Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy into pub.solar
This commit is contained in:
commit
0cc59911d3
17
CHANGELOG.md
17
CHANGELOG.md
|
@ -1,3 +1,20 @@
|
||||||
|
# 2020-06-11
|
||||||
|
|
||||||
|
## SMS bridging requires db reset
|
||||||
|
|
||||||
|
The current version of [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) needs you to delete the database to work as expected. Just remove `/matrix/matrix-sms-bridge/database/*`. It also adds a new requried var `matrix_sms_bridge_default_region`.
|
||||||
|
|
||||||
|
To reuse your existing rooms, invite `@smsbot:yourServer` to the room or write a message. You are also able to use automated room creation with telephonenumers by writing `sms send -t 01749292923 "Hello World"` in a room with `@smsbot:yourServer`. See [the docs](https://github.com/benkuly/matrix-sms-bridge) for more information.
|
||||||
|
|
||||||
|
# 2020-06-05
|
||||||
|
|
||||||
|
## SMS bridging support
|
||||||
|
|
||||||
|
Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge).
|
||||||
|
|
||||||
|
See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started.
|
||||||
|
|
||||||
|
|
||||||
# 2020-05-19
|
# 2020-05-19
|
||||||
|
|
||||||
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
||||||
|
|
|
@ -52,6 +52,8 @@ Using this playbook, you can get the following services configured on your serve
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
|
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
|
||||||
|
|
||||||
|
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS
|
||||||
|
|
||||||
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
|
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
|
||||||
|
|
||||||
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
|
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
|
||||||
|
@ -144,6 +146,8 @@ This playbook sets up your server using the following Docker images:
|
||||||
|
|
||||||
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
|
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
|
||||||
|
|
||||||
|
- [folivonet/matrix-sms-bridge](https://hub.docker.com/repository/docker/folivonet/matrix-sms-bridge) - the [matrix-sms-brdige](https://github.com/benkuly/matrix-sms-bridge) (optional)
|
||||||
|
|
||||||
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional)
|
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional)
|
||||||
|
|
||||||
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
|
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
|
||||||
|
|
|
@ -1,24 +1,29 @@
|
||||||
# Alternative architectures
|
# Alternative architectures
|
||||||
|
|
||||||
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||||
|
|
||||||
To that end add the following variable to your `vars.yaml` file:
|
To that end add the following variable to your `vars.yaml` file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_architecture: <your-matrix-server-architecture>
|
||||||
```
|
```
|
||||||
matrix_architecture = <your-matrix-server-architecture>
|
|
||||||
```
|
|
||||||
Currently supported architectures are the following:
|
Currently supported architectures are the following:
|
||||||
- `amd64` (the default)
|
- `amd64` (the default)
|
||||||
- `arm64`
|
- `arm64`
|
||||||
- `arm32`
|
- `arm32`
|
||||||
|
|
||||||
so for the Raspberry Pi the following should be in your `vars.yaml` file:
|
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
|
||||||
```
|
|
||||||
matrix_architecture = "arm32"
|
```yaml
|
||||||
|
matrix_architecture: "arm32"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Implementation details
|
## Implementation details
|
||||||
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
|
||||||
|
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||||
|
|
||||||
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
||||||
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
|
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
|
||||||
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
|
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
|
||||||
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
|
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
|
||||||
|
|
|
@ -49,7 +49,7 @@ docker run -it --rm \
|
||||||
-v `pwd`:/work \
|
-v `pwd`:/work \
|
||||||
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
||||||
--entrypoint=/bin/sh \
|
--entrypoint=/bin/sh \
|
||||||
devture/ansible:2.8.1-r0
|
devture/ansible:2.9.9-r0
|
||||||
```
|
```
|
||||||
|
|
||||||
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
||||||
|
|
|
@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
|
||||||
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||||
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
||||||
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
||||||
7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id`
|
7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
|
||||||
|
|
||||||
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,17 @@ matrix_synapse_federation_domain_whitelist:
|
||||||
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
|
If you wish to disable federation, you can do that with an empty list (`[]`), or better yet by completely disabling federation (see below).
|
||||||
|
|
||||||
|
|
||||||
|
## Exposing the room directory over federation
|
||||||
|
|
||||||
|
By default, your server's public rooms directory is not exposed to other servers via federation.
|
||||||
|
|
||||||
|
If you wish to expose it, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_synapse_allow_public_rooms_over_federation: true
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Disabling federation
|
## Disabling federation
|
||||||
|
|
||||||
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
To completely disable federation, isolating your server from the rest of the Matrix network, add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||||
|
|
|
@ -81,6 +81,47 @@ matrix_jitsi_jvb_container_extra_arguments:
|
||||||
- '--env "DOCKER_HOST_ADDRESS=<Local IP adress of the host>"'
|
- '--env "DOCKER_HOST_ADDRESS=<Local IP adress of the host>"'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## (Optional) Fine tune Jitsi
|
||||||
|
|
||||||
|
You may want to suspend unused video layers until they are requested again, to save up resources on both server and clients.
|
||||||
|
Read more on this feature [here](https://jitsi.org/blog/new-off-stage-layer-suppression-feature/)
|
||||||
|
For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_jitsi_web_config_enableLayerSuspension: true
|
||||||
|
```
|
||||||
|
|
||||||
|
You may wish to disable audio levels to avoid excessive refresh of the client-side page and decrease the CPU consumption involved.
|
||||||
|
For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_jitsi_web_config_disableAudioLevels: true
|
||||||
|
```
|
||||||
|
|
||||||
|
You may want to limit the number of video feeds forwarded to each client, to save up resources on both server and clients. As clients’ bandwidth and CPU may not bear the load, use this setting to avoid lag and crashes.
|
||||||
|
This feature is found by default in other webconference applications such as Office 365 Teams (limit is set to 4).
|
||||||
|
Read how it works [here](https://github.com/jitsi/jitsi-videobridge/blob/master/doc/last-n.md) and performance evaluation on this [study](https://jitsi.org/wp-content/uploads/2016/12/nossdav2015lastn.pdf)
|
||||||
|
For this add this line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_jitsi_web_config_channelLastN: 4
|
||||||
|
```
|
||||||
|
|
||||||
|
To enable the variables that allow you to manage the video configuration you must add the following line to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_jitsi_web_config_constraints_enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
You may want to limit the maximum video resolution, to save up resources on both server and clients.
|
||||||
|
For example, to set resolution to 480.
|
||||||
|
For this add this two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_jitsi_web_config_constraints_video_height_ideal: 480
|
||||||
|
matrix_jitsi_web_config_constraints_video_height_max: 480
|
||||||
|
```
|
||||||
|
|
||||||
## Apply changes
|
## Apply changes
|
||||||
|
|
||||||
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
|
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
|
||||||
|
|
|
@ -72,6 +72,21 @@ To use a more custom configuration, you can define a `matrix_ma1sd_configuration
|
||||||
and put your configuration in it.
|
and put your configuration in it.
|
||||||
To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
|
To learn more about how to do this, refer to the information about `matrix_ma1sd_configuration_extension_yaml` in the [default variables file](../roles/matrix-ma1sd/defaults/main.yml) of the ma1sd component.
|
||||||
|
|
||||||
|
## Example: SMS verification
|
||||||
|
|
||||||
|
If your use case requires mobile verification, it is quite simple to integrate ma1sd with [Twilio](https://www.twilio.com/), an online telephony services gateway. Their prices are reasonable for low-volume projects and integration can be done with the following configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_ma1sd_configuration_extension_yaml: |
|
||||||
|
threepid:
|
||||||
|
medium:
|
||||||
|
msisdn:
|
||||||
|
connectors:
|
||||||
|
twilio:
|
||||||
|
account_sid: '<secret-SID>'
|
||||||
|
auth_token: '<secret-token>'
|
||||||
|
number: '+<msisdn-number>'
|
||||||
|
```
|
||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
|
|
31
docs/configuring-playbook-matrix-bridge-sms.md
Normal file
31
docs/configuring-playbook-matrix-bridge-sms.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Setting up matrix-sms-bridge (optional)
|
||||||
|
|
||||||
|
The playbook can install and configure
|
||||||
|
[matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for you.
|
||||||
|
|
||||||
|
See the project page to learn what it does and why it might be useful to you.
|
||||||
|
|
||||||
|
First you need to ensure, that the bridge has unix read and write rights to your modem. On debian based distributions there is nothing to do. On others distributions you either add a group `dialout` to your host and assign it to your modem or you give the matrix user or group access to your modem.
|
||||||
|
|
||||||
|
To enable the bridge just use the following
|
||||||
|
playbook configuration:
|
||||||
|
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_sms_bridge_enabled: true
|
||||||
|
matrix_sms_bridge_gammu_modem: "/dev/serial/by-id/myDeviceId"
|
||||||
|
# generate a secret passwort e.g. with pwgen -s 64 1
|
||||||
|
matrix_sms_bridge_database_password: ""
|
||||||
|
# (optional) a room id to a default room
|
||||||
|
matrix_sms_bridge_default_room: ""
|
||||||
|
# (optional) gammu reset frequencies (see https://wammu.eu/docs/manual/smsd/config.html#option-ResetFrequency)
|
||||||
|
matrix_sms_bridge_gammu_reset_frequency: 3600
|
||||||
|
matrix_sms_bridge_gammu_hard_reset_frequency: 0
|
||||||
|
# (optional) group with unix read and write rights to modem
|
||||||
|
matrix_sms_bridge_modem_group: 'dialout'
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Read the [user guide](https://github.com/benkuly/matrix-sms-bridge/blob/master/README.md#user-guide) to see how this bridge works.
|
|
@ -144,8 +144,7 @@ matrix_nginx_proxy_container_extra_arguments:
|
||||||
- '--label "traefik.enable=true"'
|
- '--label "traefik.enable=true"'
|
||||||
|
|
||||||
# The Nginx proxy container will receive traffic from these subdomains
|
# The Nginx proxy container will receive traffic from these subdomains
|
||||||
# (Replace DOMAIN with your domain, e.g. example.com)
|
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`{{ matrix_server_fqn_matrix }}`,`{{ matrix_server_fqn_riot }}`,`{{ matrix_server_fqn_dimension }}`)"'
|
||||||
- '--label "traefik.http.routers.matrix-nginx-proxy.rule=Host(`matrix.DOMAIN`,`riot.DOMAIN`,`dimension.DOMAIN`)"'
|
|
||||||
|
|
||||||
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
|
# (The 'web-secure' entrypoint must bind to port 443 in Traefik config)
|
||||||
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
|
- '--label "traefik.http.routers.matrix-nginx-proxy.entrypoints=web-secure"'
|
||||||
|
@ -161,8 +160,7 @@ matrix_synapse_container_extra_arguments:
|
||||||
- '--label "traefik.enable=true"'
|
- '--label "traefik.enable=true"'
|
||||||
|
|
||||||
# The Synapse container will receive traffic from this subdomain
|
# The Synapse container will receive traffic from this subdomain
|
||||||
# (Replace DOMAIN with your domain, e.g. example.com)
|
- '--label "traefik.http.routers.matrix-synapse.rule=Host(`{{ matrix_server_fqn_matrix }}`)"'
|
||||||
- '--label "traefik.http.routers.matrix-synapse.rule=Host(`matrix.DOMAIN`)"'
|
|
||||||
|
|
||||||
# (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
|
# (The 'synapse' entrypoint must bind to port 8448 in Traefik config)
|
||||||
- '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
|
- '--label "traefik.http.routers.matrix-synapse.entrypoints=synapse"'
|
||||||
|
|
|
@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can generate a strong shared secret with a command like this: `pwgen -s 64 1`
|
||||||
|
|
||||||
|
|
||||||
## Authenticating only using a password provider
|
## Authenticating only using a password provider
|
||||||
|
|
||||||
|
|
|
@ -102,3 +102,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
||||||
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
|
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
|
||||||
|
|
||||||
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
||||||
|
|
||||||
|
- [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional)
|
||||||
|
|
|
@ -48,12 +48,12 @@ If you're managing the base domain by yourself somehow, you'll need to set up se
|
||||||
|
|
||||||
To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
|
To make things easy for you to set up, this playbook generates and hosts 2 well-known files on the Matrix domain's server (e.g. `https://matrix.example.com/.well-known/matrix/server` and `https://matrix.example.com/.well-known/matrix/client`), even though this is the wrong place to host them.
|
||||||
|
|
||||||
You have 2 options when it comes to installing the files on the base domain's server:
|
You have 3 options when it comes to installing the files on the base domain's server:
|
||||||
|
|
||||||
|
|
||||||
### (Option 1): **Copying the files manually** to your base domain's server
|
### (Option 1): **Copying the files manually** to your base domain's server
|
||||||
|
|
||||||
**Hint**: Option 2 (below) is generally a better way to do this. Make sure to go with that one, if possible.
|
**Hint**: Option 2 and 3 (below) are generally a better way to do this. Make sure to go with them, if possible.
|
||||||
|
|
||||||
All you need to do is:
|
All you need to do is:
|
||||||
|
|
||||||
|
@ -65,7 +65,16 @@ This is relatively easy to do and possibly your only choice if you can only host
|
||||||
It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
|
It is, however, **a little fragile**, as future updates performed by this playbook may regenerate the well-known files and you may need to notice that and copy them over again.
|
||||||
|
|
||||||
|
|
||||||
### (Option 2): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
|
### (Option 2): **Serving the base domain** from the Matrix server via the playbook
|
||||||
|
|
||||||
|
If you don't need the base domain (e.g. `example.com`) for anything else (hosting a website, etc.), you can point it to the Matrix server's IP address and tell the playbook to configure it.
|
||||||
|
|
||||||
|
This is the easiest way to set up well-known serving -- letting the playbook handle the whole base domain for you (including SSL certificates, etc.). However, if you need to use the base domain for other things (such as hosting some website, etc.), going with Option 1 or Option 2 might be more suitable.
|
||||||
|
|
||||||
|
See [Serving the base domain](configuring-playbook-base-domain-serving.md) to learn how the playbook can help you set it up.
|
||||||
|
|
||||||
|
|
||||||
|
### (Option 3): **Setting up reverse-proxying** of the well-known files from the base domain's server to the Matrix server
|
||||||
|
|
||||||
This option is less fragile and generally better.
|
This option is less fragile and generally better.
|
||||||
|
|
||||||
|
@ -136,7 +145,7 @@ backend matrix-backend
|
||||||
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
||||||
# Rewrite redirects as ProxyPassReverse does
|
# Rewrite redirects as ProxyPassReverse does
|
||||||
acl response-is-redirect res.hdr(Location) -m found
|
acl response-is-redirect res.hdr(Location) -m found
|
||||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect
|
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
|
||||||
```
|
```
|
||||||
|
|
||||||
Make sure to:
|
Make sure to:
|
||||||
|
|
|
@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als
|
||||||
|
|
||||||
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
||||||
|
|
||||||
To upgrade the services:
|
To upgrade services:
|
||||||
|
|
||||||
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
||||||
|
|
||||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of
|
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
|
||||||
|
|
||||||
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
||||||
|
|
||||||
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
||||||
|
|
||||||
**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||||
|
|
|
@ -6,16 +6,16 @@
|
||||||
|
|
||||||
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
||||||
|
|
||||||
- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||||
|
|
||||||
- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||||
|
|
||||||
- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||||
|
|
||||||
- an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||||
|
|
||||||
- properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md))
|
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
|
||||||
|
|
||||||
- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP)
|
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
|
||||||
|
|
||||||
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
||||||
|
|
|
@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||||
- `matrix-riot-web`
|
- `matrix-riot-web`
|
||||||
- `matrix-coturn`
|
- `matrix-coturn`
|
||||||
- `matrix-ma1sd`
|
- `matrix-ma1sd`
|
||||||
|
- `matrix-mailer`
|
||||||
- `matrix-mautrix-facebook`
|
- `matrix-mautrix-facebook`
|
||||||
- `matrix-mautrix-hangouts`
|
- `matrix-mautrix-hangouts`
|
||||||
- `matrix-mx-puppet-skype`
|
- `matrix-mx-puppet-skype`
|
||||||
|
|
|
@ -232,6 +232,8 @@ matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key
|
||||||
|
|
||||||
matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
|
matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}"
|
||||||
|
|
||||||
|
matrix_mautrix_hangouts_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:9007' }}"
|
||||||
|
|
||||||
matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
matrix_mautrix_hangouts_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -276,7 +278,6 @@ matrix_mautrix_telegram_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-bridge-mautrix-whatsapp
|
# matrix-bridge-mautrix-whatsapp
|
||||||
|
@ -305,6 +306,31 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# matrix-sms-bridge
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
# We don't enable bridges by default.
|
||||||
|
matrix_sms_bridge_enabled: false
|
||||||
|
|
||||||
|
matrix_sms_bridge_systemd_required_services_list: |
|
||||||
|
{{
|
||||||
|
['docker.service']
|
||||||
|
+
|
||||||
|
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
matrix_sms_bridge_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.as.token') | to_uuid }}"
|
||||||
|
|
||||||
|
matrix_sms_bridge_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sms.hs.token') | to_uuid }}"
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# /matrix-sms-bridge
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -513,11 +539,13 @@ matrix_jitsi_web_stun_servers: |
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# By default, this playbook sets up a postfix mailer server (running in a container).
|
# By default, this playbook sets up an exim mailer server (running in a container).
|
||||||
# This is so that Synapse can send email reminders for unread messages.
|
# This is so that Synapse can send email reminders for unread messages.
|
||||||
# Other services (like ma1sd), also use the mailer.
|
# Other services (like ma1sd), also use the mailer.
|
||||||
matrix_mailer_enabled: true
|
matrix_mailer_enabled: true
|
||||||
|
|
||||||
|
matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# /matrix-mailer
|
# /matrix-mailer
|
||||||
|
@ -612,6 +640,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
|
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
|
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
||||||
|
@ -649,7 +679,13 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
||||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
matrix_ssl_architecture: "{{ matrix_architecture }}"
|
matrix_ssl_architecture: "{{
|
||||||
|
{
|
||||||
|
'amd64': 'amd64',
|
||||||
|
'arm32': 'arm32v6',
|
||||||
|
'arm64': 'arm64v8',
|
||||||
|
}[matrix_architecture]
|
||||||
|
}}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -756,7 +792,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy
|
||||||
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
||||||
#
|
#
|
||||||
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||||
#
|
#
|
||||||
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
||||||
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||||
|
|
|
@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
||||||
# This is where you access Jitsi.
|
# This is where you access Jitsi.
|
||||||
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
matrix_federation_public_port: 8448
|
||||||
|
|
||||||
matrix_user_username: "matrix"
|
matrix_user_username: "matrix"
|
||||||
matrix_user_groupname: "matrix"
|
matrix_user_groupname: "matrix"
|
||||||
|
|
||||||
|
@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system"
|
||||||
matrix_cron_path: "/etc/cron.d"
|
matrix_cron_path: "/etc/cron.d"
|
||||||
matrix_local_bin_path: "/usr/local/bin"
|
matrix_local_bin_path: "/usr/local/bin"
|
||||||
|
|
||||||
|
matrix_host_command_docker: "/usr/bin/env docker"
|
||||||
|
matrix_host_command_sleep: "/usr/bin/env sleep"
|
||||||
|
matrix_host_command_chown: "/usr/bin/env chown"
|
||||||
|
matrix_host_command_fusermount: "/usr/bin/env fusermount"
|
||||||
|
matrix_host_command_openssl: "/usr/bin/env openssl"
|
||||||
|
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
||||||
|
|
||||||
matrix_ntpd_package: "ntp"
|
matrix_ntpd_package: "ntp"
|
||||||
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
|
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
|
||||||
|
|
||||||
|
@ -47,9 +56,20 @@ matrix_integration_manager_ui_url: ~
|
||||||
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
|
# See: https://github.com/vector-im/riot-web/blob/develop/docs/jitsi.md#configuring-riot-to-use-your-self-hosted-jitsi-server
|
||||||
matrix_riot_jitsi_preferredDomain: ''
|
matrix_riot_jitsi_preferredDomain: ''
|
||||||
|
|
||||||
|
# Controls whether Riot should use End-to-End Encryption by default.
|
||||||
|
# Setting this to false will update `/.well-known/matrix/client` and tell Riot clients to avoid E2EE.
|
||||||
|
# See: https://github.com/vector-im/riot-web/blob/develop/docs/e2ee.md
|
||||||
|
matrix_riot_e2ee_default: true
|
||||||
|
|
||||||
# The Docker network that all services would be put into
|
# The Docker network that all services would be put into
|
||||||
matrix_docker_network: "matrix"
|
matrix_docker_network: "matrix"
|
||||||
|
|
||||||
|
# Controls whether we'll preserve the vars.yml file on the Matrix server.
|
||||||
|
# If you have a differently organized inventory, you may wish to disable this feature,
|
||||||
|
# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve.
|
||||||
|
matrix_vars_yml_snapshotting_enabled: true
|
||||||
|
matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml"
|
||||||
|
|
||||||
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
|
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
|
||||||
#
|
#
|
||||||
# If you wish to rely on DNS SRV records only, you can disable this.
|
# If you wish to rely on DNS SRV records only, you can disable this.
|
||||||
|
|
|
@ -10,6 +10,15 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ matrix_base_data_path }}"
|
- "{{ matrix_base_data_path }}"
|
||||||
|
|
||||||
|
- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
|
||||||
|
copy:
|
||||||
|
src: "{{ matrix_vars_yml_snapshotting_src }}"
|
||||||
|
dest: "{{ matrix_base_data_path }}/vars.yml"
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
mode: '0660'
|
||||||
|
when: "matrix_vars_yml_snapshotting_enabled|bool"
|
||||||
|
|
||||||
# `docker_network` doesn't work as expected when the given network
|
# `docker_network` doesn't work as expected when the given network
|
||||||
# is a substring of a network that already exists.
|
# is a substring of a network that already exists.
|
||||||
#
|
#
|
||||||
|
|
|
@ -23,4 +23,9 @@
|
||||||
"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
|
"preferredDomain": {{ matrix_riot_jitsi_preferredDomain|to_json }}
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if not matrix_riot_e2ee_default %},
|
||||||
|
"im.vector.riot.e2ee": {
|
||||||
|
"default": false
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#jinja2: lstrip_blocks: "True"
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
|
||||||
matrix_appservice_discord_bridge_disablePresence: false
|
matrix_appservice_discord_bridge_disablePresence: false
|
||||||
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
|
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
|
||||||
|
|
||||||
matrix_appservice_discord_configuration_yaml: |
|
matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Domain part of the bridge, e.g. matrix.org
|
|
||||||
domain: {{ matrix_appservice_discord_bridge_domain }}
|
|
||||||
# This should be your publically facing URL because Discord may use it to
|
|
||||||
# fetch media from the media store.
|
|
||||||
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
|
||||||
# Interval at which to process users in the 'presence queue'. If you have
|
|
||||||
# 5 users, one user will be processed every 500 milliseconds according to the
|
|
||||||
# value below. This has a minimum value of 250.
|
|
||||||
# WARNING: This has a high chance of spamming the homeserver with presence
|
|
||||||
# updates since it will send one each time somebody changes state or is online.
|
|
||||||
presenceInterval: 500
|
|
||||||
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
|
||||||
# will not be shown as away or online.
|
|
||||||
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
|
||||||
# Disable sending typing notifications when somebody on Discord types.
|
|
||||||
disableTypingNotifications: false
|
|
||||||
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
|
||||||
disableDeletionForwarding: false
|
|
||||||
# Enable users to bridge rooms using !discord commands. See
|
|
||||||
# https://t2bot.io/discord for instructions.
|
|
||||||
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
|
||||||
# Disable sending of read receipts for Matrix events which have been
|
|
||||||
# successfully bridged to Discord.
|
|
||||||
disableReadReceipts: false
|
|
||||||
# Disable Join Leave echos from matrix
|
|
||||||
disableJoinLeaveNotifications: false
|
|
||||||
# Authentication configuration for the discord bot.
|
|
||||||
auth:
|
|
||||||
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
|
||||||
botToken: {{ matrix_appservice_discord_bot_token }}
|
|
||||||
logging:
|
|
||||||
# What level should the logger output to the console at.
|
|
||||||
console: "warn" #silly, verbose, info, http, warn, error, silent
|
|
||||||
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
|
||||||
# files:
|
|
||||||
# - file: "debug.log"
|
|
||||||
# disable:
|
|
||||||
# - "PresenceHandler" # Will not capture presence logging
|
|
||||||
# - file: "warn.log" # Will capture warnings
|
|
||||||
# level: "warn"
|
|
||||||
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
|
||||||
# level: "info"
|
|
||||||
# enable:
|
|
||||||
# - "DiscordBot"
|
|
||||||
database:
|
|
||||||
userStorePath: "/data/user-store.db"
|
|
||||||
roomStorePath: "/data/room-store.db"
|
|
||||||
# You may either use SQLite or Postgresql for the bridge database, which contains
|
|
||||||
# important mappings for events and user puppeting configurations.
|
|
||||||
# Use the filename option for SQLite, or connString for Postgresql.
|
|
||||||
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
|
||||||
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
|
||||||
# is in heavy demand and you suffer from IO slowness.
|
|
||||||
filename: "/data/discord.db"
|
|
||||||
# connString: "postgresql://user:password@localhost/database_name"
|
|
||||||
room:
|
|
||||||
# Set the default visibility of alias rooms, defaults to "public".
|
|
||||||
# One of: "public", "private"
|
|
||||||
defaultVisibility: "public"
|
|
||||||
channel:
|
|
||||||
# Pattern of the name given to bridged rooms.
|
|
||||||
# Can use :guild for the guild name and :name for the channel name.
|
|
||||||
namePattern: "[Discord] :guild :name"
|
|
||||||
# Changes made to rooms when a channel is deleted.
|
|
||||||
deleteOptions:
|
|
||||||
# Prefix the room name with a string.
|
|
||||||
#namePrefix: "[Deleted]"
|
|
||||||
# Prefix the room topic with a string.
|
|
||||||
#topicPrefix: "This room has been deleted"
|
|
||||||
# Disable people from talking in the room by raising the event PL to 50
|
|
||||||
disableMessaging: false
|
|
||||||
# Remove the discord alias from the room.
|
|
||||||
unsetRoomAlias: true
|
|
||||||
# Remove the room from the directory.
|
|
||||||
unlistFromDirectory: true
|
|
||||||
# Set the room to be unavaliable for joining without an invite.
|
|
||||||
setInviteOnly: true
|
|
||||||
# Make all the discord users leave the room.
|
|
||||||
ghostsLeave: true
|
|
||||||
limits:
|
|
||||||
# Delay in milliseconds between discord users joining a room.
|
|
||||||
roomGhostJoinDelay: 6000
|
|
||||||
# Delay in milliseconds before sending messages to discord to avoid echos.
|
|
||||||
# (Copies of a sent message may arrive from discord before we've
|
|
||||||
# fininished handling it, causing us to echo it back to the room)
|
|
||||||
discordSendDelay: 750
|
|
||||||
ghosts:
|
|
||||||
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
|
||||||
nickPattern: ":nick"
|
|
||||||
# Pattern for the ghosts username, available is :username, :tag and :id
|
|
||||||
usernamePattern: ":username#:tag"
|
|
||||||
|
|
||||||
matrix_appservice_discord_configuration_extension_yaml: |
|
matrix_appservice_discord_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
|
@ -60,7 +60,7 @@
|
||||||
# We intentionally suppress Ansible changes.
|
# We intentionally suppress Ansible changes.
|
||||||
- name: Generate AppService Discord invite link
|
- name: Generate AppService Discord invite link
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name matrix-appservice-discord-link-gen
|
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_appservice_discord_config_path }}:/cfg
|
-v {{ matrix_appservice_discord_config_path }}:/cfg
|
||||||
|
|
|
@ -0,0 +1,93 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Domain part of the bridge, e.g. matrix.org
|
||||||
|
domain: {{ matrix_appservice_discord_bridge_domain }}
|
||||||
|
# This should be your publically facing URL because Discord may use it to
|
||||||
|
# fetch media from the media store.
|
||||||
|
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
||||||
|
# Interval at which to process users in the 'presence queue'. If you have
|
||||||
|
# 5 users, one user will be processed every 500 milliseconds according to the
|
||||||
|
# value below. This has a minimum value of 250.
|
||||||
|
# WARNING: This has a high chance of spamming the homeserver with presence
|
||||||
|
# updates since it will send one each time somebody changes state or is online.
|
||||||
|
presenceInterval: 500
|
||||||
|
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
||||||
|
# will not be shown as away or online.
|
||||||
|
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
||||||
|
# Disable sending typing notifications when somebody on Discord types.
|
||||||
|
disableTypingNotifications: false
|
||||||
|
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
||||||
|
disableDeletionForwarding: false
|
||||||
|
# Enable users to bridge rooms using !discord commands. See
|
||||||
|
# https://t2bot.io/discord for instructions.
|
||||||
|
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
||||||
|
# Disable sending of read receipts for Matrix events which have been
|
||||||
|
# successfully bridged to Discord.
|
||||||
|
disableReadReceipts: false
|
||||||
|
# Disable Join Leave echos from matrix
|
||||||
|
disableJoinLeaveNotifications: false
|
||||||
|
# Authentication configuration for the discord bot.
|
||||||
|
auth:
|
||||||
|
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
||||||
|
botToken: {{ matrix_appservice_discord_bot_token }}
|
||||||
|
logging:
|
||||||
|
# What level should the logger output to the console at.
|
||||||
|
console: "warn" #silly, verbose, info, http, warn, error, silent
|
||||||
|
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
||||||
|
# files:
|
||||||
|
# - file: "debug.log"
|
||||||
|
# disable:
|
||||||
|
# - "PresenceHandler" # Will not capture presence logging
|
||||||
|
# - file: "warn.log" # Will capture warnings
|
||||||
|
# level: "warn"
|
||||||
|
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
||||||
|
# level: "info"
|
||||||
|
# enable:
|
||||||
|
# - "DiscordBot"
|
||||||
|
database:
|
||||||
|
userStorePath: "/data/user-store.db"
|
||||||
|
roomStorePath: "/data/room-store.db"
|
||||||
|
# You may either use SQLite or Postgresql for the bridge database, which contains
|
||||||
|
# important mappings for events and user puppeting configurations.
|
||||||
|
# Use the filename option for SQLite, or connString for Postgresql.
|
||||||
|
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
||||||
|
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
||||||
|
# is in heavy demand and you suffer from IO slowness.
|
||||||
|
filename: "/data/discord.db"
|
||||||
|
# connString: "postgresql://user:password@localhost/database_name"
|
||||||
|
room:
|
||||||
|
# Set the default visibility of alias rooms, defaults to "public".
|
||||||
|
# One of: "public", "private"
|
||||||
|
defaultVisibility: "public"
|
||||||
|
channel:
|
||||||
|
# Pattern of the name given to bridged rooms.
|
||||||
|
# Can use :guild for the guild name and :name for the channel name.
|
||||||
|
namePattern: "[Discord] :guild :name"
|
||||||
|
# Changes made to rooms when a channel is deleted.
|
||||||
|
deleteOptions:
|
||||||
|
# Prefix the room name with a string.
|
||||||
|
#namePrefix: "[Deleted]"
|
||||||
|
# Prefix the room topic with a string.
|
||||||
|
#topicPrefix: "This room has been deleted"
|
||||||
|
# Disable people from talking in the room by raising the event PL to 50
|
||||||
|
disableMessaging: false
|
||||||
|
# Remove the discord alias from the room.
|
||||||
|
unsetRoomAlias: true
|
||||||
|
# Remove the room from the directory.
|
||||||
|
unlistFromDirectory: true
|
||||||
|
# Set the room to be unavaliable for joining without an invite.
|
||||||
|
setInviteOnly: true
|
||||||
|
# Make all the discord users leave the room.
|
||||||
|
ghostsLeave: true
|
||||||
|
limits:
|
||||||
|
# Delay in milliseconds between discord users joining a room.
|
||||||
|
roomGhostJoinDelay: 6000
|
||||||
|
# Delay in milliseconds before sending messages to discord to avoid echos.
|
||||||
|
# (Copies of a sent message may arrive from discord before we've
|
||||||
|
# fininished handling it, causing us to echo it back to the room)
|
||||||
|
discordSendDelay: 750
|
||||||
|
ghosts:
|
||||||
|
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
||||||
|
nickPattern: ":nick"
|
||||||
|
# Pattern for the ghosts username, available is :username, :tag and :id
|
||||||
|
usernamePattern: ":username#:tag"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
||||||
{{ matrix_appservice_discord_docker_image }} \
|
{{ matrix_appservice_discord_docker_image }} \
|
||||||
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
|
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-discord
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-discord
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-discord
|
SyslogIdentifier=matrix-appservice-discord
|
||||||
|
|
|
@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
|
||||||
matrix_appservice_irc_appservice_token: ''
|
matrix_appservice_irc_appservice_token: ''
|
||||||
matrix_appservice_irc_homeserver_token: ''
|
matrix_appservice_irc_homeserver_token: ''
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_yaml: |
|
matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
homeserver:
|
|
||||||
# The URL to the home server for client-server API calls, also used to form the
|
|
||||||
# media URLs as displayed in bridged IRC channels:
|
|
||||||
url: {{ matrix_appservice_irc_homeserver_url }}
|
|
||||||
#
|
|
||||||
# The URL of the homeserver hosting media files. This is only used to transform
|
|
||||||
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
|
||||||
# default, this is the homeserver URL, specified above.
|
|
||||||
#
|
|
||||||
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
|
||||||
|
|
||||||
# Drop Matrix messages which are older than this number of seconds, according to
|
|
||||||
# the event's origin_server_ts.
|
|
||||||
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
|
||||||
# events on reconnection. These events may be hours old, which can be confusing to
|
|
||||||
# IRC users if they are then bridged. This option allows these old messages to be
|
|
||||||
# dropped.
|
|
||||||
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
|
||||||
# clock times and hence produce different origin_server_ts values, which may be old
|
|
||||||
# enough to cause *all* events from the homeserver to be dropped.
|
|
||||||
# Default: 0 (don't ever drop)
|
|
||||||
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
|
||||||
|
|
||||||
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
|
||||||
# is the "domain name" part of the HS URL.
|
|
||||||
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
|
||||||
|
|
||||||
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
|
||||||
# homeserver then it should also be disabled here to avoid excess traffic.
|
|
||||||
# Default: true
|
|
||||||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
|
||||||
|
|
||||||
ircService:
|
|
||||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
|
||||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
|
||||||
# the database.
|
|
||||||
#
|
|
||||||
# To generate a .pem file:
|
|
||||||
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
|
||||||
#
|
|
||||||
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
|
||||||
# for storage in the database. Passwords are stored by using the admin room command
|
|
||||||
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
|
||||||
# the Matrix user, this password will be sent as the server password (PASS command).
|
|
||||||
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
|
||||||
|
|
||||||
# Config for Matrix -> IRC bridging
|
|
||||||
matrixHandler:
|
|
||||||
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
|
||||||
eventCacheSize: 4096
|
|
||||||
|
|
||||||
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
|
||||||
|
|
||||||
# Configuration for an ident server. If you are running a public bridge it is
|
|
||||||
# advised you setup an ident server so IRC mods can ban specific matrix users
|
|
||||||
# rather than the application service itself.
|
|
||||||
ident:
|
|
||||||
# True to listen for Ident requests and respond with the
|
|
||||||
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
|
||||||
# Default: false.
|
|
||||||
enabled: false
|
|
||||||
# The port to listen on for incoming ident requests.
|
|
||||||
# Ports below 1024 require root to listen on, and you may not want this to
|
|
||||||
# run as root. Instead, you can get something like an Apache to yank up
|
|
||||||
# incoming requests to 113 to a high numbered port. Set the port to listen
|
|
||||||
# on instead of 113 here.
|
|
||||||
# Default: 113.
|
|
||||||
port: 1113
|
|
||||||
# The address to listen on for incoming ident requests.
|
|
||||||
# Default: 0.0.0.0
|
|
||||||
address: "::"
|
|
||||||
|
|
||||||
# Configuration for logging. Optional. Default: console debug level logging
|
|
||||||
# only.
|
|
||||||
logging:
|
|
||||||
# Level to log on console/logfile. One of error|warn|info|debug
|
|
||||||
level: "debug"
|
|
||||||
# The file location to log to. This is relative to the project directory.
|
|
||||||
#logfile: "debug.log"
|
|
||||||
# The file location to log errors to. This is relative to the project
|
|
||||||
# directory.
|
|
||||||
#errfile: "errors.log"
|
|
||||||
# Whether to log to the console or not.
|
|
||||||
toConsole: true
|
|
||||||
# The max number of files to keep. Files will be overwritten eventually due
|
|
||||||
# to rotations.
|
|
||||||
maxFiles: 5
|
|
||||||
|
|
||||||
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
|
||||||
# $ npm install prom-client@6.3.0
|
|
||||||
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
|
||||||
metrics:
|
|
||||||
# Whether to actually enable the metric endpoint. Default: false
|
|
||||||
enabled: true
|
|
||||||
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
|
||||||
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
|
||||||
remoteUserAgeBuckets:
|
|
||||||
- "1h"
|
|
||||||
- "1d"
|
|
||||||
- "1w"
|
|
||||||
|
|
||||||
# Configuration for the provisioning API.
|
|
||||||
#
|
|
||||||
# GET /_matrix/provision/link
|
|
||||||
# GET /_matrix/provision/unlink
|
|
||||||
# GET /_matrix/provision/listlinks
|
|
||||||
#
|
|
||||||
provisioning:
|
|
||||||
# True to enable the provisioning HTTP endpoint. Default: false.
|
|
||||||
enabled: false
|
|
||||||
# The number of seconds to wait before giving up on getting a response from
|
|
||||||
# an IRC channel operator. If the channel operator does not respond within the
|
|
||||||
# allotted time period, the provisioning request will fail.
|
|
||||||
# Default: 300 seconds (5 mins)
|
|
||||||
requestTimeoutSeconds: 300
|
|
||||||
|
|
||||||
# Options here are generally only applicable to large-scale bridges and may have
|
|
||||||
# consequences greater than other options in this configuration file.
|
|
||||||
advanced:
|
|
||||||
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
|
||||||
# however for large bridges it is important to rate limit the bridge to avoid
|
|
||||||
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
|
||||||
# enough for the vast majority of use cases.
|
|
||||||
maxHttpSockets: 1000
|
|
||||||
|
|
||||||
# Use an external database to store bridge state.
|
|
||||||
database:
|
|
||||||
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
|
||||||
engine: "nedb"
|
|
||||||
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
|
||||||
# For postgres, it must start with postgres://
|
|
||||||
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
|
||||||
connectionString: "nedb:///data"
|
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_extension_yaml: |
|
matrix_appservice_irc_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for Appservice IRC servers goes here.
|
# Your custom YAML configuration for Appservice IRC servers goes here.
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
register: irc_passkey_file
|
register: irc_passkey_file
|
||||||
|
|
||||||
- name: Generate Appservice IRC passkey if it doesn't exist
|
- name: Generate Appservice IRC passkey if it doesn't exist
|
||||||
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ matrix_user_username }}"
|
become_user: "{{ matrix_user_username }}"
|
||||||
when: "not irc_passkey_file.stat.exists"
|
when: "not irc_passkey_file.stat.exists"
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
# to produce a final registration.yaml file, as we desire.
|
# to produce a final registration.yaml file, as we desire.
|
||||||
- name: Generate Appservice IRC registration-template.yaml
|
- name: Generate Appservice IRC registration-template.yaml
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
|
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
||||||
|
|
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,134 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
homeserver:
|
||||||
|
# The URL to the home server for client-server API calls, also used to form the
|
||||||
|
# media URLs as displayed in bridged IRC channels:
|
||||||
|
url: {{ matrix_appservice_irc_homeserver_url }}
|
||||||
|
#
|
||||||
|
# The URL of the homeserver hosting media files. This is only used to transform
|
||||||
|
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
||||||
|
# default, this is the homeserver URL, specified above.
|
||||||
|
#
|
||||||
|
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
||||||
|
|
||||||
|
# Drop Matrix messages which are older than this number of seconds, according to
|
||||||
|
# the event's origin_server_ts.
|
||||||
|
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
||||||
|
# events on reconnection. These events may be hours old, which can be confusing to
|
||||||
|
# IRC users if they are then bridged. This option allows these old messages to be
|
||||||
|
# dropped.
|
||||||
|
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
||||||
|
# clock times and hence produce different origin_server_ts values, which may be old
|
||||||
|
# enough to cause *all* events from the homeserver to be dropped.
|
||||||
|
# Default: 0 (don't ever drop)
|
||||||
|
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
||||||
|
|
||||||
|
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
||||||
|
# is the "domain name" part of the HS URL.
|
||||||
|
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
||||||
|
|
||||||
|
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
||||||
|
# homeserver then it should also be disabled here to avoid excess traffic.
|
||||||
|
# Default: true
|
||||||
|
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||||
|
|
||||||
|
ircService:
|
||||||
|
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||||
|
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||||
|
# the database.
|
||||||
|
#
|
||||||
|
# To generate a .pem file:
|
||||||
|
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||||
|
#
|
||||||
|
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
||||||
|
# for storage in the database. Passwords are stored by using the admin room command
|
||||||
|
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
||||||
|
# the Matrix user, this password will be sent as the server password (PASS command).
|
||||||
|
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
||||||
|
|
||||||
|
# Config for Matrix -> IRC bridging
|
||||||
|
matrixHandler:
|
||||||
|
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
||||||
|
eventCacheSize: 4096
|
||||||
|
|
||||||
|
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
||||||
|
|
||||||
|
# Configuration for an ident server. If you are running a public bridge it is
|
||||||
|
# advised you setup an ident server so IRC mods can ban specific matrix users
|
||||||
|
# rather than the application service itself.
|
||||||
|
ident:
|
||||||
|
# True to listen for Ident requests and respond with the
|
||||||
|
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
||||||
|
# Default: false.
|
||||||
|
enabled: false
|
||||||
|
# The port to listen on for incoming ident requests.
|
||||||
|
# Ports below 1024 require root to listen on, and you may not want this to
|
||||||
|
# run as root. Instead, you can get something like an Apache to yank up
|
||||||
|
# incoming requests to 113 to a high numbered port. Set the port to listen
|
||||||
|
# on instead of 113 here.
|
||||||
|
# Default: 113.
|
||||||
|
port: 1113
|
||||||
|
# The address to listen on for incoming ident requests.
|
||||||
|
# Default: 0.0.0.0
|
||||||
|
address: "::"
|
||||||
|
|
||||||
|
# Configuration for logging. Optional. Default: console debug level logging
|
||||||
|
# only.
|
||||||
|
logging:
|
||||||
|
# Level to log on console/logfile. One of error|warn|info|debug
|
||||||
|
level: "debug"
|
||||||
|
# The file location to log to. This is relative to the project directory.
|
||||||
|
#logfile: "debug.log"
|
||||||
|
# The file location to log errors to. This is relative to the project
|
||||||
|
# directory.
|
||||||
|
#errfile: "errors.log"
|
||||||
|
# Whether to log to the console or not.
|
||||||
|
toConsole: true
|
||||||
|
# The max number of files to keep. Files will be overwritten eventually due
|
||||||
|
# to rotations.
|
||||||
|
maxFiles: 5
|
||||||
|
|
||||||
|
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
||||||
|
# $ npm install prom-client@6.3.0
|
||||||
|
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
||||||
|
metrics:
|
||||||
|
# Whether to actually enable the metric endpoint. Default: false
|
||||||
|
enabled: true
|
||||||
|
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
||||||
|
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
||||||
|
remoteUserAgeBuckets:
|
||||||
|
- "1h"
|
||||||
|
- "1d"
|
||||||
|
- "1w"
|
||||||
|
|
||||||
|
# Configuration for the provisioning API.
|
||||||
|
#
|
||||||
|
# GET /_matrix/provision/link
|
||||||
|
# GET /_matrix/provision/unlink
|
||||||
|
# GET /_matrix/provision/listlinks
|
||||||
|
#
|
||||||
|
provisioning:
|
||||||
|
# True to enable the provisioning HTTP endpoint. Default: false.
|
||||||
|
enabled: false
|
||||||
|
# The number of seconds to wait before giving up on getting a response from
|
||||||
|
# an IRC channel operator. If the channel operator does not respond within the
|
||||||
|
# allotted time period, the provisioning request will fail.
|
||||||
|
# Default: 300 seconds (5 mins)
|
||||||
|
requestTimeoutSeconds: 300
|
||||||
|
|
||||||
|
# Options here are generally only applicable to large-scale bridges and may have
|
||||||
|
# consequences greater than other options in this configuration file.
|
||||||
|
advanced:
|
||||||
|
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
||||||
|
# however for large bridges it is important to rate limit the bridge to avoid
|
||||||
|
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
||||||
|
# enough for the vast majority of use cases.
|
||||||
|
maxHttpSockets: 1000
|
||||||
|
|
||||||
|
# Use an external database to store bridge state.
|
||||||
|
database:
|
||||||
|
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||||
|
engine: "nedb"
|
||||||
|
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||||
|
# For postgres, it must start with postgres://
|
||||||
|
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||||
|
connectionString: "nedb:///data"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||||
{{ matrix_appservice_irc_docker_image }} \
|
{{ matrix_appservice_irc_docker_image }} \
|
||||||
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-irc
|
SyslogIdentifier=matrix-appservice-irc
|
||||||
|
|
|
@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
|
||||||
matrix_appservice_slack_homeserver_token: ''
|
matrix_appservice_slack_homeserver_token: ''
|
||||||
matrix_appservice_slack_id_token: ''
|
matrix_appservice_slack_id_token: ''
|
||||||
|
|
||||||
matrix_appservice_slack_configuration_yaml: |
|
matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
|
||||||
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
|
||||||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
|
||||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
|
||||||
|
|
||||||
homeserver:
|
|
||||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
|
||||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
|
||||||
server_name: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
dbdir: "/data"
|
|
||||||
|
|
||||||
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
|
||||||
|
|
||||||
|
|
||||||
matrix_appservice_slack_configuration_extension_yaml: |
|
matrix_appservice_slack_configuration_extension_yaml: |
|
||||||
#slack_hook_port: 9898
|
#slack_hook_port: 9898
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
||||||
|
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
||||||
|
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||||
|
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||||
|
|
||||||
|
homeserver:
|
||||||
|
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||||
|
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||||
|
server_name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
dbdir: "/data"
|
||||||
|
|
||||||
|
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
||||||
{{ matrix_appservice_slack_docker_image }} \
|
{{ matrix_appservice_slack_docker_image }} \
|
||||||
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
|
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-slack
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-slack
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-slack
|
SyslogIdentifier=matrix-appservice-slack
|
||||||
|
|
|
@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
|
||||||
# Logging information (info and verbose is available) default is: info
|
# Logging information (info and verbose is available) default is: info
|
||||||
matrix_appservice_webhooks_log_level: 'info'
|
matrix_appservice_webhooks_log_level: 'info'
|
||||||
|
|
||||||
matrix_appservice_webhooks_configuration_yaml: |
|
matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
|
|
||||||
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
|
||||||
homeserver:
|
|
||||||
# The domain for the client-server API calls.
|
|
||||||
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
|
||||||
|
|
||||||
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
|
||||||
# home server's URL.
|
|
||||||
domain: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
|
||||||
webhookBot:
|
|
||||||
# The localpart to use for the bot. May require re-registering the application service.
|
|
||||||
localpart: "_webhook"
|
|
||||||
|
|
||||||
# Provisioning API options
|
|
||||||
provisioning:
|
|
||||||
# Your secret for the API. Required for all provisioning API requests.
|
|
||||||
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
|
||||||
|
|
||||||
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
|
||||||
web:
|
|
||||||
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
|
||||||
|
|
||||||
logging:
|
|
||||||
console: true
|
|
||||||
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
|
||||||
writeFiles: false
|
|
||||||
|
|
||||||
matrix_appservice_webhooks_configuration_extension_yaml: |
|
matrix_appservice_webhooks_configuration_extension_yaml: |
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||||
|
homeserver:
|
||||||
|
# The domain for the client-server API calls.
|
||||||
|
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||||
|
|
||||||
|
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||||
|
# home server's URL.
|
||||||
|
domain: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||||
|
webhookBot:
|
||||||
|
# The localpart to use for the bot. May require re-registering the application service.
|
||||||
|
localpart: "_webhook"
|
||||||
|
|
||||||
|
# Provisioning API options
|
||||||
|
provisioning:
|
||||||
|
# Your secret for the API. Required for all provisioning API requests.
|
||||||
|
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||||
|
|
||||||
|
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||||
|
web:
|
||||||
|
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||||
|
|
||||||
|
logging:
|
||||||
|
console: true
|
||||||
|
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||||
|
writeFiles: false
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||||
{{ matrix_appservice_webhooks_docker_image }} \
|
{{ matrix_appservice_webhooks_docker_image }} \
|
||||||
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-webhooks
|
SyslogIdentifier=matrix-appservice-webhooks
|
||||||
|
|
|
@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_facebook_configuration_yaml: |
|
matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_facebook_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 29319
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-facebook.db
|
|
||||||
|
|
||||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
|
||||||
public:
|
|
||||||
# Whether or not the public-facing endpoints should be enabled.
|
|
||||||
enabled: false
|
|
||||||
# The prefix to use in the public-facing endpoints.
|
|
||||||
prefix: /public
|
|
||||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
|
||||||
# implicitly.
|
|
||||||
external: https://example.com/public
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: facebook
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: facebookbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Facebook bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Facebook users.
|
|
||||||
# {userid} is replaced with the user ID of the Facebook user.
|
|
||||||
username_template: "facebook_{userid}"
|
|
||||||
# Localpart template for per-user room grouping community IDs.
|
|
||||||
# The bridge will create these communities and add all of the specific user's portals to the community.
|
|
||||||
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
|
||||||
#
|
|
||||||
# `facebook_{localpart}={server}` is a good value.
|
|
||||||
community_template: null
|
|
||||||
# Displayname template for Facebook users.
|
|
||||||
# {displayname} is replaced with the display name of the Facebook user
|
|
||||||
# as defined below in displayname_preference.
|
|
||||||
# Keys available for displayname_preference are also available here.
|
|
||||||
displayname_template: '{displayname} (FB)'
|
|
||||||
# Available keys:
|
|
||||||
# "name" (full name)
|
|
||||||
# "first_name"
|
|
||||||
# "last_name"
|
|
||||||
# "nickname"
|
|
||||||
# "own_nickname" (user-specific!)
|
|
||||||
displayname_preference:
|
|
||||||
- name
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!fb"
|
|
||||||
|
|
||||||
# Number of chats to sync (and create portals for) on startup/login.
|
|
||||||
# Maximum 20, set 0 to disable automatic syncing.
|
|
||||||
initial_chat_sync: 10
|
|
||||||
# Whether or not the Facebook users of logged in Matrix users should be
|
|
||||||
# invited to private chats when the user sends a message from another client.
|
|
||||||
invite_own_puppet_to_pm: false
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Facebook account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
|
||||||
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
|
||||||
# presence, but then it won't send other users' presence to the client.
|
|
||||||
presence: true
|
|
||||||
# Whether or not to update avatars when syncing all contacts at startup.
|
|
||||||
update_avatar_initial_sync: true
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Use the bridge with puppeting.
|
|
||||||
# admin - Use and administrate the bridge.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
colored:
|
|
||||||
(): mautrix_facebook.util.ColorFormatter
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
normal:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: colored
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
fbchat:
|
|
||||||
level: DEBUG
|
|
||||||
hbmqtt:
|
|
||||||
level: INFO
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
matrix_mautrix_facebook_configuration_extension_yaml: |
|
matrix_mautrix_facebook_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,194 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_facebook_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 29319
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-facebook.db
|
||||||
|
|
||||||
|
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||||
|
public:
|
||||||
|
# Whether or not the public-facing endpoints should be enabled.
|
||||||
|
enabled: false
|
||||||
|
# The prefix to use in the public-facing endpoints.
|
||||||
|
prefix: /public
|
||||||
|
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||||
|
# implicitly.
|
||||||
|
external: https://example.com/public
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: facebook
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: facebookbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Facebook bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Facebook users.
|
||||||
|
# {userid} is replaced with the user ID of the Facebook user.
|
||||||
|
username_template: "facebook_{userid}"
|
||||||
|
# Localpart template for per-user room grouping community IDs.
|
||||||
|
# The bridge will create these communities and add all of the specific user's portals to the community.
|
||||||
|
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
||||||
|
#
|
||||||
|
# `facebook_{localpart}={server}` is a good value.
|
||||||
|
community_template: null
|
||||||
|
# Displayname template for Facebook users.
|
||||||
|
# {displayname} is replaced with the display name of the Facebook user
|
||||||
|
# as defined below in displayname_preference.
|
||||||
|
# Keys available for displayname_preference are also available here.
|
||||||
|
displayname_template: '{displayname} (FB)'
|
||||||
|
# Available keys:
|
||||||
|
# "name" (full name)
|
||||||
|
# "first_name"
|
||||||
|
# "last_name"
|
||||||
|
# "nickname"
|
||||||
|
# "own_nickname" (user-specific!)
|
||||||
|
displayname_preference:
|
||||||
|
- name
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!fb"
|
||||||
|
|
||||||
|
# Number of chats to sync (and create portals for) on startup/login.
|
||||||
|
# Maximum 20, set 0 to disable automatic syncing.
|
||||||
|
initial_chat_sync: 10
|
||||||
|
# Whether or not the Facebook users of logged in Matrix users should be
|
||||||
|
# invited to private chats when the user sends a message from another client.
|
||||||
|
invite_own_puppet_to_pm: false
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Facebook account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
||||||
|
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
||||||
|
# presence, but then it won't send other users' presence to the client.
|
||||||
|
presence: true
|
||||||
|
# Whether or not to update avatars when syncing all contacts at startup.
|
||||||
|
update_avatar_initial_sync: true
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||||
|
# been sent to Facebook.
|
||||||
|
delivery_receipts: false
|
||||||
|
# Whether to allow inviting arbitrary mxids to portal rooms
|
||||||
|
allow_invites: false
|
||||||
|
# Settings for backfilling messages from Facebook.
|
||||||
|
backfill:
|
||||||
|
# Whether or not the Facebook users of logged in Matrix users should be
|
||||||
|
# invited to private chats when backfilling history from Facebook. This is
|
||||||
|
# usually needed to prevent rate limits and to allow timestamp massaging.
|
||||||
|
invite_own_puppet: true
|
||||||
|
# Maximum number of messages to backfill initially.
|
||||||
|
# Set to 0 to disable backfilling when creating portal.
|
||||||
|
initial_limit: 0
|
||||||
|
# Maximum number of messages to backfill if messages were missed while
|
||||||
|
# the bridge was disconnected.
|
||||||
|
# Set to 0 to disable backfilling missed messages.
|
||||||
|
missed_limit: 1000
|
||||||
|
# If using double puppeting, should notifications be disabled
|
||||||
|
# while the initial backfill is in progress?
|
||||||
|
disable_notifications: false
|
||||||
|
periodic_reconnect:
|
||||||
|
# Interval in seconds in which to automatically reconnect all users.
|
||||||
|
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
|
||||||
|
# Set to -1 to disable periodic reconnections entirely.
|
||||||
|
interval: -1
|
||||||
|
# What to do in periodic reconnects. Either "refresh" or "reconnect"
|
||||||
|
mode: refresh
|
||||||
|
# Should even disconnected users be reconnected?
|
||||||
|
always: false
|
||||||
|
# The number of seconds that a disconnection can last without triggering an automatic re-sync
|
||||||
|
# and missed message backfilling when reconnecting.
|
||||||
|
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
|
||||||
|
resync_max_disconnected_time: 5
|
||||||
|
# Whether or not temporary disconnections should send notices to the notice room.
|
||||||
|
# If this is false, disconnections will never send messages and connections will only send
|
||||||
|
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
|
||||||
|
temporary_disconnect_notices: true
|
||||||
|
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
|
||||||
|
# attempt fails.
|
||||||
|
refresh_on_reconnection_fail: false
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Use the bridge with puppeting.
|
||||||
|
# admin - Use and administrate the bridge.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
colored:
|
||||||
|
(): mautrix_facebook.util.ColorFormatter
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
normal:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: colored
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
fbchat:
|
||||||
|
level: DEBUG
|
||||||
|
hbmqtt:
|
||||||
|
level: INFO
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
||||||
{{ matrix_mautrix_facebook_docker_image }} \
|
{{ matrix_mautrix_facebook_docker_image }} \
|
||||||
python3 -m mautrix_facebook -c /config/config.yaml
|
python3 -m mautrix_facebook -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-facebook
|
SyslogIdentifier=matrix-mautrix-facebook
|
||||||
|
|
|
@ -20,6 +20,11 @@ matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008'
|
||||||
matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
|
matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
|
||||||
matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
|
matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
|
||||||
|
|
||||||
|
# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
|
||||||
|
matrix_mautrix_hangouts_container_http_host_bind_port: ''
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_mautrix_hangouts_container_extra_arguments: []
|
matrix_mautrix_hangouts_container_extra_arguments: []
|
||||||
|
|
||||||
|
@ -40,152 +45,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_hangouts_configuration_yaml: |
|
matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-hangouts.db
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: hangouts
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: hangoutsbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Hangouts bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Hangouts users.
|
|
||||||
# {userid} is replaced with the user ID of the Hangouts user.
|
|
||||||
username_template: "hangouts_{userid}"
|
|
||||||
# Displayname template for Hangouts users.
|
|
||||||
# {displayname} is replaced with the display name of the Hangouts user
|
|
||||||
# as defined below in displayname_preference.
|
|
||||||
# Keys available for displayname_preference are also available here.
|
|
||||||
displayname_template: '{full_name} (Hangouts)'
|
|
||||||
# Available keys:
|
|
||||||
# "name" (full name)
|
|
||||||
# "first_name"
|
|
||||||
# "last_name"
|
|
||||||
# "nickname"
|
|
||||||
# "own_nickname" (user-specific!)
|
|
||||||
displayname_preference:
|
|
||||||
- name
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!HO"
|
|
||||||
|
|
||||||
# Number of chats to sync (and create portals for) on startup/login.
|
|
||||||
# Maximum 20, set 0 to disable automatic syncing.
|
|
||||||
initial_chat_sync: 20
|
|
||||||
# Whether or not the Hangouts users of logged in Matrix users should be
|
|
||||||
# invited to private chats when the user sends a message from another client.
|
|
||||||
invite_own_puppet_to_pm: false
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
|
||||||
# Whether or not to update avatars when syncing all contacts at startup.
|
|
||||||
update_avatar_initial_sync: true
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Public website and API configs
|
|
||||||
web:
|
|
||||||
# Auth server config
|
|
||||||
auth:
|
|
||||||
# Publicly accessible base URL for the login endpoints.
|
|
||||||
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
|
||||||
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
|
||||||
# This path should usually include a trailing slash.
|
|
||||||
# Internal prefix in the appservice web server for the login endpoints.
|
|
||||||
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
|
||||||
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
|
||||||
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Use the bridge with puppeting.
|
|
||||||
# admin - Use and administrate the bridge.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
colored:
|
|
||||||
(): mautrix_hangouts.util.ColorFormatter
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
normal:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: colored
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
hangups:
|
|
||||||
level: DEBUG
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
matrix_mautrix_hangouts_configuration_extension_yaml: |
|
matrix_mautrix_hangouts_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,145 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-hangouts.db
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: hangouts
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: hangoutsbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Hangouts bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Hangouts users.
|
||||||
|
# {userid} is replaced with the user ID of the Hangouts user.
|
||||||
|
username_template: "hangouts_{userid}"
|
||||||
|
# Displayname template for Hangouts users.
|
||||||
|
# {displayname} is replaced with the display name of the Hangouts user
|
||||||
|
# as defined below in displayname_preference.
|
||||||
|
# Keys available for displayname_preference are also available here.
|
||||||
|
displayname_template: '{full_name} (Hangouts)'
|
||||||
|
# Available keys:
|
||||||
|
# "name" (full name)
|
||||||
|
# "first_name"
|
||||||
|
# "last_name"
|
||||||
|
# "nickname"
|
||||||
|
# "own_nickname" (user-specific!)
|
||||||
|
displayname_preference:
|
||||||
|
- name
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!HO"
|
||||||
|
|
||||||
|
# Number of chats to sync (and create portals for) on startup/login.
|
||||||
|
# Maximum 20, set 0 to disable automatic syncing.
|
||||||
|
initial_chat_sync: 20
|
||||||
|
# Whether or not the Hangouts users of logged in Matrix users should be
|
||||||
|
# invited to private chats when the user sends a message from another client.
|
||||||
|
invite_own_puppet_to_pm: false
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
||||||
|
# Whether or not to update avatars when syncing all contacts at startup.
|
||||||
|
update_avatar_initial_sync: true
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
# Public website and API configs
|
||||||
|
web:
|
||||||
|
# Auth server config
|
||||||
|
auth:
|
||||||
|
# Publicly accessible base URL for the login endpoints.
|
||||||
|
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
||||||
|
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
||||||
|
# This path should usually include a trailing slash.
|
||||||
|
# Internal prefix in the appservice web server for the login endpoints.
|
||||||
|
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||||
|
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||||
|
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Use the bridge with puppeting.
|
||||||
|
# admin - Use and administrate the bridge.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
colored:
|
||||||
|
(): mautrix_hangouts.util.ColorFormatter
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
normal:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: colored
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
hangups:
|
||||||
|
level: DEBUG
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -23,13 +23,16 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_mautrix_hangouts_container_http_host_bind_port %}
|
||||||
|
-p {{ matrix_mautrix_hangouts_container_http_host_bind_port }}:8080 \
|
||||||
|
{% endif %}
|
||||||
-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
|
-v {{ matrix_mautrix_hangouts_config_path }}:/config:z \
|
||||||
-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
|
-v {{ matrix_mautrix_hangouts_data_path }}:/data:z \
|
||||||
{% for arg in matrix_mautrix_hangouts_container_extra_arguments %}
|
{% for arg in matrix_mautrix_hangouts_container_extra_arguments %}
|
||||||
|
@ -38,8 +41,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
||||||
{{ matrix_mautrix_hangouts_docker_image }} \
|
{{ matrix_mautrix_hangouts_docker_image }} \
|
||||||
python3 -m mautrix_hangouts -c /config/config.yaml
|
python3 -m mautrix_hangouts -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-hangouts
|
SyslogIdentifier=matrix-mautrix-hangouts
|
||||||
|
|
|
@ -26,7 +26,7 @@ matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
|
||||||
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
|
matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
|
||||||
matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
|
matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
|
||||||
|
|
||||||
# Controls whether the matrix-telegram container exposes its HTTP port (tcp/8080 in the container).
|
# Controls whether the matrix-mautrix-telegram container exposes its HTTP port (tcp/8080 in the container).
|
||||||
#
|
#
|
||||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
|
||||||
matrix_mautrix_telegram_container_http_host_bind_port: ''
|
matrix_mautrix_telegram_container_http_host_bind_port: ''
|
||||||
|
@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_telegram_configuration_yaml: |
|
matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_telegram_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-telegram.db
|
|
||||||
|
|
||||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
|
||||||
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
|
||||||
# the HS database.
|
|
||||||
public:
|
|
||||||
# Whether or not the public-facing endpoints should be enabled.
|
|
||||||
enabled: true
|
|
||||||
# The prefix to use in the public-facing endpoints.
|
|
||||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
|
||||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
|
||||||
# implicitly.
|
|
||||||
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
|
||||||
|
|
||||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
|
||||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
|
||||||
provisioning:
|
|
||||||
# Whether or not the provisioning API should be enabled.
|
|
||||||
enabled: false
|
|
||||||
# The prefix to use in the provisioning API endpoints.
|
|
||||||
prefix: /_matrix/provision/v1
|
|
||||||
# The shared secret to authorize users of the API.
|
|
||||||
# Set to "generate" to generate and save a new token.
|
|
||||||
shared_secret: generate
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: telegram
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: telegrambot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Telegram bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Telegram users.
|
|
||||||
# {userid} is replaced with the user ID of the Telegram user.
|
|
||||||
username_template: "telegram_{userid}"
|
|
||||||
# Localpart template of room aliases for Telegram portal rooms.
|
|
||||||
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
|
||||||
alias_template: "telegram_{groupname}"
|
|
||||||
# Displayname template for Telegram users.
|
|
||||||
# {displayname} is replaced with the display name of the Telegram user.
|
|
||||||
displayname_template: "{displayname} (Telegram)"
|
|
||||||
|
|
||||||
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
|
||||||
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
|
||||||
# ID is used.
|
|
||||||
#
|
|
||||||
# If the bridge is working properly, a phone number or an username should always be known, but
|
|
||||||
# the other one can very well be empty.
|
|
||||||
#
|
|
||||||
# Valid keys:
|
|
||||||
# "full name" (First and/or last name)
|
|
||||||
# "full name reversed" (Last and/or first name)
|
|
||||||
# "first name"
|
|
||||||
# "last name"
|
|
||||||
# "username"
|
|
||||||
# "phone number"
|
|
||||||
displayname_preference:
|
|
||||||
- full name
|
|
||||||
- username
|
|
||||||
- phone number
|
|
||||||
# Maximum length of displayname
|
|
||||||
displayname_max_length: 100
|
|
||||||
|
|
||||||
# Maximum number of members to sync per portal when starting up. Other members will be
|
|
||||||
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
|
||||||
# will not send any more members.
|
|
||||||
# Defaults to no local limit (-> limited to 10000 by server)
|
|
||||||
max_initial_member_sync: -1
|
|
||||||
# Whether or not to sync the member list in channels.
|
|
||||||
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
|
||||||
# list regardless of this setting.
|
|
||||||
sync_channel_members: true
|
|
||||||
# Whether or not to skip deleted members when syncing members.
|
|
||||||
skip_deleted_members: true
|
|
||||||
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
|
||||||
# their Telegram account at startup.
|
|
||||||
startup_sync: true
|
|
||||||
# Number of most recently active dialogs to check when syncing chats.
|
|
||||||
# Dialogs include groups and private chats, but only groups are synced.
|
|
||||||
# Set to 0 to remove limit.
|
|
||||||
sync_dialog_limit: 30
|
|
||||||
# Whether or not to sync and create portals for direct chats at startup.
|
|
||||||
sync_direct_chats: false
|
|
||||||
# The maximum number of simultaneous Telegram deletions to handle.
|
|
||||||
# A large number of simultaneous redactions could put strain on your homeserver.
|
|
||||||
max_telegram_delete: 10
|
|
||||||
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
|
||||||
# at startup and when creating a bridge.
|
|
||||||
sync_matrix_state: true
|
|
||||||
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
|
||||||
# login website (see appservice.public config section)
|
|
||||||
allow_matrix_login: true
|
|
||||||
# Whether or not to bridge plaintext highlights.
|
|
||||||
# Only enable this if your displayname_template has some static part that the bridge can use to
|
|
||||||
# reliably identify what is a plaintext highlight.
|
|
||||||
plaintext_highlights: false
|
|
||||||
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
|
||||||
public_portals: true
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Telegram account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
|
||||||
# Set to false to disable link previews in messages sent to Telegram.
|
|
||||||
telegram_link_preview: true
|
|
||||||
# Use inline images instead of a separate message for the caption.
|
|
||||||
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
|
||||||
inline_images: false
|
|
||||||
# Maximum size of image in megabytes before sending to Telegram as a document.
|
|
||||||
image_as_file_size: 10
|
|
||||||
# Maximum size of Telegram documents in megabytes to bridge.
|
|
||||||
max_document_size: 100
|
|
||||||
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
|
||||||
# streaming from/to Matrix and using many connections for Telegram.
|
|
||||||
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
|
||||||
parallel_file_transfer: false
|
|
||||||
# Whether or not created rooms should have federation enabled.
|
|
||||||
# If false, created portal rooms will never be federated.
|
|
||||||
federate_rooms: true
|
|
||||||
# Settings for converting animated stickers.
|
|
||||||
animated_sticker:
|
|
||||||
# Format to which animated stickers should be converted.
|
|
||||||
# disable - No conversion, send as-is (gzipped lottie)
|
|
||||||
# png - converts to non-animated png (fastest),
|
|
||||||
# gif - converts to animated gif, but loses transparency
|
|
||||||
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
|
||||||
target: gif
|
|
||||||
# Arguments for converter. All converters take width and height.
|
|
||||||
# GIF converter takes background as a hex color.
|
|
||||||
args:
|
|
||||||
width: 256
|
|
||||||
height: 256
|
|
||||||
background: "020202" # only for gif
|
|
||||||
fps: 30 # only for webm
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Overrides for base power levels.
|
|
||||||
initial_power_level_overrides:
|
|
||||||
user: {}
|
|
||||||
group: {}
|
|
||||||
|
|
||||||
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
|
||||||
bot_messages_as_notices: true
|
|
||||||
bridge_notices:
|
|
||||||
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
|
||||||
default: false
|
|
||||||
# List of user IDs for whom the previous flag is flipped.
|
|
||||||
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
|
||||||
# notices from users listed here will be bridged.
|
|
||||||
exceptions: []
|
|
||||||
|
|
||||||
# Some config options related to Telegram message deduplication.
|
|
||||||
# The default values are usually fine, but some debug messages/warnings might recommend you
|
|
||||||
# change these.
|
|
||||||
deduplication:
|
|
||||||
# Whether or not to check the database if the message about to be sent is a duplicate.
|
|
||||||
pre_db_check: false
|
|
||||||
# The number of latest events to keep when checking for duplicates.
|
|
||||||
# You might need to increase this on high-traffic bridge instances.
|
|
||||||
cache_queue_length: 20
|
|
||||||
|
|
||||||
|
|
||||||
# The formats to use when sending messages to Telegram via the relay bot.
|
|
||||||
#
|
|
||||||
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
|
||||||
#
|
|
||||||
# Available variables:
|
|
||||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
|
||||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
|
||||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
|
||||||
# $message - The message content as HTML
|
|
||||||
message_formats:
|
|
||||||
m.text: "<b>$sender_displayname</b>: $message"
|
|
||||||
m.notice: "<b>$sender_displayname</b>: $message"
|
|
||||||
m.emote: "* <b>$sender_displayname</b> $message"
|
|
||||||
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
|
||||||
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
|
||||||
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
|
||||||
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
|
||||||
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
|
||||||
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
|
||||||
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
|
||||||
# Telegram user info is available in the following variables:
|
|
||||||
# $displayname - Telegram displayname
|
|
||||||
# $username - Telegram username (may not exist)
|
|
||||||
# $mention - Telegram @username or displayname mention (depending on which exists)
|
|
||||||
emote_format: "* $mention $formatted_body"
|
|
||||||
|
|
||||||
# The formats to use when sending state events to Telegram via the relay bot.
|
|
||||||
#
|
|
||||||
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
|
||||||
# In name_change events, `$prev_displayname` is the previous displayname.
|
|
||||||
#
|
|
||||||
# Set format to an empty string to disable the messages for that event.
|
|
||||||
state_event_formats:
|
|
||||||
join: "<b>$displayname</b> joined the room."
|
|
||||||
leave: "<b>$displayname</b> left the room."
|
|
||||||
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
|
||||||
|
|
||||||
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
|
||||||
# `filter-mode` management commands.
|
|
||||||
#
|
|
||||||
# Filters do not affect direct chats.
|
|
||||||
# An empty blacklist will essentially disable the filter.
|
|
||||||
filter:
|
|
||||||
# Filter mode to use. Either "blacklist" or "whitelist".
|
|
||||||
# If the mode is "blacklist", the listed chats will never be bridged.
|
|
||||||
# If the mode is "whitelist", only the listed chats can be bridged.
|
|
||||||
mode: blacklist
|
|
||||||
# The list of group/channel IDs to filter.
|
|
||||||
list: []
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!tg"
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
|
||||||
# user - Relaybot level + access to commands to create bridges.
|
|
||||||
# puppeting - User level + logging in with a Telegram account.
|
|
||||||
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
|
||||||
# admin - Full access to use the bridge and some extra administration commands.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
|
||||||
|
|
||||||
# Options related to the message relay Telegram bot.
|
|
||||||
relaybot:
|
|
||||||
private_chat:
|
|
||||||
# List of users to invite to the portal when someone starts a private chat with the bot.
|
|
||||||
# If empty, private chats with the bot won't create a portal.
|
|
||||||
invite: []
|
|
||||||
# Whether or not to bridge state change messages in relaybot private chats.
|
|
||||||
state_changes: true
|
|
||||||
# When private_chat_invite is empty, this message is sent to users /starting the
|
|
||||||
# relaybot. Telegram's "markdown" is supported.
|
|
||||||
message: This is a Matrix bridge relaybot and does not support direct chats
|
|
||||||
# List of users to invite to all group chat portals created by the bridge.
|
|
||||||
group_chat_invite: []
|
|
||||||
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
|
||||||
# If false, portals will be created when the relaybot receives messages, just like normal
|
|
||||||
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
|
||||||
# the chat to another room.
|
|
||||||
ignore_unbridged_group_chat: true
|
|
||||||
# Whether or not to allow creating portals from Telegram.
|
|
||||||
authless_portals: true
|
|
||||||
# Whether or not to allow Telegram group admins to use the bot commands.
|
|
||||||
whitelist_group_admins: true
|
|
||||||
# Whether or not to ignore incoming events sent by the relay bot.
|
|
||||||
ignore_own_incoming_events: true
|
|
||||||
# List of usernames/user IDs who are also allowed to use the bot commands.
|
|
||||||
whitelist: []
|
|
||||||
|
|
||||||
# Telegram config
|
|
||||||
telegram:
|
|
||||||
# Get your own API keys at https://my.telegram.org/apps
|
|
||||||
api_id: {{ matrix_mautrix_telegram_api_id }}
|
|
||||||
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
|
||||||
# (Optional) Create your own bot at https://t.me/BotFather
|
|
||||||
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
|
||||||
|
|
||||||
# Telethon connection options.
|
|
||||||
connection:
|
|
||||||
# The timeout in seconds to be used when connecting.
|
|
||||||
timeout: 120
|
|
||||||
# How many times the reconnection should retry, either on the initial connection or when
|
|
||||||
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
|
||||||
# this is not recommended, since the program can get stuck in an infinite loop.
|
|
||||||
retries: 5
|
|
||||||
# The delay in seconds to sleep between automatic reconnections.
|
|
||||||
retry_delay: 1
|
|
||||||
# The threshold below which the library should automatically sleep on flood wait errors
|
|
||||||
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
|
||||||
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
|
||||||
# the error instead. Values larger than a day (86400) will be changed to a day.
|
|
||||||
flood_sleep_threshold: 60
|
|
||||||
# How many times a request should be retried. Request are retried when Telegram is having
|
|
||||||
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
|
||||||
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
|
||||||
# is not recommended, since some requests can always trigger a call fail (such as searching
|
|
||||||
# for messages).
|
|
||||||
request_retries: 5
|
|
||||||
|
|
||||||
# Device info sent to Telegram.
|
|
||||||
device_info:
|
|
||||||
# "auto" = OS name+version.
|
|
||||||
device_model: auto
|
|
||||||
# "auto" = Telethon version.
|
|
||||||
system_version: auto
|
|
||||||
# "auto" = mautrix-telegram version.
|
|
||||||
app_version: auto
|
|
||||||
lang_code: en
|
|
||||||
system_lang_code: en
|
|
||||||
|
|
||||||
# Custom server to connect to.
|
|
||||||
server:
|
|
||||||
# Set to true to use these server settings. If false, will automatically
|
|
||||||
# use production server assigned by Telegram. Set to false in production.
|
|
||||||
enabled: false
|
|
||||||
# The DC ID to connect to.
|
|
||||||
dc: 2
|
|
||||||
# The IP to connect to.
|
|
||||||
ip: 149.154.167.40
|
|
||||||
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
|
||||||
port: 80
|
|
||||||
|
|
||||||
# Telethon proxy configuration.
|
|
||||||
# You must install PySocks from pip for proxies to work.
|
|
||||||
proxy:
|
|
||||||
# Allowed types: disabled, socks4, socks5, http
|
|
||||||
type: disabled
|
|
||||||
# Proxy IP address and port.
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 1080
|
|
||||||
# Whether or not to perform DNS resolving remotely.
|
|
||||||
rdns: true
|
|
||||||
# Proxy authentication (optional).
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
precise:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: precise
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
telethon:
|
|
||||||
level: DEBUG
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
|
|
||||||
matrix_mautrix_telegram_configuration_extension_yaml: |
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,397 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_telegram_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-telegram.db
|
||||||
|
|
||||||
|
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||||
|
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
||||||
|
# the HS database.
|
||||||
|
public:
|
||||||
|
# Whether or not the public-facing endpoints should be enabled.
|
||||||
|
enabled: true
|
||||||
|
# The prefix to use in the public-facing endpoints.
|
||||||
|
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||||
|
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||||
|
# implicitly.
|
||||||
|
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
||||||
|
|
||||||
|
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||||
|
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||||
|
provisioning:
|
||||||
|
# Whether or not the provisioning API should be enabled.
|
||||||
|
enabled: false
|
||||||
|
# The prefix to use in the provisioning API endpoints.
|
||||||
|
prefix: /_matrix/provision/v1
|
||||||
|
# The shared secret to authorize users of the API.
|
||||||
|
# Set to "generate" to generate and save a new token.
|
||||||
|
shared_secret: generate
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: telegram
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: telegrambot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Telegram bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Telegram users.
|
||||||
|
# {userid} is replaced with the user ID of the Telegram user.
|
||||||
|
username_template: "telegram_{userid}"
|
||||||
|
# Localpart template of room aliases for Telegram portal rooms.
|
||||||
|
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
||||||
|
alias_template: "telegram_{groupname}"
|
||||||
|
# Displayname template for Telegram users.
|
||||||
|
# {displayname} is replaced with the display name of the Telegram user.
|
||||||
|
displayname_template: "{displayname} (Telegram)"
|
||||||
|
|
||||||
|
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
||||||
|
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
||||||
|
# ID is used.
|
||||||
|
#
|
||||||
|
# If the bridge is working properly, a phone number or an username should always be known, but
|
||||||
|
# the other one can very well be empty.
|
||||||
|
#
|
||||||
|
# Valid keys:
|
||||||
|
# "full name" (First and/or last name)
|
||||||
|
# "full name reversed" (Last and/or first name)
|
||||||
|
# "first name"
|
||||||
|
# "last name"
|
||||||
|
# "username"
|
||||||
|
# "phone number"
|
||||||
|
displayname_preference:
|
||||||
|
- full name
|
||||||
|
- username
|
||||||
|
- phone number
|
||||||
|
# Maximum length of displayname
|
||||||
|
displayname_max_length: 100
|
||||||
|
|
||||||
|
# Maximum number of members to sync per portal when starting up. Other members will be
|
||||||
|
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
||||||
|
# will not send any more members.
|
||||||
|
# Defaults to no local limit (-> limited to 10000 by server)
|
||||||
|
max_initial_member_sync: -1
|
||||||
|
# Whether or not to sync the member list in channels.
|
||||||
|
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
||||||
|
# list regardless of this setting.
|
||||||
|
sync_channel_members: true
|
||||||
|
# Whether or not to skip deleted members when syncing members.
|
||||||
|
skip_deleted_members: true
|
||||||
|
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
||||||
|
# their Telegram account at startup.
|
||||||
|
startup_sync: true
|
||||||
|
# Number of most recently active dialogs to check when syncing chats.
|
||||||
|
# Dialogs include groups and private chats, but only groups are synced.
|
||||||
|
# Set to 0 to remove limit.
|
||||||
|
sync_dialog_limit: 30
|
||||||
|
# Whether or not to sync and create portals for direct chats at startup.
|
||||||
|
sync_direct_chats: false
|
||||||
|
# The maximum number of simultaneous Telegram deletions to handle.
|
||||||
|
# A large number of simultaneous redactions could put strain on your homeserver.
|
||||||
|
max_telegram_delete: 10
|
||||||
|
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
||||||
|
# at startup and when creating a bridge.
|
||||||
|
sync_matrix_state: true
|
||||||
|
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
||||||
|
# login website (see appservice.public config section)
|
||||||
|
allow_matrix_login: true
|
||||||
|
# Whether or not to bridge plaintext highlights.
|
||||||
|
# Only enable this if your displayname_template has some static part that the bridge can use to
|
||||||
|
# reliably identify what is a plaintext highlight.
|
||||||
|
plaintext_highlights: false
|
||||||
|
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
||||||
|
public_portals: true
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Telegram account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
||||||
|
# Set to false to disable link previews in messages sent to Telegram.
|
||||||
|
telegram_link_preview: true
|
||||||
|
# Use inline images instead of a separate message for the caption.
|
||||||
|
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
||||||
|
inline_images: false
|
||||||
|
# Maximum size of image in megabytes before sending to Telegram as a document.
|
||||||
|
image_as_file_size: 10
|
||||||
|
# Maximum size of Telegram documents in megabytes to bridge.
|
||||||
|
max_document_size: 100
|
||||||
|
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
||||||
|
# streaming from/to Matrix and using many connections for Telegram.
|
||||||
|
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
||||||
|
parallel_file_transfer: false
|
||||||
|
# Whether or not created rooms should have federation enabled.
|
||||||
|
# If false, created portal rooms will never be federated.
|
||||||
|
federate_rooms: true
|
||||||
|
# Settings for converting animated stickers.
|
||||||
|
animated_sticker:
|
||||||
|
# Format to which animated stickers should be converted.
|
||||||
|
# disable - No conversion, send as-is (gzipped lottie)
|
||||||
|
# png - converts to non-animated png (fastest),
|
||||||
|
# gif - converts to animated gif, but loses transparency
|
||||||
|
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
||||||
|
target: gif
|
||||||
|
# Arguments for converter. All converters take width and height.
|
||||||
|
# GIF converter takes background as a hex color.
|
||||||
|
args:
|
||||||
|
width: 256
|
||||||
|
height: 256
|
||||||
|
background: "020202" # only for gif
|
||||||
|
fps: 30 # only for webm
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
# Overrides for base power levels.
|
||||||
|
initial_power_level_overrides:
|
||||||
|
user: {}
|
||||||
|
group: {}
|
||||||
|
|
||||||
|
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
||||||
|
bot_messages_as_notices: true
|
||||||
|
bridge_notices:
|
||||||
|
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
||||||
|
default: false
|
||||||
|
# List of user IDs for whom the previous flag is flipped.
|
||||||
|
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
||||||
|
# notices from users listed here will be bridged.
|
||||||
|
exceptions: []
|
||||||
|
|
||||||
|
# Some config options related to Telegram message deduplication.
|
||||||
|
# The default values are usually fine, but some debug messages/warnings might recommend you
|
||||||
|
# change these.
|
||||||
|
deduplication:
|
||||||
|
# Whether or not to check the database if the message about to be sent is a duplicate.
|
||||||
|
pre_db_check: false
|
||||||
|
# The number of latest events to keep when checking for duplicates.
|
||||||
|
# You might need to increase this on high-traffic bridge instances.
|
||||||
|
cache_queue_length: 20
|
||||||
|
|
||||||
|
|
||||||
|
# The formats to use when sending messages to Telegram via the relay bot.
|
||||||
|
#
|
||||||
|
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
||||||
|
#
|
||||||
|
# Available variables:
|
||||||
|
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||||
|
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||||
|
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||||
|
# $message - The message content as HTML
|
||||||
|
message_formats:
|
||||||
|
m.text: "<b>$sender_displayname</b>: $message"
|
||||||
|
m.notice: "<b>$sender_displayname</b>: $message"
|
||||||
|
m.emote: "* <b>$sender_displayname</b> $message"
|
||||||
|
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
||||||
|
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
||||||
|
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
||||||
|
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
||||||
|
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
||||||
|
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
||||||
|
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
||||||
|
# Telegram user info is available in the following variables:
|
||||||
|
# $displayname - Telegram displayname
|
||||||
|
# $username - Telegram username (may not exist)
|
||||||
|
# $mention - Telegram @username or displayname mention (depending on which exists)
|
||||||
|
emote_format: "* $mention $formatted_body"
|
||||||
|
|
||||||
|
# The formats to use when sending state events to Telegram via the relay bot.
|
||||||
|
#
|
||||||
|
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
||||||
|
# In name_change events, `$prev_displayname` is the previous displayname.
|
||||||
|
#
|
||||||
|
# Set format to an empty string to disable the messages for that event.
|
||||||
|
state_event_formats:
|
||||||
|
join: "<b>$displayname</b> joined the room."
|
||||||
|
leave: "<b>$displayname</b> left the room."
|
||||||
|
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
||||||
|
|
||||||
|
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
||||||
|
# `filter-mode` management commands.
|
||||||
|
#
|
||||||
|
# Filters do not affect direct chats.
|
||||||
|
# An empty blacklist will essentially disable the filter.
|
||||||
|
filter:
|
||||||
|
# Filter mode to use. Either "blacklist" or "whitelist".
|
||||||
|
# If the mode is "blacklist", the listed chats will never be bridged.
|
||||||
|
# If the mode is "whitelist", only the listed chats can be bridged.
|
||||||
|
mode: blacklist
|
||||||
|
# The list of group/channel IDs to filter.
|
||||||
|
list: []
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!tg"
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
||||||
|
# user - Relaybot level + access to commands to create bridges.
|
||||||
|
# puppeting - User level + logging in with a Telegram account.
|
||||||
|
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
||||||
|
# admin - Full access to use the bridge and some extra administration commands.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
||||||
|
|
||||||
|
# Options related to the message relay Telegram bot.
|
||||||
|
relaybot:
|
||||||
|
private_chat:
|
||||||
|
# List of users to invite to the portal when someone starts a private chat with the bot.
|
||||||
|
# If empty, private chats with the bot won't create a portal.
|
||||||
|
invite: []
|
||||||
|
# Whether or not to bridge state change messages in relaybot private chats.
|
||||||
|
state_changes: true
|
||||||
|
# When private_chat_invite is empty, this message is sent to users /starting the
|
||||||
|
# relaybot. Telegram's "markdown" is supported.
|
||||||
|
message: This is a Matrix bridge relaybot and does not support direct chats
|
||||||
|
# List of users to invite to all group chat portals created by the bridge.
|
||||||
|
group_chat_invite: []
|
||||||
|
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
||||||
|
# If false, portals will be created when the relaybot receives messages, just like normal
|
||||||
|
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
||||||
|
# the chat to another room.
|
||||||
|
ignore_unbridged_group_chat: true
|
||||||
|
# Whether or not to allow creating portals from Telegram.
|
||||||
|
authless_portals: true
|
||||||
|
# Whether or not to allow Telegram group admins to use the bot commands.
|
||||||
|
whitelist_group_admins: true
|
||||||
|
# Whether or not to ignore incoming events sent by the relay bot.
|
||||||
|
ignore_own_incoming_events: true
|
||||||
|
# List of usernames/user IDs who are also allowed to use the bot commands.
|
||||||
|
whitelist: []
|
||||||
|
|
||||||
|
# Telegram config
|
||||||
|
telegram:
|
||||||
|
# Get your own API keys at https://my.telegram.org/apps
|
||||||
|
api_id: {{ matrix_mautrix_telegram_api_id }}
|
||||||
|
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
||||||
|
# (Optional) Create your own bot at https://t.me/BotFather
|
||||||
|
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
||||||
|
|
||||||
|
# Telethon connection options.
|
||||||
|
connection:
|
||||||
|
# The timeout in seconds to be used when connecting.
|
||||||
|
timeout: 120
|
||||||
|
# How many times the reconnection should retry, either on the initial connection or when
|
||||||
|
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
||||||
|
# this is not recommended, since the program can get stuck in an infinite loop.
|
||||||
|
retries: 5
|
||||||
|
# The delay in seconds to sleep between automatic reconnections.
|
||||||
|
retry_delay: 1
|
||||||
|
# The threshold below which the library should automatically sleep on flood wait errors
|
||||||
|
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
||||||
|
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
||||||
|
# the error instead. Values larger than a day (86400) will be changed to a day.
|
||||||
|
flood_sleep_threshold: 60
|
||||||
|
# How many times a request should be retried. Request are retried when Telegram is having
|
||||||
|
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
||||||
|
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
||||||
|
# is not recommended, since some requests can always trigger a call fail (such as searching
|
||||||
|
# for messages).
|
||||||
|
request_retries: 5
|
||||||
|
|
||||||
|
# Device info sent to Telegram.
|
||||||
|
device_info:
|
||||||
|
# "auto" = OS name+version.
|
||||||
|
device_model: auto
|
||||||
|
# "auto" = Telethon version.
|
||||||
|
system_version: auto
|
||||||
|
# "auto" = mautrix-telegram version.
|
||||||
|
app_version: auto
|
||||||
|
lang_code: en
|
||||||
|
system_lang_code: en
|
||||||
|
|
||||||
|
# Custom server to connect to.
|
||||||
|
server:
|
||||||
|
# Set to true to use these server settings. If false, will automatically
|
||||||
|
# use production server assigned by Telegram. Set to false in production.
|
||||||
|
enabled: false
|
||||||
|
# The DC ID to connect to.
|
||||||
|
dc: 2
|
||||||
|
# The IP to connect to.
|
||||||
|
ip: 149.154.167.40
|
||||||
|
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
||||||
|
port: 80
|
||||||
|
|
||||||
|
# Telethon proxy configuration.
|
||||||
|
# You must install PySocks from pip for proxies to work.
|
||||||
|
proxy:
|
||||||
|
# Allowed types: disabled, socks4, socks5, http
|
||||||
|
type: disabled
|
||||||
|
# Proxy IP address and port.
|
||||||
|
address: 127.0.0.1
|
||||||
|
port: 1080
|
||||||
|
# Whether or not to perform DNS resolving remotely.
|
||||||
|
rdns: true
|
||||||
|
# Proxy authentication (optional).
|
||||||
|
username: ""
|
||||||
|
password: ""
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
telethon:
|
||||||
|
level: DEBUG
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,21 +11,22 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
|
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
|
||||||
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
|
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
|
||||||
{{ matrix_mautrix_telegram_docker_image }} \
|
{{ matrix_mautrix_telegram_docker_image }} \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
||||||
{{ matrix_mautrix_telegram_docker_image }} \
|
{{ matrix_mautrix_telegram_docker_image }} \
|
||||||
python3 -m mautrix_telegram -c /config/config.yaml
|
python3 -m mautrix_telegram -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-telegram
|
SyslogIdentifier=matrix-mautrix-telegram
|
||||||
|
|
|
@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_whatsapp_configuration_yaml: |
|
matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
# Homeserver details.
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
|
||||||
# Application service host/registration related details.
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
# Database config.
|
|
||||||
database:
|
|
||||||
# The database type. "sqlite3" and "postgres" are supported.
|
|
||||||
type: sqlite3
|
|
||||||
# The database URI.
|
|
||||||
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
|
||||||
# Postgres: Connection string. For example, postgres://user:password@host/database
|
|
||||||
uri: mautrix-whatsapp.db
|
|
||||||
# Maximum number of connections. Mostly relevant for Postgres.
|
|
||||||
max_open_conns: 20
|
|
||||||
max_idle_conns: 2
|
|
||||||
|
|
||||||
# Path to the Matrix room state store.
|
|
||||||
state_store_path: ./mx-state.json
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: whatsapp
|
|
||||||
# Appservice bot details.
|
|
||||||
bot:
|
|
||||||
# Username of the appservice bot.
|
|
||||||
username: whatsappbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
displayname: WhatsApp bridge bot
|
|
||||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
|
||||||
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for WhatsApp users.
|
|
||||||
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
|
||||||
username_template: "{{ 'whatsapp_{{.}}' }}"
|
|
||||||
# Displayname template for WhatsApp users.
|
|
||||||
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
|
||||||
# {{ '{{.Jid}}' }} - phone number (international format)
|
|
||||||
# The following variables are also available, but will cause problems on multi-user instances:
|
|
||||||
# {{ '{{.Name}}' }} - display name from contact list
|
|
||||||
# {{ '{{.Short}}' }} - short display name from contact list
|
|
||||||
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
|
||||||
# WhatsApp connection timeout in seconds.
|
|
||||||
connection_timeout: 20
|
|
||||||
# Maximum number of times to retry connecting on connection error.
|
|
||||||
max_connection_attempts: 3
|
|
||||||
# Number of seconds to wait between connection attempts.
|
|
||||||
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
|
||||||
connection_retry_delay: -1
|
|
||||||
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
|
||||||
# If false, it will only report when it stops retrying.
|
|
||||||
report_connection_retry: true
|
|
||||||
# Maximum number of seconds to wait for chats to be sent at startup.
|
|
||||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
|
||||||
chat_list_wait: 30
|
|
||||||
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
|
||||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
|
||||||
portal_sync_wait: 600
|
|
||||||
|
|
||||||
# Whether or not to send call start/end notices to Matrix.
|
|
||||||
call_notices:
|
|
||||||
start: true
|
|
||||||
end: true
|
|
||||||
|
|
||||||
# Number of chats to sync for new users.
|
|
||||||
initial_chat_sync_count: 10
|
|
||||||
# Number of old messages to fill when creating new portal rooms.
|
|
||||||
initial_history_fill_count: 20
|
|
||||||
# Maximum number of chats to sync when recovering from downtime.
|
|
||||||
# Set to -1 to sync all new chats during downtime.
|
|
||||||
recovery_chat_sync_limit: -1
|
|
||||||
# Whether or not to sync history when recovering from downtime.
|
|
||||||
recovery_history_backfill: true
|
|
||||||
# Maximum number of seconds since last message in chat to skip
|
|
||||||
# syncing the chat in any case. This setting will take priority
|
|
||||||
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
|
||||||
# Default is 3 days = 259200 seconds
|
|
||||||
sync_max_chat_age: 259200
|
|
||||||
|
|
||||||
# Whether or not to sync with custom puppets to receive EDUs that
|
|
||||||
# are not normally sent to appservices.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
|
||||||
|
|
||||||
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
|
||||||
# chat portals when backfilling if needed.
|
|
||||||
# This always uses the default puppet instead of custom puppets due to
|
|
||||||
# rate limits and timestamp massaging.
|
|
||||||
invite_own_puppet_for_backfilling: true
|
|
||||||
# Whether or not to explicitly set the avatar and room name for private
|
|
||||||
# chat portal rooms. This can be useful if the previous field works fine,
|
|
||||||
# but causes room avatar/name bugs.
|
|
||||||
private_chat_portal_meta: false
|
|
||||||
|
|
||||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
|
||||||
# users (private chat and groups)
|
|
||||||
allow_user_invite: false
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!wa"
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
|
||||||
# admin - User level and some additional administration tools
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
|
||||||
|
|
||||||
relaybot:
|
|
||||||
# Whether or not relaybot support is enabled.
|
|
||||||
enabled: false
|
|
||||||
# The management room for the bot. This is where all status notifications are posted and
|
|
||||||
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
|
||||||
# the command prefix completely like in user management rooms is not possible.
|
|
||||||
management: '!foo:example.com'
|
|
||||||
# List of users to invite to all created rooms that include the relaybot.
|
|
||||||
invites: []
|
|
||||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
|
||||||
message_formats:
|
|
||||||
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
|
||||||
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
|
||||||
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
|
||||||
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
|
||||||
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
|
||||||
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
|
||||||
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
|
||||||
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
|
||||||
# Logging config.
|
|
||||||
logging:
|
|
||||||
# The directory for log files. Will be created if not found.
|
|
||||||
directory: ./logs
|
|
||||||
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
|
||||||
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
|
||||||
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
|
||||||
file_date_format: "2006-01-02"
|
|
||||||
# Log file permissions.
|
|
||||||
file_mode: 0600
|
|
||||||
# Timestamp format for log entries in the Go time format.
|
|
||||||
timestamp_format: "Jan _2, 2006 15:04:05"
|
|
||||||
# Minimum severity for log messages.
|
|
||||||
# Options: debug, info, warn, error, fatal
|
|
||||||
print_level: debug
|
|
||||||
|
|
||||||
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details.
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
||||||
|
# Application service host/registration related details.
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
# Database config.
|
||||||
|
database:
|
||||||
|
# The database type. "sqlite3" and "postgres" are supported.
|
||||||
|
type: sqlite3
|
||||||
|
# The database URI.
|
||||||
|
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
||||||
|
# Postgres: Connection string. For example, postgres://user:password@host/database
|
||||||
|
uri: mautrix-whatsapp.db
|
||||||
|
# Maximum number of connections. Mostly relevant for Postgres.
|
||||||
|
max_open_conns: 20
|
||||||
|
max_idle_conns: 2
|
||||||
|
|
||||||
|
# Path to the Matrix room state store.
|
||||||
|
state_store_path: ./mx-state.json
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: whatsapp
|
||||||
|
# Appservice bot details.
|
||||||
|
bot:
|
||||||
|
# Username of the appservice bot.
|
||||||
|
username: whatsappbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
displayname: WhatsApp bridge bot
|
||||||
|
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||||
|
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for WhatsApp users.
|
||||||
|
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
||||||
|
username_template: "{{ 'whatsapp_{{.}}' }}"
|
||||||
|
# Displayname template for WhatsApp users.
|
||||||
|
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
||||||
|
# {{ '{{.Jid}}' }} - phone number (international format)
|
||||||
|
# The following variables are also available, but will cause problems on multi-user instances:
|
||||||
|
# {{ '{{.Name}}' }} - display name from contact list
|
||||||
|
# {{ '{{.Short}}' }} - short display name from contact list
|
||||||
|
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
||||||
|
# WhatsApp connection timeout in seconds.
|
||||||
|
connection_timeout: 20
|
||||||
|
# Maximum number of times to retry connecting on connection error.
|
||||||
|
max_connection_attempts: 3
|
||||||
|
# Number of seconds to wait between connection attempts.
|
||||||
|
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
||||||
|
connection_retry_delay: -1
|
||||||
|
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
||||||
|
# If false, it will only report when it stops retrying.
|
||||||
|
report_connection_retry: true
|
||||||
|
# Maximum number of seconds to wait for chats to be sent at startup.
|
||||||
|
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||||
|
chat_list_wait: 30
|
||||||
|
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
||||||
|
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||||
|
portal_sync_wait: 600
|
||||||
|
|
||||||
|
# Whether or not to send call start/end notices to Matrix.
|
||||||
|
call_notices:
|
||||||
|
start: true
|
||||||
|
end: true
|
||||||
|
|
||||||
|
# Number of chats to sync for new users.
|
||||||
|
initial_chat_sync_count: 10
|
||||||
|
# Number of old messages to fill when creating new portal rooms.
|
||||||
|
initial_history_fill_count: 20
|
||||||
|
# Maximum number of chats to sync when recovering from downtime.
|
||||||
|
# Set to -1 to sync all new chats during downtime.
|
||||||
|
recovery_chat_sync_limit: -1
|
||||||
|
# Whether or not to sync history when recovering from downtime.
|
||||||
|
recovery_history_backfill: true
|
||||||
|
# Maximum number of seconds since last message in chat to skip
|
||||||
|
# syncing the chat in any case. This setting will take priority
|
||||||
|
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
||||||
|
# Default is 3 days = 259200 seconds
|
||||||
|
sync_max_chat_age: 259200
|
||||||
|
|
||||||
|
# Whether or not to sync with custom puppets to receive EDUs that
|
||||||
|
# are not normally sent to appservices.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
||||||
|
|
||||||
|
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
||||||
|
# chat portals when backfilling if needed.
|
||||||
|
# This always uses the default puppet instead of custom puppets due to
|
||||||
|
# rate limits and timestamp massaging.
|
||||||
|
invite_own_puppet_for_backfilling: true
|
||||||
|
# Whether or not to explicitly set the avatar and room name for private
|
||||||
|
# chat portal rooms. This can be useful if the previous field works fine,
|
||||||
|
# but causes room avatar/name bugs.
|
||||||
|
private_chat_portal_meta: false
|
||||||
|
|
||||||
|
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||||
|
# users (private chat and groups)
|
||||||
|
allow_user_invite: false
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!wa"
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||||
|
# admin - User level and some additional administration tools
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
||||||
|
|
||||||
|
relaybot:
|
||||||
|
# Whether or not relaybot support is enabled.
|
||||||
|
enabled: false
|
||||||
|
# The management room for the bot. This is where all status notifications are posted and
|
||||||
|
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
||||||
|
# the command prefix completely like in user management rooms is not possible.
|
||||||
|
management: '!foo:example.com'
|
||||||
|
# List of users to invite to all created rooms that include the relaybot.
|
||||||
|
invites: []
|
||||||
|
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||||
|
message_formats:
|
||||||
|
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||||
|
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
||||||
|
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||||
|
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
||||||
|
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
||||||
|
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
||||||
|
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
||||||
|
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
||||||
|
# Logging config.
|
||||||
|
logging:
|
||||||
|
# The directory for log files. Will be created if not found.
|
||||||
|
directory: ./logs
|
||||||
|
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
||||||
|
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
||||||
|
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
||||||
|
file_date_format: "2006-01-02"
|
||||||
|
# Log file permissions.
|
||||||
|
file_mode: 0600
|
||||||
|
# Timestamp format for log entries in the Go time format.
|
||||||
|
timestamp_format: "Jan _2, 2006 15:04:05"
|
||||||
|
# Minimum severity for log messages.
|
||||||
|
# Options: debug, info, warn, error, fatal
|
||||||
|
print_level: debug
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
||||||
{{ matrix_mautrix_whatsapp_docker_image }} \
|
{{ matrix_mautrix_whatsapp_docker_image }} \
|
||||||
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
|
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-whatsapp
|
SyslogIdentifier=matrix-mautrix-whatsapp
|
||||||
|
|
|
@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mx_puppet_skype_configuration_yaml: |
|
matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Address for the bridge to bind to; if running as a Docker container, you
|
|
||||||
# probably want 0.0.0.0 here
|
|
||||||
bindAddress: 0.0.0.0
|
|
||||||
# Port to host the bridge on which your homeserver will connect to
|
|
||||||
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
|
||||||
# Name of your homeserver
|
|
||||||
domain: {{ matrix_domain }}
|
|
||||||
# URL where the bridge can connect to your homeserver
|
|
||||||
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
|
||||||
# Optionally specify a different media URL used for the media store
|
|
||||||
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
|
||||||
# This enabled automatic double-puppeting:
|
|
||||||
# A map for shared secrets of the homeserver URL to the shared secret
|
|
||||||
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#loginSharedSecretMap:
|
|
||||||
# yourserver.com: supersecretsharedsecret
|
|
||||||
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
|
||||||
loginSharedSecretMap:
|
|
||||||
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
|
||||||
{% endif %}
|
|
||||||
# optionally override the display name of the bridge bot
|
|
||||||
#displayname: Protocol Bot
|
|
||||||
# optionally set the avatar of the bridge bot
|
|
||||||
#avatarUrl: mxc://yourserver.com/somefile
|
|
||||||
|
|
||||||
logging:
|
|
||||||
# Log level of console output
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
console: info
|
|
||||||
# Optionally, you can apply filters to the console logging
|
|
||||||
#console:
|
|
||||||
# level: info
|
|
||||||
# enabled:
|
|
||||||
# - Store
|
|
||||||
# disabled:
|
|
||||||
# - PresenceHandler
|
|
||||||
|
|
||||||
# Date and time formatting
|
|
||||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
|
||||||
# Logging files
|
|
||||||
# Log files are rotated daily by default
|
|
||||||
files:
|
|
||||||
# Log file path
|
|
||||||
- file: "/data/bridge.log"
|
|
||||||
# Log level for this file
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
level: info
|
|
||||||
# Date and time formatting
|
|
||||||
datePattern: YYYY-MM-DD
|
|
||||||
# Maximum number of logs to keep.
|
|
||||||
# This can be a number of files or number of days.
|
|
||||||
# If using days, add 'd' as a suffix
|
|
||||||
maxFiles: 14d
|
|
||||||
# Maximum size of the file after which it will rotate. This can be a
|
|
||||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
|
||||||
# 'k', 'm', or 'g' as the suffix
|
|
||||||
maxSize: 50m
|
|
||||||
# Optionally enable/disable logging for certain modules
|
|
||||||
#disabled:
|
|
||||||
# - PresenceHandler
|
|
||||||
# - module: bot-sdk-MatrixLiteClient
|
|
||||||
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
|
||||||
#enabled:
|
|
||||||
# - Store
|
|
||||||
|
|
||||||
database:
|
|
||||||
# Use Postgres as a database backend
|
|
||||||
# If set, will be used instead of SQLite3
|
|
||||||
# Connection string to connect to the Postgres instance
|
|
||||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
|
||||||
# Modify each value as necessary
|
|
||||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
|
||||||
# Use SQLite3 as a database backend
|
|
||||||
# The name of the database file
|
|
||||||
filename: /data/database.db
|
|
||||||
|
|
||||||
provisioning:
|
|
||||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
|
||||||
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
|
||||||
# Allow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Allow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
# Allow anyone
|
|
||||||
#- ".*"
|
|
||||||
|
|
||||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
|
||||||
#blacklist:
|
|
||||||
# Disallow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Disallow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
|
||||||
|
|
||||||
presence:
|
|
||||||
# Bridge online/offline status
|
|
||||||
enabled: true
|
|
||||||
# How often to send status to the homeserver in milliseconds
|
|
||||||
interval: 500
|
|
||||||
# if the im.vector.user_status state setting should be diabled
|
|
||||||
#disableStatusState: false
|
|
||||||
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
|
||||||
#statusStateBlacklist:
|
|
||||||
# - baduser
|
|
||||||
|
|
||||||
relay:
|
|
||||||
# Regex of Matrix IDs to allow to use the relay mode
|
|
||||||
# Same format as in provisioning
|
|
||||||
#whitelist:
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
|
||||||
|
|
||||||
#blacklist:
|
|
||||||
#- "@user:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
|
||||||
|
|
||||||
# Map certain homeserver URLs to the C-S API endpoint
|
|
||||||
# Useful for double-puppeting if .well-known is unavailable for some reason
|
|
||||||
#homeserverUrlMap:
|
|
||||||
# yourserver.com: http://localhost:1234
|
|
||||||
|
|
||||||
namePatterns:
|
|
||||||
# Override the protocols set default name patterns
|
|
||||||
# Which variables are available depends on protocol implementation
|
|
||||||
user: :name
|
|
||||||
room: :name
|
|
||||||
|
|
||||||
limits:
|
|
||||||
# Up to how many users should be auto-joined on room creation? -1 to disable
|
|
||||||
# Defaults to 200
|
|
||||||
maxAutojoinUsers: 200
|
|
||||||
# How long the delay between two autojoin users should be, in millisectonds.
|
|
||||||
# Defaults to 5000
|
|
||||||
roomUserAutojoinDelay: 5000
|
|
||||||
|
|
||||||
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Address for the bridge to bind to; if running as a Docker container, you
|
||||||
|
# probably want 0.0.0.0 here
|
||||||
|
bindAddress: 0.0.0.0
|
||||||
|
# Port to host the bridge on which your homeserver will connect to
|
||||||
|
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
||||||
|
# Name of your homeserver
|
||||||
|
domain: {{ matrix_domain }}
|
||||||
|
# URL where the bridge can connect to your homeserver
|
||||||
|
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
||||||
|
# Optionally specify a different media URL used for the media store
|
||||||
|
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
||||||
|
# This enabled automatic double-puppeting:
|
||||||
|
# A map for shared secrets of the homeserver URL to the shared secret
|
||||||
|
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#loginSharedSecretMap:
|
||||||
|
# yourserver.com: supersecretsharedsecret
|
||||||
|
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
||||||
|
loginSharedSecretMap:
|
||||||
|
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||||
|
{% endif %}
|
||||||
|
# optionally override the display name of the bridge bot
|
||||||
|
#displayname: Protocol Bot
|
||||||
|
# optionally set the avatar of the bridge bot
|
||||||
|
#avatarUrl: mxc://yourserver.com/somefile
|
||||||
|
|
||||||
|
logging:
|
||||||
|
# Log level of console output
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
console: info
|
||||||
|
# Optionally, you can apply filters to the console logging
|
||||||
|
#console:
|
||||||
|
# level: info
|
||||||
|
# enabled:
|
||||||
|
# - Store
|
||||||
|
# disabled:
|
||||||
|
# - PresenceHandler
|
||||||
|
|
||||||
|
# Date and time formatting
|
||||||
|
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||||
|
# Logging files
|
||||||
|
# Log files are rotated daily by default
|
||||||
|
files:
|
||||||
|
# Log file path
|
||||||
|
- file: "/data/bridge.log"
|
||||||
|
# Log level for this file
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
level: info
|
||||||
|
# Date and time formatting
|
||||||
|
datePattern: YYYY-MM-DD
|
||||||
|
# Maximum number of logs to keep.
|
||||||
|
# This can be a number of files or number of days.
|
||||||
|
# If using days, add 'd' as a suffix
|
||||||
|
maxFiles: 14d
|
||||||
|
# Maximum size of the file after which it will rotate. This can be a
|
||||||
|
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||||
|
# 'k', 'm', or 'g' as the suffix
|
||||||
|
maxSize: 50m
|
||||||
|
# Optionally enable/disable logging for certain modules
|
||||||
|
#disabled:
|
||||||
|
# - PresenceHandler
|
||||||
|
# - module: bot-sdk-MatrixLiteClient
|
||||||
|
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
||||||
|
#enabled:
|
||||||
|
# - Store
|
||||||
|
|
||||||
|
database:
|
||||||
|
# Use Postgres as a database backend
|
||||||
|
# If set, will be used instead of SQLite3
|
||||||
|
# Connection string to connect to the Postgres instance
|
||||||
|
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||||
|
# Modify each value as necessary
|
||||||
|
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||||
|
# Use SQLite3 as a database backend
|
||||||
|
# The name of the database file
|
||||||
|
filename: /data/database.db
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
|
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
||||||
|
# Allow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Allow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
# Allow anyone
|
||||||
|
#- ".*"
|
||||||
|
|
||||||
|
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||||
|
#blacklist:
|
||||||
|
# Disallow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Disallow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# Bridge online/offline status
|
||||||
|
enabled: true
|
||||||
|
# How often to send status to the homeserver in milliseconds
|
||||||
|
interval: 500
|
||||||
|
# if the im.vector.user_status state setting should be diabled
|
||||||
|
#disableStatusState: false
|
||||||
|
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
||||||
|
#statusStateBlacklist:
|
||||||
|
# - baduser
|
||||||
|
|
||||||
|
relay:
|
||||||
|
# Regex of Matrix IDs to allow to use the relay mode
|
||||||
|
# Same format as in provisioning
|
||||||
|
#whitelist:
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
||||||
|
|
||||||
|
#blacklist:
|
||||||
|
#- "@user:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
||||||
|
|
||||||
|
# Map certain homeserver URLs to the C-S API endpoint
|
||||||
|
# Useful for double-puppeting if .well-known is unavailable for some reason
|
||||||
|
#homeserverUrlMap:
|
||||||
|
# yourserver.com: http://localhost:1234
|
||||||
|
|
||||||
|
namePatterns:
|
||||||
|
# Override the protocols set default name patterns
|
||||||
|
# Which variables are available depends on protocol implementation
|
||||||
|
user: :name
|
||||||
|
room: :name
|
||||||
|
|
||||||
|
limits:
|
||||||
|
# Up to how many users should be auto-joined on room creation? -1 to disable
|
||||||
|
# Defaults to 200
|
||||||
|
maxAutojoinUsers: 200
|
||||||
|
# How long the delay between two autojoin users should be, in millisectonds.
|
||||||
|
# Defaults to 5000
|
||||||
|
roomUserAutojoinDelay: 5000
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mx_puppet_skype_docker_image }}
|
{{ matrix_mx_puppet_skype_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mx-puppet-skype
|
SyslogIdentifier=matrix-mx-puppet-skype
|
||||||
|
|
|
@ -52,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
|
||||||
matrix_mx_puppet_slack_appservice_token: ''
|
matrix_mx_puppet_slack_appservice_token: ''
|
||||||
matrix_mx_puppet_slack_homeserver_token: ''
|
matrix_mx_puppet_slack_homeserver_token: ''
|
||||||
|
|
||||||
|
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||||
|
matrix_mx_puppet_slack_login_shared_secret: ''
|
||||||
|
|
||||||
# Default configuration template which covers the generic use case.
|
# Default configuration template which covers the generic use case.
|
||||||
# You can customize it by controlling the various variables inside it.
|
# You can customize it by controlling the various variables inside it.
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mx_puppet_slack_configuration_yaml: |
|
matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Port to host the bridge on
|
|
||||||
# Used for communication between the homeserver and the bridge
|
|
||||||
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
|
||||||
# The host connections to the bridge's webserver are allowed from
|
|
||||||
bindAddress: 0.0.0.0
|
|
||||||
# Public domain of the homeserver
|
|
||||||
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
|
||||||
# Reachable URL of the Matrix homeserver
|
|
||||||
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
|
||||||
|
|
||||||
|
|
||||||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
|
||||||
oauth:
|
|
||||||
enabled: true
|
|
||||||
# Slack app credentials.
|
|
||||||
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
|
||||||
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
|
||||||
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
|
||||||
# Path where to listen for OAuth redirect callbacks.
|
|
||||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
|
||||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
|
||||||
# then set this field and the Slack app redirect URI field to the former.
|
|
||||||
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
|
||||||
|
|
||||||
presence:
|
|
||||||
# Bridge Discord online/offline status
|
|
||||||
enabled: true
|
|
||||||
# How often to send status to the homeserver in milliseconds
|
|
||||||
interval: 500
|
|
||||||
|
|
||||||
provisioning:
|
|
||||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
|
||||||
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
|
||||||
# Allow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Allow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
# Allow anyone
|
|
||||||
#- ".*"
|
|
||||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
|
||||||
#blacklist:
|
|
||||||
# Disallow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Disallow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
|
||||||
|
|
||||||
# Shared secret for the provisioning API for use by integration managers.
|
|
||||||
# If this is not set, the provisioning API will not be enabled.
|
|
||||||
#sharedSecret: random string
|
|
||||||
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
|
||||||
apiPrefix: /_matrix/provision
|
|
||||||
|
|
||||||
database:
|
|
||||||
# Use Postgres as a database backend
|
|
||||||
# If set, will be used instead of SQLite3
|
|
||||||
# Connection string to connect to the Postgres instance
|
|
||||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
|
||||||
# Modify each value as necessary
|
|
||||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
|
||||||
# Use SQLite3 as a database backend
|
|
||||||
# The name of the database file
|
|
||||||
filename: /data/database.db
|
|
||||||
|
|
||||||
logging:
|
|
||||||
# Log level of console output
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
console: info
|
|
||||||
# Date and time formatting
|
|
||||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
|
||||||
# Logging files
|
|
||||||
# Log files are rotated daily by default
|
|
||||||
files:
|
|
||||||
# Log file path
|
|
||||||
- file: "/data/bridge.log"
|
|
||||||
# Log level for this file
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
level: info
|
|
||||||
# Date and time formatting
|
|
||||||
datePattern: YYYY-MM-DD
|
|
||||||
# Maximum number of logs to keep.
|
|
||||||
# This can be a number of files or number of days.
|
|
||||||
# If using days, add 'd' as a suffix
|
|
||||||
maxFiles: 14d
|
|
||||||
# Maximum size of the file after which it will rotate. This can be a
|
|
||||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
|
||||||
# 'k', 'm', or 'g' as the suffix
|
|
||||||
maxSize: 50m
|
|
||||||
|
|
||||||
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Port to host the bridge on
|
||||||
|
# Used for communication between the homeserver and the bridge
|
||||||
|
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
||||||
|
# The host connections to the bridge's webserver are allowed from
|
||||||
|
bindAddress: 0.0.0.0
|
||||||
|
# Public domain of the homeserver
|
||||||
|
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
||||||
|
# Reachable URL of the Matrix homeserver
|
||||||
|
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
||||||
|
{% if matrix_mx_puppet_slack_login_shared_secret != '' %}
|
||||||
|
loginSharedSecretMap:
|
||||||
|
{{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||||
|
oauth:
|
||||||
|
enabled: true
|
||||||
|
# Slack app credentials.
|
||||||
|
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
||||||
|
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
||||||
|
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
||||||
|
# Path where to listen for OAuth redirect callbacks.
|
||||||
|
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||||
|
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||||
|
# then set this field and the Slack app redirect URI field to the former.
|
||||||
|
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# Bridge Discord online/offline status
|
||||||
|
enabled: true
|
||||||
|
# How often to send status to the homeserver in milliseconds
|
||||||
|
interval: 500
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
|
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
||||||
|
# Allow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Allow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
# Allow anyone
|
||||||
|
#- ".*"
|
||||||
|
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||||
|
#blacklist:
|
||||||
|
# Disallow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Disallow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
# Shared secret for the provisioning API for use by integration managers.
|
||||||
|
# If this is not set, the provisioning API will not be enabled.
|
||||||
|
#sharedSecret: random string
|
||||||
|
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
||||||
|
apiPrefix: /_matrix/provision
|
||||||
|
|
||||||
|
database:
|
||||||
|
# Use Postgres as a database backend
|
||||||
|
# If set, will be used instead of SQLite3
|
||||||
|
# Connection string to connect to the Postgres instance
|
||||||
|
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||||
|
# Modify each value as necessary
|
||||||
|
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||||
|
# Use SQLite3 as a database backend
|
||||||
|
# The name of the database file
|
||||||
|
filename: /data/database.db
|
||||||
|
|
||||||
|
logging:
|
||||||
|
# Log level of console output
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
console: info
|
||||||
|
# Date and time formatting
|
||||||
|
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||||
|
# Logging files
|
||||||
|
# Log files are rotated daily by default
|
||||||
|
files:
|
||||||
|
# Log file path
|
||||||
|
- file: "/data/bridge.log"
|
||||||
|
# Log level for this file
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
level: info
|
||||||
|
# Date and time formatting
|
||||||
|
datePattern: YYYY-MM-DD
|
||||||
|
# Maximum number of logs to keep.
|
||||||
|
# This can be a number of files or number of days.
|
||||||
|
# If using days, add 'd' as a suffix
|
||||||
|
maxFiles: 14d
|
||||||
|
# Maximum size of the file after which it will rotate. This can be a
|
||||||
|
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||||
|
# 'k', 'm', or 'g' as the suffix
|
||||||
|
maxSize: 50m
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mx_puppet_slack_docker_image }}
|
{{ matrix_mx_puppet_slack_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mx-puppet-slack
|
SyslogIdentifier=matrix-mx-puppet-slack
|
||||||
|
|
150
roles/matrix-bridge-sms/defaults/main.yml
Normal file
150
roles/matrix-bridge-sms/defaults/main.yml
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
# matrix-sms-bridge is a Matrix <-> SMS bridge
|
||||||
|
# See: https://github.com/benkuly/matrix-sms-bridge
|
||||||
|
|
||||||
|
matrix_sms_bridge_enabled: true
|
||||||
|
|
||||||
|
matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.2.1.RELEASE"
|
||||||
|
matrix_sms_bridge_database_docker_image: "neo4j:latest"
|
||||||
|
matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"
|
||||||
|
matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config"
|
||||||
|
matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data"
|
||||||
|
matrix_sms_bridge_data_log_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/log"
|
||||||
|
matrix_sms_bridge_data_spool_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool"
|
||||||
|
matrix_sms_bridge_data_spool_inbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox"
|
||||||
|
matrix_sms_bridge_data_spool_inbox_processed_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox_processed"
|
||||||
|
matrix_sms_bridge_data_spool_outbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/outbox"
|
||||||
|
matrix_sms_bridge_data_spool_sent_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/sent"
|
||||||
|
matrix_sms_bridge_data_spool_error_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/error"
|
||||||
|
matrix_sms_bridge_database_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/database"
|
||||||
|
|
||||||
|
matrix_sms_bridge_appservice_token: ''
|
||||||
|
matrix_sms_bridge_homeserver_token: ''
|
||||||
|
|
||||||
|
matrix_sms_bridge_database_username: 'neo4j'
|
||||||
|
matrix_sms_bridge_database_password: ''
|
||||||
|
|
||||||
|
matrix_sms_bridge_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_sms_bridge_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that service depends on.
|
||||||
|
matrix_sms_bridge_systemd_required_services_list: ['docker.service','matrix-sms-bridge-database.service']
|
||||||
|
matrix_sms_bridge_database_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
# List of systemd services that service wants
|
||||||
|
matrix_sms_bridge_systemd_wanted_services_list: []
|
||||||
|
matrix_sms_bridge_database_systemd_wanted_services_list: []
|
||||||
|
|
||||||
|
matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
|
||||||
|
matrix_sms_bridge_database_url: 'bolt://matrix-sms-bridge-database:7687'
|
||||||
|
matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
|
||||||
|
matrix_sms_bridge_homeserver_port: '8008'
|
||||||
|
|
||||||
|
matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
|
||||||
|
matrix_sms_bridge_default_room: ''
|
||||||
|
matrix_sms_bridge_default_region: ''
|
||||||
|
|
||||||
|
matrix_sms_bridge_gammu_modem: ''
|
||||||
|
matrix_sms_bridge_modem_group: 'dialout'
|
||||||
|
matrix_sms_bridge_gammu_reset_frequency: 0
|
||||||
|
matrix_sms_bridge_gammu_hard_reset_frequency: 0
|
||||||
|
|
||||||
|
|
||||||
|
matrix_sms_bridge_configuration_yaml: |
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
|
# Database connection
|
||||||
|
org:
|
||||||
|
neo4j:
|
||||||
|
driver:
|
||||||
|
uri: {{ matrix_sms_bridge_database_url }}
|
||||||
|
authentication:
|
||||||
|
username: {{ matrix_sms_bridge_database_username }}
|
||||||
|
password: {{ matrix_sms_bridge_database_password }}
|
||||||
|
|
||||||
|
matrix:
|
||||||
|
bridge:
|
||||||
|
sms:
|
||||||
|
# (optional) SMS messages without a valid token a routed to this room.
|
||||||
|
# Note that you must invite @smsbot:yourHomeServer to this room.
|
||||||
|
defaultRoomId: "{{ matrix_sms_bridge_default_room }}"
|
||||||
|
defaultRegion: "{{ matrix_sms_bridge_default_region }}"
|
||||||
|
provider:
|
||||||
|
gammu:
|
||||||
|
# (optional) default is disabled
|
||||||
|
enabled: true
|
||||||
|
# (optional) Path to the Gammu-Inbox directory.
|
||||||
|
inboxPath: /data/spool/inbox
|
||||||
|
# (optional) Path to the directory, where to put processed messages.
|
||||||
|
inboxProcessedPath: /data/spool/inbox_processed
|
||||||
|
bot:
|
||||||
|
# The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org
|
||||||
|
serverName: {{ matrix_sms_bridge_homserver_domain }}
|
||||||
|
client:
|
||||||
|
homeServer:
|
||||||
|
# The hostname of your Homeserver.
|
||||||
|
hostname: {{ matrix_sms_bridge_homeserver_hostname }}
|
||||||
|
# (optional) The port of your Homeserver. Default is 443.
|
||||||
|
port: {{ matrix_sms_bridge_homeserver_port }}
|
||||||
|
# (optional) Use http or https. Default is true (so uses https).
|
||||||
|
secure: false
|
||||||
|
# The token to authenticate against the Homeserver.
|
||||||
|
token: {{ matrix_sms_bridge_appservice_token }}
|
||||||
|
appservice:
|
||||||
|
# A unique token for Homeservers to use to authenticate requests to this application service.
|
||||||
|
hsToken: {{ matrix_sms_bridge_homeserver_token }}
|
||||||
|
|
||||||
|
matrix_sms_bridge_configuration_extension_yaml: |
|
||||||
|
# Your custom YAML configuration goes here.
|
||||||
|
# This configuration extends the default starting configuration (`matrix_sms_bridge_configuration_yaml`).
|
||||||
|
#
|
||||||
|
# You can override individual variables from the default configuration, or introduce new ones.
|
||||||
|
#
|
||||||
|
# If you need something more special, you can take full control by
|
||||||
|
# completely redefining `matrix_sms_bridge_configuration_yaml`.
|
||||||
|
|
||||||
|
matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_extension_yaml|from_yaml if matrix_sms_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||||
|
|
||||||
|
matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
matrix_sms_bridge_gammu_configuration: |
|
||||||
|
[gammu]
|
||||||
|
Device = {{ matrix_sms_bridge_gammu_modem }}
|
||||||
|
LogFile = /data/log/gammu.log
|
||||||
|
debugLevel = 1
|
||||||
|
|
||||||
|
[smsd]
|
||||||
|
Service = files
|
||||||
|
LoopSleep = 2
|
||||||
|
InboxPath = /data/spool/inbox/
|
||||||
|
OutboxPath = /data/spool/outbox/
|
||||||
|
SentSMSPath = /data/spool/sent/
|
||||||
|
ErrorSMSPath = /data/spool/error/
|
||||||
|
InboxFormat = detail
|
||||||
|
OutboxFormat = detail
|
||||||
|
TransmitFormat = auto
|
||||||
|
ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }}
|
||||||
|
HardResetFrequency = {{ matrix_sms_bridge_gammu_hard_reset_frequency }}
|
||||||
|
debugLevel = 1
|
||||||
|
LogFile = /data/log/smsd.log
|
||||||
|
DeliveryReport = no
|
||||||
|
HangupCalls = 1
|
||||||
|
CheckBattery = 0
|
||||||
|
|
||||||
|
|
||||||
|
matrix_sms_bridge_registration_yaml: |
|
||||||
|
id: sms
|
||||||
|
as_token: "{{ matrix_sms_bridge_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_sms_bridge_homeserver_token }}"
|
||||||
|
namespaces:
|
||||||
|
users:
|
||||||
|
- exclusive: true
|
||||||
|
regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$'
|
||||||
|
url: {{ matrix_sms_bridge_appservice_url }}
|
||||||
|
sender_localpart: smsbot
|
||||||
|
rate_limited: false
|
||||||
|
|
||||||
|
matrix_sms_bridge_registration: "{{ matrix_sms_bridge_registration_yaml|from_yaml }}"
|
24
roles/matrix-bridge-sms/tasks/init.yml
Normal file
24
roles/matrix-bridge-sms/tasks/init.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
|
# We don't want to fail in such cases.
|
||||||
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
The matrix-sms-bridge role needs to execute before the matrix-synapse role.
|
||||||
|
when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}"
|
||||||
|
when: matrix_sms_bridge_enabled|bool
|
||||||
|
|
||||||
|
# If the matrix-synapse role is not used, these variables may not exist.
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_container_extra_arguments: >
|
||||||
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
+
|
||||||
|
["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
|
||||||
|
|
||||||
|
matrix_synapse_app_service_config_files: >
|
||||||
|
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||||
|
+
|
||||||
|
{{ ["/matrix-sms-bridge-registration.yaml"] }}
|
||||||
|
when: matrix_sms_bridge_enabled|bool
|
21
roles/matrix-bridge-sms/tasks/main.yml
Normal file
21
roles/matrix-bridge-sms/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup|bool and matrix_sms_bridge_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-matrix-sms-bridge
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
when: "run_setup|bool and matrix_sms_bridge_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-matrix-sms-bridge
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
when: "run_setup|bool and not matrix_sms_bridge_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-matrix-sms-bridge
|
79
roles/matrix-bridge-sms/tasks/setup_install.yml
Normal file
79
roles/matrix-bridge-sms/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_sms_bridge_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_sms_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_docker_image_force_pull }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge databse image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_sms_bridge_database_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_sms_bridge_database_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_database_docker_image_force_pull }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ matrix_sms_bridge_base_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_config_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_log_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_inbox_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_outbox_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_sent_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_data_spool_error_path }}"
|
||||||
|
- "{{ matrix_sms_bridge_database_path }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge application.yml installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_sms_bridge_configuration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_sms_bridge_config_path }}/application.yml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge registration.yaml installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_sms_bridge_registration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_sms_bridge_config_path }}/registration.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge gammu-smsdrc installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_sms_bridge_gammu_configuration }}"
|
||||||
|
dest: "{{ matrix_sms_bridge_config_path }}/gammu-smsdrc"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-sms-bridge.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_sms_bridge_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge-database.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-sms-bridge-database.service.j2"
|
||||||
|
dest: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_sms_bridge_database_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: matrix_sms_bridge_systemd_service_result.changed or matrix_sms_bridge_database_systemd_service_result.changed
|
42
roles/matrix-bridge-sms/tasks/setup_uninstall.yml
Normal file
42
roles/matrix-bridge-sms/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-sms-bridge service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
|
||||||
|
register: matrix_sms_bridge_service_stat
|
||||||
|
|
||||||
|
- name: Check existence of matrix-sms-bridge-database service
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
|
||||||
|
register: matrix_sms_bridge_database_service_stat
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-sms-bridge
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_sms_bridge_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge-database is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-sms-bridge-database
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_sms_bridge_database_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_sms_bridge_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-sms-bridge-database.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_sms_bridge_database_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: matrix_sms_bridge_service_stat.stat.exists or matrix_sms_bridge_database_service_stat.stat.exists
|
13
roles/matrix-bridge-sms/tasks/validate_config.yml
Normal file
13
roles/matrix-bridge-sms/tasks/validate_config.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if required settings not defined
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item }}`).
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_sms_bridge_appservice_token"
|
||||||
|
- "matrix_sms_bridge_homeserver_token"
|
||||||
|
- "matrix_sms_bridge_database_password"
|
||||||
|
- "matrix_sms_bridge_gammu_modem"
|
||||||
|
- "matrix_sms_bridge_default_region"
|
|
@ -0,0 +1,36 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=matrix-sms-bridge-database server
|
||||||
|
{% for service in matrix_sms_bridge_database_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_sms_bridge_database_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database
|
||||||
|
|
||||||
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
|
ExecStartPre=/bin/sleep 5
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge-database \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
-v {{ matrix_sms_bridge_database_path }}:/data:z \
|
||||||
|
-e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} \
|
||||||
|
{{ matrix_sms_bridge_database_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-/usr/bin/docker kill matrix-sms-bridge-database
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-sms-bridge-database
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-sms-bridge
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,46 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=matrix-sms-bridge server
|
||||||
|
{% for service in matrix_sms_bridge_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_sms_bridge_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge
|
||||||
|
|
||||||
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
|
ExecStartPre=/bin/sleep 5
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--group-add {{ matrix_sms_bridge_modem_group }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_sms_bridge_container_http_host_bind_port %}
|
||||||
|
-p {{ matrix_sms_bridge_container_http_host_bind_port }}:8080 \
|
||||||
|
{% endif %}
|
||||||
|
-v {{ matrix_sms_bridge_config_path }}:/config:z \
|
||||||
|
-v {{ matrix_sms_bridge_data_path }}:/data:z \
|
||||||
|
-v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \
|
||||||
|
--privileged \
|
||||||
|
-v /dev:/dev:slave \
|
||||||
|
{% for arg in matrix_sms_bridge_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_sms_bridge_docker_image }}
|
||||||
|
|
||||||
|
ExecStop=-/usr/bin/docker kill matrix-sms-bridge
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-sms-bridge
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-sms-bridge
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-corporal
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-corporal
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
||||||
{{ matrix_corporal_docker_image }} \
|
{{ matrix_corporal_docker_image }} \
|
||||||
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-corporal
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||||
ExecStop=-/usr/bin/docker rm matrix-corporal
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-corporal
|
SyslogIdentifier=matrix-corporal
|
||||||
|
|
|
@ -99,7 +99,7 @@
|
||||||
hour: "4"
|
hour: "4"
|
||||||
minute: "20"
|
minute: "20"
|
||||||
day: "*/5"
|
day: "*/5"
|
||||||
job: /bin/systemctl reload matrix-coturn.service
|
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
|
||||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-coturn
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-coturn
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
||||||
{{ matrix_coturn_docker_image }} \
|
{{ matrix_coturn_docker_image }} \
|
||||||
-c /turnserver.conf
|
-c /turnserver.conf
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-coturn
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||||
ExecStop=-/usr/bin/docker rm matrix-coturn
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||||
|
|
||||||
# This only reloads certificates (not other configuration).
|
# This only reloads certificates (not other configuration).
|
||||||
# See: https://github.com/coturn/coturn/pull/236
|
# See: https://github.com/coturn/coturn/pull/236
|
||||||
ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
|
ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1
|
||||||
|
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
|
|
|
@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_dimension_configuration_yaml: |
|
matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
# The web settings for the service (API and UI).
|
|
||||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
|
||||||
web:
|
|
||||||
port: 8184
|
|
||||||
address: '0.0.0.0'
|
|
||||||
|
|
||||||
# Homeserver configuration
|
|
||||||
homeserver:
|
|
||||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
|
||||||
# setups, to identify the homeserver.
|
|
||||||
name: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
|
||||||
# use to access the homeserver with.
|
|
||||||
clientServerUrl: "http://matrix-synapse:8008"
|
|
||||||
|
|
||||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
|
||||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
|
||||||
# through the normal federation process.
|
|
||||||
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
|
||||||
|
|
||||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
|
||||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
|
||||||
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
|
||||||
|
|
||||||
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
|
||||||
# should be for a user on the configured homeserver: any user will do, however it is
|
|
||||||
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
|
||||||
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
|
||||||
accessToken: "{{ matrix_dimension_access_token }}"
|
|
||||||
|
|
||||||
# These users can modify the integrations this Dimension supports.
|
|
||||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
|
||||||
admins: {{ matrix_dimension_admins|to_json }}
|
|
||||||
|
|
||||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
|
||||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
|
||||||
widgetBlacklist:
|
|
||||||
- 10.0.0.0/8
|
|
||||||
- 172.16.0.0/12
|
|
||||||
- 192.168.0.0/16
|
|
||||||
- 127.0.0.0/8
|
|
||||||
|
|
||||||
# Where the database for Dimension is
|
|
||||||
database:
|
|
||||||
file: "dimension.db"
|
|
||||||
|
|
||||||
# Display settings that apply to self-hosted go-neb instances
|
|
||||||
goneb:
|
|
||||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
|
||||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
|
||||||
# make the bot's avatar an empty string.
|
|
||||||
avatars:
|
|
||||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
|
||||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
|
||||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
|
||||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
|
||||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
|
||||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
|
||||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
|
||||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
|
||||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
|
||||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
|
||||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
|
||||||
|
|
||||||
# Settings for how Dimension is represented to the public
|
|
||||||
dimension:
|
|
||||||
# This is where Dimension is accessible from clients. Be sure to set this
|
|
||||||
# to your own Dimension instance.
|
|
||||||
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
|
||||||
|
|
||||||
# Settings for controlling how logging works
|
|
||||||
logging:
|
|
||||||
file: /dev/null
|
|
||||||
console: true
|
|
||||||
consoleLevel: verbose
|
|
||||||
fileLevel: info
|
|
||||||
rotate:
|
|
||||||
size: 52428800 # bytes, default is 50mb
|
|
||||||
count: 5
|
|
||||||
|
|
||||||
|
|
||||||
matrix_dimension_configuration_extension_yaml: |
|
matrix_dimension_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for Dimension goes here.
|
# Your custom YAML configuration for Dimension goes here.
|
||||||
|
|
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
# The web settings for the service (API and UI).
|
||||||
|
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||||
|
web:
|
||||||
|
port: 8184
|
||||||
|
address: '0.0.0.0'
|
||||||
|
|
||||||
|
# Homeserver configuration
|
||||||
|
homeserver:
|
||||||
|
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||||
|
# setups, to identify the homeserver.
|
||||||
|
name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||||
|
# use to access the homeserver with.
|
||||||
|
clientServerUrl: "http://matrix-synapse:8008"
|
||||||
|
|
||||||
|
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||||
|
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||||
|
# through the normal federation process.
|
||||||
|
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
||||||
|
|
||||||
|
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||||
|
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||||
|
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
|
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
||||||
|
# should be for a user on the configured homeserver: any user will do, however it is
|
||||||
|
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
||||||
|
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||||
|
accessToken: "{{ matrix_dimension_access_token }}"
|
||||||
|
|
||||||
|
# These users can modify the integrations this Dimension supports.
|
||||||
|
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||||
|
admins: {{ matrix_dimension_admins|to_json }}
|
||||||
|
|
||||||
|
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||||
|
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||||
|
widgetBlacklist:
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 172.16.0.0/12
|
||||||
|
- 192.168.0.0/16
|
||||||
|
- 127.0.0.0/8
|
||||||
|
|
||||||
|
# Where the database for Dimension is
|
||||||
|
database:
|
||||||
|
file: "dimension.db"
|
||||||
|
|
||||||
|
# Display settings that apply to self-hosted go-neb instances
|
||||||
|
goneb:
|
||||||
|
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||||
|
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||||
|
# make the bot's avatar an empty string.
|
||||||
|
avatars:
|
||||||
|
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||||
|
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||||
|
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||||
|
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||||
|
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||||
|
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||||
|
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||||
|
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||||
|
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||||
|
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||||
|
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||||
|
|
||||||
|
# Settings for how Dimension is represented to the public
|
||||||
|
dimension:
|
||||||
|
# This is where Dimension is accessible from clients. Be sure to set this
|
||||||
|
# to your own Dimension instance.
|
||||||
|
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
||||||
|
|
||||||
|
# Settings for controlling how logging works
|
||||||
|
logging:
|
||||||
|
file: /dev/null
|
||||||
|
console: true
|
||||||
|
consoleLevel: verbose
|
||||||
|
fileLevel: info
|
||||||
|
rotate:
|
||||||
|
size: 52428800 # bytes, default is 50mb
|
||||||
|
count: 5
|
|
@ -6,13 +6,13 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-dimension
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-dimension
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||||
|
|
||||||
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
|
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
|
||||||
ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
|
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_dimension_docker_image }}
|
{{ matrix_dimension_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-dimension
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||||
ExecStop=-/usr/bin/docker rm matrix-dimension
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-dimension
|
SyslogIdentifier=matrix-dimension
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_email2matrix_docker_image }}
|
{{ matrix_email2matrix_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-email2matrix
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||||
ExecStop=-/usr/bin/docker rm matrix-email2matrix
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-email2matrix
|
SyslogIdentifier=matrix-email2matrix
|
||||||
|
|
|
@ -96,6 +96,21 @@ matrix_jitsi_web_interface_config_show_powered_by: false
|
||||||
matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
|
matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
|
||||||
matrix_jisti_web_interface_config_show_deep_linking_image: false
|
matrix_jisti_web_interface_config_show_deep_linking_image: false
|
||||||
|
|
||||||
|
# Jitsi_web Fine Tune default values.
|
||||||
|
# Useful to manage bandwidth and CPU consumption in server and client side
|
||||||
|
matrix_jitsi_web_config_disableAudioLevels: false
|
||||||
|
matrix_jitsi_web_config_enableLayerSuspension: false
|
||||||
|
matrix_jitsi_web_config_channelLastN: -1
|
||||||
|
# If 'matrix_jitsi_web_config_constraints_enabled: false'
|
||||||
|
# the video constraints will be disabled and will take the default values of jitsi
|
||||||
|
matrix_jitsi_web_config_constraints_enabled: false
|
||||||
|
# This settings work if matrix_jitsi_web_config_constraints_enabled: true
|
||||||
|
# See their definitions in config.js.j2 (templates / web)
|
||||||
|
matrix_jitsi_web_config_constraints_video_aspectRatio: 16 / 9
|
||||||
|
matrix_jitsi_web_config_constraints_video_height_ideal: 720
|
||||||
|
matrix_jitsi_web_config_constraints_video_height_max: 720
|
||||||
|
matrix_jitsi_web_config_constraints_video_height_min: 240
|
||||||
|
|
||||||
matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1"
|
matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1"
|
||||||
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
|
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
||||||
|
@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_jicofo_docker_image }}
|
{{ matrix_jitsi_jicofo_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-jicofo
|
SyslogIdentifier=matrix-jitsi-jicofo
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
||||||
|
@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_jvb_docker_image }}
|
{{ matrix_jitsi_jvb_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-jvb
|
SyslogIdentifier=matrix-jitsi-jvb
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
||||||
|
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_prosody_docker_image }}
|
{{ matrix_jitsi_prosody_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-prosody
|
SyslogIdentifier=matrix-jitsi-prosody
|
||||||
|
|
|
@ -81,7 +81,7 @@ var config = {
|
||||||
// Audio
|
// Audio
|
||||||
|
|
||||||
// Disable measuring of audio levels.
|
// Disable measuring of audio levels.
|
||||||
// disableAudioLevels: false,
|
disableAudioLevels: {{ matrix_jitsi_web_config_disableAudioLevels|to_json }},
|
||||||
|
|
||||||
// Start the conference in audio only mode (no video is being received nor
|
// Start the conference in audio only mode (no video is being received nor
|
||||||
// sent).
|
// sent).
|
||||||
|
@ -109,24 +109,25 @@ var config = {
|
||||||
// util#browser#usesNewGumFlow. The constraints are independency from
|
// util#browser#usesNewGumFlow. The constraints are independency from
|
||||||
// this config's resolution value. Defaults to requesting an ideal aspect
|
// this config's resolution value. Defaults to requesting an ideal aspect
|
||||||
// ratio of 16:9 with an ideal resolution of 720.
|
// ratio of 16:9 with an ideal resolution of 720.
|
||||||
// constraints: {
|
{% if matrix_jitsi_web_config_constraints_enabled %}
|
||||||
// video: {
|
constraints: {
|
||||||
// aspectRatio: 16 / 9,
|
video: {
|
||||||
// height: {
|
aspectRatio: {{ matrix_jitsi_web_config_constraints_video_aspectRatio }},
|
||||||
// ideal: 720,
|
height: {
|
||||||
// max: 720,
|
ideal: {{ matrix_jitsi_web_config_constraints_video_height_ideal|to_json }},
|
||||||
// min: 240
|
max: {{ matrix_jitsi_web_config_constraints_video_height_max|to_json }},
|
||||||
// }
|
min: {{ matrix_jitsi_web_config_constraints_video_height_min|to_json }}
|
||||||
// }
|
}
|
||||||
// },
|
}
|
||||||
|
},
|
||||||
|
{% endif %}
|
||||||
// Enable / disable simulcast support.
|
// Enable / disable simulcast support.
|
||||||
// disableSimulcast: false,
|
// disableSimulcast: false,
|
||||||
|
|
||||||
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
// Enable / disable layer suspension. If enabled, endpoints whose HD
|
||||||
// layers are not in use will be suspended (no longer sent) until they
|
// layers are not in use will be suspended (no longer sent) until they
|
||||||
// are requested again.
|
// are requested again.
|
||||||
// enableLayerSuspension: false,
|
enableLayerSuspension: {{ matrix_jitsi_web_config_enableLayerSuspension|to_json }},
|
||||||
|
|
||||||
// Suspend sending video if bandwidth estimation is too low. This may cause
|
// Suspend sending video if bandwidth estimation is too low. This may cause
|
||||||
// problems with audio playback. Disabled until these are fixed.
|
// problems with audio playback. Disabled until these are fixed.
|
||||||
|
@ -211,7 +212,7 @@ hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
|
||||||
// Misc
|
// Misc
|
||||||
|
|
||||||
// Default value for the channel "last N" attribute. -1 for unlimited.
|
// Default value for the channel "last N" attribute. -1 for unlimited.
|
||||||
channelLastN: -1,
|
channelLastN: {{ matrix_jitsi_web_config_channelLastN|to_json }},
|
||||||
|
|
||||||
// Disables or enables RTX (RFC 4588) (defaults to false).
|
// Disables or enables RTX (RFC 4588) (defaults to false).
|
||||||
// disableRtx: false,
|
// disableRtx: false,
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_web_base_path }}/env \
|
--env-file={{ matrix_jitsi_web_base_path }}/env \
|
||||||
|
@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_web_docker_image }}
|
{{ matrix_jitsi_web_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-web
|
SyslogIdentifier=matrix-jitsi-web
|
||||||
|
|
|
@ -85,97 +85,7 @@ matrix_ma1sd_v2_enabled: true
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_ma1sd_configuration_yaml: |
|
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
matrix:
|
|
||||||
domain: {{ matrix_domain }}
|
|
||||||
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
|
||||||
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
|
||||||
|
|
||||||
server:
|
|
||||||
name: {{ matrix_server_fqn_matrix }}
|
|
||||||
|
|
||||||
key:
|
|
||||||
path: /var/ma1sd/sign.key
|
|
||||||
|
|
||||||
storage:
|
|
||||||
backend: {{ matrix_ma1sd_storage_backend }}
|
|
||||||
provider:
|
|
||||||
{{ matrix_ma1sd_storage_backend }}:
|
|
||||||
database: {{ matrix_ma1sd_storage_provider_postgresql_database }}
|
|
||||||
username: {{ matrix_ma1sd_storage_provider_postgresql_username }}
|
|
||||||
password: {{ matrix_ma1sd_storage_provider_postgresql_password }}
|
|
||||||
|
|
||||||
|
|
||||||
#storage:
|
|
||||||
#provider:
|
|
||||||
# sqlite:
|
|
||||||
# database: /var/ma1sd/ma1sd.db
|
|
||||||
|
|
||||||
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
|
||||||
dns:
|
|
||||||
overwrite:
|
|
||||||
homeserver:
|
|
||||||
client:
|
|
||||||
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
|
||||||
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
|
||||||
forward:
|
|
||||||
servers: ['matrix-org']
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
threepid:
|
|
||||||
medium:
|
|
||||||
email:
|
|
||||||
identity:
|
|
||||||
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
|
||||||
connectors:
|
|
||||||
smtp:
|
|
||||||
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
|
||||||
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
|
||||||
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
|
||||||
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
|
||||||
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
|
||||||
generators:
|
|
||||||
template:
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
|
||||||
invite: '/var/ma1sd/invite-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
||||||
session:
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
|
||||||
validation: '/var/ma1sd/validate-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
||||||
unbind:
|
|
||||||
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
|
||||||
generic:
|
|
||||||
matrixId: '/var/ma1sd/mxid-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
synapseSql:
|
|
||||||
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
|
||||||
type: {{ matrix_ma1sd_synapsesql_type }}
|
|
||||||
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
|
||||||
lookup:
|
|
||||||
query: "SELECT user_id AS mxid, medium, address from user_threepid_id_server"
|
|
||||||
|
|
||||||
hashing:
|
|
||||||
enabled: true
|
|
||||||
pepperLength: 20
|
|
||||||
rotationPolicy: per_requests
|
|
||||||
hashStorageType: sql
|
|
||||||
algorithms:
|
|
||||||
- sha256
|
|
||||||
delay: 2m
|
|
||||||
requests: 10
|
|
||||||
|
|
||||||
matrix_ma1sd_configuration_extension_yaml: |
|
matrix_ma1sd_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for ma1sd goes here.
|
# Your custom YAML configuration for ma1sd goes here.
|
||||||
|
|
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
matrix:
|
||||||
|
domain: {{ matrix_domain }}
|
||||||
|
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
||||||
|
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
||||||
|
|
||||||
|
server:
|
||||||
|
name: {{ matrix_server_fqn_matrix }}
|
||||||
|
|
||||||
|
key:
|
||||||
|
path: /var/ma1sd/sign.key
|
||||||
|
|
||||||
|
storage:
|
||||||
|
provider:
|
||||||
|
sqlite:
|
||||||
|
database: /var/ma1sd/ma1sd.db
|
||||||
|
|
||||||
|
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
||||||
|
dns:
|
||||||
|
overwrite:
|
||||||
|
homeserver:
|
||||||
|
client:
|
||||||
|
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
||||||
|
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
||||||
|
forward:
|
||||||
|
servers: ['matrix-org']
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
threepid:
|
||||||
|
medium:
|
||||||
|
email:
|
||||||
|
identity:
|
||||||
|
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
||||||
|
connectors:
|
||||||
|
smtp:
|
||||||
|
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
||||||
|
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
||||||
|
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
||||||
|
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
||||||
|
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
||||||
|
generators:
|
||||||
|
template:
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
||||||
|
invite: '/var/ma1sd/invite-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||||
|
session:
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
||||||
|
validation: '/var/ma1sd/validate-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||||
|
unbind:
|
||||||
|
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
||||||
|
generic:
|
||||||
|
matrixId: '/var/ma1sd/mxid-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
synapseSql:
|
||||||
|
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
||||||
|
type: {{ matrix_ma1sd_synapsesql_type }}
|
||||||
|
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
|
@ -11,12 +11,12 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-ma1sd
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-ma1sd
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||||
|
|
||||||
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
|
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
|
||||||
# so /tmp needs to be mounted with an exec option.
|
# so /tmp needs to be mounted with an exec option.
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_ma1sd_docker_image }}
|
{{ matrix_ma1sd_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-ma1sd
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||||
ExecStop=-/usr/bin/docker rm matrix-ma1sd
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-ma1sd
|
SyslogIdentifier=matrix-ma1sd
|
||||||
|
|
|
@ -2,7 +2,12 @@ matrix_mailer_enabled: true
|
||||||
|
|
||||||
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
||||||
|
|
||||||
matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0"
|
matrix_mailer_container_image_self_build: false
|
||||||
|
matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
|
||||||
|
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
|
||||||
|
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
|
||||||
|
|
||||||
|
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
|
||||||
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
# The user/group that the container runs with.
|
# The user/group that the container runs with.
|
||||||
|
|
|
@ -6,12 +6,15 @@
|
||||||
|
|
||||||
- name: Ensure mailer base path exists
|
- name: Ensure mailer base path exists
|
||||||
file:
|
file:
|
||||||
path: "{{ matrix_mailer_base_path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0750
|
mode: 0750
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
when: matrix_mailer_enabled|bool
|
with_items:
|
||||||
|
- { path: "{{ matrix_mailer_base_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
|
||||||
|
when: "matrix_mailer_enabled|bool and item.when"
|
||||||
|
|
||||||
- name: Ensure mailer environment variables file created
|
- name: Ensure mailer environment variables file created
|
||||||
template:
|
template:
|
||||||
|
@ -20,13 +23,31 @@
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_mailer_enabled|bool
|
when: matrix_mailer_enabled|bool
|
||||||
|
|
||||||
- name: Ensure mailer image is pulled
|
- name: Ensure exim-relay repository is present on self-build
|
||||||
|
git:
|
||||||
|
repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
|
||||||
|
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||||
|
version: "{{ matrix_mailer_container_image_self_build_version }}"
|
||||||
|
force: "yes"
|
||||||
|
when: "matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure exim-relay Docker image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_mailer_docker_image }}"
|
||||||
|
source: build
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||||
|
pull: yes
|
||||||
|
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure exim-relay image is pulled
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ matrix_mailer_docker_image }}"
|
name: "{{ matrix_mailer_docker_image }}"
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
|
||||||
when: matrix_mailer_enabled|bool
|
when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-mailer.service installed
|
- name: Ensure matrix-mailer.service installed
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mailer
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mailer
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mailer_docker_image }}
|
{{ matrix_mailer_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mailer
|
SyslogIdentifier=matrix-mailer
|
||||||
|
|
|
@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
|
||||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||||
# that is frequently out of date.
|
# that is frequently out of date.
|
||||||
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
|
matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
|
||||||
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||||
|
@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
||||||
|
|
||||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||||
matrix_ssl_lets_encrypt_staging: false
|
matrix_ssl_lets_encrypt_staging: false
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0"
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||||
matrix_ssl_lets_encrypt_support_email: ~
|
matrix_ssl_lets_encrypt_support_email: ~
|
||||||
|
|
|
@ -84,7 +84,7 @@
|
||||||
hour: "5"
|
hour: "5"
|
||||||
minute: "20"
|
minute: "20"
|
||||||
day: "*"
|
day: "*"
|
||||||
job: /bin/systemctl reload matrix-nginx-proxy.service
|
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
|
||||||
when: matrix_nginx_proxy_enabled|bool
|
when: matrix_nginx_proxy_enabled|bool
|
||||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
# We suppress the error, as we'll try another method below.
|
# We suppress the error, as we'll try another method below.
|
||||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
|
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run
|
{{ matrix_host_command_docker }} run
|
||||||
--rm
|
--rm
|
||||||
--name=matrix-certbot
|
--name=matrix-certbot
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
|
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
|
||||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
|
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run
|
{{ matrix_host_command_docker }} run
|
||||||
--rm
|
--rm
|
||||||
--name=matrix-certbot
|
--name=matrix-certbot
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
|
|
|
@ -150,7 +150,7 @@
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
location /_synapse/admin {
|
location /_synapse {
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
resolver 127.0.0.11 valid=5s;
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
|
|
@ -11,10 +11,10 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_nginx_proxy_docker_image }}
|
{{ matrix_nginx_proxy_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||||
ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||||
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-nginx-proxy
|
SyslogIdentifier=matrix-nginx-proxy
|
||||||
|
|
|
@ -63,7 +63,7 @@
|
||||||
- name: Generate Postgres database import command
|
- name: Generate Postgres database import command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_import_command: >-
|
matrix_postgres_import_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -79,6 +79,7 @@
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
--entrypoint=python
|
--entrypoint=python
|
||||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||||
|
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
|
||||||
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
||||||
{{ matrix_synapse_docker_image }}
|
{{ matrix_synapse_docker_image }}
|
||||||
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
- name: Generate Postgres database synapse-janitor command
|
- name: Generate Postgres database synapse-janitor command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_synapse_janitor_command: >-
|
matrix_postgres_synapse_janitor_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-janitor
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
- name: Generate Postgres database vacuum command
|
- name: Generate Postgres database vacuum command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_vacuum_command: >-
|
matrix_postgres_vacuum_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -79,7 +79,7 @@
|
||||||
# we need to remove these from the dump, or we'll get errors saying these already exist.
|
# we need to remove these from the dump, or we'll get errors saying these already exist.
|
||||||
- name: Perform Postgres database dump
|
- name: Perform Postgres database dump
|
||||||
command: >-
|
command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-dump
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||||
|
@ -123,7 +123,7 @@
|
||||||
- name: Generate Postgres database import command
|
- name: Generate Postgres database import command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_import_command: >-
|
matrix_postgres_import_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker stop matrix-postgres
|
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-postgres
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_postgres_docker_image_to_use }}
|
{{ matrix_postgres_docker_image_to_use }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker stop matrix-postgres
|
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||||
ExecStop=-/usr/bin/docker rm matrix-postgres
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-postgres
|
SyslogIdentifier=matrix-postgres
|
||||||
|
|
|
@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
|
||||||
|
|
||||||
matrix_riot_web_container_image_self_build: false
|
matrix_riot_web_container_image_self_build: false
|
||||||
|
|
||||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.2"
|
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.6"
|
||||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-riot-web
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-riot-web
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||||
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v /dev/null:/etc/nginx/conf.d/default.conf:ro \
|
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
||||||
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
||||||
|
@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_riot_web_docker_image }}
|
{{ matrix_riot_web_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-riot-web
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||||
ExecStop=-/usr/bin/docker rm matrix-riot-web
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-riot-web
|
SyslogIdentifier=matrix-riot-web
|
||||||
|
|
|
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
|
||||||
|
|
||||||
matrix_synapse_container_image_self_build: false
|
matrix_synapse_container_image_self_build: false
|
||||||
|
|
||||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0"
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.1"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||||
|
@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true
|
||||||
# Controls the number of events that Synapse caches in memory.
|
# Controls the number of events that Synapse caches in memory.
|
||||||
matrix_synapse_event_cache_size: "100K"
|
matrix_synapse_event_cache_size: "100K"
|
||||||
|
|
||||||
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
# Controls cache sizes for Synapse.
|
||||||
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
||||||
# To learn more, see:
|
# To learn more, see:
|
||||||
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
||||||
# - https://github.com/matrix-org/synapse/issues/3939
|
# - https://github.com/matrix-org/synapse/issues/3939
|
||||||
matrix_synapse_cache_factor: 0.5
|
matrix_synapse_caches_global_factor: 0.5
|
||||||
|
|
||||||
# Controls whether Synapse will federate at all.
|
# Controls whether Synapse will federate at all.
|
||||||
# Disable this to completely isolate your server from the rest of the Matrix network.
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
||||||
|
@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
|
||||||
# Enable this to activate the Shared Secret Auth password provider module.
|
# Enable this to activate the Shared Secret Auth password provider module.
|
||||||
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
||||||
|
|
||||||
# Enable this to activate LDAP password provider
|
# Enable this to activate LDAP password provider
|
||||||
|
@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5"
|
||||||
#
|
#
|
||||||
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
||||||
# If not, you can also control its value manually.
|
# If not, you can also control its value manually.
|
||||||
matrix_synapse_spam_checker: ~
|
matrix_synapse_spam_checker: []
|
||||||
|
|
||||||
matrix_synapse_trusted_key_servers:
|
matrix_synapse_trusted_key_servers:
|
||||||
- server_name: "matrix.org"
|
- server_name: "matrix.org"
|
||||||
|
|
|
@ -38,10 +38,15 @@
|
||||||
become_user: "{{ matrix_user_username }}"
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_synapse_spam_checker:
|
matrix_synapse_spam_checker: >
|
||||||
module: "synapse_simple_antispam.AntiSpamInvites"
|
{{ matrix_synapse_spam_checker }}
|
||||||
config:
|
+
|
||||||
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
|
[{
|
||||||
|
"module": "synapse_simple_antispam.AntiSpamInvites",
|
||||||
|
"config": {
|
||||||
|
"blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
|
||||||
|
}
|
||||||
|
}]
|
||||||
|
|
||||||
matrix_synapse_container_extra_arguments: >
|
matrix_synapse_container_extra_arguments: >
|
||||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
- name: Fail if Matrix Federation API not working
|
- name: Fail if Matrix Federation API not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||||
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
|
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
|
||||||
|
|
||||||
- name: Fail if Matrix Federation API unexpectedly enabled
|
- name: Fail if Matrix Federation API unexpectedly enabled
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
when: "start_result.changed or postgres_start_result.changed"
|
when: "start_result.changed or postgres_start_result.changed"
|
||||||
|
|
||||||
- name: Generate password hash
|
- name: Generate password hash
|
||||||
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
||||||
register: password_hash
|
register: password_hash
|
||||||
|
|
||||||
- name: Update user password hash
|
- name: Update user password hash
|
||||||
|
|
|
@ -31,3 +31,4 @@
|
||||||
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
||||||
|
- {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill %n
|
ExecStartPre=-{{ matrix_host_command_docker }} kill %n
|
||||||
ExecStartPre=-/usr/bin/docker rm %n
|
ExecStartPre=-{{ matrix_host_command_docker }} rm %n
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name %n \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
-v /etc/passwd:/etc/passwd:ro \
|
-v /etc/passwd:/etc/passwd:ro \
|
||||||
|
@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \
|
||||||
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
|
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
|
||||||
|
|
||||||
TimeoutStartSec=5min
|
TimeoutStartSec=5min
|
||||||
ExecStop=-/usr/bin/docker stop %n
|
ExecStop=-{{ matrix_host_command_docker }} stop %n
|
||||||
ExecStop=-/usr/bin/docker kill %n
|
ExecStop=-{{ matrix_host_command_docker }} kill %n
|
||||||
ExecStop=-/usr/bin/docker rm %n
|
ExecStop=-{{ matrix_host_command_docker }} rm %n
|
||||||
ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }}
|
ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
SyslogIdentifier=matrix-goofys
|
SyslogIdentifier=matrix-goofys
|
||||||
|
|
|
@ -320,21 +320,26 @@ listeners:
|
||||||
# Used by phonehome stats to group together related servers.
|
# Used by phonehome stats to group together related servers.
|
||||||
#server_context: context
|
#server_context: context
|
||||||
|
|
||||||
# Resource-constrained homeserver Settings
|
# Resource-constrained homeserver settings
|
||||||
#
|
#
|
||||||
# If limit_remote_rooms.enabled is True, the room complexity will be
|
# When this is enabled, the room "complexity" will be checked before a user
|
||||||
# checked before a user joins a new remote room. If it is above
|
# joins a new remote room. If it is above the complexity limit, the server will
|
||||||
# limit_remote_rooms.complexity, it will disallow joining or
|
# disallow joining, or will instantly leave.
|
||||||
# instantly leave.
|
|
||||||
#
|
#
|
||||||
# limit_remote_rooms.complexity_error can be set to customise the text
|
# Room complexity is an arbitrary measure based on factors such as the number of
|
||||||
# displayed to the user when a room above the complexity threshold has
|
# users in the room.
|
||||||
# its join cancelled.
|
#
|
||||||
|
limit_remote_rooms:
|
||||||
|
# Uncomment to enable room complexity checking.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# the limit above which rooms cannot be joined. The default is 1.0.
|
||||||
|
#
|
||||||
|
#complexity: 0.5
|
||||||
|
|
||||||
|
# override the error which is returned when the room is too complex.
|
||||||
#
|
#
|
||||||
# Uncomment the below lines to enable:
|
|
||||||
#limit_remote_rooms:
|
|
||||||
# enabled: True
|
|
||||||
# complexity: 1.0
|
|
||||||
#complexity_error: "This room is too complex."
|
#complexity_error: "This room is too complex."
|
||||||
|
|
||||||
# Whether to require a user to be in the room to add an alias to it.
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
|
@ -605,6 +610,50 @@ acme:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Caching ##
|
||||||
|
|
||||||
|
# Caching can be configured through the following options.
|
||||||
|
#
|
||||||
|
# A cache 'factor' is a multiplier that can be applied to each of
|
||||||
|
# Synapse's caches in order to increase or decrease the maximum
|
||||||
|
# number of entries that can be stored.
|
||||||
|
|
||||||
|
# The number of events to cache in memory. Not affected by
|
||||||
|
# caches.global_factor.
|
||||||
|
#
|
||||||
|
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
||||||
|
|
||||||
|
caches:
|
||||||
|
# Controls the global cache factor, which is the default cache factor
|
||||||
|
# for all caches if a specific factor for that cache is not otherwise
|
||||||
|
# set.
|
||||||
|
#
|
||||||
|
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
|
||||||
|
# variable. Setting by environment variable takes priority over
|
||||||
|
# setting through the config file.
|
||||||
|
#
|
||||||
|
# Defaults to 0.5, which will half the size of all caches.
|
||||||
|
#
|
||||||
|
global_factor: {{ matrix_synapse_caches_global_factor }}
|
||||||
|
|
||||||
|
# A dictionary of cache name to cache factor for that individual
|
||||||
|
# cache. Overrides the global cache factor for a given cache.
|
||||||
|
#
|
||||||
|
# These can also be set through environment variables comprised
|
||||||
|
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
|
||||||
|
# letters and underscores. Setting by environment variable
|
||||||
|
# takes priority over setting through the config file.
|
||||||
|
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
|
||||||
|
#
|
||||||
|
# Some caches have '*' and other characters that are not
|
||||||
|
# alphanumeric or underscores. These caches can be named with or
|
||||||
|
# without the special characters stripped. For example, to specify
|
||||||
|
# the cache factor for `*stateGroupCache*` via an environment
|
||||||
|
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
|
||||||
|
#
|
||||||
|
per_cache_factors:
|
||||||
|
#get_users_who_share_room_with_user: 2.0
|
||||||
|
|
||||||
## Database ##
|
## Database ##
|
||||||
|
|
||||||
database:
|
database:
|
||||||
|
@ -618,10 +667,6 @@ database:
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
cp_max: 10
|
cp_max: 10
|
||||||
|
|
||||||
# Number of events to cache in memory.
|
|
||||||
#
|
|
||||||
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
|
||||||
|
|
||||||
|
|
||||||
## Logging ##
|
## Logging ##
|
||||||
|
|
||||||
|
@ -884,25 +929,28 @@ url_preview_accept_language:
|
||||||
|
|
||||||
|
|
||||||
## Captcha ##
|
## Captcha ##
|
||||||
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA public key.
|
# This homeserver's ReCAPTCHA public key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA private key.
|
# This homeserver's ReCAPTCHA private key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
||||||
|
|
||||||
# Enables ReCaptcha checks when registering, preventing signup
|
# Uncomment to enable ReCaptcha checks when registering, preventing signup
|
||||||
# unless a captcha is answered. Requires a valid ReCaptcha
|
# unless a captcha is answered. Requires a valid ReCaptcha
|
||||||
# public/private key.
|
# public/private key. Defaults to 'false'.
|
||||||
#
|
#
|
||||||
#enable_registration_captcha: false
|
#enable_registration_captcha: true
|
||||||
|
|
||||||
# The API endpoint to use for verifying m.login.recaptcha responses.
|
# The API endpoint to use for verifying m.login.recaptcha responses.
|
||||||
|
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
|
||||||
#
|
#
|
||||||
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
|
#recaptcha_siteverify_api: "https://my.recaptcha.site"
|
||||||
|
|
||||||
|
|
||||||
## TURN ##
|
## TURN ##
|
||||||
|
@ -1151,6 +1199,13 @@ auto_join_rooms:
|
||||||
#
|
#
|
||||||
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
|
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
|
||||||
|
|
||||||
|
# When auto_join_rooms is specified, setting this flag to false prevents
|
||||||
|
# guest accounts from being automatically joined to the rooms.
|
||||||
|
#
|
||||||
|
# Defaults to true.
|
||||||
|
#
|
||||||
|
#auto_join_rooms_for_guests: false
|
||||||
|
|
||||||
|
|
||||||
## Metrics ###
|
## Metrics ###
|
||||||
|
|
||||||
|
@ -1182,6 +1237,7 @@ metrics_flags:
|
||||||
#known_servers: true
|
#known_servers: true
|
||||||
|
|
||||||
# Whether or not to report anonymized homeserver usage statistics.
|
# Whether or not to report anonymized homeserver usage statistics.
|
||||||
|
#
|
||||||
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
||||||
|
|
||||||
# The endpoint to report the anonymized homeserver usage statistics to.
|
# The endpoint to report the anonymized homeserver usage statistics to.
|
||||||
|
@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
|
||||||
#key_server_signing_keys_path: "key_server_signing_keys.key"
|
#key_server_signing_keys_path: "key_server_signing_keys.key"
|
||||||
|
|
||||||
|
|
||||||
|
## Single sign-on integration ##
|
||||||
|
|
||||||
# Enable SAML2 for registration and login. Uses pysaml2.
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
||||||
#
|
#
|
||||||
# At least one of `sp_config` or `config_path` must be set in this section to
|
# At least one of `sp_config` or `config_path` must be set in this section to
|
||||||
|
@ -1440,7 +1498,13 @@ saml2_config:
|
||||||
# * HTML page to display to users if something goes wrong during the
|
# * HTML page to display to users if something goes wrong during the
|
||||||
# authentication process: 'saml_error.html'.
|
# authentication process: 'saml_error.html'.
|
||||||
#
|
#
|
||||||
# This template doesn't currently need any variable to render.
|
# When rendering, this template is given the following variables:
|
||||||
|
# * code: an HTML error code corresponding to the error that is being
|
||||||
|
# returned (typically 400 or 500)
|
||||||
|
#
|
||||||
|
# * msg: a textual message describing the error.
|
||||||
|
#
|
||||||
|
# The variables will automatically be HTML-escaped.
|
||||||
#
|
#
|
||||||
# You can see the default templates at:
|
# You can see the default templates at:
|
||||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
@ -1448,6 +1512,121 @@ saml2_config:
|
||||||
#template_dir: "res/templates"
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
# OpenID Connect integration. The following settings can be used to make Synapse
|
||||||
|
# use an OpenID Connect Provider for authentication, instead of its internal
|
||||||
|
# password database.
|
||||||
|
#
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/master/openid.md.
|
||||||
|
#
|
||||||
|
oidc_config:
|
||||||
|
# Uncomment the following to enable authorization against an OpenID Connect
|
||||||
|
# server. Defaults to false.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# Uncomment the following to disable use of the OIDC discovery mechanism to
|
||||||
|
# discover endpoints. Defaults to true.
|
||||||
|
#
|
||||||
|
#discover: false
|
||||||
|
|
||||||
|
# the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
|
||||||
|
# discover the provider's endpoints.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#issuer: "https://accounts.example.com/"
|
||||||
|
|
||||||
|
# oauth2 client id to use.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#client_id: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# oauth2 client secret to use.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#client_secret: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# auth method to use when exchanging the token.
|
||||||
|
# Valid values are 'client_secret_basic' (default), 'client_secret_post' and
|
||||||
|
# 'none'.
|
||||||
|
#
|
||||||
|
#client_auth_method: client_secret_post
|
||||||
|
|
||||||
|
# list of scopes to request. This should normally include the "openid" scope.
|
||||||
|
# Defaults to ["openid"].
|
||||||
|
#
|
||||||
|
#scopes: ["openid", "profile"]
|
||||||
|
|
||||||
|
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
|
||||||
|
|
||||||
|
# the oauth2 token endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#token_endpoint: "https://accounts.example.com/oauth2/token"
|
||||||
|
|
||||||
|
# the OIDC userinfo endpoint. Required if discovery is disabled and the
|
||||||
|
# "openid" scope is not requested.
|
||||||
|
#
|
||||||
|
#userinfo_endpoint: "https://accounts.example.com/userinfo"
|
||||||
|
|
||||||
|
# URI where to fetch the JWKS. Required if discovery is disabled and the
|
||||||
|
# "openid" scope is used.
|
||||||
|
#
|
||||||
|
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
|
||||||
|
|
||||||
|
# Uncomment to skip metadata verification. Defaults to false.
|
||||||
|
#
|
||||||
|
# Use this if you are connecting to a provider that is not OpenID Connect
|
||||||
|
# compliant.
|
||||||
|
# Avoid this in production.
|
||||||
|
#
|
||||||
|
#skip_verification: true
|
||||||
|
|
||||||
|
# An external module can be provided here as a custom solution to mapping
|
||||||
|
# attributes returned from a OIDC provider onto a matrix user.
|
||||||
|
#
|
||||||
|
user_mapping_provider:
|
||||||
|
# The custom module's class. Uncomment to use a custom module.
|
||||||
|
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
|
||||||
|
#
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
|
||||||
|
# for information on implementing a custom mapping provider.
|
||||||
|
#
|
||||||
|
#module: mapping_provider.OidcMappingProvider
|
||||||
|
|
||||||
|
# Custom configuration values for the module. This section will be passed as
|
||||||
|
# a Python dictionary to the user mapping provider module's `parse_config`
|
||||||
|
# method.
|
||||||
|
#
|
||||||
|
# The examples below are intended for the default provider: they should be
|
||||||
|
# changed if using a custom provider.
|
||||||
|
#
|
||||||
|
config:
|
||||||
|
# name of the claim containing a unique identifier for the user.
|
||||||
|
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
|
||||||
|
#
|
||||||
|
#subject_claim: "sub"
|
||||||
|
|
||||||
|
# Jinja2 template for the localpart of the MXID.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given the following variables:
|
||||||
|
# * user: The claims returned by the UserInfo Endpoint and/or in the ID
|
||||||
|
# Token
|
||||||
|
#
|
||||||
|
# This must be configured if using the default mapping provider.
|
||||||
|
#
|
||||||
|
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
||||||
|
|
||||||
|
# Jinja2 template for the display name to set on first login.
|
||||||
|
#
|
||||||
|
# If unset, no displayname will be set.
|
||||||
|
#
|
||||||
|
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable CAS for registration and login.
|
# Enable CAS for registration and login.
|
||||||
#
|
#
|
||||||
|
@ -1455,10 +1634,97 @@ saml2_config:
|
||||||
# enabled: true
|
# enabled: true
|
||||||
# server_url: "https://cas-server.com"
|
# server_url: "https://cas-server.com"
|
||||||
# service_url: "https://homeserver.domain.com:8448"
|
# service_url: "https://homeserver.domain.com:8448"
|
||||||
|
# #displayname_attribute: name
|
||||||
# #required_attributes:
|
# #required_attributes:
|
||||||
# # name: value
|
# # name: value
|
||||||
|
|
||||||
|
|
||||||
|
# Additional settings to use with single-sign on systems such as OpenID Connect,
|
||||||
|
# SAML2 and CAS.
|
||||||
|
#
|
||||||
|
sso:
|
||||||
|
# A list of client URLs which are whitelisted so that the user does not
|
||||||
|
# have to confirm giving access to their account to the URL. Any client
|
||||||
|
# whose URL starts with an entry in the following list will not be subject
|
||||||
|
# to an additional confirmation step after the SSO login is completed.
|
||||||
|
#
|
||||||
|
# WARNING: An entry such as "https://my.client" is insecure, because it
|
||||||
|
# will also match "https://my.client.evil.site", exposing your users to
|
||||||
|
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||||
|
# hostname: "https://my.client/".
|
||||||
|
#
|
||||||
|
# If public_baseurl is set, then the login fallback page (used by clients
|
||||||
|
# that don't natively support the required login flows) is whitelisted in
|
||||||
|
# addition to any URLs in this list.
|
||||||
|
#
|
||||||
|
# By default, this list is empty.
|
||||||
|
#
|
||||||
|
#client_whitelist:
|
||||||
|
# - https://riot.im/develop
|
||||||
|
# - https://my.custom.client/
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find the template files below.
|
||||||
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page for a confirmation step before redirecting back to the client
|
||||||
|
# with the login token: 'sso_redirect_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given three variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * display_url: the same as `redirect_url`, but with the query
|
||||||
|
# parameters stripped. The intention is to have a
|
||||||
|
# human-readable URL to show to users, not to use it as
|
||||||
|
# the final address to redirect to. Needs manual escaping
|
||||||
|
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * server_name: the homeserver's name.
|
||||||
|
#
|
||||||
|
# * HTML page which notifies the user that they are authenticating to confirm
|
||||||
|
# an operation on their account during the user interactive authentication
|
||||||
|
# process: 'sso_auth_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given the following variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * description: the operation which the user is being asked to confirm
|
||||||
|
#
|
||||||
|
# * HTML page shown after a successful user interactive authentication session:
|
||||||
|
# 'sso_auth_success.html'.
|
||||||
|
#
|
||||||
|
# Note that this page must include the JavaScript which notifies of a successful authentication
|
||||||
|
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
|
||||||
|
# attempts to login: 'sso_account_deactivated.html'.
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# OpenID Connect authentication process: 'sso_error.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given two variables:
|
||||||
|
# * error: the technical name of the error
|
||||||
|
# * error_description: a human-readable message for the error
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
||||||
#
|
#
|
||||||
#jwt_config:
|
#jwt_config:
|
||||||
|
@ -1681,10 +1947,17 @@ push:
|
||||||
include_content: {{ matrix_synapse_push_include_content|to_json }}
|
include_content: {{ matrix_synapse_push_include_content|to_json }}
|
||||||
|
|
||||||
|
|
||||||
|
# Spam checkers are third-party modules that can block specific actions
|
||||||
|
# of local users, such as creating rooms and registering undesirable
|
||||||
|
# usernames, as well as remote users by redacting incoming events.
|
||||||
|
#
|
||||||
# spam_checker:
|
# spam_checker:
|
||||||
# module: "my_custom_project.SuperSpamChecker"
|
#- module: "my_custom_project.SuperSpamChecker"
|
||||||
# config:
|
# config:
|
||||||
# example_option: 'things'
|
# example_option: 'things'
|
||||||
|
#- module: "some_other_project.BadEventStopper"
|
||||||
|
# config:
|
||||||
|
# example_stop_events_from: ['@bad:example.com']
|
||||||
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
|
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
|
||||||
|
|
||||||
# Uncomment to allow non-server-admin users to create groups on this server
|
# Uncomment to allow non-server-admin users to create groups on this server
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue