pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2023-01-21 03:13:46 +01:00
parent ce1cf0e78f 5f7ed722f6
commit 5a24a716e2
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
86 changed files with 1439 additions and 179 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/matrix.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
- name: Check out
uses: actions/checkout@v3
- name: Run yamllint
uses: frenck/action-yamllint@v1.3.1
uses: frenck/action-yamllint@v1.4.0
ansible-lint:
name: ansible-lint
runs-on: ubuntu-latest
@ -21,6 +21,6 @@ jobs:
- name: Check out
uses: actions/checkout@v3
- name: Run ansible-lint
uses: ansible-community/ansible-lint-action@v6.8.2
uses: ansible-community/ansible-lint-action@v6.11.0
with:
path: roles/custom

43
CHANGELOG.md
View file

@ -1,3 +1,44 @@
# 2023-01-13
## Support for running commands via just
We've previously used [make](https://www.gnu.org/software/make/) for easily running some playbook commands (e.g. `make roles` which triggers `ansible-galaxy`, see [Makefile](Makefile)).
Our `Makefile` is still around and you can still run these commands.
In addition, we've added support for running commands via [just](https://github.com/casey/just) - a more modern command-runner alternative to `make`. Instead of `make roles`, you can now run `just roles` to accomplish the same.
Our [justfile](justfile) already defines some additional helpful **shortcut** commands that weren't part of our `Makefile`. Here are some examples:
- `just install-all` to trigger the much longer `ansible-playbook -i inventory/hosts setup.yml --tags=install-all,ensure-matrix-users-created,start` command
- `just install-all --ask-vault-pass` - commands also support additional arguments (`--ask-vault-pass` will be appended to the above installation command)
- `just run-tags install-mautrix-slack,start` - to run specific playbook tags
- `just start-all` - (re-)starts all services
- `just stop-group postgres` - to stop only the Postgres service
- `just register-user john secret-password yes` - registers a `john` user with the `secret-password` password and admin access (admin = `yes`)
Additional helpful commands and shortcuts may be defined in the future.
This is all completely optional. If you find it difficult to [install `just`](https://github.com/casey/just#installation) or don't find any of this convenient, feel free to run all commands manually.
# 2023-01-11
## mautrix-slack support
Thanks to [Cody Neiman](https://github.com/xangelix)'s efforts, the playbook now supports bridging to [Slack](https://slack.com/) via the [mautrix-slack](https://mau.dev/mautrix/slack) bridge. See our [Setting up Mautrix Slack bridging](docs/configuring-playbook-bridge-mautrix-slack.md) documentation page for getting started.
**Note**: this is a new Slack bridge. The playbook still retains Slack bridging via [matrix-appservice-slack](docs/configuring-playbook-bridge-appservice-slack.md) and [mx-puppet-slack](docs/configuring-playbook-bridge-mx-puppet-slack.md). You're free to use the bridge that serves you better, or even all three of them (for different users and use-cases).
# 2023-01-10
## ChatGPT support
Thanks to [@bertybuttface](https://github.com/bertybuttface), the playbook can now help you set up [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) - a bot through which you can talk to the [ChatGPT](https://openai.com/blog/chatgpt/) model.
See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md) documentation to get started.
# 2022-11-30
## matrix-postgres-backup has been replaced by the com.devture.ansible.role.postgres_backup external role
@ -353,7 +394,7 @@ matrix_homeserver_implementation: conduit
Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started.
**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases).
**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free to use the bridge that serves you better, or even all three of them (for different users and use-cases).
# 2022-07-27

6
README.md
View file

@ -54,7 +54,7 @@ Services that run on the server to make the various parts of your installation w
| [Coturn](https://github.com/coturn/coturn) | ✓ | STUN/TURN server for WebRTC audio/video calls | [Link](docs/configuring-playbook-turn.md) |
| [nginx](http://nginx.org/) | ✓ | Web server, listening on ports 80 and 443 - standing in front of all the other services. Using your own webserver [is possible](docs/configuring-playbook-own-webserver.md) | [Link](docs/configuring-playbook-nginx.md) |
| [Let's Encrypt](https://letsencrypt.org/) | ✓ | Free SSL certificate, which secures the connection to the Synapse server and the Element web UI | [Link](docs/configuring-playbook-ssl-certificates.md) |
| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](configuring-playbook-ma1sd.md)
| [ma1sd](https://github.com/ma1uta/ma1sd) | x | Matrix Identity Server | [Link](docs/configuring-playbook-ma1sd.md)
| [Exim](https://www.exim.org/) | ✓ | Mail server, through which all Matrix services send outgoing email (can be configured to relay through another SMTP server) | - |
| [Dimension](https://github.com/turt2live/matrix-dimension) | x | An open source integrations manager for matrix clients | [Link](docs/configuring-playbook-dimension.md) |
| [Sygnal](https://github.com/matrix-org/sygnal) | x | Push gateway | [Link](docs/configuring-playbook-sygnal.md) |
@ -89,7 +89,8 @@ Bridges can be used to connect your matrix installation with third-party communi
| Name | Default? | Description | Documentation |
| ---- | -------- | ----------- | ------------- |
[mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
| [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) |
| [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) |
| [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) |
| [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) |
| [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) |
@ -130,6 +131,7 @@ Bots provide various additional functionality to your installation.
| [Go-NEB](https://github.com/matrix-org/go-neb) | x | A multi functional bot written in Go | [Link](docs/configuring-playbook-bot-go-neb.md) |
| [Mjolnir](https://github.com/matrix-org/mjolnir) | x | A moderation tool for Matrix | [Link](docs/configuring-playbook-bot-mjolnir.md) |
| [Buscarron](https://gitlab.com/etke.cc/buscarron) | x | Web forms (HTTP POST) to matrix | [Link](docs/configuring-playbook-bot-buscarron.md) |
| [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) | x | ChatGPT from matrix | [Link](docs/configuring-playbook-bot-chatgpt.md) |
### Administration

2
docs/ansible.md
View file

@ -65,7 +65,7 @@ docker run -it --rm \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.6-r0
docker.io/devture/ansible:2.13.6-r0-1
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.

65
docs/configuring-playbook-bot-chatgpt.md Normal file
View file

@ -0,0 +1,65 @@
# Setting up ChatGPT (optional)
The playbook can install and configure [matrix-chatgpt-bot](https://github.com/matrixgpt/matrix-chatgpt-bot) for you.
Talk to [ChatGPT](https://openai.com/blog/chatgpt/) via your favourite Matrix client!
## 1. Register the bot account
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
You **need to register the bot user manually** before setting up the bot.
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
You can use the playbook to [register a new user](registering-users.md):
```
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.chatgpt password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
```
## 2. Get an access token
Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
## 3. Adjusting the playbook configuration
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
```yaml
matrix_bot_chatgpt_enabled: true
# See instructions on
# https://www.npmjs.com/package/chatgpt
matrix_bot_chatgpt_openai_email: ''
matrix_bot_chatgpt_openai_password: ''
matrix_bot_chatgpt_openai_login_type: google
# This is the default username
# matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt'
# Matrix access token (from bot user above)
# see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix
matrix_bot_chatgpt_matrix_access_token: ''
```
You will need to get tokens for ChatGPT.
## 4. Installing
After configuring the playbook, run the [installation](installing.md) command again:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=install-all,start
```
## Usage
To use the bot, invite the `@bot.chatgpt:DOMAIN` to the room you specified in a config, after that start speaking to it, use the prefix if you configured one or mention the bot.
You can also refer to the upstream [documentation](https://github.com/matrixgpt/matrix-chatgpt-bot).

2
docs/configuring-playbook-bridge-appservice-slack.md
View file

@ -1,6 +1,6 @@
# Setting up Appservice Slack (optional)
**Note**: bridging to [Slack](https://slack.com) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) bridge supported by the playbook.
**Note**: bridging to [Slack](https://slack.com) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook.
The playbook can install and configure [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) for you.

77
docs/configuring-playbook-bridge-mautrix-slack.md Normal file
View file

@ -0,0 +1,77 @@
# Setting up Mautrix Slack (optional)
**Note**: bridging to [Slack](https://slack.com/) can also happen via the [mx-puppet-slack](configuring-playbook-bridge-mx-puppet-slack.md) and [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Slack](configuring-playbook-bridge-appservice-slack.md), because it supports plumbing.
- For personal use with a slack account we recommend the `mautrix-slack` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Slack bridges supported by the playbook.
The playbook can install and configure [mautrix-slack](https://github.com/mautrix/slack) for you.
See the project's [documentation](https://docs.mau.fi/bridges/go/slack/index.html) to learn what it does and why it might be useful to you.
Note that as of Oct 2022, support for multiple Matrix users using the bot is incomplete. Different users do not yet share the bridged channels. Everyone gets their own copy.
See the [features and roadmap](https://github.com/mautrix/slack/blob/main/ROADMAP.md) for more information.
## Prerequisites
For using this bridge, you would need to authenticate by **providing your username and password** (legacy) or by using a **token login**. See more information in the [docs](https://docs.mau.fi/bridges/go/slack/authentication.html).
Note that neither of these methods are officially supported by Slack. [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) uses a Slack bot account which is the only officially supported method for bridging a Slack channel.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_mautrix_slack_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional options you may wish to configure with the bridge.
Take a look at:
- `roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_slack_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Slack` device some time in the future, as that would break the Double Puppeting feature
## Usage
1. Start a chat with `@slackbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. If you would like to login to Slack using a token, send the `login-token` command, otherwise, send the `login-password` command. Read [here](https://docs.mau.fi/bridges/go/slack/authentication.html) on how to retrieve your token and cookie token.
3. The bot should respond with "Successfully logged into <email> for team <workspace>"
4. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to.
5. Slack channels should automatically begin bridging if you authenticated using a token. Otherwise, you must wait to receive a message in the channel if you used password authentication.

13
docs/configuring-playbook-bridge-mautrix-whatsapp.md
View file

@ -11,6 +11,19 @@ matrix_mautrix_whatsapp_enabled: true
```
Whatsapp multidevice beta is required, now it is enough if Whatsapp is connected to the Internet every 2 weeks.
The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file:
```yaml
matrix_mautrix_whatsapp_bridge_relay_enabled: true
```
By default, only admins are allowed to set themselves as relay users. To allow anyone on your homeserver to set themselves as relay users add this to your `vars.yml` file:
```yaml
matrix_mautrix_whatsapp_bridge_relay_admin_only: false
```
If you want to activate the relay bot in a room, use `!whatsapp set-relay`.
Use `!whatsapp unset-relay` to deactivate.
## Enable backfilling history
This requires a server with MSC2716 support, which is currently an experimental feature in synapse.
Note that as of Synapse 1.46, there are still some bugs with the implementation, especially if using event persistence workers.

3
docs/configuring-playbook-bridge-mx-puppet-slack.md
View file

@ -1,8 +1,7 @@
# Setting up MX Puppet Slack (optional)
**Note**: bridging to [Slack](https://slack.com) can also happen via the
[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)
bridge supported by the playbook.
[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) and [mautrix-slack](configuring-playbook-bridge-mautrix-slack.md) bridges supported by the playbook.
The playbook can install and configure [Beeper](https://www.beeper.com/)-maintained fork of
[mx-puppet-slack](https://gitlab.com/beeper/mx-puppet-monorepo) for you.

2
docs/configuring-playbook-matrix-registration.md
View file

@ -4,6 +4,8 @@ The playbook can install and configure [matrix-registration](https://github.com/
**WARNING**: this is a poorly maintained and buggy project. It's better to avoid using it.
**WARNING**: this is not related to [matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md)
> matrix-registration is a simple python application to have a token based matrix registration.
Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.

10
docs/configuring-playbook-own-webserver.md
View file

@ -6,9 +6,6 @@ If that's alright, you can skip this.
If you don't want this playbook's nginx webserver to take over your server's 80/443 ports like that,
and you'd like to use your own webserver (be it nginx, Apache, Varnish Cache, etc.), you can.
You should note, however, that the playbook's services work best when you keep using the integrated `matrix-nginx-proxy` webserver.
For example, disabling `matrix-nginx-proxy` when running a [Synapse worker setup for load-balancing](configuring-playbook-synapse.md#load-balancing-with-workers) (a more advanced, non-default configuration) is likely to cause various troubles (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2090)). If you need a such more scalable setup, disabling `matrix-nginx-proxy` will be a bad idea. If yours will be a simple (default, non-worker-load-balancing) deployment, disabling `matrix-nginx-proxy` may be fine.
There are **2 ways you can go about it**, if you'd like to use your own webserver:
- [Method 1: Disabling the integrated nginx reverse-proxy webserver](#method-1-disabling-the-integrated-nginx-reverse-proxy-webserver)
@ -19,7 +16,12 @@ There are **2 ways you can go about it**, if you'd like to use your own webserve
## Method 1: Disabling the integrated nginx reverse-proxy webserver
This method is about completely disabling the integrated nginx reverse-proxy webserver and replicating its behavior using another webserver.
For an alternative, make sure to check Method #2 as well.
If that other webserver is `nginx`, you'd be able to include configuration files generated by the playbook into your `nginx` webserver.
If you'd like to use another webserver (not `nginx`), you'd need to do things manually. We have examples for other webservers below.
For an alternative (which keeps `matrix-nginx-proxy` around and connects your other reverse-proxy with it), make sure to check Method #2.
### Preparation

28
docs/configuring-playbook-synapse-s3-storage-provider.md
View file

@ -3,8 +3,6 @@
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
you can use the [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider) media provider module for Synapse.
**`synapse-s3-storage-provider` support is very new and still relatively untested. Using it may cause data loss.**
An alternative (which has worse performance) is to use [Goofys to mount the S3 store to the local filesystem](configuring-playbook-s3-goofys.md).
@ -28,13 +26,13 @@ While you will need some local disk space around, it's only to accommodate usage
## Installing
After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure Goofys in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
After [creating the S3 bucket and configuring it](configuring-playbook-s3.md#bucket-creation-and-security-configuration), you can proceed to configure `s3-storage-provider` in your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
```yaml
matrix_synapse_ext_synapse_s3_storage_provider_enabled: true
matrix_synapse_ext_synapse_s3_storage_provider_config_bucket: your-bucket-name
matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: some-region-name # e.g. eu-central-1
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://.. # delete this whole line for Amazon S3
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: https://s3.REGION_NAME.amazonaws.com # adjust this
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: access-key-goes-here
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: secret-key-goes-here
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD # or STANDARD_IA, etc.
@ -68,11 +66,11 @@ This launches a Synapse container, which has access to the local media store, Po
Then use the following commands (`$` values come from environment variables - they're **not placeholders** that you need to substitute):
- `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on
1. `s3_media_upload update-db $UPDATE_DB_DURATION` - create a local SQLite database (`cache.db`) with a list of media repository files (from the `synapse` Postgres database) eligible for operating on
- `$UPDATE_DB_DURATION` is influenced by the `matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count` variable (defaults to `0`)
- `$UPDATE_DB_DURATION` defaults to `0d` (0 days), which means **include files which haven't been accessed for more than 0 days** (that is, **all files will be included**).
- `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory
- `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory
2. `s3_media_upload check-deleted $MEDIA_PATH` - check whether files in the local cache still exist in the local media repository directory
3. `s3_media_upload upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT` - uploads locally-stored files to S3 and deletes them from the local media repository directory
The `s3_media_upload upload` command may take a lot of time to complete.
@ -93,13 +91,21 @@ To migrate your existing local data to S3, we recommend to:
#### Copying data to Amazon S3
Generally, you need to use the `aws s3` tool.
To copy to AWS S3, start a container on the Matrix server like this:
This documentation section could use an improvement. Ideally, we'd come up with a guide like the one used in [Copying data to Backblaze B2](#copying-data-to-backblaze-b2) - running `aws s3` in a container, etc.
```sh
docker run -it --rm \
-w /work \
--env-file=/matrix/synapse/ext/s3-storage-provider/env \
--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \
--entrypoint=/bin/sh \
docker.io/amazon/aws-cli:2.9.16 \
-c 'aws s3 sync /work/. s3://$BUCKET/'
```
#### Copying data to Backblaze B2
To copy to Backblaze B2, start a container like this:
To copy to Backblaze B2, start a container on the Matrix server like this:
```sh
docker run -it --rm \
@ -109,7 +115,7 @@ docker run -it --rm \
--env='B2_BUCKET_NAME=YOUR_BUCKET_NAME_GOES_HERE' \
--mount type=bind,src=/matrix/synapse/storage/media-store,dst=/work,ro \
--entrypoint=/bin/sh \
tianon/backblaze-b2:3.6.0 \
docker.io/tianon/backblaze-b2:3.6.0 \
-c 'b2 authorize-account $B2_KEY_ID $B2_KEY_SECRET && b2 sync /work b2://$B2_BUCKET_NAME --skipNewer'
```

4
docs/configuring-playbook.md
View file

@ -106,6 +106,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)
- [Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md) (optional)
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
- [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional)
@ -161,6 +163,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
### Bots
- [Setting up matrix-bot-chatgpt](configuring-playbook-bot-chatgpt.md) - a bot through which you can talk to the [ChatGPT](https://openai.com/blog/chatgpt/) model(optional)
- [Setting up matrix-reminder-bot](configuring-playbook-bot-matrix-reminder-bot.md) - a bot to remind you about stuff (optional)
- [Setting up matrix-registration-bot](configuring-playbook-bot-matrix-registration-bot.md) - a bot to create and manage registration tokens to invite users (optional)

6
docs/installing.md
View file

@ -2,7 +2,7 @@
If you've [configured your DNS](configuring-dns.md) and have [configured the playbook](configuring-playbook.md), you can start the installation procedure.
**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `make roles`. `make roles` is a shortcut (a `roles` target defined in [`Makefile`](Makefile) and executed by the [`make`](https://www.gnu.org/software/make/) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `make`, you can also manually run the `roles` commands seen in the `Makefile`.
**Before installing** and each time you update the playbook in the future, you will need to update the Ansible roles in this playbook by running `just roles`. `just roles` is a shortcut (a `roles` target defined in [`justfile`](../justfile) and executed by the [`just`](https://github.com/casey/just) utility) which ultimately runs [ansible-galaxy](https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html) to download Ansible roles. If you don't have `just`, you can also manually run the `roles` commands seen in the `justfile`.
## Playbook tags introduction
@ -57,7 +57,7 @@ Proceed to [Maintaining your setup in the future](#2-maintaining-your-setup-in-t
If you will be importing data into your newly created Matrix server, install it, but **do not** start its services just yet.
Starting its services or messing with its database now will affect your data import later on.
To do the installation **without** starting services, run only the `setup-all` tag:
To do the installation **without** starting services, run only the `install-all` tag:
```sh
ansible-playbook -i inventory/hosts setup.yml --tags=install-all
@ -88,6 +88,8 @@ Feel free to **re-run the setup command any time** you think something is off wi
Note that if you remove components from `vars.yml`, or if we switch some component from being installed by default to not being installed by default anymore, you'd need to run the setup command with `--tags=setup-all` instead of `--tags=install-all`. See [Playbook tags introduction](#playbook-tags-introduction)
A way to invoke these `ansible-playbook` commands with less typing in the future is to use [just](https://github.com/casey/just) to run them: `just install-all` or `just setup-all`. See [our `justfile`](../justfile) for more information.
## 3. Finalize the installation

4
docs/maintenance-upgrading-services.md
View file

@ -10,8 +10,8 @@ To upgrade services:
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
- download the upstream Ansible roles used by the playbook by running `make roles`
- download the upstream Ansible roles used by the playbook by running `just roles`
- re-run the [playbook setup](installing.md) and restart all serivces: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,ensure-matrix-users-created,start`
- re-run the [playbook setup](installing.md) and restart all services: `just setup-all`
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

2
docs/prerequisites.md
View file

@ -22,7 +22,7 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
- [`git`](https://git-scm.com/) is the recommended way to download the playbook to your computer. `git` may also be required on the server if you will be [self-building](self-building.md) components.
- [`make`](https://www.gnu.org/software/make/) for running `make roles`, etc. (see [`Makefile`](../Makefile)), although you can also run these commands manually (without `make`)
- [`just`](https://github.com/casey/just) for running `just roles`, etc. (see [`justfile`](../justfile)), although you can also run these commands manually
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).

10
docs/registering-users.md
View file

@ -16,13 +16,21 @@ Table of contents:
You can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
```sh
just register-user <your-username> <your-password> <admin access: yes or no>
# Example: `just register-user john secret-password yes`
```
**or** by invoking `ansible-playbook` manually:
```sh
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password> admin=<yes|no>' --tags=register-user
```
**or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
```
```sh
/matrix/synapse/bin/register-user <your-username> <your-password> <admin access: 0 or 1>
```

84
group_vars/matrix_servers
View file

@ -53,6 +53,8 @@ matrix_homeserver_container_extra_arguments_auto: |
+
(['--mount type=bind,src=' + matrix_mautrix_discord_config_path + '/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro'] if matrix_mautrix_discord_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_slack_config_path + '/registration.yaml,dst=/matrix-mautrix-slack-registration.yaml,ro'] if matrix_mautrix_slack_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_facebook_config_path + '/registration.yaml,dst=/matrix-mautrix-facebook-registration.yaml,ro'] if matrix_mautrix_facebook_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_googlechat_config_path + '/registration.yaml,dst=/matrix-mautrix-googlechat-registration.yaml,ro'] if matrix_mautrix_googlechat_enabled else [])
@ -108,6 +110,8 @@ matrix_homeserver_app_service_config_files_auto: |
+
(['/matrix-mautrix-discord-registration.yaml'] if matrix_mautrix_discord_enabled else [])
+
(['/matrix-mautrix-slack-registration.yaml'] if matrix_mautrix_slack_enabled else [])
+
(['/matrix-mautrix-facebook-registration.yaml'] if matrix_mautrix_facebook_enabled else [])
+
(['/matrix-mautrix-googlechat-registration.yaml'] if matrix_mautrix_googlechat_enabled else [])
@ -187,6 +191,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-bot-postmoogle.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'postmoogle']}] if matrix_bot_postmoogle_enabled else [])
+
([{'name': 'matrix-bot-chatgpt.service', 'priority': 2200, 'groups': ['matrix', 'bots', 'chatgpt']}] if matrix_bot_chatgpt_enabled else [])
+
([{'name': 'matrix-appservice-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-discord']}] if matrix_appservice_discord_enabled else [])
+
([{'name': 'matrix-appservice-irc.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'appservice-irc']}] if matrix_appservice_irc_enabled else [])
@ -209,6 +215,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-mautrix-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-discord']}] if matrix_mautrix_discord_enabled else [])
+
([{'name': 'matrix-mautrix-slack.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-slack']}] if matrix_mautrix_slack_enabled else [])
+
([{'name': 'matrix-mautrix-facebook.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-facebook']}] if matrix_mautrix_facebook_enabled else [])
+
([{'name': 'matrix-mautrix-googlechat.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-googlechat']}] if matrix_mautrix_googlechat_enabled else [])
@ -283,7 +291,7 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-nginx-proxy.service', 'priority': 3000, 'groups': ['matrix', 'nginx', 'reverse-proxies']}] if matrix_nginx_proxy_enabled else [])
+
(matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable'))
(matrix_ssl_renewal_systemd_units_list | selectattr('applicable') | selectattr('enableable') | list )
+
([{'name': 'matrix-ntfy.service', 'priority': 800, 'groups': ['matrix', 'ntfy']}] if matrix_ntfy_enabled else [])
+
@ -297,7 +305,7 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': 'matrix-prometheus-postgres-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
+
([{'name': (matrix_prometheus_nginxlog_exporter_container_hostname + '.service'), 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_postgres_exporter_enabled else [])
([{'name': 'matrix-prometheus-nginxlog-exporter.service', 'priority': 3900, 'groups': ['matrix', 'monitoring', 'prometheus', 'prometheus-node-exporters']}] if matrix_prometheus_nginxlog_exporter_enabled else [])
+
([{'name': 'matrix-redis', 'priority': 750, 'groups': ['matrix', 'redis']}] if matrix_redis_enabled else [])
+
@ -718,10 +726,6 @@ matrix_mautrix_discord_database_engine: "{{ 'postgres' if devture_postgres_enabl
matrix_mautrix_discord_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db', rounds=655555) | to_uuid }}"
# Enabling bridge.restricted_rooms for this bridge does not work well with Conduit, so we disable it by default.
# This will be fixed in the upcoming `0.5.0` release of conduit.
matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_implementation == 'conduit' else true }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
@ -729,6 +733,46 @@ matrix_mautrix_discord_bridge_restricted_rooms: "{{ false if matrix_homeserver_i
######################################################################
######################################################################
#
# matrix-bridge-mautrix-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_slack_enabled: false
matrix_mautrix_slack_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_slack_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_slack_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.as.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.hs.tok', rounds=655555) | to_uuid }}"
matrix_mautrix_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using internal Postgres server
matrix_mautrix_slack_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_slack_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_slack_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mauslack.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-slack
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-facebook
@ -1618,6 +1662,24 @@ matrix_bot_postmoogle_database_password: "{{ '%s' | format(matrix_homeserver_gen
######################################################################
######################################################################
#
# matrix-bot-chatgpt
#
######################################################################
# We don't enable bots by default.
matrix_bot_chatgpt_enabled: false
matrix_bot_chatgpt_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
######################################################################
#
# /matrix-bot-chatgpt
#
######################################################################
######################################################################
#
# matrix-bot-go-neb
@ -2448,6 +2510,12 @@ devture_postgres_managed_databases_auto: |
'password': matrix_mautrix_discord_database_password,
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mautrix_slack_database_name,
'username': matrix_mautrix_slack_database_username,
'password': matrix_mautrix_slack_database_password,
}] if (matrix_mautrix_slack_enabled and matrix_mautrix_slack_database_engine == 'postgres' and matrix_mautrix_slack_database_hostname == devture_postgres_connection_hostname) else [])
+
([{
'name': matrix_mx_puppet_slack_database_name,
'username': matrix_mx_puppet_slack_database_username,
@ -2658,6 +2726,8 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
matrix_client_hydrogen_enabled: false
matrix_client_hydrogen_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Hydrogen over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the HTTP port to the local host.
@ -2911,7 +2981,7 @@ matrix_prometheus_scraper_hookshot_enabled: "{{ matrix_hookshot_metrics_enabled|
matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url | string +':'+ matrix_hookshot_metrics_port | string] if matrix_hookshot_metrics_enabled else [] }}"
matrix_prometheus_scraper_nginxlog_enabled: "{{ matrix_prometheus_nginxlog_exporter_enabled }}"
matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_syslog_port | string)
matrix_prometheus_scraper_nginxlog_server_port: "{{ (matrix_prometheus_nginxlog_exporter_container_hostname | string +':'+ matrix_prometheus_nginxlog_exporter_container_metrics_port | string)
| default('') }}"
######################################################################

44
justfile Normal file
View file

@ -0,0 +1,44 @@
# Shows help
default:
@just --list --justfile {{ justfile() }}
# Pulls external Ansible roles
roles:
rm -rf roles/galaxy
ansible-galaxy install -r requirements.yml -p roles/galaxy/ --force
# Runs ansible-lint against all roles in the playbook
lint:
ansible-lint
# Runs the playbook with --tags=install-all,ensure-matrix-users-created,start and optional arguments
install-all *extra_args: (run-tags "install-all,ensure-matrix-users-created,start" extra_args)
# Runs the playbook with --tags=setup-all,ensure-matrix-users-created,start and optional arguments
setup-all *extra_args: (run-tags "setup-all,ensure-matrix-users-created,start" extra_args)
# Runs the playbook with the given list of arguments
run +extra_args:
time ansible-playbook -i inventory/hosts setup.yml {{ extra_args }}
# Runs the playbook with the given list of comma-separated tags and optional arguments
run-tags tags *extra_args:
just --justfile {{ justfile() }} run --tags={{ tags }} {{ extra_args }}
# Runs the playbook in user-registration mode
register-user username password admin_yes_or_no *extra_args:
time ansible-playbook -i inventory/hosts setup.yml --tags=register-user --extra-vars="username={{ username }} password={{ password }} admin={{ admin_yes_or_no }}" {{ extra_args }}
# Starts all services
start-all *extra_args: (run-tags "start-all" extra_args)
# Starts a specific service group
start-group group *extra_args:
@just --justfile {{ justfile() }} run-tags start-group --extra-vars="group={{ group }}" {{ extra_args }}
# Stops all services
stop-all *extra_args: (run-tags "stop-all" extra_args)
# Stops a specific service group
stop-group group *extra_args:
@just --justfile {{ justfile() }} run-tags stop-group --extra-vars="group={{ group }}" {{ extra_args }}

11
playbooks/matrix.yml
View file

@ -4,7 +4,7 @@
become: true
roles:
# Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `make roles` command (see `Makefile`).
# Most of the roles below are not distributed with the playbook, but downloaded separately using `ansible-galaxy` via the `just roles` command (see `justfile`).
- role: galaxy/com.devture.ansible.role.playbook_help
- role: galaxy/com.devture.ansible.role.systemd_docker_base
@ -18,18 +18,24 @@
tags:
- setup-docker
- setup-all
- install-docker
- install-all
- when: devture_docker_sdk_for_python_installation_enabled | bool
role: galaxy/com.devture.ansible.role.docker_sdk_for_python
tags:
- setup-docker
- setup-all
- install-docker
- install-all
- when: devture_timesync_installation_enabled | bool
role: galaxy/com.devture.ansible.role.timesync
tags:
- setup-timesync
- setup-all
- install-timesync
- install-all
- custom/matrix-base
- custom/matrix-dynamic-dns
@ -55,6 +61,7 @@
- custom/matrix-bridge-mautrix-telegram
- custom/matrix-bridge-mautrix-whatsapp
- custom/matrix-bridge-mautrix-discord
- custom/matrix-bridge-mautrix-slack
- custom/matrix-bridge-mx-puppet-discord
- custom/matrix-bridge-mx-puppet-groupme
- custom/matrix-bridge-mx-puppet-steam
@ -72,6 +79,7 @@
- custom/matrix-bot-postmoogle
- custom/matrix-bot-go-neb
- custom/matrix-bot-mjolnir
- custom/matrix-bot-chatgpt
- custom/matrix-cactus-comments
- custom/matrix-synapse
- custom/matrix-synapse-reverse-proxy-companion
@ -115,5 +123,6 @@
role: galaxy/com.devture.ansible.role.playbook_state_preserver
tags:
- setup-all
- install-all
- role: galaxy/com.devture.ansible.role.playbook_runtime_messages

6
requirements.yml
View file

@ -1,7 +1,7 @@
---
- src: geerlingguy.docker
version: 6.0.3
version: 6.0.4
- src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git
version: 6ba3be490b6f4c6f35ea109aeb8e533fa231b3a5
@ -13,13 +13,13 @@
version: 327d2e17f5189ac2480d6012f58cf64a2b46efba
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: 660f384f176a9ea3b5cc702bde39e7dc10bf6186
version: 3d5bb2976815958cdce3f368fa34fb51554f899b
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: e75973e3a4edc12dfc3e880e43b12ebecbf82c61
version: a1bb78d194434b38005f3a9e623bfa4b2c06c7bc
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 77b1f9ae1aafa31c9078178c1036bf744c99d08b

5
roles/custom/matrix-backup-borg/defaults/main.yml
View file

@ -11,8 +11,11 @@ matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
matrix_backup_borg_docker_repo_version: main
matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
# version determined automatically, based on postgres server version (if enabled), otherwise latest is used
# image and postgres version determined automatically, based on detected postgres server version (if enabled), otherwise latest is used
matrix_backup_borg_version: ""
matrix_backup_borg_postgres_version: ""
matrix_backup_borg_borg_version: 1.2.3
matrix_backup_borg_borgmatic_version: 1.7.5
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"

32
roles/custom/matrix-backup-borg/tasks/setup_install.yml
View file

@ -2,25 +2,25 @@
- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
block:
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not devture_postgres_enabled
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not devture_postgres_enabled
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: detect_existing_postgres_version
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: detect_existing_postgres_version
- name: Fail if detected Postgres version is unsupported
ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Fail if detected Postgres version is unsupported
ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Set the correct borg backup version to use
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}"
- name: Set the correct borg backup version to use
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}-{{ matrix_backup_borg_borg_version }}-{{ matrix_backup_borg_borgmatic_version }}"
- name: Ensure borg paths exist
ansible.builtin.file:

6
roles/custom/matrix-bot-buscarron/defaults/main.yml
View file

@ -9,9 +9,9 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_version: v1.3.0
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_version: v1.3.1
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etke.cc/buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron"

79
roles/custom/matrix-bot-chatgpt/defaults/main.yml Normal file
View file

@ -0,0 +1,79 @@
---
# chatgpt is a bot for chatting to openAI chatgpt matrix bot
# Project source code URL: https://github.com/matrixgpt/matrix-chatgpt-bot
matrix_bot_chatgpt_enabled: true
matrix_bot_chatgpt_container_image_self_build: false
matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src"
matrix_bot_chatgpt_version: 1.2.3
matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}"
matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt"
matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"
matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data"
# A list of extra arguments to pass to the container
matrix_bot_chatgpt_container_extra_arguments: []
# List of systemd services that matrix-bot-chatgpt.service depends on
matrix_bot_chatgpt_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-chatgpt.service wants
matrix_bot_chatgpt_systemd_wanted_services_list: []
# ChatGPT Settings
matrix_bot_chatgpt_openai_email: '' # OPENAI_EMAIL=
matrix_bot_chatgpt_openai_password: '' # OPENAI_PASSWORD=
matrix_bot_chatgpt_openai_login_type: 'google' # OPENAI_LOGIN_TYPE="google"
# Matrix Static Settings (required, see notes)
# Defaults to "https://matrix.org"
matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL=
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN, needs to be set, created manually beforehand.
matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt'
matrix_bot_chatgpt_matrix_bot_username: "@{{ matrix_bot_chatgpt_matrix_bot_username_localpart }}:{{ matrix_domain }}" # MATRIX_BOT_USERNAME=
# Set `MATRIX_BOT_PASSWORD` the bot will print an `MATRIX_ACCESS_TOKEN` to the terminal
# or https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix
matrix_bot_chatgpt_matrix_access_token: '' # MATRIX_ACCESS_TOKEN=
# Once `MATRIX_BOT_ACCESS_TOKEN` is set this is no longer used.
matrix_bot_chatgpt_matrix_bot_password: '' # MATRIX_BOT_PASSWORD=
# Matrix Configurable Settings Defaults (optional)
matrix_bot_chatgpt_matrix_default_prefix: "!chatgpt " # MATRIX_DEFAULT_PREFIX= Leave prefix blank to reply to all messages, trailing space matters
matrix_bot_chatgpt_matrix_default_prefix_reply: false # MATRIX_DEFAULT_PREFIX_REPLY=
# Matrix Access Control (optional)
matrix_bot_chatgpt_matrix_blacklist: ''
matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}'
# Matrix Feature Flags (optional)
matrix_bot_chatgpt_matrix_autojoin: true # MATRIX_AUTOJOIN=true
matrix_bot_chatgpt_matrix_encryption: true # MATRIX_ENCRYPTION=true
matrix_bot_chatgpt_matrix_threads: true # MATRIX_THREADS=true
matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true
# A list of admins
# Example set of rules:
# matrix_bot_chatgpt_admins:
# - @someone:example.com
# - @another:example.com
# - @bot.*:example.com
# - @*:another.com
# matrix_bot_chatgpt_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
# Log level
# matrix_bot_chatgpt_loglevel: 'INFO'
# Additional environment variables to pass to the chatgpt container
#
# Example:
# matrix_bot_chatgpt_environment_variables_extension: |
# chatgpt_TEXT_DONE=Done
matrix_bot_chatgpt_environment_variables_extension: ''

20
roles/custom/matrix-bot-chatgpt/tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
- block:
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-chatgpt
- install-all
- install-bot-chatgpt
- block:
- when: not matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-chatgpt

63
roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,63 @@
---
- name: Ensure chatgpt paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_docker_src_files_path }}", when: matrix_bot_chatgpt_container_image_self_build}
when: "item.when | bool"
- name: Ensure chatgpt environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure chatgpt image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_chatgpt_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_docker_image_force_pull }}"
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure chatgpt repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_chatgpt_docker_repo }}"
version: "{{ matrix_bot_chatgpt_docker_repo_version }}"
dest: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_chatgpt_git_pull_results
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure chatgpt image is built
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: build
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
pull: true
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
mode: 0644
register: matrix_bot_chatgpt_systemd_service_result

25
roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-chatgpt service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
register: matrix_bot_chatgpt_service_stat
- when: matrix_bot_chatgpt_service_stat.stat.exists | bool
block:
- name: Ensure matrix-chatgpt is stopped
ansible.builtin.service:
name: matrix-bot-chatgpt
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-chatgpt.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
state: absent
- name: Ensure Matrix chatgpt paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_chatgpt_base_path }}"
state: absent

12
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Fail if required Chatgpt settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_chatgpt_openai_email', when: true}
- {'name': 'matrix_bot_chatgpt_openai_password', when: true}
- {'name': 'matrix_bot_chatgpt_openai_login_type', when: true}
- {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true}

25
roles/custom/matrix-bot-chatgpt/templates/env.j2 Normal file
View file

@ -0,0 +1,25 @@
MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }}
MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }}
OPENAI_EMAIL={{ matrix_bot_chatgpt_openai_email }}
OPENAI_PASSWORD={{ matrix_bot_chatgpt_openai_password }}
OPENAI_LOGIN_TYPE={{ matrix_bot_chatgpt_openai_login_type }}
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN
MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }}
MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }}
MATRIX_DEFAULT_PREFIX={{ matrix_bot_chatgpt_matrix_default_prefix }}
MATRIX_DEFAULT_PREFIX_REPLY={{ matrix_bot_chatgpt_matrix_default_prefix_reply|lower }}
MATRIX_BLACKLIST={{ matrix_bot_chatgpt_matrix_blacklist }}
MATRIX_WHITELIST={{ matrix_bot_chatgpt_matrix_whitelist }}
MATRIX_AUTOJOIN={{ matrix_bot_chatgpt_matrix_autojoin|lower }}
MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }}
MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }}
MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }}
DATA_PATH=/data/
{{ matrix_bot_chatgpt_environment_variables_extension }}

41
roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2 Normal file
View file

@ -0,0 +1,41 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix chatgpt bot
{% for service in matrix_bot_chatgpt_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_bot_chatgpt_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-chatgpt \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs /tmp \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_chatgpt_config_path }}/env \
--mount type=bind,src={{ matrix_bot_chatgpt_data_path }},dst=/data \
--env HOME=/data/home \
{% for arg in matrix_bot_chatgpt_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_bot_chatgpt_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-bot-chatgpt
[Install]
WantedBy=multi-user.target

4
roles/custom/matrix-bot-honoroit/defaults/main.yml
View file

@ -10,8 +10,8 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.16
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"

3
roles/custom/matrix-bot-maubot/defaults/main.yml
View file

@ -11,7 +11,8 @@ matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version
matrix_bot_maubot_version: v0.3.1
matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.5.0"
matrix_bot_mjolnir_version: "v1.6.4"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

6
roles/custom/matrix-bot-postmoogle/defaults/main.yml
View file

@ -9,9 +9,9 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.10
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_version: v0.9.11
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"

4
roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2
View file

@ -230,8 +230,8 @@ bridge:
# $message - The message content
message_formats:
m.text: '<b>$sender_displayname</b>: $message'
m.notice: '<b>$sender_displayname<b>: $message'
m.emote: '* <b>$sender_displayname<b> $message'
m.notice: '<b>$sender_displayname</b>: $message'
m.emote: '* <b>$sender_displayname</b> $message'
m.file: 'File from <b>$sender_displayname</b>: $message'
m.image: 'Image from <b>$sender_displayname</b>: $message'
m.audio: 'Audio from <b>$sender_displayname</b>: $message'

4
roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_beeper_linkedin_enabled: true
matrix_beeper_linkedin_version: v0.5.3
matrix_beeper_linkedin_version: v0.5.4
# See: https://github.com/beeper/linkedin/pkgs/container/linkedin
matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
matrix_beeper_linkedin_bridge_presence: true
matrix_beeper_linkedin_bridge_space_support_enable: true
matrix_beeper_linkedin_command_prefix: "!li"
matrix_beeper_linkedin_bridge_permissions: |

16
roles/custom/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
View file

@ -88,15 +88,15 @@ manhole:
# Bridge config
bridge:
# Localpart template of MXIDs for LinkedIn users.
# {userid} is replaced with the user ID of the LinkedIn user
username_template: "linkedin_{userid}"
# Displayname template for LinkedIn users.
# Localpart template for per-user room grouping community IDs.
# The bridge will create these communities and add all of the specific user's portals to the community.
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
# (Note that, by default, non-admins might not have your homeserver's permission to create
# communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.)
# `linkedin_{localpart}={server}` is a good value.
community_template: null
# Settings for creating a space for every user.
space_support:
# Whether or not to enable creating a space per user and inviting the
# user (as well as all of the puppets) to that space.
enable: {{ matrix_beeper_linkedin_bridge_space_support_enable|to_json }}
# The name of the space
name: "LinkedIn"
# Displayname template for LinkedIn users.
# {displayname} is replaced with the display name of the LinkedIn user

2
roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.14.0
matrix_heisenbridge_version: 1.14.1
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.5.0
matrix_hookshot_version: 2.7.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

4
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
View file

@ -141,6 +141,6 @@ matrix_mautrix_discord_bridge_encryption_allow: false
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
# On conduit this option may prevent you from joining spaces created by the bridge.
# Setting this to false fixes the issue.
# On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
# Setting this to false fixed the issue.
matrix_mautrix_discord_bridge_restricted_rooms: true

4
roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View file

@ -216,8 +216,8 @@ bridge:
# $message - The message content
message_formats:
m.text: '<b>$sender_displayname</b>: $message'
m.notice: '<b>$sender_displayname<b>: $message'
m.emote: '* <b>$sender_displayname<b> $message'
m.notice: '<b>$sender_displayname</b>: $message'
m.emote: '* <b>$sender_displayname</b> $message'
m.file: '<b>$sender_displayname</b> sent a file'
m.image: '<b>$sender_displayname</b> sent an image'
m.audio: '<b>$sender_displayname</b> sent an audio file'

2
roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_instagram_container_image_self_build: false
matrix_mautrix_instagram_container_image_self_build_repo: "https://github.com/mautrix/instagram.git"
matrix_mautrix_instagram_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_instagram_version == 'latest' else matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_version: v0.2.2
matrix_mautrix_instagram_version: v0.2.3
# See: https://mau.dev/tulir/mautrix-instagram/container_registry
matrix_mautrix_instagram_docker_image: "{{ matrix_mautrix_instagram_docker_image_name_prefix }}mautrix/instagram:{{ matrix_mautrix_instagram_version }}"
matrix_mautrix_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_instagram_container_image_self_build else 'dock.mau.dev/' }}"

8
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View file

@ -10,9 +10,10 @@ matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
matrix_mautrix_signal_version: v0.4.2
matrix_mautrix_signal_daemon_version: 0.23.0
matrix_mautrix_signal_daemon_version: 0.23.1
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_daemon_container_image_self_build: false
@ -20,7 +21,8 @@ matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald"
matrix_mautrix_signal_daemon_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_daemon_version == 'latest' else matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
matrix_mautrix_signal_daemon_docker_image: "{{ matrix_mautrix_signal_daemon_docker_image_name_prefix }}signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
matrix_mautrix_signal_daemon_docker_image_name_prefix: "docker.io/"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}"
matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}"

138
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml Normal file
View file

@ -0,0 +1,138 @@
---
# mautrix-slack is a Matrix <-> Slack bridge
# Project source code URL: https://github.com/mautrix/slack
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_container_image_self_build: false
matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/slack.git"
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
matrix_mautrix_slack_version: latest
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_slack_docker_image_force_pull: "{{ matrix_mautrix_slack_docker_image.endswith(':latest') }}"
matrix_mautrix_slack_base_path: "{{ matrix_base_data_path }}/mautrix-slack"
matrix_mautrix_slack_config_path: "{{ matrix_mautrix_slack_base_path }}/config"
matrix_mautrix_slack_data_path: "{{ matrix_mautrix_slack_base_path }}/data"
matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path }}/docker-src"
matrix_mautrix_slack_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
matrix_mautrix_slack_command_prefix: "!slack"
matrix_mautrix_slack_bridge_permissions: |
{{
{matrix_mautrix_slack_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_slack_container_extra_arguments: []
# List of systemd services that matrix-mautrix-slack.service depends on.
matrix_mautrix_slack_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-slack.service wants
matrix_mautrix_slack_systemd_wanted_services_list: []
matrix_mautrix_slack_appservice_token: ''
matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn'
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_slack_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_slack_database_*` variables
matrix_mautrix_slack_database_engine: 'sqlite'
matrix_mautrix_slack_sqlite_database_path_local: "{{ matrix_mautrix_slack_data_path }}/mautrix-slack.db"
matrix_mautrix_slack_sqlite_database_path_in_container: "/data/mautrix-slack.db"
matrix_mautrix_slack_database_username: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_password: 'some-password'
matrix_mautrix_slack_database_hostname: ''
matrix_mautrix_slack_database_port: 5432
matrix_mautrix_slack_database_name: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable'
matrix_mautrix_slack_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_slack_database_engine]
}}"
matrix_mautrix_slack_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
'postgres': matrix_mautrix_slack_database_connection_string,
}[matrix_mautrix_slack_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_slack_login_shared_secret: ''
matrix_mautrix_slack_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_slack_homeserver_domain: matrix_mautrix_slack_login_shared_secret} if matrix_mautrix_slack_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_slack_bridge_double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain : matrix_mautrix_slack_homeserver_address }}"
# Default mautrix-slack configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_slack_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration_extension: "{{ matrix_mautrix_slack_configuration_extension_yaml | from_yaml if matrix_mautrix_slack_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration: "{{ matrix_mautrix_slack_configuration_yaml | from_yaml | combine(matrix_mautrix_slack_configuration_extension, recursive=True) }}"
matrix_mautrix_slack_registration_yaml: |
id: slack
url: {{ matrix_mautrix_slack_appservice_address }}
as_token: "{{ matrix_mautrix_slack_appservice_token }}"
hs_token: "{{ matrix_mautrix_slack_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_slack_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@slack_[a-z-A-Z0-9\-]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_slack_bridge_encryption_allow: false
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

20
roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
- block:
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-slack
- install-all
- install-mautrix-slack
- block:
- when: not matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-slack

108
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,108 @@
---
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: false
- when: "matrix_mautrix_slack_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
register: matrix_mautrix_slack_sqlite_database_path_local_stat_result
- when: "matrix_mautrix_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_slack_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-slack.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: true
- name: Ensure Mautrix Slack paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_slack_base_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_config_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_data_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_docker_src_files_path }}", when: "{{ matrix_mautrix_slack_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix Slack image is pulled
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_docker_image_force_pull }}"
when: not matrix_mautrix_slack_container_image_self_build
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure Mautrix slack repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_slack_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_slack_docker_src_files_path }}"
version: "{{ matrix_mautrix_slack_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_slack_git_pull_results
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure Mautrix slack Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_slack_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure mautrix-slack config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-slack registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-slack.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
mode: 0644
register: matrix_mautrix_slack_systemd_service_result
- name: Ensure matrix-mautrix-slack.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-slack.service"
state: restarted
daemon_reload: true
when: "matrix_mautrix_slack_requires_restart | bool"

20
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Check existence of matrix-mautrix-slack service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
register: matrix_mautrix_slack_service_stat
- when: matrix_mautrix_slack_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-slack is stopped
ansible.builtin.service:
name: matrix-mautrix-slack
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-slack.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
state: absent

20
roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Fail if required mautrix-slack settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_mautrix_slack_appservice_token', when: true}
- {'name': 'matrix_mautrix_slack_homeserver_token', when: true}
- {'name': 'matrix_mautrix_slack_database_hostname', when: "{{ matrix_mautrix_slack_database_engine == 'postgres' }}"}
- name: Fail if appservice-slack and mautrix-slack have conflicting bot usernames
when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('')
ansible.builtin.fail:
msg: |
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit.
To resolve the conflict, make one of these components use a different username.
Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
We recommend that you change the username for the newly-added (and yet unused) component.

240
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,240 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_slack_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_slack_homeserver_domain | to_json }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_slack_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_slack_appservice_database_type|to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_slack_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: {{ matrix_mautrix_slack_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_slack_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Bridge config
bridge:
# Localpart template of MXIDs for Slack users.
# {{ '{{.}}' }} is replaced with the internal ID of the Slack user.
username_template: "{{ 'slack_{{.}}' }}"
# Displayname template for Slack users.
# TODO: document variables
displayname_template: "{{ '{{.RealName}} (S)' }}"
bot_displayname_template: "{{ '{{.Name}} (bot)' }}"
channel_name_template: "{{ '#{{.Name}}' }}"
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain }}": {{ matrix_mautrix_slack_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_slack_bridge_login_shared_secret_map|to_json }}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_slack_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_slack_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_slack_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow|to_json }}
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_slack_bridge_permissions|to_json }}
logging:
directory: ./logs
file_name_format: ''
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: {{ matrix_mautrix_slack_logging_level | to_json }}
print_json: false
file_json: false

43
roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 Normal file
View file

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Slack bridge
{% for service in matrix_mautrix_slack_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_slack_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \
--workdir=/data \
{% for arg in matrix_mautrix_slack_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_slack_docker_image }} \
/usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-slack
[Install]
WantedBy=multi-user.target

6
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -9,7 +9,8 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_telegram_lottieconverter_docker_repo_version: "master"
matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image: "{{ matrix_telegram_lottieconverter_docker_image_name_prefix }}tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image_name_prefix: "{{ 'localhost/' if matrix_telegram_lottieconverter_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_telegram_container_image_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
@ -18,7 +19,8 @@ matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/maut
matrix_mautrix_telegram_version: v0.12.2
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

8
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.7.2
matrix_mautrix_whatsapp_version: v0.8.1
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@ -102,6 +102,12 @@ matrix_mautrix_whatsapp_bridge_permissions: |
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Enable bridge relay functionality
matrix_mautrix_whatsapp_bridge_relay_enabled: false
# Only allow admins on this home server to set themselves as a relay user
matrix_mautrix_whatsapp_bridge_relay_admin_only: true
# Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

6
roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View file

@ -290,6 +290,8 @@ bridge:
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# Should polls be sent using MSC3381 event types?
extev_polls: false
# Should Matrix edits be bridged to WhatsApp edits?
# Official WhatsApp clients don't render edits yet, but once they do, the bridge should work with them right away.
send_whatsapp_edits: false
@ -394,9 +396,9 @@ bridge:
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
enabled: {{ matrix_mautrix_whatsapp_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: true
admin_only: {{ matrix_mautrix_whatsapp_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"

2
roles/custom/matrix-client-cinny/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v2.2.2
matrix_client_cinny_version: v2.2.3
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.16
matrix_client_element_version: v1.11.20
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

40
roles/custom/matrix-client-element/tasks/prepare_themes.yml
View file

@ -9,29 +9,29 @@
delegate_to: 127.0.0.1
become: false
block:
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
version: "{{ matrix_client_element_themes_repository_version }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
version: "{{ matrix_client_element_themes_repository_version }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Find all Element theme files
ansible.builtin.find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Find all Element theme files
ansible.builtin.find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Read Element theme
ansible.builtin.slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Read Element theme
ansible.builtin.slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Load Element theme
ansible.builtin.set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
- name: Load Element theme
ansible.builtin.set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
#
# Tasks related to getting rid of Element themes (if it was previously enabled)

10
roles/custom/matrix-client-hydrogen/defaults/main.yml
View file

@ -3,14 +3,12 @@
matrix_client_hydrogen_enabled: true
# Self building is used by default because the `config.json` file is only read at build time.
# The pre-built images also were not functional as of 2021-05-15.
matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build: false
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.3.5
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_hydrogen_version: v0.3.6
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vector-im/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else 'ghcr.io/' }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
matrix_client_hydrogen_data_path: "{{ matrix_base_data_path }}/client-hydrogen"

5
roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
View file

@ -38,11 +38,10 @@
- name: Ensure Hydrogen configuration installed
ansible.builtin.copy:
content: "{{ matrix_client_hydrogen_configuration | to_nice_json }}"
dest: "{{ matrix_client_hydrogen_docker_src_files_path }}/src/platform/web/assets/config.json"
dest: "{{ matrix_client_hydrogen_data_path }}/config.json"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: "matrix_client_hydrogen_container_image_self_build | bool"
- name: Ensure Hydrogen additional config files installed
ansible.builtin.template:
@ -55,8 +54,6 @@
- {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"}
when: "item.src is not none"
# This step MUST come after the steps to install the configuration files because the config files
# are currently only read at build time, not at run time like most other components in the playbook
- name: Ensure Hydrogen Docker image is built
community.docker.docker_image:
name: "{{ matrix_client_hydrogen_docker_image }}"

2
roles/custom/matrix-client-hydrogen/templates/config.json.j2
View file

@ -3,7 +3,7 @@
"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
"themeManifests": [
"assets/theme-Element.json"
"assets/theme-element.json"
],
"defaultTheme": {
"light": "element-light",

1
roles/custom/matrix-client-hydrogen/templates/systemd/matrix-client-hydrogen.service.j2
View file

@ -24,6 +24,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
--mount type=bind,src={{ matrix_client_hydrogen_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_client_hydrogen_data_path }}/config.json,dst=/usr/share/nginx/html/config.json,ro \
{% for arg in matrix_client_hydrogen_container_extra_arguments %}
{{ arg }} \
{% endfor %}

2
roles/custom/matrix-conduit/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_conduit_enabled: true
matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}"
matrix_conduit_docker_image_name_prefix: "docker.io/"
matrix_conduit_docker_image_tag: "v0.4.0"
matrix_conduit_docker_image_tag: "v0.5.0"
matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}"
matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit"

2
roles/custom/matrix-corporal/defaults/main.yml
View file

@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_version: 2.4.0
matrix_corporal_version: 2.5.1
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

2
roles/custom/matrix-dendrite/tasks/register_user.yml
View file

@ -29,6 +29,6 @@
- name: Register user
ansible.builtin.command:
cmd: "{{ {{ matrix_dendrite_bin_path }} }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
cmd: "{{ matrix_dendrite_bin_path }}/create-account {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
register: matrix_dendrite_register_user_result
changed_when: matrix_dendrite_register_user_result.rc == 0

2
roles/custom/matrix-grafana/defaults/main.yml
View file

@ -5,7 +5,7 @@
matrix_grafana_enabled: true
matrix_grafana_version: 9.3.1
matrix_grafana_version: 9.3.2
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

3
roles/custom/matrix-jitsi/defaults/main.yml
View file

@ -72,7 +72,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-8044
matrix_jitsi_version: stable-8218
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@ -96,6 +96,7 @@ matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}"
matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}"
matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}"
matrix_jitsi_turn_transport: tcp
# Controls whether Etherpad will be available within Jitsi
matrix_jitsi_etherpad_enabled: false

1
roles/custom/matrix-jitsi/tasks/util/setup_jitsi_auth.yml
View file

@ -22,6 +22,7 @@
- matrix_jitsi_prosody_auth_internal_accounts|length > 0
register: matrix_jitsi_user_configuration_result
changed_when: matrix_jitsi_user_configuration_result.rc == 0
no_log: true
#
# Tasks related to configuring other Jitsi authentication mechanisms

3
roles/custom/matrix-jitsi/templates/prosody/env.j2
View file

@ -47,6 +47,7 @@ TURN_HOST={{ matrix_jitsi_turn_host }}
TURNS_HOST={{ matrix_jitsi_turns_host }}
TURN_PORT={{ matrix_jitsi_turn_port }}
TURNS_PORT={{ matrix_jitsi_turns_port }}
TURN_TRANSPORT={{ matrix_jitsi_turn_transport }}
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
@ -60,4 +61,4 @@ XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
XMPP_CROSS_DOMAIN=true
{% if matrix_prosody_jitsi_max_participants is number %}
MAX_PARTICIPANTS={{ matrix_prosody_jitsi_max_participants }}
{% endif %}
{% endif %}

2
roles/custom/matrix-mailer/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_version: 4.95-r0-4
matrix_mailer_version: 4.96-r1-0
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}"
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-nginx-proxy/defaults/main.yml
View file

@ -1,7 +1,7 @@
---
# Project source code URL: https://github.com/nginx/nginx
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_version: 1.23.2-alpine
matrix_nginx_proxy_version: 1.23.3-alpine
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but

2
roles/custom/matrix-ntfy/defaults/main.yml
View file

@ -7,7 +7,7 @@ matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
matrix_ntfy_version: v1.29.1
matrix_ntfy_version: v1.30.1
matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"

58
roles/custom/matrix-prometheus-nginxlog-exporter/templates/nginx-proxy.json
View file

@ -56,7 +56,7 @@
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"id": 5,
"links": [],
"liveNow": false,
"panels": [
@ -132,7 +132,7 @@
"h": 8,
"w": 12,
"x": 0,
"y": 17
"y": 1
},
"id": 20,
"options": {
@ -154,14 +154,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"1.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "1xx by remote addr [$request_host]",
"title": "1xx by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -226,7 +226,7 @@
"h": 8,
"w": 12,
"x": 12,
"y": 17
"y": 1
},
"id": 21,
"options": {
@ -323,7 +323,7 @@
"h": 8,
"w": 12,
"x": 0,
"y": 25
"y": 9
},
"id": 18,
"options": {
@ -345,14 +345,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"2.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "2xx by remote addr [$request_host]",
"title": "2xx by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -417,7 +417,7 @@
"h": 8,
"w": 12,
"x": 12,
"y": 25
"y": 9
},
"id": 19,
"options": {
@ -514,7 +514,7 @@
"h": 8,
"w": 12,
"x": 0,
"y": 33
"y": 17
},
"id": 16,
"options": {
@ -536,14 +536,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"3.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "3xx by remote addr [$request_host]",
"title": "3xx by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -608,7 +608,7 @@
"h": 8,
"w": 12,
"x": 12,
"y": 33
"y": 17
},
"id": 17,
"options": {
@ -644,7 +644,7 @@
"type": "timeseries"
}
],
"title": "1xx - 3xx - 2xx Status Code .....................................................",
"title": "1xx - 2xx - 3xx Status Code .....................................................",
"type": "row"
},
{
@ -744,14 +744,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"404\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "404 by remote addr [$request_host]",
"title": "404 by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -935,14 +935,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"4.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "4xx by remote addr [$request_host]",
"title": "4xx by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -1114,7 +1114,7 @@
"h": 8,
"w": 12,
"x": 0,
"y": 11
"y": 3
},
"id": 10,
"options": {
@ -1136,14 +1136,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for, status) (rate(http_response_count_total{status=~\"504|502\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "502-504 by remote addr [$request_host]",
"title": "502-504 by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -1208,7 +1208,7 @@
"h": 8,
"w": 12,
"x": 12,
"y": 11
"y": 3
},
"id": 11,
"options": {
@ -1305,7 +1305,7 @@
"h": 8,
"w": 12,
"x": 0,
"y": 19
"y": 11
},
"id": 12,
"options": {
@ -1327,14 +1327,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"5.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "5xx by remote addr [$request_host]",
"title": "5xx by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -1399,7 +1399,7 @@
"h": 8,
"w": 12,
"x": 12,
"y": 19
"y": 11
},
"id": 13,
"options": {
@ -1532,14 +1532,14 @@
"uid": "${DS_PROMETHEUS}"
},
"editorMode": "builder",
"expr": "sum by(remote_addr) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"expr": "sum by(http_x_forwarded_for) (rate(http_response_count_total{status=~\"[6-9]{1}.*\", request_host=~\"$request_host\"}[$__rate_interval]))",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "6xx > by remote addr [$request_host]",
"title": "6xx > by upstream addr[$request_host]",
"type": "timeseries"
},
{
@ -1700,6 +1700,6 @@
"timezone": "",
"title": "NGINX PROXY",
"uid": "x2_jWNF4k",
"version": 11,
"version": 12,
"weekStart": ""
}

20
roles/custom/matrix-prometheus-nginxlog-exporter/templates/prometheus-nginxlog-exporter.yaml.j2
View file

@ -23,6 +23,26 @@ namespaces:
split: 2
separator: ' '
matches:
- regexp: "^([^\\?]+)/(public|bundles|fonts|img|themes|vector-icons|element-icons|d|media).*"
replacement: "$1/$2/"
- regexp: "^([^\\?]+).*/rooms/.*/(event|read_markers|messages|receipt|state|typing|members).*"
replacement: "$1/rooms/:roomid:/$2"
- regexp: "^([^\\?]+).*/(r0|v3)/(sync|pushers|keys|devices|download|sendtodevice).*"
replacement: "$1/:v:/$3"
- regexp: "^([^\\?]+).*/rooms/(.*)/send/(.*)"
replacement: "$1/rooms/:roomid:/send/:command:/:id:"
- regexp: "^([^\\?]+).*/client/unstable/.*"
replacement: "$1/client/unstable/:matrixspec:"
- regexp: "^([^\\?]+).*/presence/.*"
replacement: "$1/presence/:userid:"
- regexp: "^([^\\?]+).*/user/.*"
replacement: "$1/user/:userid:"
- regexp: "^([^\\?]+).*/profile/.*"
replacement: "$1/profile/:userid:"
- regexp: "^([^\\?]+).*/directory/room/.*"
replacement: "$1/directory/room/:roomid:"
- regexp: "^([^\\?]+).*/thumbnail/.*"
replacement: "$1/thumbnail/:domain:/:mxid:"
- regexp: "^([^\\?]+)(.*)"
replacement: "$1"
- target_label: remote_addr

3
roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml
View file

@ -7,7 +7,8 @@ matrix_prometheus_postgres_exporter_enabled: false
matrix_prometheus_postgres_exporter_version: v0.11.1
matrix_prometheus_postgres_exporter_port: 9187
matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"
matrix_prometheus_postgres_exporter_docker_image: "{{ matrix_prometheus_postgres_exporter_docker_image_name_prefix }}prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"
matrix_prometheus_postgres_exporter_docker_image_name_prefix: "quay.io/"
matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_prometheus_postgres_exporter_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container

2
roles/custom/matrix-prometheus/defaults/main.yml
View file

@ -5,7 +5,7 @@
matrix_prometheus_enabled: false
matrix_prometheus_version: v2.40.5
matrix_prometheus_version: v2.41.0
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-redis/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_redis_connection_password: ""
matrix_redis_base_path: "{{ matrix_base_data_path }}/redis"
matrix_redis_data_path: "{{ matrix_redis_base_path }}/data"
matrix_redis_version: 7.0.4-alpine
matrix_redis_version: 7.0.7-alpine
matrix_redis_docker_image_v6: "{{ matrix_container_global_registry_prefix }}redis:{{ matrix_redis_version }}"
matrix_redis_docker_image_latest: "{{ matrix_redis_docker_image_v6 }}"
matrix_redis_docker_image_to_use: '{{ matrix_redis_docker_image_latest }}'

2
roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml
View file

@ -25,7 +25,7 @@
matrix_synapse_reverse_proxy_companion_enabled: true
matrix_synapse_reverse_proxy_companion_version: 1.23.2-alpine
matrix_synapse_reverse_proxy_companion_version: 1.23.3-alpine
matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion"
matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d"

14
roles/custom/matrix-synapse/defaults/main.yml
View file

@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.73.0
matrix_synapse_version: v1.75.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -725,6 +725,7 @@ matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
matrix_synapse_ext_password_provider_ldap_enabled: false
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_mode: "search"
matrix_synapse_ext_password_provider_ldap_base: ""
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
@ -791,7 +792,7 @@ matrix_synapse_ext_encryption_config_yaml: |
# Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`).
# Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider.
matrix_synapse_ext_synapse_s3_storage_provider_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2
matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.0
# Controls whether media from this (local) server is stored in s3-storage-provider
matrix_synapse_ext_synapse_s3_storage_provider_store_local: true
# Controls whether media from remote servers is stored in s3-storage-provider
@ -806,6 +807,9 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: 'AES256'
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD
matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40
# matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command.
@ -815,7 +819,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0
matrix_s3_media_store_enabled: false
matrix_s3_media_store_custom_endpoint_enabled: false
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
matrix_s3_goofys_docker_image: "{{ matrix_s3_goofys_docker_image_name_prefix }}ewoutp/goofys:latest"
matrix_s3_goofys_docker_image_name_prefix: "docker.io/"
matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
matrix_s3_media_store_bucket_name: "your-bucket-name"
@ -891,7 +896,8 @@ matrix_synapse_redaction_retention_period: 7d
matrix_synapse_user_ips_max_age: 28d
matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/"
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"

3
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml
View file

@ -10,9 +10,10 @@
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
ansible.builtin.fail:
msg: >-
`matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix).
when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"
when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"

0
roles/custom/matrix-synapse/tasks/inject_into_nginx_proxy.yml → roles/custom/matrix-synapse/tasks/init.yml
View file

6
roles/custom/matrix-synapse/tasks/main.yml
View file

@ -2,10 +2,14 @@
- block:
- when: matrix_synapse_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
ansible.builtin.include_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- setup-all
- setup-synapse
- install-all
- install-synapse
- setup-synapse-reverse-proxy-companion
- install-synapse-reverse-proxy-companion
- start
- start-all
- start-group

5
roles/custom/matrix-synapse/tasks/synapse/workers/init.yml
View file

@ -46,7 +46,7 @@
id: "federation-sender-{{ item }}"
name: "matrix-synapse-worker-federation-sender-{{ item }}"
type: 'federation_sender'
app: 'federation_sender'
app: 'generic_worker'
webserving: false
port: 0
metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}"
@ -58,14 +58,13 @@
matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}"
with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}"
# This type of worker can only have a count of 1, at most
- name: Build pusher workers
ansible.builtin.set_fact:
worker:
id: "pusher-{{ item }}"
name: "matrix-synapse-worker-pusher-{{ item }}"
type: 'pusher'
app: 'pusher'
app: 'generic_worker'
webserving: false
port: 0
metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}"

2
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
View file

@ -10,4 +10,4 @@
--network={{ matrix_docker_network }} \
--entrypoint=/bin/bash \
{{ matrix_synapse_docker_image_final }} \
-c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT'
-c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}'

6
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2
View file

@ -4,6 +4,12 @@ AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_regi
ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }}
BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }}
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }}
SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }}
{% endif %}
STORAGE_CLASS={{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class }}
MEDIA_PATH=/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}

5
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2
View file

@ -9,6 +9,11 @@ config:
access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }}
secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }}
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }}
sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }}
{% endif %}
storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }}
threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }}

3
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
View file

@ -2512,6 +2512,7 @@ password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
mode: {{ matrix_synapse_ext_password_provider_ldap_mode | string | to_json }}
uri: {{ matrix_synapse_ext_password_provider_ldap_uri | string|to_json }}
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }}
base: {{ matrix_synapse_ext_password_provider_ldap_base | string|to_json }}
@ -2533,6 +2534,8 @@ password_providers:
## Push ##
push:
# enabled: false
# Clients requesting push notifications can either have the body of
# the message sent in the notification poke along with other details
# like the sender, or just the event ID and room ID (`event_id_only`).