commit
ee707a2c73
@ -0,0 +1 @@
|
||||
* text=auto eol=lf
|
@ -0,0 +1,24 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:base"
|
||||
],
|
||||
"regexManagers": [
|
||||
{
|
||||
"fileMatch": ["defaults/main.yml$"],
|
||||
"matchStrings": [
|
||||
"# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[a-z-0-9]+?))?\\s+[A-Za-z0-9_]+?(?:_version|_tag)\\s*:\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
|
||||
]
|
||||
}
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"matchSourceUrlPrefixes": [
|
||||
"https://github.com/devture/com.devture.ansible.role",
|
||||
"https://gitlab.com/etke.cc/roles",
|
||||
"https://github.com/mother-of-all-self-hosting"
|
||||
],
|
||||
"ignoreUnstable": false
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,38 @@
|
||||
# Setting up Mautrix gmessages (optional)
|
||||
|
||||
The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you, for bridging to [Google Messages](https://messages.google.com/).
|
||||
|
||||
See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you.
|
||||
|
||||
Use the following playbook configuration:
|
||||
|
||||
```yaml
|
||||
matrix_mautrix_gmessages_enabled: true
|
||||
```
|
||||
|
||||
## Set up Double Puppeting
|
||||
|
||||
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
|
||||
|
||||
### Method 1: automatically, by enabling Shared Secret Auth
|
||||
|
||||
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
|
||||
|
||||
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
|
||||
|
||||
### Method 2: manually, by asking each user to provide a working access token
|
||||
|
||||
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
|
||||
|
||||
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
|
||||
|
||||
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
|
||||
|
||||
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
|
||||
|
||||
- make sure you don't log out the `Mautrix-gmessages` device some time in the future, as that would break the Double Puppeting feature
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
You then need to start a chat with `@gmessagesbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
@ -0,0 +1,33 @@
|
||||
# Setting up Mautrix wsproxy (optional)
|
||||
|
||||
The playbook can install and configure [mautrix-wsproxy](https://github.com/mautrix/wsproxy) for you.
|
||||
|
||||
See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you.
|
||||
|
||||
|
||||
## DNS
|
||||
|
||||
You need to create a `wsproxy.DOMAIN` DNS record pointing to your Matrix server (a `CNAME` pointing to `matrix.DOMAIN`) to use wsproxy.
|
||||
The hostname is configurable via a `matrix_mautrix_wsproxy_hostname` variable.
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
Use the following playbook configuration:
|
||||
|
||||
```yaml
|
||||
matrix_mautrix_wsproxy_enabled: true
|
||||
|
||||
matrix_mautrix_androidsms_appservice_token: 'secret token from bridge'
|
||||
matrix_mautrix_androidsms_homeserver_token: 'secret token from bridge'
|
||||
matrix_mautrix_imessage_appservice_token: 'secret token from bridge'
|
||||
matrix_mautrix_imessage_homeserver_token: 'secret token from bridge'
|
||||
matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge'
|
||||
```
|
||||
|
||||
Note that the tokens must match what is compiled into the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android device.
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
Follow the [matrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s).
|
@ -0,0 +1,42 @@
|
||||
# Configuring SchildiChat (optional)
|
||||
|
||||
By default, this playbook does not install the [SchildiChat](https://github.com/SchildiChat/schildichat-desktop) Matrix client web application.
|
||||
|
||||
**WARNING**: SchildiChat is based on Element-web, but its releases are lagging behind. As an example (from 2023-08-31), SchildiChat is 10 releases behind (it being based on element-web `v1.11.30`, while element-web is now on `v1.11.40`). Element-web frequently suffers from security issues, so running something based on an ancient Element-web release is **dangerous**. Use SchildiChat at your own risk!
|
||||
|
||||
|
||||
## Enabling SchildiChat
|
||||
|
||||
If you'd like for the playbook to install SchildiChat, you can enable it in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_client_schildichat_enabled: true
|
||||
```
|
||||
|
||||
|
||||
## Configuring SchildiChat settings
|
||||
|
||||
The playbook provides some customization variables you could use to change schildichat's settings.
|
||||
|
||||
Their defaults are defined in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml) and they ultimately end up in the generated `/matrix/schildichat/config.json` file (on the server). This file is generated from the [`roles/custom/matrix-client-schildichat/templates/config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2) template.
|
||||
|
||||
**If there's an existing variable** which controls a setting you wish to change, you can simply define that variable in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) and [re-run the playbook](installing.md) to apply the changes.
|
||||
|
||||
Alternatively, **if there is no pre-defined variable** for an schildichat setting you wish to change:
|
||||
|
||||
- you can either **request a variable to be created** (or you can submit such a contribution yourself). Keep in mind that it's **probably not a good idea** to create variables for each one of schildichat's various settings that rarely get used.
|
||||
|
||||
- or, you can **extend and override the default configuration** ([`config.json.j2`](../roles/custom/matrix-client-schildichat/templates/config.json.j2)) by making use of the `matrix_client_schildichat_configuration_extension_json_` variable. You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
|
||||
|
||||
- or, if extending the configuration is still not powerful enough for your needs, you can **override the configuration completely** using `matrix_client_schildichat_configuration_default` (or `matrix_client_schildichat_configuration`). You can find information about this in [`roles/custom/matrix-client-schildichat/defaults/main.yml`](../roles/custom/matrix-client-schildichat/defaults/main.yml).
|
||||
|
||||
|
||||
## Themes
|
||||
|
||||
To change the look of schildichat, you can define your own themes manually by using the `matrix_client_schildichat_setting_defaults_custom_themes` setting.
|
||||
|
||||
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_schildichat_themes_enabled: true`).
|
||||
|
||||
If you make your own theme, we encourage you to submit it to the **aaronraimist/element-themes** project, so that the whole community could easily enjoy it.
|
||||
|
||||
Note that for a custom theme to work well, all schildichat instances that you use must have the same theme installed.
|
@ -0,0 +1,106 @@
|
||||
# Setting up matrix-media-repo (optional)
|
||||
|
||||
[matrix-media-repo](https://docs.t2bot.io/matrix-media-repo/) is a highly customizable multi-domain media repository for Matrix. Intended for medium to large environments consisting of several homeservers, this media repo de-duplicates media (including remote media) while being fully compliant with the specification.
|
||||
|
||||
Smaller/individual homeservers can still make use of this project's features, though it may be difficult to set up or have higher than expected resource consumption. Please do your research before deploying this as this project may not be useful for your environment.
|
||||
|
||||
For a simpler alternative (which allows you to offload your media repository storage to S3, etc.), you can [configure S3 storage](configuring-playbook-s3.md) instead of setting up matrix-media-repo.
|
||||
|
||||
## Quickstart
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
||||
|
||||
```yaml
|
||||
matrix_media_repo_enabled: true
|
||||
|
||||
# (optional) Turned off by default
|
||||
# matrix_media_repo_metrics_enabled: true
|
||||
```
|
||||
|
||||
The repo is pre-configured for integrating with the Postgres database, NGINX proxy and [Prometheus/Grafana](configuring-playbook-prometheus-grafana.md) (if metrics enabled) from this playbook for all the available homeserver roles. When the media repo is enabled, other media store roles should be disabled (if using Synapse with other media store roles).
|
||||
|
||||
By default, the media-repo will use the local filesystem for data storage. Additional options include `s3` and `IPFS` (experimental). Access token caching is also enabled by default since the logout endpoints are proxied through the media repo.
|
||||
|
||||
## Configuring the media-repo
|
||||
|
||||
Additional common configuration options:
|
||||
```yaml
|
||||
|
||||
# The postgres database pooling options
|
||||
|
||||
# The maximum number of connects to hold open. More of these allow for more concurrent
|
||||
# processes to happen.
|
||||
matrix_media_repo_database_max_connections: 25
|
||||
|
||||
# The maximum number of connects to leave idle. More of these reduces the time it takes
|
||||
# to serve requests in low-traffic scenarios.
|
||||
matrix_media_repo_database_max_idle_connections: 5
|
||||
|
||||
# These users have full access to the administrative functions of the media repository.
|
||||
# See https://github.com/turt2live/matrix-media-repo/blob/release-v1.2.8/docs/admin.md for information on what these people can do. They must belong to one of the
|
||||
# configured homeservers above.
|
||||
matrix_media_repo_admins:
|
||||
admins: []
|
||||
# admins:
|
||||
# - "@your_username:example.org"
|
||||
|
||||
# Datastores are places where media should be persisted. This isn't dedicated for just uploads:
|
||||
# thumbnails and other misc data is also stored in these places. The media repo, when looking
|
||||
# for a datastore to use, will always use the smallest datastore first.
|
||||
matrix_media_repo_datastores:
|
||||
datastores:
|
||||
- type: file
|
||||
enabled: true # Enable this to set up data storage.
|
||||
# Datastores can be split into many areas when handling uploads. Media is still de-duplicated
|
||||
# across all datastores (local content which duplicates remote content will re-use the remote
|
||||
# content's location). This option is useful if your datastore is becoming very large, or if
|
||||
# you want faster storage for a particular kind of media.
|
||||
#
|
||||
# The kinds available are:
|
||||
# thumbnails - Used to store thumbnails of media (local and remote).
|
||||
# remote_media - Original copies of remote media (servers not configured by this repo).
|
||||
# local_media - Original uploads for local media.
|
||||
# archives - Archives of content (GDPR and similar requests).
|
||||
forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
|
||||
opts:
|
||||
path: /data/media
|
||||
|
||||
- type: s3
|
||||
enabled: false # Enable this to set up s3 uploads
|
||||
forKinds: ["thumbnails", "remote_media", "local_media", "archives"]
|
||||
opts:
|
||||
# The s3 uploader needs a temporary location to buffer files to reduce memory usage on
|
||||
# small file uploads. If the file size is unknown, the file is written to this location
|
||||
# before being uploaded to s3 (then the file is deleted). If you aren't concerned about
|
||||
# memory usage, set this to an empty string.
|
||||
tempPath: "/tmp/mediarepo_s3_upload"
|
||||
endpoint: sfo2.digitaloceanspaces.com
|
||||
accessKeyId: ""
|
||||
accessSecret: ""
|
||||
ssl: true
|
||||
bucketName: "your-media-bucket"
|
||||
# An optional region for where this S3 endpoint is located. Typically not needed, though
|
||||
# some providers will need this (like Scaleway). Uncomment to use.
|
||||
#region: "sfo2"
|
||||
# An optional storage class for tuning how the media is stored at s3.
|
||||
# See https://aws.amazon.com/s3/storage-classes/ for details; uncomment to use.
|
||||
#storageClass: STANDARD
|
||||
|
||||
# The media repo does support an IPFS datastore, but only if the IPFS feature is enabled. If
|
||||
# the feature is not enabled, this will not work. Note that IPFS support is experimental at
|
||||
# the moment and not recommended for general use.
|
||||
#
|
||||
# NOTE: Everything you upload to IPFS will be publicly accessible, even when the media repo
|
||||
# puts authentication on the download endpoints. Only use this option for cases where you
|
||||
# expect your media to be publicly accessible.
|
||||
- type: ipfs
|
||||
enabled: false # Enable this to use IPFS support
|
||||
forKinds: ["local_media"]
|
||||
# The IPFS datastore currently has no options. It will use the daemon or HTTP API configured
|
||||
# in the IPFS section of your main config.
|
||||
opts: {}
|
||||
|
||||
```
|
||||
|
||||
Full list of configuration options with documentation can be found in `roles/custom/matrix-media-repo/templates/defaults/main.yml`
|
||||
|
@ -1,53 +1,71 @@
|
||||
---
|
||||
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-aux.git
|
||||
version: v1.0.0-1
|
||||
version: v1.0.0-3
|
||||
name: auxiliary
|
||||
- src: git+https://gitlab.com/etke.cc/roles/backup_borg.git
|
||||
version: v1.2.4-1.7.15-0
|
||||
version: v1.2.7-1.8.5-0
|
||||
name: backup_borg
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git
|
||||
version: v0.1.1-2
|
||||
name: container_socket_proxy
|
||||
- src: git+https://github.com/geerlingguy/ansible-role-docker
|
||||
version: 7.0.2
|
||||
name: docker
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
|
||||
version: 129c8590e106b83e6f4c259649a613c6279e937a
|
||||
name: docker_sdk_for_python
|
||||
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
||||
version: v1.9.3-0
|
||||
name: etherpad
|
||||
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
||||
version: v10.2.2-0
|
||||
name: grafana
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
|
||||
version: v9111-0
|
||||
name: jitsi
|
||||
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
||||
version: v2.8.0-0
|
||||
name: ntfy
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
|
||||
version: c1f40e82b4d6b072b6f0e885239322bdaaaf554f
|
||||
name: playbook_help
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages.git
|
||||
version: 9b4b088c62b528b73a9a7c93d3109b091dd42ec6
|
||||
name: playbook_runtime_messages
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
|
||||
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
|
||||
name: playbook_state_preserver
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
|
||||
version: v15.3-0
|
||||
version: v16.1-0
|
||||
name: postgres
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
|
||||
version: 8e9ec48a09284c84704d7a2dce17da35f181574d
|
||||
version: 5dd334c0b7f0a2795023ec9ece747c3ea3da06f2
|
||||
name: postgres_backup
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
||||
version: v2.48.0-0
|
||||
name: prometheus
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
|
||||
version: v1.7.0-0
|
||||
name: prometheus_node_exporter
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
|
||||
version: v0.14.0-0
|
||||
name: prometheus_postgres_exporter
|
||||
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
||||
version: v7.2.0-0
|
||||
name: redis
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
|
||||
version: v1.0.0-0
|
||||
name: systemd_docker_base
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
|
||||
version: v1.0.0-1
|
||||
version: v1.0.0-3
|
||||
name: systemd_service_manager
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
|
||||
version: v1.0.0-0
|
||||
name: timesync
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
|
||||
version: v2.10.3-0
|
||||
version: v2.10.6-0
|
||||
name: traefik
|
||||
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
|
||||
version: v2.8.1-0
|
||||
- src: git+https://gitlab.com/etke.cc/roles/etherpad.git
|
||||
version: v1.9.0-0
|
||||
- src: git+https://github.com/geerlingguy/ansible-role-docker
|
||||
version: 6.1.0
|
||||
name: geerlingguy.docker
|
||||
- src: git+https://gitlab.com/etke.cc/roles/grafana.git
|
||||
version: v10.0.1-1
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
|
||||
version: v8615-0
|
||||
name: jitsi
|
||||
- src: git+https://gitlab.com/etke.cc/roles/ntfy.git
|
||||
version: v2.6.2-0
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
|
||||
version: v2.45.0-0
|
||||
name: prometheus
|
||||
- src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git
|
||||
version: v1.6.0-0
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
|
||||
version: v0.13.1-0
|
||||
name: prometheus_postgres_exporter
|
||||
- src: git+https://gitlab.com/etke.cc/roles/redis.git
|
||||
version: v7.0.10-0
|
||||
name: traefik_certs_dumper
|
||||
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
|
||||
- name: Delete cache files
|
||||
ansible.builtin.file:
|
||||
state: "{{ item }}"
|
||||
path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- absent
|
||||
- directory
|
@ -1,12 +1,16 @@
|
||||
bot:
|
||||
server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
|
||||
username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
|
||||
access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
|
||||
password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
|
||||
|
||||
api:
|
||||
# API endpoint of the registration tokens
|
||||
base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
|
||||
# Access token of an administrator on the server
|
||||
{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %}
|
||||
token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
|
||||
{% endif %}
|
||||
|
||||
logging:
|
||||
level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}
|
||||
|
||||
|
@ -0,0 +1,154 @@
|
||||
---
|
||||
# mautrix-gmessages is a Matrix <-> gmessages bridge
|
||||
# Project source code URL: https://github.com/mautrix/gmessages
|
||||
|
||||
matrix_mautrix_gmessages_enabled: true
|
||||
|
||||
matrix_mautrix_gmessages_container_image_self_build: false
|
||||
matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git"
|
||||
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
|
||||
|
||||
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
|
||||
matrix_mautrix_gmessages_version: v0.2.2
|
||||
|
||||
# See: https://mau.dev/mautrix/gmessages/container_registry
|
||||
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
|
||||
matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
matrix_mautrix_gmessages_docker_image_force_pull: "{{ matrix_mautrix_gmessages_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_mautrix_gmessages_base_path: "{{ matrix_base_data_path }}/mautrix-gmessages"
|
||||
matrix_mautrix_gmessages_config_path: "{{ matrix_mautrix_gmessages_base_path }}/config"
|
||||
matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/data"
|
||||
matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src"
|
||||
|
||||
matrix_mautrix_gmessages_homeserver_address: "{{ matrix_homeserver_container_url }}"
|
||||
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
|
||||
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
|
||||
|
||||
matrix_mautrix_gmessages_command_prefix: "!gm"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mautrix_gmessages_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-mautrix-gmessages.service depends on.
|
||||
matrix_mautrix_gmessages_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-mautrix-gmessages.service wants
|
||||
matrix_mautrix_gmessages_systemd_wanted_services_list: []
|
||||
|
||||
matrix_mautrix_gmessages_appservice_token: ''
|
||||
matrix_mautrix_gmessages_homeserver_token: ''
|
||||
|
||||
matrix_mautrix_gmessages_appservice_bot_username: gmessagesbot
|
||||
|
||||
# Minimum severity of journal log messages.
|
||||
# Options: debug, info, warn, error, fatal
|
||||
matrix_mautrix_gmessages_logging_level: 'warn'
|
||||
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
matrix_mautrix_gmessages_federate_rooms: true
|
||||
|
||||
# Whether or not metrics endpoint should be enabled.
|
||||
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
|
||||
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`.
|
||||
matrix_mautrix_gmessages_metrics_enabled: false
|
||||
|
||||
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`.
|
||||
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
|
||||
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
|
||||
matrix_mautrix_gmessages_metrics_proxying_enabled: false
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# To use SQLite, stick to these defaults.
|
||||
#
|
||||
# To use Postgres:
|
||||
# - change the engine (`matrix_mautrix_gmessages_database_engine: 'postgres'`)
|
||||
# - adjust your database credentials via the `matrix_mautrix_gmessages_database_*` variables
|
||||
matrix_mautrix_gmessages_database_engine: 'sqlite'
|
||||
|
||||
matrix_mautrix_gmessages_sqlite_database_path_local: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
|
||||
matrix_mautrix_gmessages_sqlite_database_path_in_container: "/data/mautrix-gmessages.db"
|
||||
|
||||
matrix_mautrix_gmessages_database_username: 'matrix_mautrix_gmessages'
|
||||
matrix_mautrix_gmessages_database_password: 'some-password'
|
||||
matrix_mautrix_gmessages_database_hostname: ''
|
||||
matrix_mautrix_gmessages_database_port: 5432
|
||||
matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages'
|
||||
matrix_mautrix_gmessages_database_sslmode: disable
|
||||
|
||||
matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode={{ matrix_mautrix_gmessages_database_sslmode }}'
|
||||
|
||||
matrix_mautrix_gmessages_appservice_database_type: "{{
|
||||
{
|
||||
'sqlite': 'sqlite3',
|
||||
'postgres':'postgres',
|
||||
}[matrix_mautrix_gmessages_database_engine]
|
||||
}}"
|
||||
|
||||
matrix_mautrix_gmessages_appservice_database_uri: "{{
|
||||
{
|
||||
'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container,
|
||||
'postgres': matrix_mautrix_gmessages_database_connection_string,
|
||||
}[matrix_mautrix_gmessages_database_engine]
|
||||
}}"
|
||||
|
||||
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||
matrix_mautrix_gmessages_login_shared_secret: ''
|
||||
matrix_mautrix_gmessages_bridge_login_shared_secret_map:
|
||||
"{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
|
||||
|
||||
# Enable End-to-bridge encryption
|
||||
matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
|
||||
matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
|
||||
matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
|
||||
|
||||
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
|
||||
matrix_mautrix_gmessages_bridge_mute_bridging: true
|
||||
|
||||
matrix_mautrix_gmessages_bridge_permissions: |
|
||||
{{
|
||||
{'*': 'relay', matrix_mautrix_gmessages_homeserver_domain: 'user'}
|
||||
| combine({matrix_admin: 'admin'} if matrix_admin else {})
|
||||
}}
|
||||
|
||||
# Default mautrix-gmessages configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_gmessages_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_gmessages_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_gmessages_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_mautrix_gmessages_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_mautrix_gmessages_configuration_yaml`.
|
||||
|
||||
matrix_mautrix_gmessages_configuration_extension: "{{ matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml if matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_gmessages_configuration_yaml`.
|
||||
matrix_mautrix_gmessages_configuration: "{{ matrix_mautrix_gmessages_configuration_yaml | from_yaml | combine(matrix_mautrix_gmessages_configuration_extension, recursive=True) }}"
|
||||
|
||||
matrix_mautrix_gmessages_registration_yaml: |
|
||||
id: gmessages
|
||||
url: {{ matrix_mautrix_gmessages_appservice_address }}
|
||||
as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
|
||||
# See https://github.com/mautrix/signal/issues/43
|
||||
sender_localpart: _bot_{{ matrix_mautrix_gmessages_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
namespaces:
|
||||
users:
|
||||
- regex: '^@gmessages_.+:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
|
||||
exclusive: true
|
||||
- exclusive: true
|
||||
regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$'
|
||||
de.sorunome.msc2409.push_ephemeral: true
|
||||
|
||||
matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}"
|
@ -0,0 +1,35 @@
|
||||
---
|
||||
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Trying to append mautrix-gmessages-metrics's reverse-proxying configuration to matrix-nginx-proxy,
|
||||
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||
To fix this, please change the order of roles in your playbook,
|
||||
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-gmessages role.
|
||||
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||
|
||||
- when: matrix_mautrix_gmessages_metrics_proxying_enabled | bool
|
||||
block:
|
||||
- name: Generate mautrix-gmessages metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
|
||||
ansible.builtin.set_fact:
|
||||
matrix_mautrix_gmessages_nginx_metrics_configuration_block: |
|
||||
location /metrics/mautrix-gmessages {
|
||||
{% if matrix_nginx_proxy_enabled | default(False) %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-mautrix-gmessages:8001";
|
||||
proxy_pass http://$backend/metrics;
|
||||
{% else %}
|
||||
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
- name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages)
|
||||
ansible.builtin.set_fact:
|
||||
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
|
||||
{{
|
||||
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
|
||||
+
|
||||
[matrix_mautrix_gmessages_nginx_metrics_configuration_block]
|
||||
}}
|
@ -0,0 +1,29 @@
|
||||
---
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
- install-all
|
||||
- install-nginx-proxy
|
||||
block:
|
||||
- when: matrix_mautrix_gmessages_enabled | bool and matrix_mautrix_gmessages_metrics_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-mautrix-gmessages
|
||||
- install-all
|
||||
- install-mautrix-gmessages
|
||||
block:
|
||||
- when: matrix_mautrix_gmessages_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
|
||||
- when: matrix_mautrix_gmessages_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-mautrix-gmessages
|
||||
block:
|
||||
- when: not matrix_mautrix_gmessages_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
@ -0,0 +1,140 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_mautrix_gmessages_requires_restart: false
|
||||
|
||||
- when: "matrix_mautrix_gmessages_database_engine == 'postgres'"
|
||||
block:
|
||||
- name: Check if an SQLite database already exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
|
||||
register: matrix_mautrix_gmessages_sqlite_database_path_local_stat_result
|
||||
|
||||
- when: "matrix_mautrix_gmessages_sqlite_database_path_local_stat_result.stat.exists | bool"
|
||||
block:
|
||||
- ansible.builtin.include_role:
|
||||
name: galaxy/com.devture.ansible.role.postgres
|
||||
tasks_from: migrate_db_to_postgres
|
||||
vars:
|
||||
devture_postgres_db_migration_request:
|
||||
src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
|
||||
dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
|
||||
caller: "{{ role_path | basename }}"
|
||||
engine_variable_name: 'matrix_mautrix_gmessages_database_engine'
|
||||
engine_old: 'sqlite'
|
||||
systemd_services_to_stop: ['matrix-mautrix-gmessages.service']
|
||||
pgloader_options: ['--with "quote identifiers"']
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_mautrix_gmessages_requires_restart: true
|
||||
|
||||
- name: Ensure Mautrix gmessages paths exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true}
|
||||
- {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true}
|
||||
- {path: "{{ matrix_mautrix_gmessages_data_path }}", when: true}
|
||||
- {path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}", when: "{{ matrix_mautrix_gmessages_container_image_self_build }}"}
|
||||
when: item.when | bool
|
||||
|
||||
- name: Ensure Mautrix gmessages image is pulled
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_mautrix_gmessages_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_mautrix_gmessages_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_docker_image_force_pull }}"
|
||||
when: not matrix_mautrix_gmessages_container_image_self_build
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_container_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||
until: result is not failed
|
||||
|
||||
- name: Ensure Mautrix gmessages repository is present on self-build
|
||||
ansible.builtin.git:
|
||||
repo: "{{ matrix_mautrix_gmessages_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
|
||||
version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}"
|
||||
force: "yes"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
register: matrix_mautrix_gmessages_git_pull_results
|
||||
when: "matrix_mautrix_gmessages_container_image_self_build | bool"
|
||||
|
||||
- name: Ensure Mautrix gmessages Docker image is built
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_mautrix_gmessages_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_mautrix_gmessages_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}"
|
||||
pull: true
|
||||
when: "matrix_mautrix_gmessages_container_image_self_build | bool"
|
||||
|
||||
- name: Check if an old database file exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
|
||||
register: matrix_mautrix_gmessages_stat_database
|
||||
|
||||
- name: Check if an old matrix state file exists
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
|
||||
register: matrix_mautrix_gmessages_stat_mx_state
|
||||
|
||||
- name: (Data relocation) Ensure matrix-mautrix-gmessages.service is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-mautrix-gmessages
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
failed_when: false
|
||||
when: "matrix_mautrix_gmessages_stat_database.stat.exists"
|
||||
|
||||
- name: (Data relocation) Move mautrix-gmessages database file to ./data directory
|
||||
ansible.builtin.command:
|
||||
cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db {{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
|
||||
creates: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db"
|
||||
removes: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db"
|
||||
when: "matrix_mautrix_gmessages_stat_database.stat.exists"
|
||||
|
||||
- name: (Data relocation) Move mautrix-gmessages mx-state file to ./data directory
|
||||
ansible.builtin.command:
|
||||
cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mx-state.json {{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
|
||||
creates: "{{ matrix_mautrix_gmessages_data_path }}/mx-state.json"
|
||||
removes: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json"
|
||||
when: "matrix_mautrix_gmessages_stat_mx_state.stat.exists"
|
||||
|
||||
- name: Ensure mautrix-gmessages config.yaml installed
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
||||
dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure mautrix-gmessages registration.yaml installed
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}"
|
||||
dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-mautrix-gmessages.service installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-mautrix-gmessages.service.j2"
|
||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
|
||||
ansible.builtin.service:
|
||||
name: "matrix-mautrix-gmessages.service"
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
when: "matrix_mautrix_gmessages_requires_restart | bool"
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-mautrix-gmessages service
|
||||
ansible.builtin.stat:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
|
||||
register: matrix_mautrix_gmessages_service_stat
|
||||
|
||||
- when: matrix_mautrix_gmessages_service_stat.stat.exists | bool
|
||||
block:
|
||||
- name: Ensure matrix-mautrix-gmessages is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-mautrix-gmessages
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
|
||||
- name: Ensure matrix-mautrix-gmessages.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service"
|
||||
state: absent
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
- name: Fail if required mautrix-gmessages settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item.name }}`).
|
||||
when: "item.when | bool and vars[item.name] == ''"
|
||||
with_items:
|
||||
- {'name': 'matrix_mautrix_gmessages_appservice_token', when: true}
|
||||
- {'name': 'matrix_mautrix_gmessages_homeserver_token', when: true}
|
||||
- {'name': 'matrix_mautrix_gmessages_database_hostname', when: "{{ matrix_mautrix_gmessages_database_engine == 'postgres' }}"}
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Your configuration contains a variable, which now has a different name.
|
||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}
|
@ -0,0 +1,292 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_gmessages_homeserver_address }}
|
||||
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
|
||||
|
||||
# What software is the homeserver running?
|
||||
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
|
||||
software: standard
|
||||
# The URL to push real-time bridge status to.
|
||||
# If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
|
||||
# The bridge will use the appservice as_token to authorize requests.
|
||||
status_endpoint: null
|
||||
# Endpoint for reporting per-message status.
|
||||
message_send_checkpoint_endpoint: null
|
||||
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
|
||||
async_media: false
|
||||
|
||||
# Should the bridge use a websocket for connecting to the homeserver?
|
||||
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
|
||||
# mautrix-asmux (deprecated), and hungryserv (proprietary).
|
||||
websocket: false
|
||||
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
|
||||
ping_interval_seconds: 0
|
||||
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_gmessages_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
|
||||
type: postgres
|
||||
# The database URI.
|
||||
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
|
||||
# https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
|
||||
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
|
||||
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
|
||||
# Parsed with https://pkg.go.dev/time#ParseDuration
|
||||
max_conn_idle_time: null
|
||||
max_conn_lifetime: null
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: gmessages
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: {{ matrix_mautrix_gmessages_appservice_bot_username|to_json }}
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: Google Messages bridge bot
|
||||
avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
|
||||
|
||||
# Whether or not to receive ephemeral events via appservice transactions.
|
||||
# Requires MSC2409 support (i.e. Synapse 1.22+).
|
||||
ephemeral_events: true
|
||||
|
||||
# Should incoming events be handled asynchronously?
|
||||
# This may be necessary for large public instances with lots of messages going through.
|
||||
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
|
||||
async_transactions: false
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
|
||||
|
||||
# Segment API key to track some events, like provisioning API login and encryption errors.
|
||||
segment_key: null
|
||||
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
|
||||
segment_user_id: null
|
||||
|
||||
# Prometheus config.
|
||||
metrics:
|
||||
# Enable prometheus metrics?
|
||||
enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
|
||||
# IP and port where the metrics listener should be. The path is always /metrics
|
||||
listen: 127.0.0.1:8001
|
||||
|
||||
google_messages:
|
||||
# OS name to tell the phone. This is the name that shows up in the paired devices list.
|
||||
os: mautrix-gmessages
|
||||
# Browser type to tell the phone. This decides which icon is shown.
|
||||
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
|
||||
browser: OTHER
|
||||
|
||||
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
|
||||
# If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
|
||||
aggressive_reconnect: false
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for SMS users.
|
||||
# {{ '{{.}}' }} is replaced with an identifier of the recipient.
|
||||
username_template: "{{ 'gmessages_{{.}}' }}"
|
||||
# Displayname template for SMS users.
|
||||
# {{ '{{.FullName}}' }} - Full name provided by the phone
|
||||
# {{ '{{.FirstName}}' }} - First name provided by the phone
|
||||
# {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone
|
||||
displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}"
|
||||
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
|
||||
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
|
||||
# Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
|
||||
delivery_receipts: false
|
||||
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
|
||||
message_status_events: false
|
||||
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
|
||||
message_error_notices: true
|
||||
|
||||
portal_message_buffer: 128
|
||||
|
||||
# Should the bridge update the m.direct account data event when double puppeting is enabled.
|
||||
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
|
||||
# and is therefore prone to race conditions.
|
||||
sync_direct_chat_list: false
|
||||
# Number of chats to sync when connecting to Google Messages.
|
||||
initial_chat_sync_count: 25
|
||||
# Backfill settings
|
||||
backfill:
|
||||
# Number of messages to backfill in new chats.
|
||||
initial_limit: 50
|
||||
# Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
|
||||
missed_limit: 100
|
||||
|
||||
# Servers to always allow double puppeting from
|
||||
double_puppet_server_map:
|
||||
"{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
|
||||
# Allow using double puppeting from any server with a valid client .well-known file.
|
||||
double_puppet_allow_discovery: false
|
||||
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, double puppeting will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
|
||||
|
||||
# Whether to explicitly set the avatar and room name for private chat portal rooms.
|
||||
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
|
||||
# If set to `always`, all DM rooms will have explicit names and avatars set.
|
||||
# If set to `never`, DM rooms will never have names and avatars set.
|
||||
private_chat_portal_meta: default
|
||||
# Should Matrix m.notice-type messages be bridged?
|
||||
bridge_notices: true
|
||||
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
|
||||
# This field will automatically be changed back to false after it, except if the config file is not writable.
|
||||
resend_bridge_info: false
|
||||
# When using double puppeting, should muted chats be muted in Matrix?
|
||||
mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
|
||||
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
|
||||
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
|
||||
archive_tag: null
|
||||
# Same as above, but for pinned chats. The favorite tag is called m.favourite
|
||||
pinned_tag: null
|
||||
# Should mute status and tags only be bridged when the portal room is created?
|
||||
tag_only_on_create: true
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
|
||||
# Should the bridge never send alerts to the bridge management room?
|
||||
# These are mostly things like the user being logged out.
|
||||
disable_bridge_alerts: false
|
||||
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
|
||||
# This is currently not supported in most clients.
|
||||
caption_in_message: false
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!gm"
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
management_room_text:
|
||||
# Sent when joining a room.
|
||||
welcome: "Hello, I'm a Google Messages bridge bot."
|
||||
# Sent when joining a management room and the user is already logged in.
|
||||
welcome_connected: "Use `help` for help."
|
||||
# Sent when joining a management room and the user is not logged in.
|
||||
welcome_unconnected: "Use `help` for help or `login` to log in."
|
||||
# Optional extra text sent when joining a management room.
|
||||
additional_help: ""
|
||||
|
||||
# End-to-bridge encryption support options.
|
||||
#
|
||||
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
|
||||
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
|
||||
appservice: false
|
||||
# Require encryption, drop any unencrypted messages.
|
||||
require: false
|
||||
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
|
||||
# You must use a client that supports requesting keys from other users to use this feature.
|
||||
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
|
||||
# Options for deleting megolm sessions from the bridge.
|
||||
delete_keys:
|
||||
# Beeper-specific: delete outbound sessions when hungryserv confirms
|
||||
# that the user has uploaded the key to key backup.
|
||||
delete_outbound_on_ack: false
|
||||
# Don't store outbound sessions in the inbound table.
|
||||
dont_store_outbound: false
|
||||
# Ratchet megolm sessions forward after decrypting messages.
|
||||
ratchet_on_decrypt: false
|
||||
# Delete fully used keys (index >= max_messages) after decrypting messages.
|
||||
delete_fully_used_on_decrypt: false
|
||||
# Delete previous megolm sessions from same device when receiving a new one.
|
||||
delete_prev_on_new_session: false
|
||||
# Delete megolm sessions received from a device when the device is deleted.
|
||||
delete_on_device_delete: false
|
||||
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
|
||||
periodically_delete_expired: false
|
||||
# Delete inbound megolm sessions that don't have the received_at field used for
|
||||
# automatic ratcheting and expired session deletion. This is meant as a migration
|
||||
# to delete old keys prior to the bridge update.
|
||||
delete_outdated_inbound: false
|
||||
# What level of device verification should be required from users?
|
||||
#
|
||||
# Valid levels:
|
||||
# unverified - Send keys to all device in the room.
|
||||
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
|
||||
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
|
||||
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
|
||||
# Note that creating user signatures from the bridge bot is not currently possible.
|
||||
# verified - Require manual per-device verification
|
||||
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
|
||||
verification_levels:
|
||||
# Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
|
||||
receive: unverified
|
||||
# Minimum level that the bridge should accept for incoming Matrix messages.
|
||||
send: unverified
|
||||
# Minimum level that the bridge should require for accepting key requests.
|
||||
share: cross-signed-tofu
|
||||
# Options for Megolm room key rotation. These options allow you to
|
||||
# configure the m.room.encryption event content. See:
|
||||
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
|
||||
# more information about that event.
|
||||
rotation:
|
||||
# Enable custom Megolm room key rotation settings. Note that these
|
||||
# settings will only apply to rooms created after this option is
|
||||
# set.
|
||||
enable_custom: false
|
||||
# The maximum number of milliseconds a session should be used
|
||||
# before changing it. The Matrix spec recommends 604800000 (a week)
|
||||
# as the default.
|
||||
milliseconds: 604800000
|
||||
# The maximum number of messages that should be sent with a given a
|
||||
# session before changing it. The Matrix spec recommends 100 as the
|
||||
# default.
|
||||
messages: 100
|
||||
|
||||
# Disable rotating keys when a user's devices change?
|
||||
# You should not enable this option unless you understand all the implications.
|
||||
disable_device_change_key_rotation: false
|
||||
|
||||
# Settings for provisioning API
|
||||
provisioning:
|
||||
# Prefix for the provisioning API paths.
|
||||
prefix: /_matrix/provision
|
||||
# Shared secret for authentication. If set to "generate", a random secret will be generated,
|
||||
# or if set to "disable", the provisioning API will be disabled.
|
||||
shared_secret: generate
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Access to use the bridge to link their own Google Messages on android.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
|
||||
|
||||
# Logging config. See https://github.com/tulir/zeroconfig for details.
|
||||
logging:
|
||||
min_level: {{ matrix_mautrix_gmessages_logging_level }}
|
||||
writers:
|
||||
- type: stdout
|
||||
format: pretty-colored
|
@ -0,0 +1,43 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Mautrix gmessages bridge
|
||||
{% for service in matrix_mautrix_gmessages_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_mautrix_gmessages_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
|
||||
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-gmessages \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
-v {{ matrix_mautrix_gmessages_config_path }}:/config:z \
|
||||
-v {{ matrix_mautrix_gmessages_data_path }}:/data:z \
|
||||
--workdir=/data \
|
||||
{% for arg in matrix_mautrix_gmessages_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_mautrix_gmessages_docker_image }} \
|
||||
/usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml
|
||||
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true'
|
||||
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mautrix-gmessages
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,156 @@
|
||||
---
|
||||
# mautrix-wsproxy is a Matrix <-> websocket bridge
|
||||
# See: https://github.com/mautrix/wsproxy
|
||||
|
||||
matrix_mautrix_wsproxy_enabled: true
|
||||
|
||||
matrix_mautrix_wsproxy_version: latest
|
||||
# See: https://mau.dev/mautrix/wsproxy/container_registry
|
||||
matrix_mautrix_wsproxy_docker_image: "dock.mau.dev/mautrix/wsproxy:{{ matrix_mautrix_wsproxy_version }}"
|
||||
matrix_mautrix_wsproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_mautrix_wsproxy_base_path: "{{ matrix_base_data_path }}/wsproxy"
|
||||
matrix_mautrix_wsproxy_config_path: "{{ matrix_mautrix_wsproxy_base_path }}/config"
|
||||
|
||||
matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}"
|
||||
matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}"
|
||||
|
||||
matrix_mautrix_wsproxy_bind_port: false
|
||||
matrix_mautrix_wsproxy_port: 29331
|
||||
|
||||
matrix_mautrix_wsproxy_appservice_address: "http://matrix-mautrix-wsproxy:{{ matrix_mautrix_wsproxy_port }}"
|
||||
|
||||
matrix_mautrix_wsproxy_hostname: ""
|
||||
|
||||
# The base container network. It will be auto-created by this role if it doesn't exist already.
|
||||
matrix_mautrix_wsproxy_container_network: matrix-mautrix-wsproxy
|
||||
|
||||
# matrix_mautrix_wsproxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# To inject your own other container labels, see `matrix_mautrix_wsproxy_container_labels_additional_labels`.
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_enabled: true
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_mautrix_wsproxy_container_network }}"
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_hostname: "{{ matrix_mautrix_wsproxy_hostname }}"
|
||||
# The path prefix must either be `/` or not end with a slash (e.g. `/wsproxy`).
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_rule: "Host(`{{ matrix_mautrix_wsproxy_container_labels_traefik_hostname }}`)"
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_priority: 0
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: web-secure
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_tls: "{{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints != 'web' }}"
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: default # noqa var-naming
|
||||
|
||||
# Controls which additional headers to attach to all HTTP responses.
|
||||
# To add your own headers, use `matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom`
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto: {}
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom: {}
|
||||
matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers: "{{ matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto | combine(matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom) }}"
|
||||
|
||||
# matrix_mautrix_wsproxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file.
|
||||
# See `../templates/labels.j2` for details.
|
||||
#
|
||||
# Example:
|
||||
# matrix_mautrix_wsproxy_container_labels_additional_labels: |
|
||||
# my.label=1
|
||||
# another.label="here"
|
||||
matrix_mautrix_wsproxy_container_labels_additional_labels: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mautrix_wsproxy_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-mautrix-wsproxy.service depends on.
|
||||
matrix_mautrix_wsproxy_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-mautrix-wsproxy.service wants
|
||||
matrix_mautrix_wsproxy_systemd_wanted_services_list: []
|
||||
|
||||
matrix_mautrix_androidsms_appservice_token: ''
|
||||
matrix_mautrix_androidsms_homeserver_token: ''
|
||||
|
||||
matrix_mautrix_imessage_appservice_token: ''
|
||||
matrix_mautrix_imessage_homeserver_token: ''
|
||||
|
||||
matrix_mautrix_androidsms_appservice_bot_username: androidsmsbot
|
||||
matrix_mautrix_imessage_appservice_bot_username: imessagebot
|
||||
|
||||
# Default mautrix-wsproxy configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_wsproxy_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_wsproxy_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_wsproxy_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_mautrix_wsproxy_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_mautrix_wsproxy_configuration_yaml`.
|
||||
|
||||
matrix_mautrix_wsproxy_configuration_extension: "{{ matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml if matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_wsproxy_configuration_yaml`.
|
||||
matrix_mautrix_wsproxy_configuration: "{{ matrix_mautrix_wsproxy_configuration_yaml|from_yaml|combine(matrix_mautrix_wsproxy_configuration_extension, recursive=True) }}"
|
||||
|
||||
matrix_mautrix_androidsms_registration_yaml: |
|
||||
id: androidsms
|
||||
url: {{ matrix_mautrix_wsproxy_appservice_address }}
|
||||
as_token: "{{ matrix_mautrix_androidsms_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_androidsms_homeserver_token }}"
|
||||
sender_localpart: _bot_{{ matrix_mautrix_androidsms_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
namespaces:
|
||||
users:
|
||||
- regex: '@androidsms_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$'
|
||||
exclusive: true
|
||||
- exclusive: true
|
||||
regex: '^@{{ matrix_mautrix_androidsms_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$'
|
||||
|
||||
matrix_mautrix_androidsms_registration: "{{ matrix_mautrix_androidsms_registration_yaml|from_yaml }}"
|
||||
|
||||
matrix_mautrix_imessage_registration_yaml: |
|
||||
id: imessage
|
||||
url: {{ matrix_mautrix_wsproxy_appservice_address }}
|
||||
as_token: "{{ matrix_mautrix_imessage_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_imessage_homeserver_token }}"
|
||||
sender_localpart: _bot_{{ matrix_mautrix_imessage_appservice_bot_username }}
|
||||
rate_limited: false
|
||||
namespaces:
|
||||
users:
|
||||
- regex: '@imessage_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$'
|
||||
exclusive: true
|
||||
- exclusive: true
|
||||
regex: '^@{{ matrix_mautrix_imessage_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$'
|
||||
|
||||
matrix_mautrix_imessage_registration: "{{ matrix_mautrix_imessage_registration_yaml|from_yaml }}"
|
||||
|
||||
# Syncproxy-related configuration fields
|
||||
# renovate: datasource=docker depName=dock.mau.dev/mautrix/syncproxy
|
||||
matrix_mautrix_wsproxy_syncproxy_version: latest
|
||||
# See: https://mau.dev/mautrix/wsproxy/container_registry
|
||||
matrix_mautrix_wsproxy_syncproxy_docker_image: "dock.mau.dev/mautrix/syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_version }}"
|
||||
matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image.endswith(':latest') }}"
|
||||
matrix_mautrix_wsproxy_syncproxy_container_extra_arguments: []
|
||||
|
||||
matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: ['docker.service', 'matrix-mautrix-wsproxy.service']
|
||||
matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: []
|
||||
|
||||
matrix_mautrix_wsproxy_syncproxy_shared_secret: ''
|
||||
matrix_mautrix_wsproxy_syncproxy_port: 29332
|
||||
matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wsproxy-syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_port }}"
|
||||
|
||||
# Database-related configuration fields
|
||||
#
|
||||
# This bridge supports Postgres and SQLite.
|
||||
#
|
||||
matrix_mautrix_wsproxy_syncproxy_database_engine: 'postgres'
|
||||
|
||||
matrix_mautrix_wsproxy_syncproxy_database_username: 'matrix_mautrix_wsproxy_syncproxy'
|
||||
matrix_mautrix_wsproxy_syncproxy_database_password: 'some-password'
|
||||
matrix_mautrix_wsproxy_syncproxy_database_hostname: 'matrix-postgres'
|
||||
matrix_mautrix_wsproxy_syncproxy_database_port: 5432
|
||||
matrix_mautrix_wsproxy_syncproxy_database_name: 'matrix_mautrix_wsproxy_syncproxy'
|
||||
|
||||
matrix_mautrix_signal_wsproxy_syncproxy_connection_string: 'postgres://{{ matrix_mautrix_wsproxy_syncproxy_database_username }}:{{ matrix_mautrix_wsproxy_syncproxy_database_password }}@{{ matrix_mautrix_wsproxy_syncproxy_database_hostname }}:{{ matrix_mautrix_wsproxy_syncproxy_database_port }}/{{ matrix_mautrix_wsproxy_syncproxy_database_name }}'
|
@ -0,0 +1,48 @@
|
||||
---
|
||||
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
Trying to append Mautrix Wsproxy reverse-proxying configuration to matrix-nginx-proxy,
|
||||
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||
To fix this, please change the order of roles in your playbook,
|
||||
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-wsproxy role.
|
||||
when: matrix_nginx_proxy_role_executed | default(False) | bool
|
||||
|
||||
- tags:
|
||||
- always
|
||||
when: matrix_mautrix_wsproxy_enabled|bool
|
||||
block:
|
||||
- name: Generate Mautrix Wsproxy proxying configuration for matrix-nginx-proxy
|
||||
ansible.builtin.set_fact:
|
||||
matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration: |
|
||||
location ~ ^/(_matrix/wsproxy/.*) {
|
||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-mautrix-wsproxy:29331";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:29331;
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
- name: Register Mautrix Wsproxy proxying configuration with matrix-nginx-proxy
|
||||
ansible.builtin.set_fact:
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
||||
{{
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
|
||||
+
|
||||
[matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration]
|
||||
}}
|
||||
|
||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||
ansible.builtin.debug:
|
||||
msg: >-
|
||||
NOTE: You've enabled the Mautrix wsproxy bridge but are not using the matrix-nginx-proxy
|
||||
reverse proxy.
|
||||
Please make sure that you're proxying the `{{ matrix_mautrix_wsproxy_public_endpoint }}`
|
||||
URL endpoint to the matrix-mautrix-wsproxy container.
|
||||
You can expose the container's port using the `matrix_mautrix_wsproxy_container_http_host_bind_port` variable.
|
||||
when: "matrix_mautrix_wsproxy_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue