This commit is contained in:
p5t2vspoqqw 2019-05-09 09:34:09 +02:00
commit 4315b472af
75 changed files with 617 additions and 46 deletions

View file

@ -1,3 +1,33 @@
# 2019-05-09
Besides a myriad of bug fixes and minor improvements, here are the more notable (bigger) features we can announce today.
## Mautrix Facebook/Messenger bridging support
The playbook now supports bridging with [Facebook](https://www.facebook.com/) by installing the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge. This playbook functionality is available thanks to [@izissise](https://github.com/izissise).
Additional details are available in [Setting up Mautrix Facebook bridging](docs/configuring-playbook-bridge-mautrix-facebook.md).
## mxisd Registration feature integration
The playbook can now help you integrate with mxisd's [Registration](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) feature.
Learn more in [mxisd-controlled Registration](docs/configuring-playbook-mxisd.md#mxisd-controlled-registration).
# 2019-04-16
## Caddy webserver examples
If you prefer using the [Caddy](https://caddyserver.com/) webserver instead of our own integrated nginx, we now have examples for it in the [`examples/caddy`](examples/caddy) directory
# 2019-04-10
## Goofys support for other S3-compatible object stores
Until now, you could optionally host Synapse's media repository on Amazon S3, but we now also support [using other S3-compatible object stores](docs/configuring-playbook-s3.md),
# 2019-04-03
## Ansible >= 2.5 is required

View file

@ -38,6 +38,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/)
- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [facebook](https://facebook.com/)
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
@ -116,6 +118,8 @@ This playbook sets up your server using the following Docker images:
- [tulir/mautrix-whatsapp](https://hub.docker.com/r/tulir/mautrix-whatsapp/) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
- [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)

View file

@ -12,6 +12,8 @@
- [Registering users](registering-users.md)
- [Updating users passwords](updating-users-passwords.md)
- [Configuring service discovery via .well-known](configuring-well-known.md)
- [Maintenance / checking if services work](maintenance-checking-services.md)

View file

@ -54,9 +54,9 @@ The SRV record should look like this:
- Name: `_matrix._tcp` (use this text as-is)
- Content: `10 0 8448 matrix.<your-domain>` (replace `<your-domain>` with your own)
A [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) is superseding the `_matrix._tcp` SRV record. **During the transition phase, you'll need to set up both mechanisms**. We'll instruct you how to set up the file-based mechanism after the [installation phase](installing.md) for this playbook.
A [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) is superseding the `_matrix._tcp` SRV record for our use case. **During the transition phase, you'll need to set up both mechanisms**. We'll instruct you how to set up the file-based mechanism after the [installation phase](installing.md) for this playbook.
Doing delegation/redirection of Matrix services using a DNS SRV record (`_matrix._tcp`) is a **temporary measure** that is only necessary before Synapse v1.0 is released.
Doing delegation/redirection of Matrix services using a DNS SRV record (`_matrix._tcp`) is a **temporary measure** for our use-case, that will only be necessary before Synapse v1.0 is released.
As more and more people upgrade to the Synapse v0.99 transitional release and just before the final Synapse v1.0 gets released, at some point in the near future **you will need to remove the `_matrix._tcp` SRV record** and leave only the [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) in place.

View file

@ -0,0 +1,11 @@
# Setting up Mautrix Facebook (optional)
The playbook can install and configure [mautrix-facebook](https://github.com/tulir/mautrix-facebook) for you.
See the project's [documentation](https://github.com/tulir/mautrix-facebook/wiki#usage) to learn what it does and why it might be useful to you.
```yaml
matrix_mautrix_facebook_enabled: true
```
You then need to start a chat with `@facebookbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View file

@ -24,6 +24,19 @@ If you'd like to change the default email templates used by mxisd, take a look a
(in the `roles/matrix-mxisd/defaults/main.yml` file.
## mxisd-controlled Registration
To use the [Registration](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) feature of mxisd, you can make use of the following variables:
- `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse
- `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering
- variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to mxisd (instead of Synapse), so it can apply its additional functionality
- `matrix_mxisd_configuration_extension_yaml` - to configure mxisd as required. See the [Registration feature's docs](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) for inspiration. Also see the [Additional features](#additional-features) section below to learn more about how to use `matrix_mxisd_configuration_extension_yaml`.
## Additional features
What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services.

View file

@ -3,9 +3,11 @@
By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
If that's alright, you can skip this.
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3,
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
## Amazon S3
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
```json
@ -37,3 +39,13 @@ matrix_s3_media_store_aws_access_key: "access-key-goes-here"
matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
matrix_s3_media_store_region: "eu-central-1"
```
## Using other S3-compatible object stores
You can use any S3-compatible object store by **additionally** configuring these variables:
```yaml
matrix_s3_media_store_custom_endpoint_enabled: true
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
```

View file

@ -77,6 +77,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
- [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)

View file

@ -13,15 +13,19 @@ There are 2 types of well-known service discovery that Matrix makes use of:
All services created by this playbook are meant to be installed on their own server (such as `matrix.<your-domain>`).
As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@<username>:<your-domain>` while hosting services on a subdomain like `matrix.<your-domain>`, we need to instruct the Matrix network of such a delegation/redirection by means of setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain.com>).
As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@<username>:<your-domain>` while hosting services on a subdomain like `matrix.<your-domain>`, the Matrix network needs to be instructed of such delegation/redirection.
We have discussed this same thing already in the "`_matrix._tcp` SRV record setup (temporary requirement)" section of [Configuring DNS](configuring-dns.md).
Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain.com>`).
In short, you are required to set up both a `_matrix._tcp` DNS SRV record and the `/.well-known/matrix/server` file at the moment.
We have discussed the DNS SRV record method already in the "`_matrix._tcp` SRV record setup (temporary requirement)" section of [Configuring DNS](configuring-dns.md).
As the Synapse server progresses towards v1.0, only the `/.well-known/matrix/server` file will be used. At that future moment, you would need to remove the `_matrix._tcp` SRV record because Synapse v1.0+ will do the wrong thing if a SRV record exists. During the transitional phase (before Synapse 1.0), we do need to have both a SRV record and a `/.well-known/matrix/server` file, in order to federate correctly with v0.99 and older Synapse versions.
Both methods have their place and will continue to do so. Usually, you would need to use just one of these delegation methods.
For simplicity reasons, our setup advocates for the `/.well-known/matrix/server` method and guides you into using that.
For backward compatibility with older Synapse servers (< v0.99), however, for now you are also required to set up a `_matrix._tcp` DNS SRV record (in addition to the `/.well-known/matrix/server` file on the base domain).
To learn how to set it up, read the Installing section below.
As the Synapse server progresses towards v1.0, only the `/.well-known/matrix/server` file will be used by us, unless you have a more special setup necessitating a DNS SRV record. At that future moment, you would need to remove the `_matrix._tcp` SRV record because Synapse v1.0+ will do the wrong thing if a SRV record exists.
To learn how to set up `/.well-known/matrix/server`, read the Installing section below.
## Introduction to Client Server Discovery

View file

@ -10,4 +10,4 @@ ansible-playbook -i inventory/hosts setup.yml --tags=self-check
If it's all green, everything is probably running correctly.
Besides this self-check, you can also check your server using the [Federation Tester](https://neo.lain.haus/fed-tester/).
Besides this self-check, you can also check your server using the [Federation Tester](https://federationtester.matrix.org/).

View file

@ -0,0 +1,19 @@
# Updating users passwords
If you are using the matrix-postgres container(default), you can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
If you are NOT using the matrix-postgres container, you can generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
and then connecting to the postgres server and executing:
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
where `<password-hash>` is the hash returned by the docker command above.

View file

@ -169,7 +169,7 @@ matrix_mxisd_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}"
# your own configuration in `matrix_mxisd_configuration_extension_yaml`.
matrix_mxisd_synapsesql_enabled: true
matrix_mxisd_synapsesql_type: postgresql
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}
matrix_mxisd_dns_overwrite_enabled: true
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"

View file

@ -48,6 +48,7 @@ run_import_postgres: true
run_upgrade_postgres: true
run_start: true
run_register_user: true
run_update_user_password: true
run_import_sqlite_db: true
run_import_media_store: true
run_self_check: true

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"m.homeserver": {
"base_url": "{{ matrix_homeserver_url }}"

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ "$(id -u)" != "0" ]; then

View file

@ -6,6 +6,9 @@ matrix_corporal_enabled: true
# Controls whether the matrix-corporal web server's ports (`41080` and `41081`) are exposed outside of the container.
matrix_corporal_container_expose_ports: false
# A list of extra arguments to pass to the container
matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"Matrix": {
"HomeserverDomainName": "{{ matrix_corporal_matrix_homeserver_domain_name }}",

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Corporal
{% for service in matrix_corporal_systemd_required_services_list %}
@ -22,6 +23,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
{% for arg in matrix_corporal_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_corporal_docker_image }} \
/matrix-corporal -config=/etc/matrix-corporal/config.json
ExecStop=-/usr/bin/docker kill matrix-corporal

View file

@ -23,6 +23,9 @@ matrix_coturn_systemd_required_services_list: ['docker.service']
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
matrix_coturn_container_additional_volumes: []
# A list of extra arguments to pass to the container
matrix_coturn_container_extra_arguments: []
# A shared secret (between Synapse and Coturn) used for authentication.
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
matrix_coturn_turn_static_auth_secret: ""

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Coturn server
{% for service in matrix_coturn_systemd_required_services_list %}
@ -27,6 +28,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
{% for volume in matrix_coturn_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}
{% for arg in matrix_coturn_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_coturn_docker_image }} \
-c /turnserver.conf

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
use-auth-secret
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
realm=turn.{{ matrix_server_fqn_matrix }}

View file

@ -20,6 +20,9 @@ matrix_dimension_user_gid: 1000
matrix_dimension_container_expose_port: false
# A list of extra arguments to pass to the container
matrix_dimension_container_extra_arguments: []
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot"
matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
@ -31,6 +34,7 @@ matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_di
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_dimension_configuration_yaml: |
#jinja2: lstrip_blocks: True
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
@ -125,5 +129,3 @@ matrix_dimension_configuration_extension_yaml: |
# Holds the final Dimension configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`.
matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml|from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}"

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Dimension
After=docker.service
@ -19,6 +20,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
-p 127.0.0.1:8184:8184 \
{% endif %}
-v {{ matrix_dimension_base_path }}:/data:rw \
{% for arg in matrix_dimension_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_dimension_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-dimension
ExecStop=-/usr/bin/docker rm matrix-dimension

View file

@ -9,6 +9,9 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r3-0"
matrix_mailer_container_user_uid: 100
matrix_mailer_container_user_gid: 101
# A list of extra arguments to pass to the container
matrix_mailer_container_extra_arguments: []
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
matrix_mailer_relay_use: false
matrix_mailer_relay_host_name: "mail.example.com"

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
{% if matrix_mailer_relay_use %}
SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port }}
{% endif %}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix mailer
After=docker.service
@ -16,6 +17,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_mailer_base_path }}/env-mailer \
--hostname={{ matrix_server_fqn_matrix }} \
{% for arg in matrix_mailer_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mailer_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mailer
ExecStop=-/usr/bin/docker rm matrix-mailer

View file

@ -8,6 +8,9 @@ matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
# Controls whether the mxisd web server's port (`8090`) is exposed outside of the container.
matrix_mxisd_container_expose_port: false
# A list of extra arguments to pass to the container
matrix_mxisd_container_extra_arguments: []
# List of systemd services that matrix-mxisd.service depends on
matrix_mxisd_systemd_required_services_list: ['docker.service']
@ -64,6 +67,7 @@ matrix_mxisd_self_check_validate_certificates: true
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mxisd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix mxisd Identity server
{% for service in matrix_mxisd_systemd_required_services_list %}
@ -27,6 +28,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
{% endif %}
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
{% for arg in matrix_mxisd_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mxisd_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mxisd

View file

@ -21,6 +21,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: []
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
matrix_nginx_proxy_container_additional_volumes: []
# A list of extra arguments to pass to the container
matrix_nginx_proxy_container_extra_arguments: []
# Controls whether matrix-nginx-proxy should serve the base domain.
#
# This is useful for when you only have your Matrix server, but you need to serve
@ -66,6 +69,13 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"
# Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
# This allows another service to control registrations involving 3PIDs.
# To learn more, see: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md
matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-mxisd:8090"
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090"
# Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_base_domain_hostname }};

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
@ -102,6 +103,23 @@ server {
}
{% endif %}
{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %}
location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }};
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endif %}
{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# The default is aligned to the CPU's cache size,
# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
#

View file

@ -1,2 +1,3 @@
#jinja2: lstrip_blocks: "True"
# User and password for protecting /_synapse/metrics URI
prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# This is a custom nginx configuration file that we use in the container (instead of the default one),
# because it allows us to run nginx with a non-root user.
#

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix nginx-proxy server
{% for service in matrix_nginx_proxy_systemd_required_services_list %}
@ -33,6 +34,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
{% for volume in matrix_nginx_proxy_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}
{% for arg in matrix_nginx_proxy_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_nginx_proxy_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)

View file

@ -12,3 +12,6 @@ matrix_postgres_docker_image_v9: "postgres:9.6.12-alpine"
matrix_postgres_docker_image_v10: "postgres:10.7-alpine"
matrix_postgres_docker_image_v11: "postgres:11.2-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
# A list of extra arguments to pass to the container
matrix_postgres_container_extra_arguments: []

View file

@ -123,3 +123,10 @@
debug:
msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
when: "not matrix_postgres_enabled and matrix_postgres_data_path_stat.stat.exists"
- name: Ensure matrix-postgres-update-user-password-hash script created
template:
src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
dest: "/usr/local/bin/matrix-postgres-update-user-password-hash"
mode: 0750
when: matrix_postgres_enabled

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
PGUSER={{ matrix_postgres_connection_username }}
PGPASSWORD={{ matrix_postgres_connection_password }}
PGDATABASE={{ matrix_postgres_db_name }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
POSTGRES_USER={{ matrix_postgres_connection_username }}
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
POSTGRES_DB={{ matrix_postgres_db_name }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Postgres server
After=docker.service
@ -18,6 +19,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
-v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data:rw \
-v /etc/passwd:/etc/passwd:ro \
{% for arg in matrix_postgres_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_postgres_docker_image_to_use }}
ExecStop=-/usr/bin/docker stop matrix-postgres
ExecStop=-/usr/bin/docker rm matrix-postgres

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ $# -ne 1 ]; then

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
docker run \

View file

@ -0,0 +1,16 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Usage: "$0" <username> <password_hash>"
exit 1
fi
docker run \
--rm \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \
{{ matrix_postgres_docker_image_to_use }} \
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"

View file

@ -6,6 +6,9 @@ matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
matrix_riot_web_container_expose_port: false
# A list of extra arguments to pass to the container
matrix_riot_web_container_extra_arguments: []
# List of systemd services that matrix-riot-web.service depends on
matrix_riot_web_systemd_required_services_list: ['docker.service']

View file

@ -1,23 +1,24 @@
#jinja2: lstrip_blocks: "True"
{
"default_hs_url": {{ matrix_riot_web_default_hs_url|to_json }},
"default_is_url": {{ matrix_riot_web_default_is_url|to_json }},
"default_hs_url": {{ matrix_riot_web_default_hs_url|string|to_json }},
"default_is_url": {{ matrix_riot_web_default_is_url|string|to_json }},
"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
"brand": "Riot",
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|to_json }},
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|to_json }},
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|string|to_json }},
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|string|to_json }},
"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|to_json }},
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|string|to_json }},
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"enableLabs": true,
"roomDirectory": {
"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
},
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }},
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|string|to_json }},
{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
{% endif %}
"embeddedPages": {
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|to_json }}
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
}
}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# This is a custom nginx configuration file that we use in the container (instead of the default one),
# because it allows us to run nginx with a non-root user.
#

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix riot-web server
{% for service in matrix_riot_web_systemd_required_services_list %}
@ -26,6 +27,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
-v {{ matrix_riot_web_data_path }}/home.html:/etc/riot-web/home.html:ro \
{% endif %}
-v {{ matrix_riot_web_data_path }}/welcome.html:/etc/riot-web/welcome.html:ro \
{% for arg in matrix_riot_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_riot_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-riot-web
ExecStop=-/usr/bin/docker rm matrix-riot-web

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
<style type="text/css">
/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid

View file

@ -1,4 +1,4 @@
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3-py3"
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
@ -24,6 +24,9 @@ matrix_appservice_discord_container_expose_client_server_api_port: false
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
matrix_synapse_container_expose_metrics_port: false
# A list of extra arguments to pass to the container
matrix_synapse_container_extra_arguments: []
# List of systemd services that matrix-synapse.service depends on
matrix_synapse_systemd_required_services_list: ['docker.service']
@ -111,6 +114,9 @@ matrix_synapse_use_presence: true
# Controls whether people with access to the homeserver can register by themselves.
matrix_synapse_enable_registration: false
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
matrix_synapse_registrations_require_3pid: []
# Users who register on this homeserver will automatically be joined to these rooms.
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
matrix_synapse_auto_join_rooms: []
@ -258,6 +264,18 @@ matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
# Matrix mautrix is a Matrix <-> Facebook bridge
# Enable facebook bridge
matrix_mautrix_facebook_enabled: false
matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID
matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH
# Matrix Appservice IRC is a Matrix <-> IRC bridge
# Enable IRC bridge
matrix_appservice_irc_enabled: false
@ -267,6 +285,7 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_configuration_yaml: |
#jinja2: lstrip_blocks: True
homeserver:
url: "https://{{ matrix_server_fqn_matrix }}"
domain: "{{ matrix_domain }}"

View file

@ -4,6 +4,8 @@
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml"
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml"

View file

@ -0,0 +1,3 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
when: matrix_mautrix_facebook_enabled

View file

@ -0,0 +1,101 @@
---
- name: Ensure Mautrix Facebook image is pulled
docker_image:
name: "{{ matrix_mautrix_facebook_docker_image }}"
when: "matrix_mautrix_facebook_enabled"
- name: Ensure Mautrix Facebook configuration path exists
file:
path: "{{ matrix_mautrix_facebook_base_path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: "matrix_mautrix_facebook_enabled"
- name: Check if a mautrix-facebook configuration file exists
stat:
path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
register: mautrix_facebook_config_file_stat
when: "matrix_mautrix_facebook_enabled"
- name: Ensure Matrix Mautrix facebook config installed
template:
src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2"
dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists"
- name: (Migration) Fix up old configuration
lineinfile:
path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
with_items:
- {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'}
- {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'}
when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists"
- name: Ensure matrix-mautrix-facebook.service installed
template:
src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2"
dest: "/etc/systemd/system/matrix-mautrix-facebook.service"
mode: 0644
register: matrix_mautrix_facebook_systemd_service_result
when: "matrix_mautrix_facebook_enabled"
- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed"
- name: Check if a mautrix-facebook registration file exists
stat:
path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml"
register: mautrix_facebook_registration_file_stat
when: "matrix_mautrix_facebook_enabled"
- name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist
shell:
cmd: >-
/usr/bin/docker run
--rm
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--name matrix-mautrix-facebook-gen
-v {{ matrix_mautrix_facebook_base_path }}:/data:z
{{ matrix_mautrix_facebook_docker_image }}
python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists"
- set_fact:
matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
when: "matrix_mautrix_facebook_enabled"
- set_fact:
matrix_synapse_container_additional_volumes: >
{{ matrix_synapse_container_additional_volumes }}
+
{{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
when: "matrix_mautrix_facebook_enabled"
- set_fact:
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files }}
+
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }}
when: "matrix_mautrix_facebook_enabled"
#
# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled)
#
- name: Ensure matrix-mautrix-facebook.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mautrix-facebook.service"
state: absent
when: "not matrix_mautrix_facebook_enabled"

View file

@ -10,6 +10,8 @@
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml"
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml"
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml"
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml"

View file

@ -37,3 +37,8 @@
when: run_self_check
tags:
- self-check
- import_tasks: "{{ role_path }}/tasks/update_user_password.yml"
when: run_update_user_password
tags:
- update-user-password

View file

@ -0,0 +1,48 @@
---
- name: Fail if playbook called incorrectly
fail:
msg: "The `username` variable needs to be provided to this playbook, via --extra-vars"
when: "username is not defined or username == '<your-username>'"
- name: Fail if playbook called incorrectly
fail:
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
when: "password is not defined or password == '<your-password>'"
- name: Fail if not using matrix-postgres container
fail:
msg: "This command is working only when matrix-postgres container is being used"
when: "not matrix_postgres_enabled"
- name: Ensure matrix-synapse is started
service:
name: matrix-synapse
state: started
daemon_reload: yes
register: start_result
- name: Ensure matrix-postgres is started
service:
name: matrix-postgres
state: started
daemon_reload: yes
register: postgres_start_result
- name: Wait a while, so that Matrix Synapse can manage to start
pause:
seconds: 7
when: start_result.changed
- name: Wait a while, so that Matrix Postgres can manage to start
pause:
seconds: 7
when: postgres_start_result.changed
- name: Generate password hash
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}"
register: password_hash
- name: Update user password hash
shell: "/usr/local/bin/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Appservice Discord server
After=docker.service

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Appservice IRC server
After=docker.service

View file

@ -0,0 +1,109 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: https://{{ matrix_server_fqn_matrix }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: http://matrix-mautrix-facebook:8080
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-facebook.db
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
sync_with_custom_puppets: true
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: normal
filename: /data/mautrix-facebook.log
maxBytes: 10485760
backupCount: 10
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [file, console]

View file

@ -0,0 +1,34 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Facebook server
After=docker.service
Requires=docker.service
Requires=matrix-synapse.service
After=matrix-synapse.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
{{ matrix_mautrix_facebook_docker_image }} \
alembic -x config=/data/config.yaml upgrade head
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /data/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Telegram server
After=docker.service

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Whatsapp server
After=docker.service

View file

@ -1,2 +1,3 @@
#jinja2: lstrip_blocks: "True"
AWS_ACCESS_KEY={{ matrix_s3_media_store_aws_access_key }}
AWS_SECRET_KEY={{ matrix_s3_media_store_aws_secret_key }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Goofys media store
After=docker.service

View file

@ -1,2 +1,3 @@
#jinja2: lstrip_blocks: "True"
SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
# vim:ft=yaml
## Server ##
@ -358,8 +359,8 @@ database:
# The database engine name
name: "psycopg2"
args:
user: {{ matrix_synapse_database_user|to_json }}
password: {{ matrix_synapse_database_password|to_json }}
user: {{ matrix_synapse_database_user|string|to_json }}
password: {{ matrix_synapse_database_password|string|to_json }}
database: "{{ matrix_synapse_database_database }}"
host: "{{ matrix_synapse_database_host }}"
cp_min: 5
@ -521,9 +522,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
# height: 600
# method: scale
# Is the preview URL API enabled? If enabled, you *must* specify
# an explicit url_preview_ip_range_blacklist of IPs that the spider is
# denied from accessing.
# Is the preview URL API enabled?
#
# 'false' by default: uncomment the following to enable it (and specify a
# url_preview_ip_range_blacklist blacklist).
#
url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
@ -534,7 +536,13 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
# to connect to, otherwise anyone in any Matrix room could cause your
# synapse to issue arbitrary GET requests to your internal services,
# causing serious security issues.
#
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
# listed here, since they correspond to unroutable addresses.)
#
# This must be specified if url_preview_enabled is set. It is recommended that
# you uncomment the following list as a starting point.
#
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
@ -628,7 +636,7 @@ turn_uris: {{ matrix_synapse_turn_uris|to_json }}
# The shared secret used to compute passwords for the TURN server
#
turn_shared_secret: {{ matrix_synapse_turn_shared_secret|to_json }}
turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }}
# The Username and password if the TURN server needs them and
# does not use a token
@ -663,6 +671,9 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
#registrations_require_3pid:
# - email
# - msisdn
{% if matrix_synapse_registrations_require_3pid %}
registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }}
{% endif %}
# Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
@ -683,7 +694,7 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
registration_shared_secret: {{ matrix_synapse_registration_shared_secret|to_json }}
registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string|to_json }}
# Set the number of bcrypt rounds used to generate password hash.
# Larger numbers increase the work factor needed to generate the hash.
@ -784,7 +795,7 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files }}
# the registration_shared_secret is used, if one is given; otherwise,
# a secret key is derived from the signing key.
#
macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|to_json }}
macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }}
# Used to enable access token expiration.
#
@ -794,7 +805,7 @@ macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|to_json }}
# falsification of values. Must be specified for the User Consent
# forms to work.
#
form_secret: {{ matrix_synapse_form_secret|to_json }}
form_secret: {{ matrix_synapse_form_secret|string|to_json }}
## Signing Keys ##
@ -899,7 +910,7 @@ password_config:
# Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
#
pepper: {{ matrix_synapse_password_config_pepper|to_json }}
pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}
@ -914,15 +925,15 @@ password_config:
{% if matrix_synapse_email_enabled %}
email:
enable_notifs: true
smtp_host: {{ matrix_synapse_email_smtp_host|to_json }}
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
notif_from: {{ matrix_synapse_email_notif_from|to_json }}
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
app_name: Matrix
notif_template_html: notif_mail.html
notif_template_text: notif_mail.txt
notif_for_new_users: True
riot_base_url: {{ matrix_synapse_email_riot_base_url|to_json }}
riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }}
{% endif %}
@ -945,12 +956,12 @@ password_providers:
{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
- module: "shared_secret_authenticator.SharedSecretAuthenticator"
config:
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|to_json }}
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
{% endif %}
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|to_json }}
endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|string|to_json }}
policy:
registration:
username:
@ -965,16 +976,16 @@ password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
uri: {{ matrix_synapse_ext_password_provider_ldap_uri|to_json }}
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }}
base: {{ matrix_synapse_ext_password_provider_ldap_base|to_json }}
uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }}
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|string|to_json }}
base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }}
attributes:
uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|to_json }}
mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|to_json }}
name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|to_json }}
bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|to_json }}
bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|to_json }}
filter: {{ matrix_synapse_ext_password_provider_ldap_filter|to_json }}
uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }}
mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }}
name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }}
bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }}
bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }}
filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }}
{% endif %}
{% endif %}

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
version: 1

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Synapse server
{% for service in matrix_synapse_systemd_required_services_list %}
@ -46,6 +47,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
{% for volume in matrix_synapse_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}
{% for arg in matrix_synapse_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_synapse_docker_image }} \
-m synapse.app.homeserver -c /data/homeserver.yaml

View file

@ -1,3 +1,4 @@
#jinja2: lstrip_blocks: "True"
#!/bin/bash
if [ $# -ne 3 ]; then