pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2022-08-27 13:53:39 +02:00
parent ca40fa9747 7b77153d8b
commit 5102ed3098
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
111 changed files with 1204 additions and 312 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
CHANGELOG.md
View file

@ -1,3 +1,40 @@
# 2022-08-23
## Postmoogle email bridge support
Thanks to [Aine](https://gitlab.com/etke.cc) of [etke.cc](https://etke.cc/), the playbook can now set up the new [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge/bot. Postmoogle is like the [email2matrix bridge](https://github.com/devture/email2matrix) (also [already supported by the playbook](docs/configuring-playbook-email2matrix.md)), but more capable and with the intention to soon support *sending* emails, not just receiving.
See our [Setting up Postmoogle email bridging](docs/configuring-playbook-bot-postmoogle.md) documentation to get started.
# 2022-08-10
## mautrix-whatsapp default configuration changes
In [Pull Request #2012](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2012), we've made some changes to the default configuration used by the `mautrix-whatsapp` bridge.
If you're using this bridge, you should look into this PR and see if the new configuration suits you. If not, you can always change individual preferences in your `vars.yml` file.
Most notably, spaces support has been enabled by default. The bridge will now group rooms into a Matrix space. **If you've already bridged to Whatsapp** prior to this update, you will need to send `!wa sync space` to the bridge bot to make it create the space and put your existing rooms into it.
# 2022-08-09
## Conduit support
Thanks to [Charles Wright](https://github.com/cvwright), we now have optional experimental [Conduit](https://conduit.rs) homeserver support for new installations. This comes as a follow-up to the playbook getting [Dendrite support](#dendrite-support) earlier this year.
Existing Synapse or Dendrite installations do **not** need to be updated. **Synapse is still the default homeserver implementation** installed by the playbook.
To try out Conduit, we recommend that you **use a new server** and the following `vars.yml` configuration:
```yaml
matrix_homeserver_implementation: conduit
```
**The homeserver implementation of an existing server cannot be changed** (e.g. from Synapse or Dendrite to Conduit) without data loss.
# 2022-07-29
## mautrix-discord support

8
README.md
View file

@ -19,6 +19,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional, default) a [Synapse](https://github.com/matrix-org/synapse) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network
- (optional) a [Conduit](https://conduit.rs) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Conduit is a lightweight open-source server implementation of the Matrix Specification with a focus on easy setup and low system requirements
- (optional) a [Dendrite](https://github.com/matrix-org/dendrite) homeserver - storing your data and managing your presence in the [Matrix](http://matrix.org/) network. Dendrite is a second-generation Matrix homeserver written in Go, an alternative to Synapse.
- (optional) [Amazon S3](https://aws.amazon.com/s3/) storage for Synapse's content repository (`media_store`) files using [Goofys](https://github.com/kahing/goofys)
@ -47,6 +49,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional, advanced) the [Matrix Corporal](https://github.com/devture/matrix-corporal) reconciliator and gateway for a managed Matrix server
- (optional) the [mautrix-discord](https://github.com/mautrix/discord) bridge for bridging your Matrix server to [Discord](https://discord.com/) - see [docs/configuring-playbook-bridge-mautrix-discord.md](docs/configuring-playbook-bridge-mautrix-discord.md) for setup documentation
- (optional) the [mautrix-telegram](https://github.com/mautrix/telegram) bridge for bridging your Matrix server to [Telegram](https://telegram.org/)
- (optional) the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/)
@ -63,7 +67,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/)
- (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/)
- (optional) the [beeper-linkedin](https://github.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/)
- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
@ -109,6 +113,8 @@ Using this playbook, you can get the following services configured on your serve
- (optional) [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot - see [docs/configuring-playbook-bot-honoroit.md](docs/configuring-playbook-bot-honoroit.md) for setup documentation
- (optional) [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email to matrix bot - see [docs/configuring-playbook-bot-postmoogle.md](docs/configuring-playbook-bot-postmoogle.md) for setup documentation
- (optional) [Go-NEB](https://github.com/matrix-org/go-neb) multi functional bot written in Go - see [docs/configuring-playbook-bot-go-neb.md](docs/configuring-playbook-bot-go-neb.md) for setup documentation
- (optional) [Mjolnir](https://github.com/matrix-org/mjolnir), a moderation tool for Matrix - see [docs/configuring-playbook-bot-mjolnir.md](docs/configuring-playbook-bot-mjolnir.md) for setup documentation

15
docs/configuring-playbook-bot-go-neb.md
View file

@ -21,20 +21,7 @@ You can use the playbook to [register a new user](registering-users.md):
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
## Getting an access token
If you use curl, you can get an access token like this:
```
curl -X POST --header 'Content-Type: application/json' -d '{
"identifier": { "type": "m.id.user", "user": "bot.go-neb" },
"password": "a strong password",
"type": "m.login.password"
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
```
Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start).
Once the user is created you can [obtain an access token](obtaining-access-tokens.md).
## Adjusting the playbook configuration

9
docs/configuring-playbook-bot-matrix-registration-bot.md
View file

@ -26,14 +26,7 @@ Choose a strong password for the bot. You can generate a good password with a co
## Obtaining an admin access token
In order to use the bot you need to add an admin user's access token token to the configuration. As you created an admin user for the
bot, it is recommended to obtain an access token by logging into Element/Schildichat with the bot account
(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
You can expand "Access token" to copy it.
![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.
In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## Adjusting the playbook configuration

8
docs/configuring-playbook-bot-maubot.md
View file

@ -54,10 +54,4 @@ Choose a strong password for the bot. You can generate a good password with a co
## Obtaining an admin access token
This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)) or by logging into Element/Schildichat with the bot account
(using the password you set) and navigate to `Settings->Help&About` and scroll to the bottom.
You can expand "Access token" to copy it.
![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.
This can be done via `mbc auth` (see the [maubot documentation](https://docs.mau.fi/maubot/usage/cli/auth.html)). Alternatively, use Element or curl to [obtain an access token](obtaining-access-tokens.md).

12
docs/configuring-playbook-bot-mjolnir.md
View file

@ -24,17 +24,7 @@ If you would like Mjolnir to be able to deactivate users, move aliases, shutdown
## 2. Get an access token
If you use curl, you can get an access token like this:
```
curl -X POST --header 'Content-Type: application/json' -d '{
"identifier": { "type": "m.id.user", "user": "bot.mjolnir" },
"password": "PASSWORD_FOR_THE_BOT",
"type": "m.login.password"
}' 'https://matrix.DOMAIN/_matrix/client/r0/login'
```
Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token).
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## 3. Make sure the account is free from rate limiting

56
docs/configuring-playbook-bot-postmoogle.md Normal file
View file

@ -0,0 +1,56 @@
# Setting up Postmoogle (optional)
**Note**: email bridging can also happen via the [email2matrix](configuring-playbook-email2matrix.md) bridge supported by the playbook.
The playbook can install and configure [Postmoogle](https://gitlab.com/etke.cc/postmoogle) for you.
It's a bot/bridge you can use to forward emails to Matrix rooms
See the project's [documentation](https://gitlab.com/etke.cc/postmoogle) to learn what it does and why it might be useful to you.
## Registering the bot user
By default, the playbook will set up the bot with a username like this: `@postmoogle:DOMAIN`.
(to use a different username, adjust the `matrix_bot_postmoogle_login` variable).
You **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=postmoogle password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
## Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
```yaml
matrix_bot_postmoogle_enabled: true
# Adjust this to whatever password you chose when registering the bot user
matrix_bot_postmoogle_password: PASSWORD_FOR_THE_BOT
```
## Installing
After configuring the playbook, run the [installation](installing.md) command again:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage
To use the bot, invite the `@postmoogle:DOMAIN` into a room you want to use as a mailbox.
Then send `!pm mailbox NAME` to expose this Matrix room as an inbox with the email address `NAME@matrix.domain`. Emails sent to that email address will be forwarded to the room.
Send `!pm help` to the room to see the bot's help menu for additional commands.
You can also refer to the upstream [documentation](https://gitlab.com/etke.cc/postmoogle).

8
docs/configuring-playbook-bridge-appservice-kakaotalk.md
View file

@ -46,13 +46,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

4
docs/configuring-playbook-bridge-beeper-linkedin.md
View file

@ -1,8 +1,8 @@
# Setting up Beeper Linkedin (optional)
The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges
The playbook can install and configure [beeper-linkedin](https://github.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges
See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you.
See the project's [documentation](https://github.com/beeper/linkedin/blob/master/README.md) to learn what it does and why it might be useful to you.
```yaml
matrix_beeper_linkedin_enabled: true

8
docs/configuring-playbook-bridge-mautrix-discord.md
View file

@ -60,13 +60,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Discord", "initial_device_display_name": "Mautrix-Discord"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

8
docs/configuring-playbook-bridge-mautrix-facebook.md
View file

@ -58,13 +58,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Facebook", "initial_device_display_name": "Mautrix-Facebook"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

8
docs/configuring-playbook-bridge-mautrix-googlechat.md
View file

@ -29,13 +29,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-googlechat", "initial_device_display_name": "Mautrix-googlechat"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

8
docs/configuring-playbook-bridge-mautrix-hangouts.md
View file

@ -31,13 +31,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Hangouts", "initial_device_display_name": "Mautrix-Hangouts"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

8
docs/configuring-playbook-bridge-mautrix-signal.md
View file

@ -73,13 +73,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Signal", "initial_device_display_name": "Mautrix-Signal"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

8
docs/configuring-playbook-bridge-mautrix-telegram.md
View file

@ -28,13 +28,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Telegram", "initial_device_display_name": "Mautrix-Telegram"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send `login-matrix` to the bot and follow instructions about how to send the access token to it

8
docs/configuring-playbook-bridge-mautrix-whatsapp.md
View file

@ -44,13 +44,7 @@ This is the recommended way of setting up Double Puppeting, as it's easier to ac
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Whatsapp", "initial_device_display_name": "Mautrix-Whatsapp"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`

2
docs/configuring-playbook-client-element.md
View file

@ -32,7 +32,7 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo
## Themes
To change the look of Element, you can define your own themes manually by using the `matrix_client_element__settingDefaults_custom_themes` setting.
To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting.
Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`).

22
docs/configuring-playbook-dimension.md
View file

@ -39,27 +39,7 @@ We recommend that you create a dedicated Matrix user for Dimension (`dimension`
Follow our [Registering users](registering-users.md) guide to learn how to register **a regular (non-admin) user**.
You are required to specify an access token (belonging to this new user) for Dimension to work.
To get an access token for the Dimension user, you can follow one of two options:
*Through an interactive login*:
1. In a private browsing session (incognito window), open Element.
1. Log in with the `dimension` user and its password.
1. Set the display name and avatar, if required.
1. In the settings page choose "Help & About", scroll down to the bottom and expand the `Access Token` section.
1. Copy the access token to your configuration.
1. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work.
*With CURL*
```
curl -X POST --header 'Content-Type: application/json' -d '{
"identifier": { "type": "m.id.user", "user": "YourDimensionUsername" },
"password": "YourDimensionPassword",
"type": "m.login.password"
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
```
*Change `YourDimensionUsername`, `YourDimensionPassword`, and `YOURDOMAIN` accordingly.*
To get an access token for the Dimension user, you can follow the documentation on [how to do obtain an access token](obtaining-access-tokens.md).
**Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**

15
docs/configuring-playbook-email2matrix.md
View file

@ -1,5 +1,7 @@
# Setting up Email2Matrix (optional)
**Note**: email bridging can also happen via the [Postmoogle](configuring-playbook-bot-postmoogle.md) bot supported by the playbook.
The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you.
See the project's [documentation](https://github.com/devture/email2matrix/blob/master/docs/README.md) to learn what it does and why it might be useful to you.
@ -34,18 +36,7 @@ You'll need the room id when doing [Configuration](#configuration) below.
### Obtaining an access token for the sender user
In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it.
To do this, you can execute a command like this:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
Take note of the `access_token` value. You'll need the access token when doing [Configuration](#configuration) below.
In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## Configuration

2
docs/configuring-playbook.md
View file

@ -143,6 +143,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
- [Setting up Postmoogle email bridging](configuring-playbook-bot-postmoogle.md) (optional)
- [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional)
- [Setting up Heisenbridge bouncer-style IRC bridging](configuring-playbook-bridge-heisenbridge.md) (optional)

6
docs/container-images.md
View file

@ -30,7 +30,9 @@ These services are not part of our default installation, but can be enabled by [
- [ma1uta/ma1sd](https://hub.docker.com/r/ma1uta/ma1sd/) - the [ma1sd](https://github.com/ma1uta/ma1sd) Matrix Identity server (optional)
- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the official [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional)
- [matrixconduit/matrix-conduit](https://hub.docker.com/r/matrixconduit/matrix-conduit) - the [Conduit](https://conduit.rs) Matrix homeserver (optional)
- [matrixdotorg/dendrite-monolith](https://hub.docker.com/r/matrixdotorg/dendrite-monolith/) - the [Dendrite](https://github.com/matrix-org/dendrite) Matrix homeserver (optional)
- [ewoutp/goofys](https://hub.docker.com/r/ewoutp/goofys/) - the [Goofys](https://github.com/kahing/goofys) Amazon [S3](https://aws.amazon.com/s3/) file-system-mounting program (optional)
@ -98,6 +100,8 @@ These services are not part of our default installation, but can be enabled by [
- [etke.cc/honoroit](https://gitlab.com/etke.cc/honoroit/container_registry) - the [honoroit](https://gitlab.com/etke.cc/honoroit) helpdesk bot (optional)
- [etke.cc/postmoogle](https://gitlab.com/etke.cc/postmoogle/container_registry) - the [Postmoogle](https://gitlab.com/etke.cc/postmoogle) email bridge bot (optional)
- [matrixdotorg/go-neb](https://hub.docker.com/r/matrixdotorg/go-neb) - the [Go-NEB](https://github.com/matrix-org/go-neb) bot (optional)
- [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir) - the [mjolnir](https://github.com/matrix-org/mjolnir) moderation bot (optional)

9
docs/maintenance-synapse.md
View file

@ -16,14 +16,7 @@ Table of contents:
You can use the **[Purge History API](https://github.com/matrix-org/synapse/blob/master/docs/admin_api/purge_history_api.md)** to delete old messages on a per-room basis. **This is destructive** (especially for non-federated rooms), because it means **people will no longer have access to history past a certain point**.
To make use of this API, **you'll need an admin access token** first. You can find your access token in the setting of some clients (like Element).
Alternatively, you can log in and obtain a new access token like this:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Synapse-Purge-History-API"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
To make use of this API, **you'll need an admin access token** first. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
Synapse's Admin API is not exposed to the internet by default. To expose it you will need to add `matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_admin_api_enabled: true` to your `vars.yml` file.

49
docs/obtaining-access-tokens.md Normal file
View file

@ -0,0 +1,49 @@
# Obtaining an Access Token
When setting up some optional features like bots and bridges you will need to provide an access token for some user. This document provides documentation on how to obtain such an access token.
**Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone.**
## Prerequisites
The user for whom you want to obtain an access token needs to already exist. You can use this playbook to [register a new user](registering-users.md), if you have not already.
Below, we describe 2 ways to generate an access token for a user - using [Element](#obtain-an-access-token-via-element) or [curl](#obtain-an-access-token-via-curl). For both ways you need the user's password.
## Obtain an access token via Element
1. In a private browsing session (incognito window), open Element.
1. Log in with the user's credentials.
1. In the settings page, choose "Help & About", scroll down to the bottom and expand the `Access Token` section (see screenshot below).
1. Copy the access token to your configuration.
1. Close the private browsing session. **Do not log out**. Logging out will invalidate the token, making it not work.
![Obtaining an access token with Element](assets/obtain_admin_access_token_element.png)
## Obtain an access token via curl
You can use the following command to get an access token for your user directly from the [Matrix Client-Server API](https://www.matrix.org/docs/guides/client-server-api#login):
```
curl -XPOST -d '{
"identifier": { "type": "m.id.user", "user": "USERNAME" },
"password": "PASSWORD",
"type": "m.login.password",
"device_id": "YOURDEVICEID"
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
```
Change `USERNAME`, `PASSWORD`, and `YOURDOMAIN` accordingly.
`YOURDEVICEID` is optional and can be used to more easily identify the session later. When omitted (mind the commas in the JSON payload if you'll be omitting it), a random device ID will be generated.
Your response will look like this (prettified):
```
{
"user_id":"@USERNAME:YOURDOMAIN",
"access_token":">>>YOUR_ACCESS_TOKEN_IS_HERE<<<",
"home_server":"YOURDOMAIN",
"device_id":"YOURDEVICEID"
}
```

2
docs/updating-users-passwords.md
View file

@ -34,7 +34,7 @@ where `<password-hash>` is the hash returned by the docker command above.
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
This requires an [access token](obtaining-access-tokens.md) from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).

81
group_vars/matrix_servers
View file

@ -22,16 +22,18 @@ matrix_identity_server_url: "{{ ('https://' + matrix_server_fqn_matrix) if matri
matrix_homeserver_container_url: |-
{{
'http://matrix-nginx-proxy:12080' if matrix_nginx_proxy_enabled else {
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port | string),
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string),
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_client_api_port|string),
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
}[matrix_homeserver_implementation]
}}
matrix_homeserver_container_federation_url: |-
{{
'http://matrix-nginx-proxy:12088' if matrix_nginx_proxy_enabled else {
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port | string),
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port | string),
'synapse': ('http://matrix-synapse:'+ matrix_synapse_container_federation_api_plain_port|string),
'dendrite': ('http://matrix-dendrite:' + matrix_dendrite_http_bind_port|string),
'conduit': ('http://matrix-conduit:' + matrix_conduit_port_number|string),
}[matrix_homeserver_implementation]
}}
@ -1200,6 +1202,36 @@ matrix_bot_buscarron_container_image_self_build: "{{ matrix_architecture not in
#
######################################################################
######################################################################
#
# matrix-bot-postmoogle
#
######################################################################
# We don't enable bots by default.
matrix_bot_postmoogle_enabled: false
matrix_bot_postmoogle_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_postmoogle_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'postmoogle.db') | to_uuid }}"
matrix_bot_postmoogle_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
######################################################################
#
# /matrix-bot-postmoogle
#
######################################################################
######################################################################
#
@ -1614,6 +1646,7 @@ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb: |-
{
'synapse': matrix_synapse_max_upload_size_mb,
'dendrite': (matrix_dendrite_max_file_size_bytes / 1024 / 1024) | round,
'conduit': (matrix_conduit_max_request_size / 1024 / 1024) | round,
}[matrix_homeserver_implementation]|int
}}
@ -1648,6 +1681,7 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: |-
{
'synapse': (matrix_synapse_federation_port_enabled and not matrix_synapse_tls_federation_listener_enabled),
'dendrite': matrix_dendrite_federation_enabled,
'conduit': matrix_conduit_allow_federation,
}[matrix_homeserver_implementation]|bool
}}
@ -1666,6 +1700,12 @@ matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: "127.0.0.1:{{
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_dendrite_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_dendrite_http_bind_port | string }}"
matrix_nginx_proxy_proxy_conduit_enabled: "{{ matrix_conduit_enabled }}"
matrix_nginx_proxy_proxy_conduit_client_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_client_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_federation_api_addr_with_container: "matrix-conduit:{{ matrix_conduit_port_number|string }}"
matrix_nginx_proxy_proxy_conduit_federation_api_addr_sans_container: "127.0.0.1:{{ matrix_conduit_port_number|string }}"
# When matrix-nginx-proxy is disabled, the actual port number that the vhost uses may begin to matter.
matrix_nginx_proxy_proxy_matrix_federation_port: "{{ matrix_federation_public_port }}"
@ -1852,6 +1892,12 @@ matrix_postgres_additional_databases: |
'password': matrix_bot_honoroit_database_password,
}] if (matrix_bot_honoroit_enabled and matrix_bot_honoroit_database_engine == 'postgres' and matrix_bot_honoroit_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_bot_postmoogle_database_name,
'username': matrix_bot_postmoogle_database_username,
'password': matrix_bot_postmoogle_database_password,
}] if (matrix_bot_postmoogle_enabled and matrix_bot_postmoogle_database_engine == 'postgres' and matrix_bot_postmoogle_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_bot_maubot_database_name,
'username': matrix_bot_maubot_database_username,
@ -2285,6 +2331,9 @@ matrix_synapse_redis_enabled: "{{ matrix_redis_enabled }}"
matrix_synapse_redis_host: "{{ 'matrix-redis' if matrix_redis_enabled else '' }}"
matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_redis_enabled else '' }}"
matrix_synapse_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
matrix_synapse_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
######################################################################
#
# /matrix-synapse
@ -2434,6 +2483,7 @@ matrix_registration_shared_secret: |-
{
'synapse': matrix_synapse_registration_shared_secret,
'dendrite': matrix_dendrite_registration_shared_secret,
'conduit': '',
}[matrix_homeserver_implementation]
}}
@ -2549,8 +2599,31 @@ matrix_dendrite_systemd_wanted_services_list: |
(['matrix-coturn.service'] if matrix_coturn_enabled else [])
}}
matrix_dendrite_container_runtime_injected_arguments: "{{ matrix_homeserver_container_runtime_injected_arguments }}"
matrix_dendrite_app_service_runtime_injected_config_files: "{{ matrix_homeserver_app_service_runtime_injected_config_files }}"
######################################################################
#
# /matrix-dendrite
#
######################################################################
######################################################################
#
# matrix-conduit
#
######################################################################
matrix_conduit_enabled: "{{ matrix_homeserver_implementation == 'conduit' }}"
matrix_conduit_systemd_required_services_list: |
{{
(['docker.service'])
}}
######################################################################
#
# /matrix-conduit
#
######################################################################

2
roles/matrix-base/defaults/main.yml
View file

@ -28,7 +28,7 @@ matrix_homeserver_admin_contacts: []
matrix_homeserver_support_url: ''
# This will contain the homeserver implementation that is in use.
# Valid values: synapse, dendrite
# Valid values: synapse, dendrite, conduit
#
# By default, we use Synapse, because it's the only full-featured Matrix server at the moment.
#

2
roles/matrix-base/tasks/sanity_check.yml
View file

@ -3,7 +3,7 @@
- name: Fail if invalid homeserver implementation
ansible.builtin.fail:
msg: "You need to set a valid homeserver implementation in `matrix_homeserver_implementation`"
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite']"
when: "matrix_homeserver_implementation not in ['synapse', 'dendrite', 'conduit']"
# We generally support Ansible 2.7.1 and above.
- name: Fail if running on Ansible < 2.7.1

3
roles/matrix-base/vars/main.yml
View file

@ -2,3 +2,6 @@
# This will contain a list of enabled services that the playbook is managing.
# Each component is expected to append its service name to this list.
matrix_systemd_services_list: []
matrix_homeserver_container_runtime_injected_arguments: []
matrix_homeserver_app_service_runtime_injected_config_files: []

2
roles/matrix-bot-buscarron/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_version: v1.2.0
matrix_bot_buscarron_version: v1.2.1
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"

2
roles/matrix-bot-honoroit/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.12
matrix_bot_honoroit_version: v0.9.13
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

109
roles/matrix-bot-postmoogle/defaults/main.yml Normal file
View file

@ -0,0 +1,109 @@
---
# postmoogle is an email to matrix bot
# Project source code URL: https://gitlab.com/etke.cc/postmoogle
matrix_bot_postmoogle_enabled: true
matrix_bot_postmoogle_container_image_self_build: false
matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: latest
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"
matrix_bot_postmoogle_config_path: "{{ matrix_bot_postmoogle_base_path }}/config"
matrix_bot_postmoogle_data_path: "{{ matrix_bot_postmoogle_base_path }}/data"
# A list of extra arguments to pass to the container
matrix_bot_postmoogle_container_extra_arguments: []
# List of systemd services that matrix-bot-postmoogle.service depends on
matrix_bot_postmoogle_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-postmoogle.service wants
matrix_bot_postmoogle_systemd_wanted_services_list: []
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_bot_postmoogle_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_bot_postmoogle_database_*` variables
matrix_bot_postmoogle_database_engine: 'sqlite'
matrix_bot_postmoogle_sqlite_database_path_local: "{{ matrix_bot_postmoogle_data_path }}/bot.db"
matrix_bot_postmoogle_sqlite_database_path_in_container: "/data/bot.db"
matrix_bot_postmoogle_database_username: 'postmoogle'
matrix_bot_postmoogle_database_password: 'some-password'
matrix_bot_postmoogle_database_hostname: 'matrix-postgres'
matrix_bot_postmoogle_database_port: 5432
matrix_bot_postmoogle_database_name: 'postmoogle'
matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode=disable'
matrix_bot_postmoogle_storage_database: "{{
{
'sqlite': matrix_bot_postmoogle_sqlite_database_path_in_container,
'postgres': matrix_bot_postmoogle_database_connection_string,
}[matrix_bot_postmoogle_database_engine]
}}"
matrix_bot_postmoogle_database_dialect: "{{
{
'sqlite': 'sqlite3',
'postgres': 'postgres',
}[matrix_bot_postmoogle_database_engine]
}}"
# The bot's username. This user needs to be created manually beforehand.
# Also see `matrix_bot_postmoogle_password`.
matrix_bot_postmoogle_login: "postmoogle"
# The password that the bot uses to authenticate.
matrix_bot_postmoogle_password: ''
matrix_bot_postmoogle_homeserver: "{{ matrix_homeserver_container_url }}"
# Command prefix
matrix_bot_postmoogle_prefix: '!pm'
# Max email size in megabytes, including attachments
matrix_bot_postmoogle_maxsize: '1024'
# Allow room settings changes by any room participant
matrix_bot_postmoogle_noowner: false
# Allow Postmoogle use by users over federation
matrix_bot_postmoogle_federation: false
# Sentry DSN
matrix_bot_postmoogle_sentry: ''
# Log level
matrix_bot_postmoogle_loglevel: 'INFO'
# Disable encryption
matrix_bot_postmoogle_noencryption: false
matrix_bot_postmoogle_domain: "{{ matrix_server_fqn_matrix }}"
# in-container port
matrix_bot_postmoogle_port: '2525'
# on-host port
matrix_bot_postmoogle_smtp_host_bind_port: '25'
# Additional environment variables to pass to the postmoogle container
#
# Example:
# matrix_bot_postmoogle_environment_variables_extension: |
# postmoogle_TEXT_DONE=Done
matrix_bot_postmoogle_environment_variables_extension: ''

5
roles/matrix-bot-postmoogle/tasks/init.yml Normal file
View file

@ -0,0 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-postmoogle.service'] }}"
when: matrix_bot_postmoogle_enabled | bool

23
roles/matrix-bot-postmoogle/tasks/main.yml Normal file
View file

@ -0,0 +1,23 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
tags:
- setup-all
- setup-bot-postmoogle
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_bot_postmoogle_enabled | bool"
tags:
- setup-all
- setup-bot-postmoogle
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_bot_postmoogle_enabled | bool"
tags:
- setup-all
- setup-bot-postmoogle

99
roles/matrix-bot-postmoogle/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,99 @@
---
- block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
register: matrix_bot_postmoogle_sqlite_database_path_local_stat_result
- block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_bot_postmoogle_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-bot-postmoogle.service']
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
matrix_bot_postmoogle_requires_restart: true
when: "matrix_bot_postmoogle_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_bot_postmoogle_database_engine == 'postgres'"
- name: Ensure postmoogle paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_postmoogle_config_path }}", when: true}
- {path: "{{ matrix_bot_postmoogle_data_path }}", when: true}
- {path: "{{ matrix_bot_postmoogle_docker_src_files_path }}", when: matrix_bot_postmoogle_container_image_self_build}
when: "item.when | bool"
- name: Ensure postmoogle environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_postmoogle_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure postmoogle image is pulled
docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_postmoogle_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_postmoogle_docker_image_force_pull }}"
when: "not matrix_bot_postmoogle_container_image_self_build | bool"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure postmoogle repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_postmoogle_docker_repo }}"
version: "{{ matrix_bot_postmoogle_docker_repo_version }}"
dest: "{{ matrix_bot_postmoogle_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_postmoogle_git_pull_results
when: "matrix_bot_postmoogle_container_image_self_build | bool"
- name: Ensure postmoogle image is built
docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
source: build
force_source: "{{ matrix_bot_postmoogle_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_postmoogle_docker_src_files_path }}"
pull: true
when: "matrix_bot_postmoogle_container_image_self_build | bool"
- name: Ensure matrix-bot-postmoogle.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-postmoogle.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service"
mode: 0644
register: matrix_bot_postmoogle_systemd_service_result
- name: Ensure systemd reloaded after matrix-bot-postmoogle.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"
- name: Ensure matrix-bot-postmoogle.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-postmoogle.service"
state: restarted
when: "matrix_bot_postmoogle_systemd_service_result.changed | bool"

36
roles/matrix-bot-postmoogle/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Check existence of matrix-postmoogle service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service"
register: matrix_bot_postmoogle_service_stat
- name: Ensure matrix-postmoogle is stopped
ansible.builtin.service:
name: matrix-bot-postmoogle
state: stopped
enabled: false
daemon_reload: true
register: stopping_result
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- name: Ensure matrix-bot-postmoogle.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-bot-postmoogle.service"
state: absent
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- name: Ensure systemd reloaded after matrix-bot-postmoogle.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_bot_postmoogle_service_stat.stat.exists | bool"
- name: Ensure Matrix postmoogle paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_postmoogle_base_path }}"
state: absent
- name: Ensure postmoogle Docker image doesn't exist
docker_image:
name: "{{ matrix_bot_postmoogle_docker_image }}"
state: absent

9
roles/matrix-bot-postmoogle/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_bot_postmoogle_password"

16
roles/matrix-bot-postmoogle/templates/env.j2 Normal file
View file

@ -0,0 +1,16 @@
POSTMOOGLE_LOGIN={{ matrix_bot_postmoogle_login }}
POSTMOOGLE_PASSWORD={{ matrix_bot_postmoogle_password }}
POSTMOOGLE_HOMESERVER={{ matrix_bot_postmoogle_homeserver }}
POSTMOOGLE_DOMAIN={{ matrix_bot_postmoogle_domain }}
POSTMOOGLE_PORT={{ matrix_bot_postmoogle_port }}
POSTMOOGLE_DB_DSN={{ matrix_bot_postmoogle_database_connection_string }}
POSTMOOGLE_DB_DIALECT={{ matrix_bot_postmoogle_database_dialect }}
POSTMOOGLE_PREFIX={{ matrix_bot_postmoogle_prefix }}
POSTMOOGLE_MAXSIZE={{ matrix_bot_postmoogle_maxsize }}
POSTMOOGLE_SENTRY={{ matrix_bot_postmoogle_sentry }}
POSTMOOGLE_LOGLEVEL={{ matrix_bot_postmoogle_loglevel }}
POSTMOOGLE_NOENCRYPTION={{ matrix_bot_postmoogle_noencryption }}
POSTMOOGLE_NOOWNER={{ matrix_bot_postmoogle_noowner }}
POSTMOOGLE_FEDERATION={{ matrix_bot_postmoogle_federation }}
{{ matrix_bot_postmoogle_environment_variables_extension }}

40
roles/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2 Normal file
View file

@ -0,0 +1,40 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix helpdesk bot
{% for service in matrix_bot_postmoogle_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_bot_postmoogle_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-postmoogle \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_postmoogle_config_path }}/env \
-p {{ matrix_bot_postmoogle_smtp_host_bind_port }}:{{ matrix_bot_postmoogle_port }} \
--mount type=bind,src={{ matrix_bot_postmoogle_data_path }},dst=/data \
{% for arg in matrix_bot_postmoogle_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_postmoogle_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-postmoogle 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-postmoogle 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-postmoogle
[Install]
WantedBy=multi-user.target

8
roles/matrix-bridge-appservice-discord/defaults/main.yml
View file

@ -2,10 +2,12 @@
# matrix-appservice-discord is a Matrix <-> Discord bridge
# Project source code URL: https://github.com/Half-Shot/matrix-appservice-discord
matrix_appservice_discord_enabled: true
matrix_appservice_discord_enabled: false
matrix_appservice_discord_container_image_self_build: false
matrix_appservice_discord_version: v1.0.0
matrix_appservice_discord_docker_image: "{{ matrix_container_global_registry_prefix }}halfshot/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
matrix_appservice_discord_version: v3.0.0
matrix_appservice_discord_docker_image: "{{ matrix_appservice_discord_docker_image_name_prefix }}matrix-org/matrix-appservice-discord:{{ matrix_appservice_discord_version }}"
matrix_appservice_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_discord_container_image_self_build else 'ghcr.io/' }}"
matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"

8
roles/matrix-bridge-appservice-discord/tasks/init.yml
View file

@ -13,16 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_discord_config_path }}/registration.yaml,dst=/matrix-appservice-discord-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-discord-registration.yaml"]
}}

8
roles/matrix-bridge-appservice-irc/tasks/init.yml
View file

@ -20,16 +20,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-irc-registration.yaml"]
}}

8
roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-kakaotalk-registration.yaml"]
}}

8
roles/matrix-bridge-appservice-slack/tasks/init.yml
View file

@ -20,16 +20,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_slack_config_path }}/slack-registration.yaml,dst=/matrix-appservice-slack-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-slack-registration.yaml"]
}}

8
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
View file

@ -13,16 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-appservice-webhooks-registration.yaml"]
}}

12
roles/matrix-bridge-beeper-linkedin/defaults/main.yml
View file

@ -1,19 +1,19 @@
---
# beeper-linkedin is a Matrix <-> LinkedIn bridge
# Project source code URL: https://gitlab.com/beeper/linkedin
# Project source code URL: https://github.com/beeper/linkedin
matrix_beeper_linkedin_enabled: true
matrix_beeper_linkedin_version: v0.5.2
matrix_beeper_linkedin_version: v0.5.3
# See: https://gitlab.com/beeper/linkedin/container_registry
# See: https://github.com/beeper/linkedin/pkgs/container/linkedin
matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}-{{ matrix_architecture }}"
matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'ghcr.io/' }}"
matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_container_image_self_build: false
matrix_beeper_linkedin_container_image_self_build_repo: "https://gitlab.com/beeper/linkedin"
matrix_beeper_linkedin_container_image_self_build_repo: "https://github.com/beeper/linkedin"
matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"

8
roles/matrix-bridge-beeper-linkedin/tasks/init.yml
View file

@ -6,16 +6,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-beeper-linkedin-registration.yaml"]
}}

2
roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View file

@ -46,7 +46,7 @@
register: matrix_beeper_linkedin_git_pull_results
# Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated.
# See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40
# See: https://github.com/beeper/linkedin/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40
- name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image
ansible.builtin.command:
cmd: |

8
roles/matrix-bridge-go-skype-bridge/tasks/init.yml
View file

@ -5,16 +5,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-go-skype-bridge-registration.yaml"]
}}

2
roles/matrix-bridge-heisenbridge/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.13.1
matrix_heisenbridge_version: 1.14.0
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

8
roles/matrix-bridge-heisenbridge/tasks/init.yml
View file

@ -13,16 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_heisenbridge_base_path }}/registration.yaml,dst=/heisenbridge-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/heisenbridge-registration.yaml"]
}}

2
roles/matrix-bridge-hookshot/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 1.8.1
matrix_hookshot_version: 2.0.1
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

8
roles/matrix-bridge-hookshot/tasks/init.yml
View file

@ -13,16 +13,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/hookshot-registration.yml"]
}}

8
roles/matrix-bridge-mautrix-discord/tasks/init.yml
View file

@ -5,16 +5,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-discord-registration.yaml"]
}}

2
roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2
View file

@ -31,7 +31,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discor
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_discord_docker_image }} \
/usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml
/usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true'

8
roles/matrix-bridge-mautrix-facebook/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_facebook_config_path }}/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-facebook-registration.yaml"]
}}

8
roles/matrix-bridge-mautrix-googlechat/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_googlechat_config_path }}/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-googlechat-registration.yaml"]
}}

8
roles/matrix-bridge-mautrix-hangouts/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-hangouts-registration.yaml"]
}}

2
roles/matrix-bridge-mautrix-instagram/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_version: v0.1.3
matrix_mautrix_instagram_version: v0.2.0
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

8
roles/matrix-bridge-mautrix-instagram/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_instagram_config_path }}/registration.yaml,dst=/matrix-mautrix-instagram-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-instagram-registration.yaml"]
}}

2
roles/matrix-bridge-mautrix-signal/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: v0.3.0
matrix_mautrix_signal_daemon_version: 0.20.0
matrix_mautrix_signal_daemon_version: 0.21.1
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"

8
roles/matrix-bridge-mautrix-signal/tasks/init.yml
View file

@ -6,16 +6,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_signal_config_path }}/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-signal-registration.yaml"]
}}

7
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -16,7 +16,7 @@ matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_telegram_version == 'latest' else matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
matrix_mautrix_telegram_version: v0.11.3
matrix_mautrix_telegram_version: v0.12.0
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
@ -156,3 +156,8 @@ matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_y
matrix_mautrix_telegram_username_template: 'telegram_{userid}'
matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
# Enable End-to-bridge encryption
matrix_mautrix_telegram_bridge_encryption_allow: false
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"

8
roles/matrix-bridge-mautrix-telegram/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_telegram_config_path }}/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-telegram-registration.yaml"]
}}

32
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
View file

@ -176,27 +176,29 @@ bridge:
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
# End-to-bridge encryption support options.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_telegram_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Database for the encryption data. Currently only supports Postgres and an in-memory
# store that's persisted as a pickle.
# If set to `default`, will use the appservice postgres database
# or a pickle file if the appservice database is sqlite.
#
# Format examples:
# Pickle: pickle:///filename.pickle
# Postgres: postgres://username:password@hostname/dbname
default: {{ matrix_mautrix_telegram_bridge_encryption_default|to_json }}
# Database for the encryption data. If set to `default`, will use the appservice database.
database: default
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: {{ matrix_mautrix_telegram_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false

2
roles/matrix-bridge-mautrix-twitter/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_twitter_container_image_self_build: false
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/mautrix/twitter.git"
matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_version: v0.1.4
matrix_mautrix_twitter_version: v0.1.5
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"

8
roles/matrix-bridge-mautrix-twitter/tasks/init.yml
View file

@ -6,16 +6,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-twitter-registration.yaml"]
}}

7
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.6.0
matrix_mautrix_whatsapp_version: v0.6.1
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@ -95,6 +95,11 @@ matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
matrix_mautrix_whatsapp_bridge_permissions: |
{{
{matrix_mautrix_whatsapp_homeserver_domain: 'user'}

8
roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml
View file

@ -5,16 +5,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mautrix-whatsapp-registration.yaml"]
}}

8
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View file

@ -92,7 +92,7 @@ bridge:
displayname_template: "{{ '{{if .BusinessName}}{{.BusinessName}}{{else if .PushName}}{{.PushName}}{{else}}{{.JID}}{{end}} (WA)' }}"
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
personal_filtering_spaces: false
personal_filtering_spaces: {{ matrix_mautrix_whatsapp_bridge_personal_filtering_spaces | to_json }}
# Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
@ -232,7 +232,7 @@ bridge:
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: false
mute_bridging: {{ matrix_mautrix_whatsapp_bridge_mute_bridging | to_json }}
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
@ -243,7 +243,7 @@ bridge:
tag_only_on_create: true
# Should WhatsApp status messages be bridged into a Matrix room?
# Disabling this won't affect already created status broadcast rooms.
enable_status_broadcast: true
enable_status_broadcast: {{ matrix_mautrix_whatsapp_bridge_enable_status_broadcast | to_json }}
# Should sending WhatsApp status messages be allowed?
# This can cause issues if the user has lots of contacts, so it's disabled by default.
disable_status_broadcast_send: true
@ -257,7 +257,7 @@ bridge:
whatsapp_thumbnail: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
allow_user_invite: {{ matrix_mautrix_whatsapp_bridge_allow_user_invite | to_json }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}

8
roles/matrix-bridge-mx-puppet-discord/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-discord-registration.yaml"]
}}

8
roles/matrix-bridge-mx-puppet-groupme/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_groupme_config_path }}/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-groupme-registration.yaml"]
}}

8
roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-instagram-registration.yaml"]
}}

8
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-slack-registration.yaml"]
}}

8
roles/matrix-bridge-mx-puppet-steam/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-steam-registration.yaml"]
}}

8
roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml
View file

@ -12,16 +12,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-mx-puppet-twitter-registration.yaml"]
}}

8
roles/matrix-bridge-sms/tasks/init.yml
View file

@ -14,16 +14,16 @@
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_sms_bridge_config_path }}/registration.yaml,dst=/matrix-sms-bridge-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/matrix-sms-bridge-registration.yaml"]
}}

2
roles/matrix-client-cinny/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v2.1.1
matrix_client_cinny_version: v2.1.2
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

2
roles/matrix-client-element/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.2
matrix_client_element_version: v1.11.3
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

2
roles/matrix-client-element/tasks/setup_install.yml
View file

@ -45,7 +45,7 @@
line: '\1splitChunks: { maxSize: 100000,'
backrefs: true
owner: root
ansible.builtin.group: root
group: root
mode: '0644'
when: "matrix_client_element_container_image_self_build | bool and matrix_client_element_container_image_self_build_low_memory_system_patch_enabled | bool"

2
roles/matrix-client-hydrogen/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.3.1
matrix_client_hydrogen_version: v0.3.2
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"

51
roles/matrix-conduit/defaults/main.yml Normal file
View file

@ -0,0 +1,51 @@
---
# Conduit is a simple, fast and reliable chat server powered by Matrix
# See: https://conduit.rs
matrix_conduit_enabled: true
matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
matrix_conduit_docker_image_name_prefix: "docker.io/"
matrix_conduit_docker_image_tag: "v0.4.0"
matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"
matrix_conduit_config_path: "{{ matrix_conduit_base_path }}/config"
matrix_conduit_data_path: "{{ matrix_conduit_base_path }}/data"
matrix_conduit_port_number: 6167
matrix_conduit_tmp_directory_size_mb: 500
# List of systemd services that matrix-conduit.service depends on
matrix_conduit_systemd_required_services_list: ["docker.service"]
# List of systemd services that matrix-conduit.service wants
matrix_conduit_systemd_wanted_services_list: []
# Extra arguments for the Docker container
matrix_conduit_container_extra_arguments: []
# Specifies which template files to use when configuring Conduit.
# If you'd like to have your own different configuration, feel free to copy and paste
# the original files into your inventory (e.g. in `inventory/host_vars/<host>/`)
# and then change the specific host's `vars.yaml` file like this:
# matrix_conduit_template_conduit_config: "{{ playbook_dir }}/inventory/host_vars/<host>/conduit.yaml.j2"
matrix_conduit_template_conduit_config: "{{ role_path }}/templates/conduit/conduit.toml.j2"
# Max size for uploads, in bytes
matrix_conduit_max_request_size: 20_000_000
# Enables registration. If set to false, no users can register on this server.
matrix_conduit_allow_registration: true
matrix_conduit_allow_federation: true
# Enable the display name lightning bolt on registration.
matrix_conduit_enable_lightning_bolt: true
matrix_conduit_trusted_servers:
- "matrix.org"
# How many requests Conduit sends to other servers at the same time
matrix_conduit_max_concurrent_requests: 100

7
roles/matrix-conduit/tasks/conduit/setup.yml Normal file
View file

@ -0,0 +1,7 @@
---
- import_tasks: "{{ role_path }}/tasks/conduit/setup_install.yml"
when: "matrix_conduit_enabled | bool"
- import_tasks: "{{ role_path }}/tasks/conduit/setup_uninstall.yml"
when: "not matrix_conduit_enabled | bool"

47
roles/matrix-conduit/tasks/conduit/setup_install.yml Normal file
View file

@ -0,0 +1,47 @@
---
- name: Ensure Conduit Docker image is pulled
docker_image:
name: "{{ matrix_conduit_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_conduit_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_conduit_docker_image_force_pull }}"
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure Conduit config path exists
ansible.builtin.file:
path: "{{ matrix_conduit_config_path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Conduit data path exists
ansible.builtin.file:
path: "{{ matrix_conduit_data_path }}"
state: directory
mode: 0770
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Conduit configuration installed
ansible.builtin.template:
src: "{{ role_path }}/templates/conduit/conduit.toml.j2"
dest: "{{ matrix_conduit_config_path }}/conduit.toml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-conduit.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/conduit/systemd/matrix-conduit.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-conduit.service"
mode: 0644
register: matrix_conduit_systemd_service_result
- name: Ensure systemd reloaded after matrix-conduit.service installation
ansible.builtin.systemd:
daemon_reload: true
when: "matrix_conduit_systemd_service_result.changed | bool"

30
roles/matrix-conduit/tasks/conduit/setup_uninstall.yml Normal file
View file

@ -0,0 +1,30 @@
---
- name: Check existence of matrix-conduit service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-conduit.service"
register: matrix_conduit_service_stat
- name: Ensure matrix-conduit is stopped
ansible.builtin.systemd:
name: matrix-conduit
state: stopped
daemon_reload: true
register: stopping_result
when: "matrix_conduit_service_stat.stat.exists"
- name: Ensure matrix-conduit.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-conduit.service"
state: absent
when: "matrix_conduit_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-conduit.service removal
ansible.builtin.systemd:
daemon_reload: true
when: "matrix_conduit_service_stat.stat.exists"
- name: Ensure Conduit Docker image doesn't exist
docker_image:
name: "{{ matrix_conduit_docker_image }}"
state: absent

5
roles/matrix-conduit/tasks/init.yml Normal file
View file

@ -0,0 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-conduit.service'] }}"
when: matrix_conduit_enabled | bool

17
roles/matrix-conduit/tasks/main.yml Normal file
View file

@ -0,0 +1,17 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/conduit/setup.yml"
when: run_setup | bool
tags:
- setup-all
- setup-conduit
- name: Mark matrix-conduit role as executed
ansible.builtin.set_fact:
matrix_conduit_role_executed: true
tags:
- always

52
roles/matrix-conduit/templates/conduit/conduit.toml.j2 Normal file
View file

@ -0,0 +1,52 @@
# =============================================================================
# This is the official example config for Conduit.
# If you use it for your server, you will need to adjust it to your own needs.
# At the very least, change the server_name field!
# =============================================================================
[global]
# The server_name is the pretty name of this server. It is used as a suffix for user
# and room ids. Examples: matrix.org, conduit.rs
# The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
# If that's not possible for you, you can create /.well-known files to redirect
# requests. See
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and
# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information
server_name = "{{ matrix_domain }}"
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
# The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port
# 443 and 8448 will be forwarded to the Conduit instance running on this port
# Docker users: Don't change this, you'll need to map an external port to this.
port = {{ matrix_conduit_port_number }}
# Max size for uploads
max_request_size = {{ matrix_conduit_max_request_size }}
# Enables registration. If set to false, no users can register on this server.
allow_registration = {{ matrix_conduit_allow_registration | to_json }}
allow_federation = {{ matrix_conduit_allow_federation | to_json }}
# Enable the display name lightning bolt on registration.
enable_lightning_bolt = {{ matrix_conduit_enable_lightning_bolt | to_json }}
trusted_servers = {{ matrix_conduit_trusted_servers | to_json }}
max_concurrent_requests = {{ matrix_conduit_max_concurrent_requests }}
log = "info,state_res=warn,rocket=off,_=off,sled=off"
address = "0.0.0.0"

38
roles/matrix-conduit/templates/conduit/systemd/matrix-conduit.service.j2 Normal file
View file

@ -0,0 +1,38 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Conduit Matrix homeserver
{% for service in matrix_conduit_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-conduit \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_conduit_tmp_directory_size_mb }}m \
--network={{ matrix_docker_network }} \
--env CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml \
--mount type=bind,src={{ matrix_conduit_data_path }},dst=/var/lib/matrix-conduit \
--mount type=bind,src={{ matrix_conduit_config_path }},dst=/etc/matrix-conduit,ro \
{% for arg in matrix_conduit_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_conduit_docker_image }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-conduit 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-conduit 2>/dev/null || true'
ExecReload={{ matrix_host_command_docker }} exec matrix-conduit /bin/sh -c 'kill -HUP 1'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-conduit
[Install]
WantedBy=multi-user.target

6
roles/matrix-conduit/vars/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
matrix_conduit_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
matrix_conduit_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
# Tells whether this role had executed or not. Toggled to `true` during runtime.
matrix_conduit_role_executed: false

2
roles/matrix-coturn/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.5.2-r13
matrix_coturn_version: 4.5.2-r14
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

26
roles/matrix-dendrite/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.9.1"
matrix_dendrite_docker_image_tag: "v0.9.5"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
@ -43,8 +43,19 @@ matrix_dendrite_container_http_host_bind_address: ""
matrix_dendrite_container_https_host_bind_address: ""
# A list of extra arguments to pass to the container (`docker run` command)
# Also see `matrix_dendrite_container_arguments`
matrix_dendrite_container_extra_arguments: []
# matrix_dendrite_container_runtime_injected_arguments is a list of extra arguments to pass to the container.
# This list is built during runtime. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
matrix_dendrite_container_runtime_injected_arguments: []
# matrix_dendrite_container_arguments holds the final list of extra arguments to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_container_extra_arguments`.
matrix_dendrite_container_arguments: "{{ matrix_dendrite_container_extra_arguments + matrix_dendrite_container_runtime_injected_arguments }}"
# A list of extra arguments to pass to the container process (`dendrite-monolith` command)
# Example:
# matrix_dendrite_process_extra_arguments:
@ -83,7 +94,7 @@ matrix_dendrite_rate_limiting_threshold: 5
matrix_dendrite_rate_limiting_cooloff_ms: 500
# Controls whether people with access to the homeserver can register by themselves.
matrix_dendrite_registration_disabled: false
matrix_dendrite_registration_disabled: true
# reCAPTCHA API for validating registration attempts
matrix_dendrite_enable_registration_captcha: false
@ -104,8 +115,19 @@ matrix_dendrite_container_additional_volumes: []
# A list of appservice config files (in-container filesystem paths).
# This list gets populated dynamically based on Dendrite extensions that have been enabled.
# You may wish to use this together with `matrix_dendrite_container_additional_volumes` or `matrix_dendrite_container_extra_arguments`.
# Also see `matrix_dendrite_app_service_config_files_final`
matrix_dendrite_app_service_config_files: []
# matrix_dendrite_app_service_runtime_injected_config_files is a list of appservice config files.
# This list is built during runtime. You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
matrix_dendrite_app_service_runtime_injected_config_files: []
# matrix_dendrite_app_service_config_files_final holds the final list of config files to pass to the container.
# You're not meant to override this variable.
# If you'd like to inject your own arguments, see `matrix_dendrite_app_service_config_files`.
matrix_dendrite_app_service_config_files_final: "{{ matrix_dendrite_app_service_config_files + matrix_dendrite_app_service_runtime_injected_config_files }}"
# Enable exposure of metrics
matrix_dendrite_metrics_enabled: false
matrix_dendrite_metrics_username: "metrics"

7
roles/matrix-dendrite/tasks/register_user.yml
View file

@ -9,6 +9,11 @@
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
when: "password is not defined or password == '<your-password>'"
- name: Fail if playbook called incorrectly
ansible.builtin.fail:
msg: "The `admin` variable needs to be provided to this playbook, via --extra-vars"
when: "admin is not defined or admin not in ['yes', 'no']"
- name: Ensure matrix-dendrite is started
ansible.builtin.service:
name: matrix-dendrite
@ -23,6 +28,6 @@
- name: Register user
ansible.builtin.command:
cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }}"
cmd: "{{ matrix_local_bin_path }}/matrix-dendrite-create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
register: matrix_dendrite_register_user_result
changed_when: matrix_dendrite_register_user_result.rc == 0

2
roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
View file

@ -145,7 +145,7 @@ app_service_api:
disable_tls_validation: {{ matrix_dendrite_disable_tls_validation|to_json }}
# Appservice configuration files to load into this homeserver.
config_files: {{ matrix_dendrite_app_service_config_files|to_json }}
config_files: {{ matrix_dendrite_app_service_config_files_final|to_json }}
# Configuration for the Client API.
client_api:

2
roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
View file

@ -41,7 +41,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \
{% for volume in matrix_dendrite_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}
{% for arg in matrix_dendrite_container_extra_arguments %}
{% for arg in matrix_dendrite_container_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_dendrite_docker_image }} \

9
roles/matrix-dendrite/templates/dendrite/usr-local-bin/matrix-dendrite-create-account.j2
View file

@ -2,11 +2,16 @@
#!/bin/bash
if [ $# -ne 2 ]; then
echo "Usage: "$0" <username> <password>"
echo "Usage: "$0" <username> <password> <admin access: 0 or 1>"
exit 1
fi
user=$1
password=$2
admin=$3
docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password"
if [ "$admin" -eq "1" ]; then
docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password" -admin -url http://localhost:{{ matrix_dendrite_http_bind_port }}
else
docker exec matrix-dendrite create-account -config /data/dendrite.yaml -username "$user" -password "$password" -url http://localhost:{{ matrix_dendrite_http_bind_port }}
fi

2
roles/matrix-dynamic-dns/defaults/main.yml
View file

@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
# The dynamic dns daemon interval
matrix_dynamic_dns_daemon_interval: '300'
matrix_dynamic_dns_version: v3.9.1-ls94
matrix_dynamic_dns_version: v3.9.1-ls96
# The docker container to use when in mode
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

2
roles/matrix-email2matrix/defaults/main.yml
View file

@ -11,7 +11,7 @@ matrix_email2matrix_container_image_self_build: false
matrix_email2matrix_container_image_self_build_repo: "https://github.com/devture/email2matrix.git"
matrix_email2matrix_container_image_self_build_branch: "{{ matrix_email2matrix_version }}"
matrix_email2matrix_version: 1.0.3
matrix_email2matrix_version: 1.1.0
matrix_email2matrix_docker_image_prefix: "{{ 'localhost/' if matrix_email2matrix_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_email2matrix_docker_image: "{{ matrix_email2matrix_docker_image_prefix }}devture/email2matrix:{{ matrix_email2matrix_version }}"
matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}"

2
roles/matrix-grafana/defaults/main.yml
View file

@ -5,7 +5,7 @@
matrix_grafana_enabled: false
matrix_grafana_version: 9.0.6
matrix_grafana_version: 9.1.1
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

3
roles/matrix-jitsi/defaults/main.yml
View file

@ -9,6 +9,7 @@ matrix_jitsi_enable_auth: false
matrix_jitsi_enable_guests: false
matrix_jitsi_enable_recording: false
matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_jaas_components: false
matrix_jitsi_enable_p2p: true
matrix_jitsi_enable_av_moderation: true
matrix_jitsi_enable_breakout_rooms: true
@ -71,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-7577
matrix_jitsi_version: stable-7648-4
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

1
roles/matrix-jitsi/templates/web/env.j2
View file

@ -57,6 +57,7 @@ ENABLE_TALK_WHILE_MUTED
ENABLE_TCC
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ENABLE_XMPP_WEBSOCKET
ENABLE_JAAS_COMPONENTS={{ 1 if matrix_jitsi_enable_jaas_components else false }}
ETHERPAD_PUBLIC_URL
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
GOOGLE_ANALYTICS_ID

Some files were not shown because too many files have changed in this diff Show more