Commit Graph

73 Commits

Author SHA1 Message Date
Slavi Pantaleev
845f5f007b Make Synapse use ma1sd (if enabled) for threepid registration 2020-04-03 10:08:37 +03:00
Marcel Partap
874e2e1fc0 Rename variables (s/mxisd/ma1sd/) and adapt roles 2020-04-02 11:31:38 +02:00
Slavi Pantaleev
e06ac41db1 Do not try to obtain jitsi.DOMAIN certificate if Jitsi is disabled 2020-03-24 16:21:26 +02:00
Slavi Pantaleev
d605b219a2 Manage Jitsi configuration by ourselves for most components
We do this for 2 reasons:

- so we can control things which are not controllable using environment
variables (for example `stunServers` in jitsi/web, since we don't wish
to use the hardcoded Google STUN servers if our own Coturn is enabled)

- so playbook variable changes will properly rebuild the configuration.
When using Jitsi environment variables, the configuration is only built
once (the first time) and never rebuilt again. This is not the
consistent with the rest of the playbook and with how Ansible operates.
We're not perfect at it (yet), because we still let the Jitsi containers
generate some files on their own, but we are closer and it should be
good enough for most things.

Related to #415 (Github Pull Request).
2020-03-24 09:35:21 +02:00
Slavi Pantaleev
cdd9ee1962 Add Jitsi support 2020-03-23 17:19:15 +02:00
Slavi Pantaleev
2b85fde103 Rename some variables for consistency 2020-03-15 10:15:27 +02:00
Slavi Pantaleev
8fe97abe7d Wire matrix_container_images_self_build to self_build variables via group_vars/matrix_servers
This keeps the roles cleaner and more independent of matrix-base,
which may be important for people building their own playbook
out of the individual roles and not using the matrix-base role.
2020-03-15 10:10:41 +02:00
Horvath Gergely
310aa685f9 refactor based on Slavi's requests 2020-03-08 00:24:00 +01:00
Horvath Gergely
d53d63ab07 Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into raspberry-pi 2020-03-07 13:57:44 +01:00
Slavi Pantaleev
4a06e52660 Fix matrix-appservice-slack configuration when matrix-nginx-proxy is disabled 2020-03-03 17:48:51 +02:00
Slavi Pantaleev
be6c048abe Remove useless matrix_appservice_webhooks_webhooks_port
In relation to #392 (Github Issue)
2020-03-03 12:38:26 +02:00
Horvath Gergely
a096eafb45 add possibility to install synapse on raspberry pi 2020-02-17 21:48:48 +01:00
teutates
2c4eef72c3
fix slack bridge: salt too large, sha512_crypt requires <= 16 chars 2020-02-10 02:47:26 +01:00
joao-p-marques
a0b313b3d1 fix invalid password salt on slack bridge 2020-02-06 00:25:26 +00:00
Zach Mertes
e0defd4d4c
Fix invalid password salts for slack webhooks 2020-01-24 05:06:36 -05:00
Slavi Pantaleev
2c04384e8e Synchronize config with the one from Synapse 1.9.0
Related to #355.
2020-01-23 15:47:53 +02:00
Björn Marten
50bf8c8dd7 Add matrix-appservice-webhooks role. 2020-01-13 17:20:49 +01:00
Slavi Pantaleev
bd38861179 Add support for automatic Double Puppeting for all Mautrix bridges 2020-01-12 20:28:36 +02:00
Aaron Raimist
2ea507e2ea
Don't make it Dimension specific 2019-12-09 22:23:56 -06:00
Aaron Raimist
79d1576648
Allow Synapse manhole to be enabled
Can you double check that the way I have this set only exposes it locally? It is important that the manhole is not available to the outside world since it is quite powerful and the password is hard coded.
2019-12-05 00:07:15 -06:00
Slavi Pantaleev
65da600426
Merge branch 'master' into master 2019-08-21 07:34:20 +03:00
Slavi Pantaleev
c8a4d59a81
Merge pull request #251 from Munfred/master
Add mautrix-hangouts bridge role and documentation
2019-08-21 07:15:14 +03:00
Slavi Pantaleev
e4b67fdb6b
Fix typo 2019-08-20 09:07:54 +03:00
microchipster
0585889d5a add hangouts bridge by copying facebook bridge and find-replacing 2019-08-06 05:27:40 +00:00
Slavi Pantaleev
4be35822dd Add Email2Matrix support 2019-08-05 13:09:49 +03:00
kingoftheconnors
177ec295b4 Fixed matrix-appservice-slack docker command problems 2019-07-27 14:25:13 -04:00
kingoftheconnors
49766c5dac Added Slack role 2019-07-26 21:37:21 -04:00
Slavi Pantaleev
8529efcd1c Make Discord bridge configuration playbook-managed
Well, `config.yaml` has been playbook-managed for a long time.
It's now extended to match the default sample config of the Discord
bridge.

With this patch, we also make `registration.yaml` playbook-managed,
which leads us to consistency with all other bridges.

Along with that, we introduce `./config` and `./data` separation,
like we do for the other bridges.
2019-06-26 10:35:00 +03:00
Slavi Pantaleev
782356d421 Use password_hash salts that obey passlib requirements
According to
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html:

> salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended).
> If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z].

Until now, we were using invalid characters (like `-`). We were also
going over the requested length limit of 16 characters.

This is most likely what was causing `ValueError` exceptions for some people,
as reported in #209 (Github Issue).
Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries
to use passlib if available and falls back to Python's `crypt` module if not.
For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib.

Looks like crypt is forgiving when length or character requirements are
not obeyed. It would auto-trim a salt string to make it work, which means
that we could end up with the same hash if we call it with salts which aer only
different after their 16th character.

For these reasons (crypt autotriming and passlib downright complaining),
we're now using shorter and more diverse salts.
2019-06-26 09:37:02 +03:00
Thomas Kuehne
4797469383 Make WhatsApp bridge configuration playbook-managed
- following spantaleev transition of the telegram brigde
- adding a validate_config task
2019-06-24 00:16:04 +02:00
Slavi Pantaleev
174a6fcd1b Make IRC bridge configuration entirely managed by the playbook 2019-06-19 12:29:44 +03:00
Slavi Pantaleev
deeb5a96d5 Disable IRC bridge presence if Synapse presence is disabled 2019-06-19 09:31:09 +03:00
Slavi Pantaleev
4e8543ce21 Make Telegram bridge configuration playbook-managed 2019-06-15 09:43:43 +03:00
Slavi Pantaleev
2902b53267 Minor fixes for consistency 2019-06-15 09:42:40 +03:00
Slavi Pantaleev
3956b300ed Disable riot-web's welcome bot
I've not found this welcome bot to work at all in my previous attempts.
It would simply not reply, even though federation works.

It seems like this is also a potential privacy issue, as per
https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0
2019-06-14 07:49:46 +03:00
Slavi Pantaleev
330648a3e0 Make Facebook bridge configuration playbook-managed
Related to #193, but for the Facebook bridge.
(other bridges can be changed to do the same later).

This patch makes the bridge configuration entirely managed by the
Ansible playbook. The bridge's `config.yaml` and `registration.yaml`
configuration files are regenerated every time the playbook runs.

This allows us to apply updates to those files and to avoid
people having to manage the configuration files manually on the server.

-------------------------------------------------------------

A deficiency of the current approach to dumping YAML configuration in
`config.yaml` is that we strip all comments from it.
Later on, when the bridge actually starts, it will load and redump
(this time with comments), which will make the `config.yaml` file
change.

Subsequent playbook runs will report "changed" for the
"Ensure mautrix-facebook config.yaml installed" task, which is a little
strange.

We might wish to improve this in the future, if possible.

Still, it's better to have a (usually) somewhat meaningless "changed"
task than to what we had -- never rebuilding the configuration.
2019-06-07 14:05:53 +03:00
Slavi Pantaleev
7379968a3c Fix Telegram bridge HTTP proxying when not using matrix-nginx-proxy
From what I see, this was never implemented to begin with.

Fixes #189 (Github Issue).
2019-05-26 20:50:52 +03:00
Slavi Pantaleev
ab59cc50bd Add support for more flexible container port exposing
Fixes #171 (Github Issue).
2019-05-25 07:41:08 +09:00
Dan Arnfield
093859d926 Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning 2019-05-21 10:39:33 -05:00
Slavi Pantaleev
c78b02cbe7 Make bridges not depend on matrix-synapse.service if not enabled 2019-05-21 11:13:52 +09:00
Slavi Pantaleev
3339e37ce9 Move matrix-appservice-irc into a separate role 2019-05-16 09:07:40 +09:00
Slavi Pantaleev
43fd3cc274 Move mautrix-facebook into a separate role 2019-05-15 09:34:31 +09:00
Slavi Pantaleev
bb816df557 Move mautrix telegram and whatsapp into separate roles
The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).
2019-05-14 23:47:22 +09:00
Stuart Mumford
e1d0667ead
url encode username as well 2019-05-03 22:23:03 +01:00
Stuart Mumford
4e998f52c5
urlencode mxisd password 2019-05-03 17:39:43 +01:00
Aaron Raimist
e42fe4b18c
Include Slavi's improvements to keep roles independent 2019-04-27 17:09:21 -05:00
Daniel Hoffend
ca15d219b9 make welcome.html customizable 2019-04-25 01:05:28 +02:00
Slavi Pantaleev
73af8f7bbb Make self-check not validate self-signed certificates
By default, `--tags=self-check` no longer validates certificates
when `matrix_ssl_retrieval_method` is set to `self-signed`.

Besides this default, people can also enable/disable validation using the
individual role variables manually.

Fixes #124 (Github Issue)
2019-03-22 09:41:08 +02:00
Slavi Pantaleev
59e37105e8 Add TLS support to Coturn 2019-03-19 10:24:39 +02:00
Slavi Pantaleev
24cf27c60c Isolate Coturn from services in the default Docker network
Most (all?) of our Matrix services are running in the `matrix` network,
so they were safe -- not accessible from Coturn to begin with.

Isolating Coturn into its own network is a security improvement
for people who were starting other services in the default
Docker network. Those services were potentially reachable over the
private Docker network from Coturn.

Discussed in #120 (Github Pull Request)
2019-03-18 17:41:14 +02:00