_server_fqn_element: "element.{{ matrix_domain }}"
# This is where you access the Hydrogen web client from (if enabled via matrix_client_hydrogen_enabled; disabled by default).
matrix_server_fqn_hydrogen: "hydrogen.{{ matrix_domain }}"
# This is where you access the Cinny web client from (if enabled via matrix_client_cinny_enabled; disabled by default).
matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
@ -88,11 +103,16 @@ matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_distribution == 'CentOS
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
# Specifies where the homeserver is on the container network.
# Where this is depends on whether there's a reverse-proxy in front of it, etc.
# Specifies where the homeserver's Client-Server API is on the container network.
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overriden elsewhere.
matrix_homeserver_container_url: ""
# Specifies where the homeserver's Federation API is on the container network.
# Where this is depends on whether there's a reverse-proxy in front of the homeserver, which homeserver it is, etc.
# This likely gets overriden elsewhere.
matrix_homeserver_container_federation_url: ""
matrix_identity_server_url: ~
matrix_integration_manager_rest_url: ~
@ -118,6 +138,72 @@ matrix_client_element_e2ee_secure_backup_required: false
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
matrix_client_element_e2ee_secure_backup_setup_methods: []
# Default `/.well-known/matrix/client` configuration - it covers the generic use case.
# You can customize it by controlling the various variables inside the template file that it references.
#
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_client_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_well_known_matrix_client_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-client.j2') }}"
# Your custom JSON configuration for `/.well-known/matrix/client` should go to `matrix_well_known_matrix_client_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_well_known_matrix_client_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_well_known_matrix_client_configuration`.
#
# Example configuration extension follows:
#
# matrix_well_known_matrix_client_configuration_extension_json: |
# {
# "io.element.call_behaviour": {
# "widget_build_url": "https://dimension.example.com/api/v1/dimension/bigbluebutton/widget_state"
# }
# }
matrix_well_known_matrix_client_configuration_extension_json: '{}'
matrix_well_known_matrix_client_configuration_extension: "{{ matrix_well_known_matrix_client_configuration_extension_json|from_json if matrix_well_known_matrix_client_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/client` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_client_configuration_default` and `matrix_well_known_matrix_client_configuration_extension_json`.
matrix_well_known_matrix_client_configuration: "{{ matrix_well_known_matrix_client_configuration_default|combine(matrix_well_known_matrix_client_configuration_extension, recursive=True) }}"
# Default `/.well-known/matrix/server` configuration - it covers the generic use case.
# You can customize it by controlling the various variables inside the template file that it references.
#
# For a more advanced customization, you can extend the default (see `matrix_well_known_matrix_server_configuration_extension_json`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_well_known_matrix_server_configuration_default: "{{ lookup('template', 'templates/static-files/well-known/matrix-server.j2') }}"
# Your custom JSON configuration for `/.well-known/matrix/server` should go to `matrix_well_known_matrix_server_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_well_known_matrix_server_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_well_known_matrix_server_configuration`.
#
# Example configuration extension follows:
#
# matrix_well_known_matrix_server_configuration_extension_json: |
# {
# "something": "another"
# }
matrix_well_known_matrix_server_configuration_extension_json: '{}'
matrix_well_known_matrix_server_configuration_extension: "{{ matrix_well_known_matrix_server_configuration_extension_json|from_json if matrix_well_known_matrix_server_configuration_extension_json|from_json is mapping else {} }}"
# Holds the final `/.well-known/matrix/server` configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_well_known_matrix_server_configuration_default` and `matrix_well_known_matrix_server_configuration_extension_json`.
matrix_well_known_matrix_server_configuration: "{{ matrix_well_known_matrix_server_configuration_default|combine(matrix_well_known_matrix_server_configuration_extension, recursive=True) }}"
# The Docker network that all services would be put into
matrix_docker_network: "matrix"
@ -152,6 +238,7 @@ run_synapse_register_user: true
run_synapse_update_user_password: true
run_synapse_import_media_store: true
run_synapse_rust_synapse_compress_state: true
run_dendrite_register_user: true
run_setup: true
run_self_check: true
run_start: true

1
roles/matrix-base/tasks/main.yml
Unescape View File

@ -31,4 +31,5 @@
- setup-all
- setup-ma1sd
- setup-synapse
- setup-dendrite
- setup-nginx-proxy

30
roles/matrix-base/tasks/sanity_check.yml
Unescape View File

@ -1,5 +1,10 @@
---
- name: Fail if invalid homeserver implementation
fail:
msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']"
# We generally support Ansible 2.7.1 and above.
- name: Fail if running on Ansible < 2.7.1
fail:
@ -28,14 +33,29 @@
- {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
- {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
# We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
- name: Fail if matrix_homeserver_generic_secret_key is undefined
fail:
msg: |
The `matrix_homeserver_generic_secret_key` variable must be defined and have a non-null and non-empty value.
If you're observing this error on a new installation, you should ensure that the `matrix_homeserver_generic_secret_key` is defined.
If you're observing this error on an existing homeserver installation, you can fix it easily and in a backward-compatible way by adding
`{% raw %}matrix_homeserver_generic_secret_key: "{{ matrix_synapse_macaroon_secret_key }}"{% endraw %}`
to your `vars.yml` file. Using another secret value for the new variable is also possible and shouldn't cause any trouble.
when: "matrix_homeserver_generic_secret_key is none or matrix_homeserver_generic_secret_key == ''"
- name: Fail if required variables are undefined
fail:
msg: "The `{{ item }}` variable must be defined and have a non-null value"
msg: "The `{{ item.var }}` variable must be defined and have a non-null and non-empty value"
with_items:
- matrix_domain
- matrix_server_fqn_matrix
- matrix_server_fqn_element
when: "item not in vars or vars[item] is none"
- {'var': matrix_domain, 'value': "{{ matrix_domain|default('') }}"}
- {'var': matrix_server_fqn_matrix, 'value': "{{ matrix_server_fqn_matrix|default('') }}"}
- {'var': matrix_server_fqn_element, 'value': "{{ matrix_server_fqn_element|default('') }}"}
- {'var': matrix_homeserver_container_url, 'value': "{{ matrix_homeserver_container_url|default('') }}"}
- {'var': matrix_homeserver_container_federation_url, 'value': "{{ matrix_homeserver_container_federation_url|default('') }}"}
when: "item.value is none or item.value == ''"
- name: Fail if uppercase domain used
fail:

2
roles/matrix-base/tasks/server_base/setup_archlinux.yml
Unescape View File

@ -4,8 +4,6 @@
pacman:
name:
- python-docker
# TODO This needs to be verified. Which version do we need?
- fuse3
- python-dnspython
state: latest
update_cache: yes

1
roles/matrix-base/tasks/server_base/setup_centos.yml
Unescape View File

@ -21,7 +21,6 @@
yum:
name:
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
update_cache: yes

3
roles/matrix-base/tasks/server_base/setup_centos8.yml
Unescape View File

@ -28,7 +28,6 @@
yum:
name:
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
update_cache: yes
@ -44,4 +43,4 @@
pip:
name: docker-py
state: latest
when: matrix_docker_installation_enabled|bool
when: matrix_docker_installation_enabled|bool

1
roles/matrix-base/tasks/server_base/setup_debian.yml
Unescape View File

@ -29,7 +29,6 @@
apt:
name:
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
update_cache: yes

1
roles/matrix-base/tasks/server_base/setup_raspbian.yml
Unescape View File

@ -29,7 +29,6 @@
apt:
name:
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
update_cache: yes

8
roles/matrix-base/tasks/setup_well_known.yml
Unescape View File

@ -13,16 +13,16 @@
- "{{ matrix_static_files_base_path }}/.well-known/matrix"
- name: Ensure Matrix /.well-known/matrix/client file configured
template:
src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2"
copy:
content: "{{ matrix_well_known_matrix_client_configuration|to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Matrix /.well-known/matrix/server file configured
template:
src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2"
copy:
content: "{{ matrix_well_known_matrix_server_configuration|to_nice_json }}"
dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
mode: 0644
owner: "{{ matrix_user_username }}"

23
roles/matrix-base/tasks/util/ensure_fuse_installed.yml
Unescape View File

@ -0,0 +1,23 @@
# This is for both CentOS 7 and 8
- name: Ensure fuse installed (CentOS)
yum:
name:
- fuse
state: latest
when: ansible_distribution == 'CentOS'
# This is for both Debian and Raspbian
- name: Ensure fuse installed (Debian/Raspbian)
apt:
name:
- fuse
state: latest
when: ansible_os_family == 'Debian'
- name: Ensure fuse installed (Archlinux)
pacman:
name:
- fuse3
state: latest
when: ansible_distribution == 'Archlinux'

23
roles/matrix-base/tasks/util/ensure_openssl_installed.yml
Unescape View File

@ -0,0 +1,23 @@
# This is for both CentOS 7 and 8
- name: Ensure openssl installed (CentOS)
yum:
name:
- openssl
state: latest
when: ansible_distribution == 'CentOS'
# This is for both Debian and Raspbian
- name: Ensure openssl installed (Debian/Raspbian)
apt:
name:
- openssl
state: latest
when: ansible_os_family == 'Debian'
- name: Ensure openssl installed (Archlinux)
pacman:
name:
- openssl
state: latest
when: ansible_distribution == 'Archlinux'

9
roles/matrix-base/tasks/validate_config.yml
Unescape View File

@ -1,9 +0,0 @@
---
- name: Fail if required Matrix Base settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using this playbook.
when: "vars[item] == ''"
with_items:
- "matrix_homeserver_container_url"

2
roles/matrix-base/vars/main.yml
Unescape View File

@ -1,3 +1,3 @@
# This will contain a list of enabled services that the playbook is managing.
# Each component is expected to append its service name to this list.
matrix_systemd_services_list: []
matrix_systemd_services_list: []

4
roles/matrix-bot-go-neb/defaults/main.yml
Unescape View File

@ -203,8 +203,8 @@ matrix_bot_go_neb_services: []
# # Each room will get the notification with the alert rendered with the given template
# rooms:
# "!someroomid:domain.tld":
# text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
# html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
# msg_type: "m.text" # Must be either `m.text` or `m.notice`
# Default configuration template which covers the generic use case.

4
roles/matrix-bot-go-neb/templates/systemd/matrix-bot-go-neb.service.j2
Unescape View File

@ -39,8 +39,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
{{ matrix_bot_go_neb_docker_image }} \
-c "go-neb /config/config.yaml"
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-go-neb

109
roles/matrix-bot-honoroit/defaults/main.yml
Unescape View File

@ -0,0 +1,109 @@
# honoroit is a helpdesk bot
# See: https://gitlab.com/etke.cc/honoroit
matrix_bot_honoroit_enabled: true
matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.3
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"
matrix_bot_honoroit_config_path: "{{ matrix_bot_honoroit_base_path }}/config"
matrix_bot_honoroit_data_path: "{{ matrix_bot_honoroit_base_path }}/data"
matrix_bot_honoroit_data_store_path: "{{ matrix_bot_honoroit_data_path }}/store"
# A list of extra arguments to pass to the container
matrix_bot_honoroit_container_extra_arguments: []
# List of systemd services that matrix-bot-honoroit.service depends on
matrix_bot_honoroit_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-honoroit.service wants
matrix_bot_honoroit_systemd_wanted_services_list: []
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_bot_honoroit_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_bot_honoroit_database_*` variables
matrix_bot_honoroit_database_engine: 'sqlite'
matrix_bot_honoroit_sqlite_database_path_local: "{{ matrix_bot_honoroit_data_path }}/bot.db"
matrix_bot_honoroit_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_honoroit_database_username: 'honoroit'
matrix_bot_honoroit_database_password: 'some-password'
matrix_bot_honoroit_database_hostname: 'matrix-postgres'
matrix_bot_honoroit_database_port: 5432
matrix_bot_honoroit_database_name: 'honoroit'
matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode=disable'
matrix_bot_honoroit_storage_database: "{{
{
'sqlite': matrix_bot_honoroit_sqlite_database_path_in_container,
'postgres': matrix_bot_honoroit_database_connection_string,
}[matrix_bot_honoroit_database_engine]
}}"
matrix_bot_honoroit_database_dialect: "{{
{
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_bot_honoroit_database_engine]
}}"
# The bot's username. This user needs to be created manually beforehand.
# Also see `matrix_bot_honoroit_password`.
matrix_bot_honoroit_login: "honoroit"
# The password that the bot uses to authenticate.
matrix_bot_honoroit_password: ''
matrix_bot_honoroit_homeserver: "{{ matrix_homeserver_container_url }}"
# The room ID where bot will create threads
matrix_bot_honoroit_roomid: ''
# Command prefix
matrix_bot_honoroit_prefix: ''
# Sentry DSN
matrix_bot_honoroit_sentry: ''
# Log level
matrix_bot_honoroit_loglevel: ''
# Text prefix: open
matrix_bot_honoroit_text_prefix_open: ''
# Text prefix: done
matrix_bot_honoroit_text_prefix_done: ''
# Text: greetings
matrix_bot_honoroit_text_greetings: ''
# Text: error
matrix_bot_honoroit_text_error: ''
# Text: empty room
matrix_bot_honoroit_text_emptyroom: ''
# Text: done
matrix_bot_honoroit_text_done: ''
# Additional environment variables to pass to the Honoroit container
#
# Example:
# matrix_bot_honoroit_environment_variables_extension: |
# HONOROIT_TEXT_DONE=Done
matrix_bot_honoroit_environment_variables_extension: ''

3
roles/matrix-bot-honoroit/tasks/init.yml
Unescape View File

@ -0,0 +1,3 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
when: matrix_bot_honoroit_enabled|bool

21
roles/matrix-bot-honoroit/tasks/main.yml
Unescape View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
tags:
- setup-all
- setup-bot-honoroit
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_bot_honoroit_enabled|bool"
tags:
- setup-all
- setup-bot-honoroit
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_bot_honoroit_enabled|bool"
tags:
- setup-all
- setup-bot-honoroit

92
roles/matrix-bot-honoroit/tasks/setup_install.yml
Unescape View File

@ -0,0 +1,92 @@
---
- set_fact:
matrix_bot_honoroit_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
register: matrix_bot_honoroit_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_bot_honoroit_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-honoroit.service']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_bot_honoroit_requires_restart: true
when: "matrix_bot_honoroit_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_bot_honoroit_database_engine == 'postgres'"
- name: Ensure honoroit paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_bot_honoroit_config_path }}", when: true }
- { path: "{{ matrix_bot_honoroit_data_path }}", when: true }
- { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true }
- { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
when: "item.when|bool"
- name: Ensure honoroit environment variables file created
template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_honoroit_config_path }}/env"
mode: 0640
- name: Ensure honoroit image is pulled
docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_honoroit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_honoroit_docker_image_force_pull }}"
when: "not matrix_bot_honoroit_container_image_self_build|bool"
- name: Ensure honoroit repository is present on self-build
git:
repo: "{{ matrix_bot_honoroit_docker_repo }}"
dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
force: "yes"
register: matrix_bot_honoroit_git_pull_results
when: "matrix_bot_honoroit_container_image_self_build|bool"
- name: Ensure honoroit image is built
docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
source: build
force_source: "{{ matrix_bot_honoroit_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
pull: yes
when: "matrix_bot_honoroit_container_image_self_build|bool"
- name: Ensure matrix-bot-honoroit.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-bot-honoroit.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
mode: 0644
register: matrix_bot_honoroit_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
service:
daemon_reload: yes
when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
- name: Ensure matrix-bot-honoroit.service restarted, if necessary
service:
name: "matrix-bot-honoroit.service"
state: restarted
when: "matrix_bot_honoroit_requires_restart|bool"

36
roles/matrix-bot-honoroit/tasks/setup_uninstall.yml
Unescape View File

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-honoroit service
stat:
path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
register: matrix_bot_honoroit_service_stat
- name: Ensure matrix-honoroit is stopped
service:
name: matrix-bot-honoroit
state: stopped
enabled: no
daemon_reload: yes
register: stopping_result
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
- name: Ensure matrix-bot-honoroit.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-bot-honoroit.service"
state: absent
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
service:
daemon_reload: yes
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
- name: Ensure Matrix honoroit paths don't exist
file:
path: "{{ matrix_bot_honoroit_base_path }}"
state: absent
- name: Ensure honoroit Docker image doesn't exist
docker_image:
name: "{{ matrix_bot_honoroit_docker_image }}"
state: absent

10
roles/matrix-bot-honoroit/tasks/validate_config.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_bot_honoroit_password"
- "matrix_bot_honoroit_roomid"

17
roles/matrix-bot-honoroit/templates/env.j2
Unescape View File

@ -0,0 +1,17 @@
HONOROIT_LOGIN={{ matrix_bot_honoroit_login }}
HONOROIT_PASSWORD={{ matrix_bot_honoroit_password }}
HONOROIT_HOMESERVER={{ matrix_bot_honoroit_homeserver }}
HONOROIT_ROOMID={{ matrix_bot_honoroit_roomid }}
HONOROIT_DB_DSN={{ matrix_bot_honoroit_database_connection_string }}
HONOROIT_DB_DIALECT={{ matrix_bot_honoroit_database_dialect }}
HONOROIT_PREFIX={{ matrix_bot_honoroit_prefix }}
HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
HONOROIT_TEXT_GREETINGS={{ matrix_bot_honoroit_text_greetings }}
HONOROIT_TEXT_ERROR={{ matrix_bot_honoroit_text_error }}
HONOROIT_TEXT_EMPTYROOM={{ matrix_bot_honoroit_text_emptyroom }}
HONOROIT_TEXT_DONE={{ matrix_bot_honoroit_text_done }}
{{ matrix_bot_honoroit_environment_variables_extension }}

39
roles/matrix-bot-honoroit/templates/systemd/matrix-bot-honoroit.service.j2
Unescape View File

@ -0,0 +1,39 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix helpdesk bot
{% for service in matrix_bot_honoroit_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_bot_honoroit_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-honoroit \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_honoroit_config_path }}/env \
--mount type=bind,src={{ matrix_bot_honoroit_data_path }},dst=/data \
{% for arg in matrix_bot_honoroit_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_honoroit_docker_image }}
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-honoroit 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-honoroit 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-honoroit
[Install]
WantedBy=multi-user.target

2
roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_container_self_build: false
matrix_bot_matrix_reminder_bot_container_image_self_build: false
matrix_bot_matrix_reminder_bot_docker_repo: "https://github.com/anoadragon453/matrix-reminder-bot.git"
matrix_bot_matrix_reminder_bot_docker_src_files_path: "{{ matrix_base_data_path }}/matrix-reminder-bot/docker-src"

6
roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
Unescape View File

@ -46,7 +46,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_matrix_reminder_bot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_matrix_reminder_bot_docker_image_force_pull }}"
when: "not matrix_bot_matrix_reminder_bot_container_self_build|bool"
when: "not matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
- name: Ensure matrix-reminder-bot repository is present on self-build
git:
@ -54,7 +54,7 @@
dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
force: "yes"
register: matrix_bot_matrix_reminder_bot_git_pull_results
when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
- name: Ensure matrix-reminder-bot image is built
docker_image:
@ -66,7 +66,7 @@
dockerfile: docker/Dockerfile
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
pull: yes
when: "matrix_bot_matrix_reminder_bot_container_self_build|bool"
when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
- name: Ensure matrix-reminder-bot config installed
copy:

9
roles/matrix-bot-matrix-reminder-bot/tasks/validate_config.yml
Unescape View File

@ -8,3 +8,12 @@
with_items:
- "matrix_bot_matrix_reminder_bot_matrix_user_password"
- "matrix_bot_matrix_reminder_bot_reminders_timezone"
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_bot_matrix_reminder_bot_container_self_build', 'new': 'matrix_bot_matrix_reminder_bot_container_image_self_build'}

4
roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
Unescape View File

@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
{{ matrix_bot_matrix_reminder_bot_docker_image }} \
-c "matrix-reminder-bot /config/config.yaml"
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-matrix-reminder-bot 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-matrix-reminder-bot 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-matrix-reminder-bot

3
roles/matrix-bot-mjolnir/defaults/main.yml
Unescape View File

@ -3,14 +3,13 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.1.20"
matrix_bot_mjolnir_version: "v1.2.1"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"

4
roles/matrix-bot-mjolnir/templates/systemd/matrix-bot-mjolnir.service.j2
Unescape View File

@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \
{% endfor %}
{{ matrix_bot_mjolnir_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-mjolnir

2
roles/matrix-bridge-appservice-discord/defaults/main.yml
Unescape View File

@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false
#
# To use Postgres:
# - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables
# - adjust your database credentials via the `matrix_appservice_discord_database_*` variables
matrix_appservice_discord_database_engine: 'sqlite'
matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db"

4
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
Unescape View File

@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-discord 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-discord 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-discord

2
roles/matrix-bridge-appservice-irc/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@
matrix_appservice_irc_enabled: true
matrix_appservice_irc_container_self_build: false
matrix_appservice_irc_container_image_self_build: false
matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git"
matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src"

2
roles/matrix-bridge-appservice-irc/tasks/init.yml
Unescape View File

@ -3,7 +3,7 @@
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_self_build and matrix_appservice_irc_enabled"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_irc_container_image_self_build and matrix_appservice_irc_enabled"
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.

10
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
Unescape View File

@ -1,5 +1,7 @@
---
- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
- name: Ensure Appservice IRC paths exist
file:
path: "{{ item.path }}"
@ -11,7 +13,7 @@
- { path: "{{ matrix_appservice_irc_base_path }}", when: true }
- { path: "{{ matrix_appservice_irc_config_path }}", when: true }
- { path: "{{ matrix_appservice_irc_data_path }}", when: true }
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_self_build }}" }
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" }
when: item.when|bool
- name: Check if an old passkey file already exists
@ -61,7 +63,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_self_build|bool"
when: "matrix_appservice_irc_enabled|bool and not matrix_appservice_irc_container_image_self_build|bool"
- name: Ensure matrix-appservice-irc repository is present when self-building
git:
@ -69,7 +71,7 @@
dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
force: "yes"
register: matrix_appservice_irc_git_pull_results
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool"
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool"
- name: Ensure matrix-appservice-irc Docker image is built
docker_image:
@ -81,7 +83,7 @@
dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: yes
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
- name: Ensure Matrix Appservice IRC config installed
copy:

1
roles/matrix-bridge-appservice-irc/tasks/validate_config.yml
Unescape View File

@ -33,3 +33,4 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_irc_container_expose_client_server_api_port', 'new': '<superseded by matrix_appservice_irc_container_http_host_bind_port>'}
- {'old': 'matrix_appservice_irc_container_self_build', 'new': 'matrix_appservice_irc_container_image_self_build'}

4
roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
Unescape View File

@ -36,8 +36,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-irc 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-irc 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-irc

4
roles/matrix-bridge-appservice-slack/defaults/main.yml
Unescape View File

@ -3,11 +3,11 @@
matrix_appservice_slack_enabled: true
matrix_appservice_slack_container_self_build: false
matrix_appservice_slack_container_image_self_build: false
matrix_appservice_slack_docker_repo: "https://github.com/matrix-org/matrix-appservice-slack.git"
matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-slack/docker-src"
matrix_appservice_slack_version: release-1.8.0
matrix_appservice_slack_version: release-1.10.0
matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_version }}"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"

4
roles/matrix-bridge-appservice-slack/tasks/init.yml
Unescape View File

@ -3,7 +3,7 @@
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_self_build and matrix_appservice_slack_enabled"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_slack_container_image_self_build and matrix_appservice_slack_enabled"
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
@ -44,7 +44,7 @@
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-slack role.
when: matrix_nginx_proxy_role_executed|default(False)|bool

8
roles/matrix-bridge-appservice-slack/tasks/setup_install.yml
Unescape View File

@ -11,7 +11,7 @@
- { path: "{{ matrix_appservice_slack_base_path }}", when: true }
- { path: "{{ matrix_appservice_slack_config_path }}", when: true }
- { path: "{{ matrix_appservice_slack_data_path }}", when: true }
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_self_build }}" }
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" }
when: item.when|bool
- set_fact:
@ -37,7 +37,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_slack_docker_image_force_pull }}"
when: "not matrix_appservice_slack_container_self_build|bool"
when: "not matrix_appservice_slack_container_image_self_build|bool"
- name: Ensure matrix-appservice-slack repository is present when self-building
git:
@ -45,7 +45,7 @@
dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
force: "yes"
register: matrix_appservice_slack_git_pull_results
when: "matrix_appservice_slack_container_self_build|bool"
when: "matrix_appservice_slack_container_image_self_build|bool"
- name: Ensure matrix-appservice-slack Docker image is built
docker_image:
@ -57,7 +57,7 @@
dockerfile: Dockerfile
path: "{{ matrix_appservice_slack_docker_src_files_path }}"
pull: yes
when: "matrix_appservice_slack_container_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
- name: Ensure Matrix Appservice Slack config installed
copy:

9
roles/matrix-bridge-appservice-slack/tasks/validate_config.yml
Unescape View File

@ -11,3 +11,12 @@
- "matrix_appservice_slack_homeserver_url"
- "matrix_appservice_slack_homeserver_token"
- "matrix_appservice_slack_id_token"
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_appservice_slack_container_self_build', 'new': 'matrix_appservice_slack_container_image_self_build'}

4
roles/matrix-bridge-appservice-slack/templates/config.yaml.j2
Unescape View File

@ -5,9 +5,9 @@ bot_username: "{{ matrix_appservice_slack_bot_name }}"
username_prefix: {{ matrix_appservice_slack_user_prefix }}
homeserver:
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
server_name: "{{ matrix_domain }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
{% if matrix_appservice_slack_database_engine == 'nedb' %}
dbdir: "/data"

4
roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
Unescape View File

@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-sla
{{ matrix_appservice_slack_docker_image }} \
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-slack 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-slack 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-slack

10
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
Unescape View File

@ -1,15 +1,15 @@
# matrix-appservice-webhooks is a Matrix <-> webhook bridge
# See: https://github.com/turt2live/matrix-appservice-webhooks
# See: https://github.com/redoonetworks/matrix-appservice-webhooks
matrix_appservice_webhooks_enabled: true
matrix_appservice_webhooks_container_image_self_build: false
matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/turt2live/matrix-appservice-webhooks"
matrix_appservice_webhooks_container_image_self_build_repo: "https://github.com/redoonetworks/matrix-appservice-webhooks"
matrix_appservice_webhooks_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_webhooks_version == 'latest' else matrix_appservice_webhooks_version }}"
matrix_appservice_webhooks_container_image_self_build_repo_dockerfile_path: "Dockerfile"
matrix_appservice_webhooks_version: latest
matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}turt2live/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
matrix_appservice_webhooks_version: v1.0.3-01
matrix_appservice_webhooks_docker_image: "{{ matrix_appservice_webhooks_docker_image_name_prefix }}redoonetworks/matrix-appservice-webhooks:{{ matrix_appservice_webhooks_version }}"
matrix_appservice_webhooks_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_webhooks_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
@ -22,8 +22,6 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
matrix_appservice_webhooks_control_room_id: ''
matrix_appservice_webhooks_bot_name: 'webhookbot'
matrix_appservice_webhooks_user_prefix: '_webhook'

2
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
Unescape View File

@ -37,7 +37,7 @@
msg: >-
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
when: matrix_nginx_proxy_role_executed|default(False)|bool

4
roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
Unescape View File

@ -35,8 +35,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-web
{{ matrix_appservice_webhooks_docker_image }} \
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-webhooks 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-webhooks 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-webhooks

14
roles/matrix-bridge-beeper-linkedin/defaults/main.yml
Unescape View File

@ -3,14 +3,22 @@
matrix_beeper_linkedin_enabled: true
matrix_beeper_linkedin_version: v0.5.1
matrix_beeper_linkedin_version: v0.5.2
# See: https://gitlab.com/beeper/linkedin/container_registry
matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}-{{ matrix_architecture }}"
matrix_beeper_linkedin_container_image_self_build: false
matrix_beeper_linkedin_container_image_self_build_repo: "https://gitlab.com/beeper/linkedin"
matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"

60
roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
Unescape View File

@ -7,6 +7,20 @@
msg: >-
The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Beeper LinkedIn paths exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_beeper_linkedin_base_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_config_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_data_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" }
when: "item.when|bool"
- name: Ensure Beeper LinkedIn image is pulled
docker_image:
@ -14,18 +28,42 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
when: "not matrix_beeper_linkedin_container_image_self_build|bool"
- name: Ensure Beeper LinkedIn paths exists
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_beeper_linkedin_base_path }}"
- "{{ matrix_beeper_linkedin_config_path }}"
- "{{ matrix_beeper_linkedin_data_path }}"
- block:
- name: Ensure Beeper LinkedIn repository is present on self-build
git:
repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
force: "yes"
register: matrix_beeper_linkedin_git_pull_results
# Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated.
# See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40
- name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image
command: |
{{ matrix_host_command_docker }} run \
--rm \
--entrypoint=/bin/sh \
--mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \
-w /work \
docker.io/python:3.9.6-buster \
-c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
- name: Ensure Beeper LinkedIn Docker image is built
docker_image:
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: build
force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
pull: yes
args:
TARGETARCH: "{{ matrix_architecture }}"
when: "matrix_beeper_linkedin_container_image_self_build|bool"
- name: Ensure beeper-linkedin config.yaml installed
copy:

4
roles/matrix-bridge-beeper-linkedin/templates/systemd/matrix-beeper-linkedin.service.j2
Unescape View File

@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedi
{{ matrix_beeper_linkedin_docker_image }} \
python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-beeper-linkedin

2
roles/matrix-bridge-heisenbridge/defaults/main.yml
Unescape View File

@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.7.0
matrix_heisenbridge_version: 1.10.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

4
roles/matrix-bridge-heisenbridge/templates/systemd/matrix-heisenbridge.service.j2
Unescape View File

@ -41,8 +41,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-heisenbridge \
--listen-port 9898 \
{{ matrix_heisenbridge_homeserver_url }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
ExecStop=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
ExecStopPost=-{{ matrix_host_command_docker }} kill matrix-heisenbridge
ExecStopPost=-{{ matrix_host_command_docker }} rm matrix-heisenbridge
Restart=always
RestartSec=30
SyslogIdentifier=matrix-heisenbridge

2
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
Unescape View File

@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: ''
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables
matrix_mautrix_facebook_database_engine: 'postgres'
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"

4
roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
Unescape View File

@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebo
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-facebook 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-facebook 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-facebook

2
roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
Unescape View File

@ -47,7 +47,7 @@ matrix_mautrix_googlechat_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables
matrix_mautrix_googlechat_database_engine: 'sqlite'
matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"

2
roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
Unescape View File

@ -28,7 +28,7 @@
msg: >-
Trying to append Mautrix googlechat's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-googlechat role.
when: matrix_nginx_proxy_role_executed|default(False)|bool

4
roles/matrix-bridge-mautrix-googlechat/templates/systemd/matrix-mautrix-googlechat.service.j2
Unescape View File

@ -33,8 +33,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-google
{{ matrix_mautrix_googlechat_docker_image }} \
python3 -m mautrix_googlechat -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-googlechat 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-googlechat 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-googlechat

2
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
Unescape View File

@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables
matrix_mautrix_hangouts_database_engine: 'sqlite'
matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"

2
roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
Unescape View File

@ -28,7 +28,7 @@
msg: >-
Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role.
when: matrix_nginx_proxy_role_executed|default(False)|bool

4
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
Unescape View File

@ -44,8 +44,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangou
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts

4
roles/matrix-bridge-mautrix-instagram/defaults/main.yml
Unescape View File

@ -6,7 +6,7 @@ matrix_mautrix_instagram_enabled: true
matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
matrix_mautrix_instagram_version: latest
matrix_mautrix_instagram_version: v0.1.2
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"
@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables
matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'

2
roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
Unescape View File

@ -43,7 +43,7 @@ appservice:
bot_username: {{ matrix_mautrix_instagram_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: instagram bridge bot
bot_displayname: Instagram bridge bot
bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
# Community ID for bridged users (changes registration file) and rooms.

4
roles/matrix-bridge-mautrix-instagram/templates/systemd/matrix-mautrix-instagram.service.j2
Unescape View File

@ -32,8 +32,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-instag
{{ matrix_mautrix_instagram_docker_image }} \
python3 -m mautrix_instagram -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-instagram 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-instagram 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-instagram

10
roles/matrix-bridge-mautrix-signal/defaults/main.yml
Unescape View File

@ -3,21 +3,21 @@
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_self_build: false
matrix_mautrix_signal_container_image_self_build: false
matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: latest
matrix_mautrix_signal_daemon_version: latest
matrix_mautrix_signal_version: v0.2.2
matrix_mautrix_signal_daemon_version: 0.16.1
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_daemon_container_self_build: false
matrix_mautrix_signal_daemon_container_image_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"

16
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
Unescape View File

@ -14,7 +14,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
when: "not matrix_mautrix_signal_container_self_build|bool"
when: "not matrix_mautrix_signal_container_image_self_build|bool"
- name: Ensure Mautrix Signal repository is present on self-build
@ -23,19 +23,19 @@
dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_signal_git_pull_results
when: "matrix_mautrix_signal_container_self_build|bool"
when: "matrix_mautrix_signal_container_image_self_build|bool"
- name: Ensure Mautrix Signal image is built
docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signal_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_signal_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_signal_container_self_build|bool"
when: "matrix_mautrix_signal_container_image_self_build|bool"
- name: Ensure Mautrix Signal Daemon image is pulled
@ -44,7 +44,7 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_self_build|bool
when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build|bool
register: matrix_mautrix_signal_daemon_pull_results
- name: Ensure Mautrix Signal Daemon repository is present on self-build
@ -53,19 +53,19 @@
dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_signal_daemon_git_pull_results
when: "matrix_mautrix_signal_daemon_container_self_build|bool"
when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
- name: Ensure Mautrix Signal Daemon image is built
docker_image:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_signal_daemon_container_self_build|bool"
when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"
- name: Ensure Mautrix Signal paths exist
file:

2
roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml
Unescape View File

@ -26,3 +26,5 @@
- {'old': 'matrix_mautrix_signal_db_port', 'new': 'matrix_mautrix_signal_database_port'}
- {'old': 'matrix_mautrix_signal_db_url', 'new': 'matrix_mautrix_signal_database_connection_string'}
- {'old': 'matrix_mautrix_signal_configuration_permissions', 'new': '<superseded by matrix_mautrix_signal_configuration_extension_yaml>'}
- {'old': 'matrix_mautrix_signal_container_self_build', 'new': 'matrix_mautrix_signal_container_image_self_build'}
- {'old': 'matrix_mautrix_signal_daemon_container_self_build', 'new': 'matrix_mautrix_signal_daemon_container_image_self_build'}

73
roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
Unescape View File

@ -15,6 +15,8 @@ homeserver:
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
@ -32,25 +34,19 @@ appservice:
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. Only Postgres is currently supported.
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_mautrix_signal_database_connection_string }}
# Additional arguments for asyncpg.create_pool()
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
database_opts:
min_size: 5
max_size: 10
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: signal
# Username of the appservice bot.
@ -66,7 +62,12 @@ appservice:
# Example: "+signal:example.com". Set to false to disable.
community_id: false
# Authentication tokens for AS <-> HS communication.
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_signal_appservice_token }}"
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
@ -75,6 +76,17 @@ metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/mautrix-signal.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
@ -91,6 +103,8 @@ signal:
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Bridge config
bridge:
@ -102,6 +116,7 @@ bridge:
# available variable in displayname_preference. The variables in displayname_preference
# can also be used here directly.
displayname_template: "{displayname} (Signal)"
# Whether or not contact list displaynames should be used.
# Possible values: disallow, allow, prefer
#
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
@ -140,7 +155,7 @@ bridge:
# If false, created portal rooms will never be federated.
federate_rooms: true
# End-to-bridge encryption support options. You must install the e2be optional dependency for
# this to work. See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
@ -173,12 +188,38 @@ bridge:
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Interval at which to resync contacts.
# Interval at which to resync contacts (in seconds).
periodic_sync: 0
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!signal"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `register` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.

4
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
Unescape View File

@ -30,8 +30,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
{{ matrix_mautrix_signal_daemon_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal-daemon 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null'
Restart=always
RestartSec=30

5
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal.service.j2
Unescape View File

@ -26,6 +26,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs /tmp \
{% if matrix_mautrix_signal_container_http_host_bind_port %}
-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \
{% endif %}
@ -37,8 +38,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal
{{ matrix_mautrix_signal_docker_image }} \
python3 -m mautrix_signal -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-signal 2>/dev/null'
ExecStopPost=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null'
Restart=always
RestartSec=30

17
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
Unescape View File

@ -3,17 +3,17 @@
matrix_mautrix_telegram_enabled: true
matrix_telegram_lottieconverter_container_self_build: false
matrix_telegram_lottieconverter_container_self_build_mask_arch: false
matrix_telegram_lottieconverter_container_image_self_build: false
matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.14" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.15" # needs to be ajusted according to FROM clause of Dockerfile of mautrix-telegram
matrix_mautrix_telegram_container_self_build: false
matrix_mautrix_telegram_container_image_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.10.1
matrix_mautrix_telegram_version: v0.11.1
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables
# - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables
matrix_mautrix_telegram_database_engine: 'sqlite'
matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"
@ -130,3 +130,8 @@ matrix_mautrix_telegram_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"
# Templates for defining MXID's and displaynames for users and rooms.
matrix_mautrix_telegram_username_template: 'telegram_{userid}'
matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'

4
roles/matrix-bridge-mautrix-telegram/tasks/init.yml
Unescape View File

@ -3,7 +3,7 @@
- name: Fail if trying to self-build on Ansible < 2.8
fail:
msg: "To self-build the Element image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_self_build and matrix_mautrix_telegram_enabled"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_telegram_container_image_self_build and matrix_mautrix_telegram_enabled"
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram.service'] }}"
@ -28,7 +28,7 @@
msg: >-
Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
when: matrix_nginx_proxy_role_executed|default(False)|bool

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save