From deeefac84cad6a0f0fb150be029553b4fe7069ac Mon Sep 17 00:00:00 2001 From: p5t2vspoqqw Date: Wed, 17 Apr 2019 13:42:09 +0200 Subject: [PATCH 01/74] add ngnix-status to config add doc --- docs/configuring-playbook-ngnix.md | 13 +++++++++++++ docs/configuring-playbook.md | 2 ++ roles/matrix-nginx-proxy/defaults/main.yml | 2 ++ .../templates/nginx/conf.d/matrix-domain.conf.j2 | 9 +++++++++ 4 files changed, 26 insertions(+) create mode 100644 docs/configuring-playbook-ngnix.md diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md new file mode 100644 index 00000000..81081e8b --- /dev/null +++ b/docs/configuring-playbook-ngnix.md @@ -0,0 +1,13 @@ +# Configure Ngnix (optional, advanced) + +By default, this playbook installs its own nginx webserver (in a Docker container) which listens on ports 80 and 443. +If that's alright, you can skip this. + + +## Using Ngnix status + +This will serve a statuspage to the hosting machine only. Useful for monitoring software like [longview](https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) + +```yaml +matrix_nginx_proxy_nginx_status_enabled: true +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index c56cf11d..309fff09 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -43,6 +43,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) +- [Configure Ngnix (optional, advanced)](configuring-playbook-ngnix.md) (optional, advanced) + - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) - [Setting up the REST authentication password provider module](configuring-playbook-rest-auth.md) (optional, advanced) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 3576f4c4..54e25194 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,5 +1,7 @@ matrix_nginx_proxy_enabled: true +matrix_nginx_proxy_nginx_status_enabled: false + # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # those as more frequently out of date. diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 679f3efa..b63f9fbc 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -4,6 +4,15 @@ server { server_tokens off; + {% if matrix_nginx_proxy_nginx_status_enabled %} + location /nginx_status { + stub_status on; + access_log off; + allow {{ ansible_default_ipv4.address }}; + deny all; + } + {% endif %} + location /.well-known/acme-challenge { {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} From 7ee6927ca92e6acae0ddb313877cd9b2e7dc7ee1 Mon Sep 17 00:00:00 2001 From: p5t2vspoqqw Date: Tue, 23 Apr 2019 09:44:02 +0200 Subject: [PATCH 02/74] add suggested change; correct indent --- docs/configuring-playbook-ngnix.md | 8 +++++++ roles/matrix-nginx-proxy/defaults/main.yml | 7 ++++-- .../nginx/conf.d/matrix-domain.conf.j2 | 24 ++++++++++--------- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index 81081e8b..e2a46a72 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -11,3 +11,11 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring ```yaml matrix_nginx_proxy_nginx_status_enabled: true ``` + +In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list: + +```yaml +matrix_nginx_proxy_nginx_status_allowed_addresses: +- 8.8.8.8 +- 1.1.1.1 +``` diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 54e25194..7c9739c3 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,5 @@ matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_nginx_status_enabled: false - # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # those as more frequently out of date. @@ -142,3 +140,8 @@ matrix_ssl_lets_encrypt_support_email: ~ matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" + + +# ngnix status page configurations. +matrix_nginx_proxy_nginx_status_enabled: false +matrix_nginx_proxy_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index b63f9fbc..f33d6959 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -4,25 +4,27 @@ server { server_tokens off; - {% if matrix_nginx_proxy_nginx_status_enabled %} - location /nginx_status { - stub_status on; - access_log off; - allow {{ ansible_default_ipv4.address }}; - deny all; - } - {% endif %} +{% if matrix_nginx_proxy_nginx_status_enabled %} + location /nginx_status { + stub_status on; + access_log off; +{% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %} + allow {{ address }}; +{% endfor %} + deny all; + } +{% endif %} location /.well-known/acme-challenge { - {% if matrix_nginx_proxy_enabled %} +{% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; - {% else %} +{% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; - {% endif %} +{% endif %} } location / { From de6c1c99b21edff68a92d49f87fcfa6ce1c99abe Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Fri, 26 Jul 2019 14:43:35 -0500 Subject: [PATCH 03/74] Fix apt message: docker doesn't support arch 'i386' --- roles/matrix-base/tasks/setup_server_base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-base/tasks/setup_server_base.yml b/roles/matrix-base/tasks/setup_server_base.yml index 1aadfb12..9d3070e2 100644 --- a/roles/matrix-base/tasks/setup_server_base.yml +++ b/roles/matrix-base/tasks/setup_server_base.yml @@ -49,7 +49,7 @@ - name: Ensure Docker repository is enabled (Debian) apt_repository: - repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" + repo: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" state: present update_cache: yes when: ansible_os_family == 'Debian' From b0162d6f75404b2515819d6a4b102a2bfae26da4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Jul 2019 18:40:55 +0300 Subject: [PATCH 04/74] Use mautrix-facebook Docker image from new official registry --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 9a1214f3..5e02290a 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_facebook_enabled: true -matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" +# See: https://mau.dev/tulir/mautrix-facebook/container_registry +matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest" matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}" matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" From 82bb55ae7a38ff7ccb465d302f4a9d03e6ec509e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Jul 2019 18:42:30 +0300 Subject: [PATCH 05/74] Use new default port config for mautrix-facebook --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5e02290a..41921d75 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data matrix_mautrix_facebook_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' -matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080' +matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:29319' # A list of extra arguments to pass to the container matrix_mautrix_facebook_container_extra_arguments: [] @@ -52,7 +52,7 @@ matrix_mautrix_facebook_configuration_yaml: | # The hostname and port where this appservice should listen. hostname: 0.0.0.0 - port: 8080 + port: 29319 # The maximum body size of appservice API requests (from the homeserver) in mebibytes # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s max_body_size: 1 From 53ab66eef82d6b6f1aec1bd530fbca8f6c5d1a58 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Jul 2019 19:31:42 +0300 Subject: [PATCH 06/74] Use mautrix-whatsapp Docker image from new official registry --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 5ae2d39c..e158e07a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_whatsapp_enabled: true -matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" +# See: https://mau.dev/tulir/mautrix-whatsapp/container_registry +matrix_mautrix_whatsapp_docker_image: "dock.mau.dev/tulir/mautrix-whatsapp" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" From d543780e4217615d0f6aa78edb9ce83a8420b42e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 28 Jul 2019 19:33:02 +0300 Subject: [PATCH 07/74] Use mautrix-telegram Docker image from new official registry --- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 7a7e51fd..b178635a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -3,7 +3,8 @@ matrix_mautrix_telegram_enabled: true -matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.6.0" +# See: https://mau.dev/tulir/mautrix-telegram/container_registry +matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.0" matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" From 0e3b73a61266295503ca7b085744fd7e2d353df5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 30 Jul 2019 20:56:05 +0300 Subject: [PATCH 08/74] Upgrade matrix-mailer / exim (4.92 -> 4.92.1) --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f40420ea..f828e908 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -2,7 +2,7 @@ matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" -matrix_mailer_docker_image: "devture/exim-relay:4.92-r0-0" +matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-0" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" # The user/group that the container runs with. From 18f6b2937276ae94824247742a05e7cc65dd97c4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 31 Jul 2019 10:47:44 +0300 Subject: [PATCH 09/74] Bump matrix-mailer / exim release (4.92.1-r0-0 -> 4.92.1-r0-1) It adds support for a new `DISABLE_SENDER_VERIFICATION` environment variable that can be used to disable verification of sender addresses. It doesn't matter for us, but we upgrade to keep up with latest. --- roles/matrix-mailer/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mailer/defaults/main.yml b/roles/matrix-mailer/defaults/main.yml index f828e908..f78b4554 100644 --- a/roles/matrix-mailer/defaults/main.yml +++ b/roles/matrix-mailer/defaults/main.yml @@ -2,7 +2,7 @@ matrix_mailer_enabled: true matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer" -matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-0" +matrix_mailer_docker_image: "devture/exim-relay:4.92.1-r0-1" matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" # The user/group that the container runs with. From 524436ebef2f9429a7d33f9c79d65673cbc5cc29 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Aug 2019 14:36:00 +0300 Subject: [PATCH 10/74] Add missing required parameters for Discord bridge Fixes #230 (Github Issue). Related to https://github.com/Half-Shot/matrix-appservice-discord/issues/510 --- roles/matrix-bridge-appservice-discord/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 2832167c..04144f6f 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -86,6 +86,8 @@ matrix_appservice_discord_configuration_yaml: | # enable: # - "DiscordBot" database: + userStorePath: "/data/user-store.db" + roomStorePath: "/data/room-store.db" # You may either use SQLite or Postgresql for the bridge database, which contains # important mappings for events and user puppeting configurations. # Use the filename option for SQLite, or connString for Postgresql. From c40d28a0dc1ef4faf5f7fe9aae38925f2cb01236 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Aug 2019 14:40:12 +0300 Subject: [PATCH 11/74] Relocate user-store.db/room-store.db when migrating Discord bridge files Refer to 524436ebef2 and #230 (Github Issue). --- .../tasks/setup_install.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 384c1f3b..6f4f5979 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -32,10 +32,12 @@ failed_when: false when: "matrix_appservice_discord_stat_db.stat.exists" -# In addition to this, there used to be some `user-store-db` and `room-store.db` files. -# They're no longer in use, so we're not relocating them in an effort to point them out as neither `./data`, nor `./config`. - name: (Data relocation) Move AppService Discord discord.db file to ./data directory - command: "mv {{ matrix_appservice_discord_base_path }}/discord.db {{ matrix_appservice_discord_data_path }}/discord.db" + command: "mv {{ matrix_appservice_discord_base_path }}/{{ item }} {{ matrix_appservice_discord_data_path }}/{{ item }}" + with_items: + - discord.db + - user-store.db + - room-store.db when: "matrix_appservice_discord_stat_db.stat.exists" - name: Ensure AppService Discord config.yaml installed From 6fc779dc836ceccbff166633cc0b66b087d92c02 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 2 Aug 2019 11:59:10 +0300 Subject: [PATCH 12/74] Ensure matrix_ssl_retrieval_method value is valid We recently had someone in the support room who set it to `false` and the playbook ran without any issues. This currently seems to yield the same result as 'none', but it's better to avoid such behavior. --- roles/matrix-nginx-proxy/tasks/validate_config.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/matrix-nginx-proxy/tasks/validate_config.yml b/roles/matrix-nginx-proxy/tasks/validate_config.yml index e5b672ed..dc6567ed 100644 --- a/roles/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/matrix-nginx-proxy/tasks/validate_config.yml @@ -10,3 +10,8 @@ - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'} - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'} +- name: Fail on unknown matrix_ssl_retrieval_method + fail: + msg: >- + `matrix_ssl_retrieval_method` needs to be set to a known value. + when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" From 6fe4bafc2a8dcc40eff3275e35b6d2767026e782 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 3 Aug 2019 07:47:00 +0300 Subject: [PATCH 13/74] Decrease default Synapse logging level Also discussed previously in #213 (Github Pull Request). shared-secret-auth and rest-auth logging is still at `INFO` intentionally, as user login events seem more important to keep. Those modules typically don't spam as much. --- CHANGELOG.md | 15 +++++++++++++++ docs/maintenance-and-troubleshooting.md | 18 ++++++++++++++++++ roles/matrix-synapse/defaults/main.yml | 6 +++--- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2f763c1..cfcde2de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +# 2019-08-03 + +## Synapse logging level has been reduced to WARNING + +After [some discussion in our support room](https://matrix.to/#/!PukFFdIcHgtaaHZflT:devture.com/$156476852524179TBeKy:matrix.org?via=devture.com&via=matrix.org&via=librem.one), we've decided to change the default logging level for Synapse from `INFO` to `WARNING`. + +This greatly reduces the number of log messages that are being logged, leading to: + +- much less disk space dedicated to Synapse and thus, logs kept for longer +- easier to find some important `WARNING`, `ERROR` and `CRITICAL` messages, as they're not longer buried in thousands of non-important `INFO` messages + +If you'd like to track down an issue, you [can always increase the logging level as described here](./docs/maintenance-and-troubleshooting.md#increasing-synapse-logging). + + + # 2019-07-08 ## Synapse Maintenance docs and synapse-janitor support are available diff --git a/docs/maintenance-and-troubleshooting.md b/docs/maintenance-and-troubleshooting.md index bb8730ae..ff1f9e49 100644 --- a/docs/maintenance-and-troubleshooting.md +++ b/docs/maintenance-and-troubleshooting.md @@ -16,6 +16,24 @@ You can see the logs by using journalctl. Example: sudo journalctl -fu matrix-synapse ``` + +## Increasing Synapse logging + +Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`. + +If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO` or even `DEBUG`. + +Example configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`): + +```yaml +matrix_synapse_log_level: "DEBUG" +matrix_synapse_storage_sql_log_level: "DEBUG" +matrix_synapse_root_log_level: "DEBUG" +``` + +Re-run the playbook after making these configuration changes. + + ## Postgres See the dedicated [PostgreSQL Maintenance](maintenance-postgres.md) documentation page. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 87d34dc3..ac3026e8 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -77,9 +77,9 @@ matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 # Possible options are defined here https://docs.python.org/3/library/logging.html#logging-levels # warning: setting log level to DEBUG will make synapse log sensitive information such # as access tokens -matrix_synapse_log_level: "INFO" -matrix_synapse_storage_sql_log_level: "INFO" -matrix_synapse_root_log_level: "INFO" +matrix_synapse_log_level: "WARNING" +matrix_synapse_storage_sql_log_level: "WARNING" +matrix_synapse_root_log_level: "WARNING" # Rate limits matrix_synapse_rc_message: From f084bb4ae5f7dd52b0d2a565f79eab044dad64b4 Mon Sep 17 00:00:00 2001 From: Esko Date: Sun, 4 Aug 2019 05:18:16 +0200 Subject: [PATCH 14/74] Clarify sentence about dedicated user for access token --- docs/configuring-playbook-dimension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index eb6d0612..70aeabb2 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -29,7 +29,7 @@ You are required to specify an access token for Dimension to work. To get an access token, follow these steps: 1. In a private browsing session (incognito window), open Riot. -2. It's better to you use dedicated user for getting access token, so log in with this user's username and password. +2. It's preferable to use a dedicated user for the access token, so create and log in with that user's username and password. 3. Set the display name and avatar, if required. 4. In the settings page choose "Help & About", scroll down to the bottom and click `Access Token: `. 5. Copy the highlighted text to your configuration. From 4be35822ddb226f8c710a26a656180206050e8f0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Aug 2019 13:06:49 +0300 Subject: [PATCH 15/74] Add Email2Matrix support --- CHANGELOG.md | 11 +++ docs/configuring-playbook-email2matrix.md | 79 +++++++++++++++++ docs/configuring-playbook.md | 2 + group_vars/matrix_servers | 15 ++++ roles/matrix-email2matrix/defaults/main.yml | 43 +++++++++ roles/matrix-email2matrix/tasks/init.yml | 3 + roles/matrix-email2matrix/tasks/main.yml | 15 ++++ .../tasks/setup_email2matrix.yml | 88 +++++++++++++++++++ .../tasks/validate_config.yml | 7 ++ .../templates/config.json.j2 | 14 +++ .../systemd/matrix-email2matrix.service.j2 | 32 +++++++ setup.yml | 1 + 12 files changed, 310 insertions(+) create mode 100644 docs/configuring-playbook-email2matrix.md create mode 100644 roles/matrix-email2matrix/defaults/main.yml create mode 100644 roles/matrix-email2matrix/tasks/init.yml create mode 100644 roles/matrix-email2matrix/tasks/main.yml create mode 100644 roles/matrix-email2matrix/tasks/setup_email2matrix.yml create mode 100644 roles/matrix-email2matrix/tasks/validate_config.yml create mode 100644 roles/matrix-email2matrix/templates/config.json.j2 create mode 100644 roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index cfcde2de..d73d19f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2019-08-05 + +## Email2Matrix support + +Support for [Email2Matrix](https://github.com/devture/email2matrix) has been added. + +It's an optional feature that you can enable via the playbook. + +To learn more, see the [playbook's documentation on Email2Matrix](./docs/configuring-playbook-email2matrix.md). + + # 2019-08-03 ## Synapse logging level has been reduced to WARNING diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md new file mode 100644 index 00000000..cac1782d --- /dev/null +++ b/docs/configuring-playbook-email2matrix.md @@ -0,0 +1,79 @@ +# Setting up Email2Matrix (optional) + +The playbook can install and configure [email2matrix](https://github.com/devture/email2matrix) for you. + +See the project's [documentation](https://github.com/devture/email2matrix/blob/master/docs/README.md) to learn what it does and why it might be useful to you. + + +## Preparation + +### Port availability + +Ensure that port 25 is available on your Matrix server. +If you have `postfix` or some other email server software installed, you may need to manually remove it first (unless you need it, of course). + +If you really need to run an email server on the Matrix machine for other purposes, it may be possible to run Email2Matrix on another port (with a configuration like `matrix_email2matrix_smtp_host_bind_port: "127.0.0.01:2525"`) and have your other email server relay messages there. + +### Creating a user + +Before enabling Email2Matrix, you'd most likely wish to create a dedicated user (or more) that would be sending messages on the Matrix side. +Refer to [Registering users](registering-users.md) for ways to do that. A regular (non-admin) user works best. + +### Creating a shared room + +After creating a sender user, you should create one or more Matrix rooms that you share with that user. +It doesn't matter who creates and owns the rooms and who joins later (you or the sender user). + +What matters is that both you and the sender user are part of the same room and that the sender user has enough privileges in the room to be able to send messages there. +Inviting additional people to the room is okay too. + +Take note of each room's room id (different clients show the room id in a different place). +You'll need the room id when doing [Configuration](#configuration) below. + + +### Obtaining an access token for the sender user + +In order for the sender user created above to be able to send messages to the room, we'll need to obtain an access token for it. + +To do this, you can execute a command like this: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "email2matrix" }, "password": "MATRIX_PASSWORD_FOR_THE_USER", "type": "m.login.password", "device_id": "Email2Matrix", "initial_device_display_name": "Email2Matrix"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +Take note of the `access_token` value. You'll need the access token when doing [Configuration](#configuration) below. + + +## Configuration + +After doing the preparation steps above, adjust your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration like this: + +```yaml +matrix_email2matrix_enabled: true + +matrix_email2matrix_matrix_mappings: + - MailboxName: "my-mailbox" + MatrixRoomId: "!someRoom:DOMAIN" + MatrixHomeserverUrl: "https://matrix.DOMAIN" + MatrixUserId: "@email2matrix:DOMAIN" + MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE" + IgnoreSubject: false + IgnoreBody: false + SkipMarkdown: false + + - MailboxName: "my-mailbox2" + MatrixRoomId: "!anotherRoom:DOMAIN" + MatrixHomeserverUrl: "https://matrix.DOMAIN" + MatrixUserId: "@email2matrix:DOMAIN" + MatrixAccessToken: "ACCESS_TOKEN_GOES_HERE" + IgnoreSubject: true + IgnoreBody: false + SkipMarkdown: true +``` + +You can also set `MatrixHomeserverUrl` to `http://matrix-synapse:8008`, instead of the public `https://matrix.DOMAIN`. +However, that's more likely to break in the future if you switch to another server implementation than Synapse. + +Re-run the playbook (`--tags=setup-email2matrix,start`) and try sending an email to `my-mailbox@matrix.DOMAIN`. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 4943415c..5c0e665a 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -80,3 +80,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) + +- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 503a45be..647d930c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -263,6 +263,21 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena ###################################################################### +###################################################################### +# +# matrix-email2matrix +# +###################################################################### + +matrix_email2matrix_enabled: false + +###################################################################### +# +# /matrix-email2matrix +# +###################################################################### + + ###################################################################### # diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml new file mode 100644 index 00000000..2aece19d --- /dev/null +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -0,0 +1,43 @@ +matrix_email2matrix_enabled: true + +matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" +matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config" + +matrix_email2matrix_docker_image: "devture/email2matrix:1.0" +matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" + +# A list of extra arguments to pass to the container +matrix_email2matrix_container_extra_arguments: [] + +# List of systemd services that matrix-corporal.service depends on +matrix_email2matrix_systemd_required_services_list: ['docker.service'] + +# Controls where the matrix-email2matrix container exposes the SMTP (tcp/2525 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:2525"). +# +# By default, we listen on port 25 on all of the host's network interfaces. +matrix_email2matrix_smtp_host_bind_port: "25" + +matrix_email2matrix_smtp_hostname: "{{ matrix_server_fqn_matrix }}" + +# A list of mailbox to Matrix mappings. +# +# Example: +# matrix_email2matrix_matrix_mappings: +# - MailboxName: "mailbox1" +# MatrixRoomId: "!bpcwlxIUxVvvgXcbjy:example.com" +# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" +# MatrixUserId": "@email2matrix:{{ matrix_domain }}" +# MatrixAccessToken": "TOKEN_HERE" +# IgnoreSubject: false +# +# - MailboxName: "mailbox2" +# MatrixRoomId: "!another:example.com" +# MatrixHomeserverUrl: "{{ matrix_homeserver_url }}" +# MatrixUserId": "@email2matrix:{{ matrix_domain }}" +# MatrixAccessToken": "TOKEN_HERE" +# IgnoreSubject: true +matrix_email2matrix_matrix_mappings: [] + +matrix_email2matrix_misc_debug: false diff --git a/roles/matrix-email2matrix/tasks/init.yml b/roles/matrix-email2matrix/tasks/init.yml new file mode 100644 index 00000000..007a5476 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-email2matrix'] }}" + when: matrix_email2matrix_enabled|bool diff --git a/roles/matrix-email2matrix/tasks/main.yml b/roles/matrix-email2matrix/tasks/main.yml new file mode 100644 index 00000000..23114673 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/main.yml @@ -0,0 +1,15 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_email2matrix_enabled|bool" + tags: + - setup-all + - setup-email2matrix + +- import_tasks: "{{ role_path }}/tasks/setup_email2matrix.yml" + when: run_setup|bool + tags: + - setup-all + - setup-email2matrix diff --git a/roles/matrix-email2matrix/tasks/setup_email2matrix.yml b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml new file mode 100644 index 00000000..9d9109e3 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/setup_email2matrix.yml @@ -0,0 +1,88 @@ +--- + +# +# Tasks related to setting up Email2Matrix +# + +- name: Ensure Email2Matrix paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_email2matrix_base_path }}" + - "{{ matrix_email2matrix_config_dir_path }}" + when: matrix_email2matrix_enabled|bool + +- name: Ensure Email2Matrix configuration file created + template: + src: "{{ role_path }}/templates/config.json.j2" + dest: "{{ matrix_email2matrix_config_dir_path }}/config.json" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + mode: 0640 + when: matrix_email2matrix_enabled|bool + +- name: Ensure Email2Matrix image is pulled + docker_image: + name: "{{ matrix_email2matrix_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_email2matrix_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_email2matrix_docker_image_force_pull }}" + when: matrix_email2matrix_enabled|bool + +- name: Ensure matrix-email2matrix.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-email2matrix.service.j2" + dest: "/etc/systemd/system/matrix-email2matrix.service" + mode: 0644 + register: matrix_email2matrix_systemd_service_result + when: matrix_email2matrix_enabled|bool + +- name: Ensure systemd reloaded after matrix-email2matrix.service installation + service: + daemon_reload: yes + when: "matrix_email2matrix_enabled|bool and matrix_email2matrix_systemd_service_result.changed" + +# +# Tasks related to getting rid of the Email2Matrix (if it was previously enabled) +# + +- name: Check existence of matrix-email2matrix service + stat: + path: "/etc/systemd/system/matrix-email2matrix.service" + register: matrix_email2matrix_service_stat + when: "not matrix_email2matrix_enabled|bool" + +- name: Ensure matrix-email2matrix is stopped + service: + name: matrix-email2matrix + state: stopped + daemon_reload: yes + register: stopping_result + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure matrix-email2matrix.service doesn't exist + file: + path: "/etc/systemd/system/matrix-email2matrix.service" + state: absent + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-email2matrix.service removal + service: + daemon_reload: yes + when: "not matrix_email2matrix_enabled|bool and matrix_email2matrix_service_stat.stat.exists" + +- name: Ensure Email2Matrix data path doesn't exist + file: + path: "{{ matrix_email2matrix_base_path }}" + state: absent + when: "not matrix_email2matrix_enabled|bool" + +- name: Ensure Email2Matrix Docker image doesn't exist + docker_image: + name: "{{ matrix_email2matrix_docker_image }}" + state: absent + when: "not matrix_email2matrix_enabled|bool" diff --git a/roles/matrix-email2matrix/tasks/validate_config.yml b/roles/matrix-email2matrix/tasks/validate_config.yml new file mode 100644 index 00000000..d8beecf4 --- /dev/null +++ b/roles/matrix-email2matrix/tasks/validate_config.yml @@ -0,0 +1,7 @@ +--- + +- name: Fail if no mappings + fail: + msg: > + You need to define at least one mapping in `matrix_email2matrix_matrix_mappings` for enabling Email2Matrix. + when: "matrix_email2matrix_matrix_mappings|length == 0" diff --git a/roles/matrix-email2matrix/templates/config.json.j2 b/roles/matrix-email2matrix/templates/config.json.j2 new file mode 100644 index 00000000..c1be97fd --- /dev/null +++ b/roles/matrix-email2matrix/templates/config.json.j2 @@ -0,0 +1,14 @@ +#jinja2: lstrip_blocks: "True" +{ + "Smtp": { + "ListenInterface": "0.0.0.0:2525", + "Hostname": {{ matrix_email2matrix_smtp_hostname|to_json }}, + "Workers": 10 + }, + "Matrix": { + "Mappings": {{ matrix_email2matrix_matrix_mappings|to_nice_json }} + }, + "Misc": { + "Debug": {{ matrix_email2matrix_misc_debug|to_json }} + } +} diff --git a/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 new file mode 100644 index 00000000..eb7e125b --- /dev/null +++ b/roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2 @@ -0,0 +1,32 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Email2Matrix +After=docker.service +Requires=docker.service + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-email2matrix +ExecStartPre=-/usr/bin/docker rm matrix-email2matrix + +ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + -p {{ matrix_email2matrix_smtp_host_bind_port }}:2525 \ + --mount type=bind,src={{ matrix_email2matrix_config_dir_path }}/config.json,dst=/config.json,ro \ + {% for arg in matrix_email2matrix_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_email2matrix_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-email2matrix +ExecStop=-/usr/bin/docker rm matrix-email2matrix +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-email2matrix + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 341840a2..e190bae3 100755 --- a/setup.yml +++ b/setup.yml @@ -17,6 +17,7 @@ - matrix-riot-web - matrix-mxisd - matrix-dimension + - matrix-email2matrix - matrix-nginx-proxy - matrix-coturn - matrix-common-after From 847f887e1b8341bfa81d2657a50700fcbdb67f4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Aug 2019 13:12:42 +0300 Subject: [PATCH 16/74] Update README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3f35081d..e0c2506b 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) +- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms + - (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients Basically, this playbook aims to get you up-and-running with all the basic necessities around Matrix, without you having to do anything else. @@ -108,6 +110,8 @@ This playbook sets up your server using the following Docker images: - [devture/exim-relay](https://hub.docker.com/r/devture/exim-relay/) - the [Exim](https://www.exim.org/) email server (optional) +- [devture/email2matrix](https://hub.docker.com/r/devture/email2matrix/) - the [Email2Matrix](https://github.com/devture/email2matrix) email server, which can relay email messages to Matrix rooms (optional) + - [devture/matrix-corporal](https://hub.docker.com/r/devture/matrix-corporal/) - [Matrix Corporal](https://github.com/devture/matrix-corporal): reconciliator and gateway for a managed Matrix server (optional) - [nginx](https://hub.docker.com/_/nginx/) - the [nginx](http://nginx.org/) web server (optional) From d2226401404617cf1de67689c1bedff110d1b787 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 5 Aug 2019 14:10:24 +0300 Subject: [PATCH 17/74] Add firewall notice about email2matrix --- docs/configuring-playbook-email2matrix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index cac1782d..b10d5c9e 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -9,7 +9,7 @@ See the project's [documentation](https://github.com/devture/email2matrix/blob/m ### Port availability -Ensure that port 25 is available on your Matrix server. +Ensure that port 25 is available on your Matrix server and open in your firewall. If you have `postfix` or some other email server software installed, you may need to manually remove it first (unless you need it, of course). If you really need to run an email server on the Matrix machine for other purposes, it may be possible to run Email2Matrix on another port (with a configuration like `matrix_email2matrix_smtp_host_bind_port: "127.0.0.01:2525"`) and have your other email server relay messages there. From bce165f24756b6129d809262157652aa17bf34db Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 6 Aug 2019 07:14:52 +0300 Subject: [PATCH 18/74] Do not suggest DEBUG logging when submitting issues It's been pointed out that DEBUG logs could contain sensitive information (access tokens, etc.), which makes them unsuitable for sharing with others. INFO should be enough. --- docs/maintenance-and-troubleshooting.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/maintenance-and-troubleshooting.md b/docs/maintenance-and-troubleshooting.md index ff1f9e49..18bfdd83 100644 --- a/docs/maintenance-and-troubleshooting.md +++ b/docs/maintenance-and-troubleshooting.md @@ -21,14 +21,14 @@ sudo journalctl -fu matrix-synapse Because the [Synapse](https://github.com/matrix-org/synapse) Matrix server is originally very chatty when it comes to logging, we intentionally reduce its [logging level](https://docs.python.org/3/library/logging.html#logging-levels) from `INFO` to `WARNING`. -If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO` or even `DEBUG`. +If you'd like to debug an issue or [report a Synapse bug](https://github.com/matrix-org/synapse/issues/new/choose) to the developers, it'd be better if you temporarily increasing the logging level to `INFO`. Example configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`): ```yaml -matrix_synapse_log_level: "DEBUG" -matrix_synapse_storage_sql_log_level: "DEBUG" -matrix_synapse_root_log_level: "DEBUG" +matrix_synapse_log_level: "INFO" +matrix_synapse_storage_sql_log_level: "INFO" +matrix_synapse_root_log_level: "INFO" ``` Re-run the playbook after making these configuration changes. From 0585889d5a66bf29ee715913a20b7cf102f21dde Mon Sep 17 00:00:00 2001 From: microchipster Date: Sun, 28 Jul 2019 16:52:30 +0000 Subject: [PATCH 19/74] add hangouts bridge by copying facebook bridge and find-replacing --- group_vars/matrix_servers | 30 +++ .../defaults/main.yml | 179 ++++++++++++++++++ .../tasks/init.yml | 16 ++ .../tasks/main.yml | 21 ++ .../tasks/setup_install.yml | 73 +++++++ .../tasks/setup_uninstall.yml | 24 +++ .../tasks/validate_config.yml | 10 + .../matrix-mautrix-hangouts.service.j2 | 48 +++++ setup.yml | 1 + 9 files changed, 402 insertions(+) create mode 100644 roles/matrix-bridge-mautrix-hangouts/defaults/main.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/init.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/main.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 503a45be..b08cdce5 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -123,6 +123,36 @@ matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-hangouts +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_hangouts_enabled: false + +matrix_mautrix_hangouts_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mautrix_hangouts_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.as.token') | to_uuid }}" + +matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'ho.hs.token') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-hangouts_ +# +###################################################################### + + + + + ###################################################################### # # matrix-bridge-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml new file mode 100644 index 00000000..9687a9ae --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -0,0 +1,179 @@ +# mautrix-hangouts is a Matrix <-> Hangouts bridge +# See: https://github.com/tulir/mautrix-hangouts + +matrix_mautrix_hangouts_enabled: true + +matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest" +matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" + +matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts" +matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" +matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" + +matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' +matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' +matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' + +# A list of extra arguments to pass to the container +matrix_mautrix_hangouts_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-hangouts.service depends on. +matrix_mautrix_hangouts_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-hangouts.service wants +matrix_mautrix_hangouts_systemd_wanted_services_list: [] + +matrix_mautrix_hangouts_appservice_token: '' +matrix_mautrix_hangouts_homeserver_token: '' + +# Default mxisd configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_hangouts_configuration_yaml: | + #jinja2: lstrip_blocks: "True" + # Homeserver details + homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_hangouts_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_hangouts_homeserver_domain }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + + # Application service host/registration related details + # Changing these values requires regeneration of the registration. + appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_hangouts_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are fully supported. + # Other DBMSes supported by SQLAlchemy may or may not work. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: sqlite:////data/mautrix-hangouts.db + + # The unique ID of this appservice. + id: hangouts + # Username of the appservice bot. + bot_username: hangoutsbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: Hangouts bridge bot + bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv + + # Authentication tokens for AS <-> HS communication. + as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" + hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" + + # Bridge config + bridge: + # Localpart template of MXIDs for Hangouts users. + # {userid} is replaced with the user ID of the Hangouts user. + username_template: "hangouts_{userid}" + # Displayname template for Hangouts users. + # {displayname} is replaced with the display name of the Hangouts user + # as defined below in displayname_preference. + # Keys available for displayname_preference are also available here. + displayname_template: '{displayname} (HO)' + # Available keys: + # "name" (full name) + # "first_name" + # "last_name" + # "nickname" + # "own_nickname" (user-specific!) + displayname_preference: + - name + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!HO" + + # Number of chats to sync (and create portals for) on startup/login. + # Maximum 20, set 0 to disable automatic syncing. + initial_chat_sync: 10 + # Whether or not the Hangouts users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications when using + # your own Matrix account as the Matrix puppet for your Hangouts account. + sync_with_custom_puppets: true + # Whether or not to bridge presence in both directions. Hangouts allows users not to broadcast + # presence, but then it won't send other users' presence to the client. + presence: true + + # Permissions for using the bridge. + # Permitted values: + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + + # Python logging configuration. + # + # See section 16.7.2 of the Python documentation for more info: + # https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema + logging: + version: 1 + formatters: + colored: + (): mautrix_hangouts.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: DEBUG + hangouts: + level: DEBUG + aiohttp: + level: INFO + root: + level: DEBUG + handlers: [console] + +matrix_mautrix_hangouts_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_hangouts_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_hangouts_configuration_yaml`. + +matrix_mautrix_hangouts_configuration_extension: "{{ matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml if matrix_mautrix_hangouts_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_hangouts_configuration_yaml`. +matrix_mautrix_hangouts_configuration: "{{ matrix_mautrix_hangouts_configuration_yaml|from_yaml|combine(matrix_mautrix_hangouts_configuration_extension, recursive=True) }}" + +matrix_mautrix_hangouts_registration_yaml: | + id: hangouts + as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" + hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}" + namespaces: + users: + - exclusive: true + regex: '^@hangouts_.+:{{ matrix_mautrix_hangouts_homeserver_domain|regex_escape }}$' + url: {{ matrix_mautrix_hangouts_appservice_address }} + sender_localpart: hangoutsbot + rate_limited: false + +matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml new file mode 100644 index 00000000..9881398d --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -0,0 +1,16 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-hangouts'] }}" + when: matrix_mautrix_hangouts_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + {{ ["--mount type=bind,src={{ matrix_mautrix_hangouts_config_path }}/registration.yaml,dst=/matrix-mautrix-hangouts-registration.yaml,ro"] }} + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} + when: matrix_mautrix_hangouts_enabled|bool diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml new file mode 100644 index 00000000..0df0d0e3 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mautrix_hangouts_enabled|bool" + tags: + - setup-all + - setup-mautrix-hangouts diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml new file mode 100644 index 00000000..7f325165 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml @@ -0,0 +1,73 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-hangouts role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure Mautrix Hangouts image is pulled + docker_image: + name: "{{ matrix_mautrix_hangouts_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_hangouts_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_hangouts_docker_image_force_pull }}" + +- name: Ensure Mautrix Hangouts paths exist + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_mautrix_hangouts_base_path }}" + - "{{ matrix_mautrix_hangouts_config_path }}" + - "{{ matrix_mautrix_hangouts_data_path }}" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db" + register: matrix_mautrix_hangouts_stat_database + +- name: (Data relocation) Ensure matrix-mautrix-hangouts.service is stopped + service: + name: matrix-mautrix-hangouts + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mautrix_hangouts_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-hangouts database file to ./data directory + command: "mv {{ matrix_mautrix_hangouts_base_path }}/mautrix-hangouts.db {{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db" + when: "matrix_mautrix_hangouts_stat_database.stat.exists" + +- name: Ensure mautrix-hangouts config.yaml installed + copy: + content: "{{ matrix_mautrix_hangouts_configuration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_hangouts_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure mautrix-hangouts registration.yaml installed + copy: + content: "{{ matrix_mautrix_hangouts_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_hangouts_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure matrix-mautrix-hangouts.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-hangouts.service.j2" + dest: "/etc/systemd/system/matrix-mautrix-hangouts.service" + mode: 0644 + register: matrix_mautrix_hangouts_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service installation + service: + daemon_reload: yes + when: "matrix_mautrix_hangouts_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml new file mode 100644 index 00000000..ef33e238 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mautrix-hangouts service + stat: + path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + register: matrix_mautrix_hangouts_service_stat + +- name: Ensure matrix-mautrix-hangouts is stopped + service: + name: matrix-mautrix-hangouts + state: stopped + daemon_reload: yes + when: "matrix_mautrix_hangouts_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-hangouts.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-hangouts.service" + state: absent + when: "matrix_mautrix_hangouts_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-hangouts.service removal + service: + daemon_reload: yes + when: "matrix_mautrix_hangouts_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml new file mode 100644 index 00000000..312cfcc8 --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_hangouts_appservice_token" + - "matrix_mautrix_hangouts_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 new file mode 100644 index 00000000..e241db3d --- /dev/null +++ b/roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Hangouts server +{% for service in matrix_mautrix_hangouts_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_hangouts_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts +ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts +ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ + -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ + {{ matrix_mautrix_hangouts_docker_image }} \ + alembic -x config=/config/config.yaml upgrade head + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre=/bin/sleep 5 + +ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_hangouts_config_path }}:/config:z \ + -v {{ matrix_mautrix_hangouts_data_path }}:/data:z \ + {% for arg in matrix_mautrix_hangouts_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_hangouts_docker_image }} \ + python3 -m mautrix_hangouts -c /config/config.yaml + +ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts +ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-hangouts + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 341840a2..5a8148d7 100755 --- a/setup.yml +++ b/setup.yml @@ -11,6 +11,7 @@ - matrix-bridge-appservice-discord - matrix-bridge-appservice-irc - matrix-bridge-mautrix-facebook + - matrix-bridge-mautrix-hangouts - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-synapse From a16347789da2631a55b75d074c9514890071e0d2 Mon Sep 17 00:00:00 2001 From: microchipster Date: Mon, 29 Jul 2019 16:10:35 +0000 Subject: [PATCH 20/74] nginx settings for hangouts bridge login --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index eda0929b..c971c749 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -191,6 +191,13 @@ server { location / { rewrite ^/$ /_matrix/static/ last; } + + {% if matrix_mautrix_hangouts_enabled %} + location /login { + proxy_pass http://127.0.0.1:8080; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} } {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %} From 2d3fc98d18553731f3fb3037f8cf2a471c8efec4 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 16:53:45 -0700 Subject: [PATCH 21/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 9687a9ae..c9a918a5 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -70,7 +70,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. bot_displayname: Hangouts bridge bot - bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv + bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy # Authentication tokens for AS <-> HS communication. as_token: "{{ matrix_mautrix_hangouts_appservice_token }}" From 4528e6402b4a962be56b29a0b27d3646a1951dc9 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 17:09:12 -0700 Subject: [PATCH 22/74] add Publicly accessible base URL for the login endpoints. # Auth server config auth: # Publicly accessible base URL for the login endpoints. # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. public: http://example.com/login/ # Internal prefix in the appservice web server for the login endpoints. prefix: /login --- .../defaults/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index c9a918a5..095e11f6 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -107,9 +107,22 @@ matrix_mautrix_hangouts_configuration_yaml: | # Whether or not to use /sync to get presence, read receipts and typing notifications when using # your own Matrix account as the Matrix puppet for your Hangouts account. sync_with_custom_puppets: true + # Whether or not to bridge presence in both directions. Hangouts allows users not to broadcast # presence, but then it won't send other users' presence to the client. presence: true + + # Public website and API configs + web: + # Auth server config + auth: + # Publicly accessible base URL for the login endpoints. + # The prefix below is not implicitly added. This URL and all subpaths should be proxied + # or otherwise pointed to the appservice's webserver to the path specified below (prefix). + # This path should usually include a trailing slash. + public: "{{ matrix_mautrix_hangouts_homeserver_domain }}login/" + # Internal prefix in the appservice web server for the login endpoints. + prefix: /login # Permissions for using the bridge. # Permitted values: From ab6e808bc62ab1bec4fc76a710e792d3e06b387b Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 17:14:25 -0700 Subject: [PATCH 23/74] fix /login for mautrix-hangouts bridge --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index c971c749..861aa246 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -192,12 +192,6 @@ server { rewrite ^/$ /_matrix/static/ last; } - {% if matrix_mautrix_hangouts_enabled %} - location /login { - proxy_pass http://127.0.0.1:8080; - proxy_set_header X-Forwarded-For $remote_addr; - } - {% endif %} } {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %} @@ -218,6 +212,13 @@ server { ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + {% if matrix_mautrix_hangouts_enabled %} + location /login { + proxy_pass http://matrix-mautrix-hangouts:8080; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} location / { {% if matrix_nginx_proxy_enabled %} From b0f203b2ecd1c53413a49d8b69698f26fa8d13d2 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 19:56:42 -0700 Subject: [PATCH 24/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 095e11f6..e083138c 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -120,7 +120,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "{{ matrix_mautrix_hangouts_homeserver_domain }}login/" + public: "{{ matrix_mautrix_hangouts_homeserver_domain }}/login/" # Internal prefix in the appservice web server for the login endpoints. prefix: /login From c71cef3f70d89b043ce94a1287b3e8d5c2d73014 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 19:58:19 -0700 Subject: [PATCH 25/74] Add hangouts /login in the right place --- .../templates/nginx/conf.d/matrix-domain.conf.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 0d234827..1c3e6e0f 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -39,6 +39,13 @@ server { ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + {% if matrix_mautrix_hangouts_enabled %} + location /login { + proxy_pass http://matrix-mautrix-hangouts:8080; + proxy_set_header X-Forwarded-For $remote_addr; + } + {% endif %} location /.well-known/matrix { root {{ matrix_static_files_base_path }}; From bc1c30168c102fb78e54e58fba69b9389e88fe71 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 19:59:44 -0700 Subject: [PATCH 26/74] remove login block -- wrong file --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 6 ------ 1 file changed, 6 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 861aa246..1b2e0db5 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -213,12 +213,6 @@ server { ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - {% if matrix_mautrix_hangouts_enabled %} - location /login { - proxy_pass http://matrix-mautrix-hangouts:8080; - proxy_set_header X-Forwarded-For $remote_addr; - } - {% endif %} location / { {% if matrix_nginx_proxy_enabled %} From da6d2e562150915f05b6ec2a48cd5b65d96bdaca Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 23:38:14 -0700 Subject: [PATCH 27/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index e083138c..55876be5 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -120,7 +120,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "{{ matrix_mautrix_hangouts_homeserver_domain }}/login/" + public: "{{ matrix_domain }}/login/" # Internal prefix in the appservice web server for the login endpoints. prefix: /login From 451d84a98160235780949b379aabc296c354e4f4 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 29 Jul 2019 23:56:56 -0700 Subject: [PATCH 28/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 55876be5..4ea59c01 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -154,7 +154,7 @@ matrix_mautrix_hangouts_configuration_yaml: | loggers: mau: level: DEBUG - hangouts: + hangups: level: DEBUG aiohttp: level: INFO From ef9f6efd1238dea564b509c499d639856367708a Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Tue, 30 Jul 2019 01:14:12 -0700 Subject: [PATCH 29/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 4ea59c01..89276be8 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -120,7 +120,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "{{ matrix_domain }}/login/" + public: "/login/" # Internal prefix in the appservice web server for the login endpoints. prefix: /login From ad682f218088e87e1b1101b9e25d192d7fcfab2d Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Fri, 2 Aug 2019 15:24:48 -0700 Subject: [PATCH 30/74] Update main.yml --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 89276be8..4ea59c01 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -120,7 +120,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "/login/" + public: "{{ matrix_domain }}/login/" # Internal prefix in the appservice web server for the login endpoints. prefix: /login From 0a9ce65d3b06ac604baedf3a7813f067e5e4de83 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Fri, 2 Aug 2019 15:34:23 -0700 Subject: [PATCH 31/74] Update validate_config.yml --- roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 312cfcc8..16dc8e65 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -8,3 +8,5 @@ with_items: - "matrix_mautrix_hangouts_appservice_token" - "matrix_mautrix_hangouts_homeserver_token" +- debug: + msg: matrix_base: {{ matrix_base }}, matrix_mautrix_hangouts_homeserver_domain: {{ matrix_mautrix_hangouts_homeserver_domain }} From 85c7e9eb09cabf7cda5bc7e1c7794406168b60f7 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Fri, 2 Aug 2019 15:37:02 -0700 Subject: [PATCH 32/74] Update validate_config.yml --- roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 16dc8e65..c37a77c9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -9,4 +9,5 @@ - "matrix_mautrix_hangouts_appservice_token" - "matrix_mautrix_hangouts_homeserver_token" - debug: - msg: matrix_base: {{ matrix_base }}, matrix_mautrix_hangouts_homeserver_domain: {{ matrix_mautrix_hangouts_homeserver_domain }} + msg: >- + matrix_base: {{ matrix_base }}, matrix_mautrix_hangouts_homeserver_domain: {{ matrix_mautrix_hangouts_homeserver_domain }} From c1aea7c3fc30f112a4e010b18d265b7a8ac340ff Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Fri, 2 Aug 2019 15:42:50 -0700 Subject: [PATCH 33/74] Update validate_config.yml --- .../matrix-bridge-mautrix-hangouts/tasks/validate_config.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index c37a77c9..31ff3d0b 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -9,5 +9,6 @@ - "matrix_mautrix_hangouts_appservice_token" - "matrix_mautrix_hangouts_homeserver_token" - debug: - msg: >- - matrix_base: {{ matrix_base }}, matrix_mautrix_hangouts_homeserver_domain: {{ matrix_mautrix_hangouts_homeserver_domain }} + msg: + - '`matrix_base` == {{ matrix_base }}' + - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' From 264704a29efb582bb341fbdc15d403e1ad4c6c91 Mon Sep 17 00:00:00 2001 From: microchipster Date: Tue, 30 Jul 2019 16:56:36 +0000 Subject: [PATCH 34/74] absorb Munfred changes --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 4ea59c01..48dedfc3 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -107,11 +107,11 @@ matrix_mautrix_hangouts_configuration_yaml: | # Whether or not to use /sync to get presence, read receipts and typing notifications when using # your own Matrix account as the Matrix puppet for your Hangouts account. sync_with_custom_puppets: true - + # Whether or not to bridge presence in both directions. Hangouts allows users not to broadcast # presence, but then it won't send other users' presence to the client. presence: true - + # Public website and API configs web: # Auth server config From 95750c1bc7a6da3e5b12bae4fe0c21e4db7f2899 Mon Sep 17 00:00:00 2001 From: microchipster Date: Sat, 3 Aug 2019 17:23:48 +0000 Subject: [PATCH 35/74] attempt to inject nginx config for hangouts bridge --- .../defaults/main.yml | 2 + .../tasks/init.yml | 46 +++++++++++++++++++ .../tasks/validate_config.yml | 2 +- .../nginx/conf.d/matrix-domain.conf.j2 | 7 --- 4 files changed, 49 insertions(+), 8 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 48dedfc3..6835a3d9 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -10,6 +10,8 @@ matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" +matrix_mautrix_hangouts_public_endpoint: 'mautrix-hangouts' + matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml index 9881398d..84e33f13 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/init.yml @@ -14,3 +14,49 @@ + {{ ["/matrix-mautrix-hangouts-registration.yaml"] }} when: matrix_mautrix_hangouts_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Mautrix Hangouts's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-hangouts role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Mautrix Hangouts proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mautrix_hangouts_matrix_nginx_proxy_configuration: | + location {{ matrix_mautrix_hangouts_public_endpoint }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-hangouts:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:9007; + {% endif %} + } + - name: Register Mautrix Hangouts proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_hangouts_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_mautrix_hangouts_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Mautrix Hangouts bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_hangouts_public_endpoint }}` + URL endpoint to the matrix-mautrix-hangouts container. + You can expose the container's port using the `matrix_mautrix_hangouts_container_http_host_bind_port` variable. + when: "matrix_mautrix_hangouts_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml index 31ff3d0b..8922bef4 100644 --- a/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-hangouts/tasks/validate_config.yml @@ -6,9 +6,9 @@ You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" with_items: + - "matrix_mautrix_hangouts_public_endpoint" - "matrix_mautrix_hangouts_appservice_token" - "matrix_mautrix_hangouts_homeserver_token" - debug: msg: - - '`matrix_base` == {{ matrix_base }}' - '`matrix_mautrix_hangouts_homeserver_domain` == {{ matrix_mautrix_hangouts_homeserver_domain }}' diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 1c3e6e0f..0d234827 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -39,13 +39,6 @@ server { ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - - {% if matrix_mautrix_hangouts_enabled %} - location /login { - proxy_pass http://matrix-mautrix-hangouts:8080; - proxy_set_header X-Forwarded-For $remote_addr; - } - {% endif %} location /.well-known/matrix { root {{ matrix_static_files_base_path }}; From 754c475338dfaa73b76fc89f6998222bd5013792 Mon Sep 17 00:00:00 2001 From: microchipster Date: Sat, 3 Aug 2019 17:56:29 +0000 Subject: [PATCH 36/74] matrix-hangouts/login instead of just /login --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 6835a3d9..922436bf 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" -matrix_mautrix_hangouts_public_endpoint: 'mautrix-hangouts' +matrix_mautrix_hangouts_public_endpoint: 'matrix-hangouts' matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' @@ -122,7 +122,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "{{ matrix_domain }}/login/" + public: "mautrix-hangouts/login/" # Internal prefix in the appservice web server for the login endpoints. prefix: /login From 74d9eb1ec02587fb6c6deb3ac41ad053633e1b5b Mon Sep 17 00:00:00 2001 From: microchipster Date: Sat, 3 Aug 2019 18:27:37 +0000 Subject: [PATCH 37/74] fix incorrect nginx proxy entry for hangouts bridge --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 922436bf..d16d0c5f 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts matrix_mautrix_hangouts_config_path: "{{ matrix_mautrix_hangouts_base_path }}/config" matrix_mautrix_hangouts_data_path: "{{ matrix_mautrix_hangouts_base_path }}/data" -matrix_mautrix_hangouts_public_endpoint: 'matrix-hangouts' +matrix_mautrix_hangouts_public_endpoint: '/mautrix-hangouts' matrix_mautrix_hangouts_homeserver_address: 'http://matrix-synapse:8008' matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' @@ -122,9 +122,10 @@ matrix_mautrix_hangouts_configuration_yaml: | # The prefix below is not implicitly added. This URL and all subpaths should be proxied # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. - public: "mautrix-hangouts/login/" # Internal prefix in the appservice web server for the login endpoints. - prefix: /login + public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/" + prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" + # Permissions for using the bridge. # Permitted values: From 75785a0734602c14658f16c1c4ef48925458d940 Mon Sep 17 00:00:00 2001 From: microchipster Date: Sat, 3 Aug 2019 20:26:42 +0000 Subject: [PATCH 38/74] fix login url --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index d16d0c5f..3af030c5 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -123,7 +123,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # or otherwise pointed to the appservice's webserver to the path specified below (prefix). # This path should usually include a trailing slash. # Internal prefix in the appservice web server for the login endpoints. - public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/" + public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login" prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login" From 1e8d593f7a4270391d5b493bb3287e1065da14c2 Mon Sep 17 00:00:00 2001 From: microchipster Date: Sat, 3 Aug 2019 23:58:59 +0000 Subject: [PATCH 39/74] fix hangout displayname bug --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 3af030c5..a2d5aa62 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -87,7 +87,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # {displayname} is replaced with the display name of the Hangouts user # as defined below in displayname_preference. # Keys available for displayname_preference are also available here. - displayname_template: '{displayname} (HO)' + displayname_template: '{full_name} (Hangouts)' # Available keys: # "name" (full name) # "first_name" From 122c3f1ec08e474ddc214279505ea725353968a6 Mon Sep 17 00:00:00 2001 From: microchipster Date: Tue, 6 Aug 2019 05:26:44 +0000 Subject: [PATCH 40/74] sync more chats in hangouts, switch to admin mode --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index a2d5aa62..b66dbfdd 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -102,7 +102,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. - initial_chat_sync: 10 + initial_chat_sync: 20 # Whether or not the Hangouts users of logged in Matrix users should be # invited to private chats when the user sends a message from another client. invite_own_puppet_to_pm: false @@ -136,7 +136,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user + '{{ matrix_mautrix_hangouts_homeserver_domain }}': admin # Python logging configuration. # From dc714571322b8f34c805f9e6422fdd9027d52fb1 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 6 Aug 2019 06:36:14 -0500 Subject: [PATCH 41/74] Update riot-web (1.3.0 -> 1.3.2) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 4130c8a0..7a4421b7 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.0" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.2" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 4b8190dc3fd1f48c30b8ceda9a530a20960a6763 Mon Sep 17 00:00:00 2001 From: p5t2vspoqqw Date: Wed, 7 Aug 2019 10:54:14 +0200 Subject: [PATCH 42/74] serve status page for matrix.DOMAIN only --- docs/configuring-playbook-ngnix.md | 6 ++++-- .../nginx/conf.d/matrix-domain.conf.j2 | 17 +++-------------- .../nginx/conf.d/matrix-synapse.conf.j2 | 11 +++++++++++ 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index e2a46a72..8b7e24e7 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -9,13 +9,15 @@ If that's alright, you can skip this. This will serve a statuspage to the hosting machine only. Useful for monitoring software like [longview](https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) ```yaml -matrix_nginx_proxy_nginx_status_enabled: true +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true ``` +This will serve the status page under ```matrix.DOMAIN/nginx_status``` + In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list: ```yaml -matrix_nginx_proxy_nginx_status_allowed_addresses: +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: - 8.8.8.8 - 1.1.1.1 ``` diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 27d2f297..0d234827 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -5,27 +5,16 @@ server { server_tokens off; -{% if matrix_nginx_proxy_nginx_status_enabled %} - location /nginx_status { - stub_status on; - access_log off; -{% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %} - allow {{ address }}; -{% endfor %} - deny all; - } -{% endif %} - location /.well-known/acme-challenge { -{% if matrix_nginx_proxy_enabled %} + {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver 127.0.0.11 valid=5s; set $backend "matrix-certbot:8080"; proxy_pass http://$backend; -{% else %} + {% else %} {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; -{% endif %} + {% endif %} } location / { diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index eda0929b..356c9f3a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -17,6 +17,17 @@ server { {% endif %} } +{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + location /nginx_status { + stub_status on; + access_log off; +{% for address in matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses %} + allow {{ address }}; +{% endfor %} + deny all; + } +{% endif %} + location / { return 301 https://$http_host$request_uri; } From c32a3e32040821368735b0b97a979e8587cb8e2c Mon Sep 17 00:00:00 2001 From: p5t2vspoqqw Date: Wed, 7 Aug 2019 10:56:29 +0200 Subject: [PATCH 43/74] correct defaults --- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index b76b2bbd..82cc8d5c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -155,5 +155,5 @@ matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" # ngnix status page configurations. -matrix_nginx_proxy_nginx_status_enabled: false -matrix_nginx_proxy_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] +matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: false +matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] From f97175a1c6a6ddfa457d7f15d7bd8c52e5660c15 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 7 Aug 2019 12:35:48 +0300 Subject: [PATCH 44/74] Update configuring-playbook-ngnix.md --- docs/configuring-playbook-ngnix.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index 8b7e24e7..cc4a6494 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -12,9 +12,9 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true ``` -This will serve the status page under ```matrix.DOMAIN/nginx_status``` +This will serve the status page under ```https://matrix.DOMAIN/nginx_status``` -In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list: +By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: ```yaml matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: From 3e57a1463a8f5b39be35da6167da860569430401 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 7 Aug 2019 12:53:53 +0300 Subject: [PATCH 45/74] Serve nginx status page over HTTPS as well Continuation of #234 (Github Pull Request). I had unintentionally updated the documentation for the feature, saying the page is available at `https://matrix.DOMAIN/nginx_status`. Looks like it wasn't the case, going against my expectations. I'm correcting this with this patch. The status page is being made available on both HTTP and HTTPS. Serving over HTTP is likely necessary for services like Longview (https://www.linode.com/docs/platform/longview/longview-app-for-nginx/) --- docs/configuring-playbook-ngnix.md | 4 ++- .../nginx/conf.d/matrix-synapse.conf.j2 | 30 ++++++++++++------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index cc4a6494..14ae8b1d 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -12,7 +12,9 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true ``` -This will serve the status page under ```https://matrix.DOMAIN/nginx_status``` +This will serve the status page under the following addresses: +- `http://matrix.DOMAIN/nginx_status` (using HTTP) +- `https://matrix.DOMAIN/nginx_status` (using HTTPS) By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 356c9f3a..b3efd700 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,4 +1,17 @@ #jinja2: lstrip_blocks: "True" +{% macro render_nginx_status_location_block(addresses) %} + {# Empty first line to make indentation prettier. #} + + location /nginx_status { + stub_status on; + access_log off; + {% for address in addresses %} + allow {{ address }}; + {% endfor %} + deny all; + } +{% endmacro %} + server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; @@ -17,16 +30,9 @@ server { {% endif %} } -{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} - location /nginx_status { - stub_status on; - access_log off; -{% for address in matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses %} - allow {{ address }}; -{% endfor %} - deny all; - } -{% endif %} + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} location / { return 301 https://$http_host$request_uri; @@ -63,6 +69,10 @@ server { add_header Access-Control-Allow-Origin *; } + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} From f713bbe0f81d283f84bfeb24e7de52d76b5ecc21 Mon Sep 17 00:00:00 2001 From: Oleg Fiksel Date: Thu, 8 Aug 2019 11:53:07 +0200 Subject: [PATCH 46/74] Added possibility to enable guest access on synapse --- roles/matrix-synapse/defaults/main.yml | 2 ++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index ac3026e8..3bdfca11 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -61,6 +61,7 @@ matrix_synapse_template_synapse_log: "{{ role_path }}/templates/synapse/synapse. matrix_synapse_macaroon_secret_key: "" matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}" +matrix_synapse_allow_guest_access: false matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" # The list of identity servers to use for Synapse. @@ -223,6 +224,7 @@ matrix_synapse_database_database: "" matrix_synapse_turn_uris: [] matrix_synapse_turn_shared_secret: "" +matrix_synapse_turn_allow_guests: False matrix_synapse_email_enabled: false matrix_synapse_email_smtp_host: "" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 124825ad..9f8dffaf 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -749,7 +749,7 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }} # connect to arbitrary endpoints without having first signed up for a # valid account (e.g. by passing a CAPTCHA). # -turn_allow_guests: False +turn_allow_guests: {{ matrix_synapse_turn_allow_guests }} ## Registration ## @@ -854,7 +854,7 @@ registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string| # participate in rooms hosted on this server which have been made # accessible to anonymous users. # -#allow_guest_access: false +allow_guest_access: {{ matrix_synapse_allow_guest_access }} # The identity server which we suggest that clients should use when users log # in on this server. From 43628ddad6b8fcb1b7397fb9005bb7335d2c3d91 Mon Sep 17 00:00:00 2001 From: Oleg Fiksel Date: Thu, 8 Aug 2019 12:11:14 +0200 Subject: [PATCH 47/74] Added "|to_json" to ensure we really pass a boolean --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 9f8dffaf..5eddfb6e 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -749,7 +749,7 @@ turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }} # connect to arbitrary endpoints without having first signed up for a # valid account (e.g. by passing a CAPTCHA). # -turn_allow_guests: {{ matrix_synapse_turn_allow_guests }} +turn_allow_guests: {{ matrix_synapse_turn_allow_guests|to_json }} ## Registration ## @@ -854,7 +854,7 @@ registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string| # participate in rooms hosted on this server which have been made # accessible to anonymous users. # -allow_guest_access: {{ matrix_synapse_allow_guest_access }} +allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # The identity server which we suggest that clients should use when users log # in on this server. From 99f5baa7bb50dbffc83cc1954b0ad8a527a97f66 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 8 Aug 2019 18:30:54 +0300 Subject: [PATCH 48/74] Fix undefined variable error (matrix_synapse_id_servers_public) This only gets triggered if: - the Synapse role is used standalone and the default values are used - the whole playbook is used, with `matrix_mxisd_enabled: false` --- roles/matrix-synapse/defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 3bdfca11..b4ac75e3 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -64,6 +64,8 @@ matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_ke matrix_synapse_allow_guest_access: false matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}" +matrix_synapse_id_servers_public: ['matrix.org', 'vector.im'] + # The list of identity servers to use for Synapse. # We assume this role runs standalone without a local Identity server, so we point Synapse to public ones. # This most likely gets overwritten later, so that a local Identity server is used. From 910ffb481cd452fadadfea2f1998ebef24ba253b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Aug 2019 12:10:53 +0300 Subject: [PATCH 49/74] Update email2matrix (1.0 -> 1.0.1) --- roles/matrix-email2matrix/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-email2matrix/defaults/main.yml b/roles/matrix-email2matrix/defaults/main.yml index 2aece19d..68ff1990 100644 --- a/roles/matrix-email2matrix/defaults/main.yml +++ b/roles/matrix-email2matrix/defaults/main.yml @@ -3,7 +3,7 @@ matrix_email2matrix_enabled: true matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix" matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config" -matrix_email2matrix_docker_image: "devture/email2matrix:1.0" +matrix_email2matrix_docker_image: "devture/email2matrix:1.0.1" matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}" # A list of extra arguments to pass to the container From c2c0481d909842325c925886aeedcc2e8ebd7be7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 9 Aug 2019 12:15:44 +0300 Subject: [PATCH 50/74] Mention Email2Matrix usage alongside Postfix --- docs/configuring-playbook-email2matrix.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-email2matrix.md b/docs/configuring-playbook-email2matrix.md index b10d5c9e..510a9dcc 100644 --- a/docs/configuring-playbook-email2matrix.md +++ b/docs/configuring-playbook-email2matrix.md @@ -13,6 +13,7 @@ Ensure that port 25 is available on your Matrix server and open in your firewall If you have `postfix` or some other email server software installed, you may need to manually remove it first (unless you need it, of course). If you really need to run an email server on the Matrix machine for other purposes, it may be possible to run Email2Matrix on another port (with a configuration like `matrix_email2matrix_smtp_host_bind_port: "127.0.0.01:2525"`) and have your other email server relay messages there. +For details about using Email2Matrix alongside [Postfix](http://www.postfix.org/), see [here](https://github.com/devture/email2matrix/blob/master/docs/setup_with_postfix.md). ### Creating a user From dc11704c11c5ee0e01bf494aa6a1263291d8d9e6 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Fri, 9 Aug 2019 06:03:26 -0500 Subject: [PATCH 51/74] Bump postgres versions (11.5, 10.10, 9.6.15) --- roles/matrix-postgres/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index d656ab16..10783be0 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -8,9 +8,9 @@ matrix_postgres_db_name: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine" -matrix_postgres_docker_image_v10: "postgres:10.9-alpine" -matrix_postgres_docker_image_v11: "postgres:11.4-alpine" +matrix_postgres_docker_image_v9: "postgres:9.6.15-alpine" +matrix_postgres_docker_image_v10: "postgres:10.10-alpine" +matrix_postgres_docker_image_v11: "postgres:11.5-alpine" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" # This variable is assigned at runtime. Overriding its value has no effect. From 59d807fca78369fc33c02ab1e5257103a99407af Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 11 Aug 2019 16:16:05 +0300 Subject: [PATCH 52/74] Ensure auth.clientID is passed as string in Discord configuration Discord client IDs are numeric (e.g. 12345). Passing them as integers however, causes the Discord bridge's YAML parser to parse them as integers and its config schema validation will fail. Fixes #240 (Github Issue) --- roles/matrix-bridge-appservice-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml index 04144f6f..5e4644e1 100644 --- a/roles/matrix-bridge-appservice-discord/defaults/main.yml +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -69,7 +69,7 @@ matrix_appservice_discord_configuration_yaml: | disableJoinLeaveNotifications: false # Authentication configuration for the discord bot. auth: - clientID: {{ matrix_appservice_discord_client_id|string }} + clientID: {{ matrix_appservice_discord_client_id|string|to_json }} botToken: {{ matrix_appservice_discord_bot_token }} logging: # What level should the logger output to the console at. From 18a23774727fb77b77534d12955de5df1677b69f Mon Sep 17 00:00:00 2001 From: Marcel Ackermann <31695+dreamflasher@users.noreply.github.com> Date: Tue, 13 Aug 2019 20:40:04 +0200 Subject: [PATCH 53/74] missing Map /.well-known/matrix/server for server discovery --- examples/apache/matrix-synapse.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 4f32c2ed..a56a835b 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -34,6 +34,7 @@ # Keep some URIs free for different proxy/location ProxyPassMatch ^/.well-known/matrix/client ! + ProxyPassMatch ^/.well-known/matrix/server ! ProxyPassMatch ^/_matrix/identity ! ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! @@ -50,6 +51,15 @@ Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" + # Map /.well-known/matrix/server for server discovery + Alias /.well-known/matrix/server /matrix/static-files/.well-known/matrix/server + + Require all granted + + + Header always set Content-Type "application/json" + Header always set Access-Control-Allow-Origin "*" + AllowOverride All # Apache 2.4: From d55db2bee26c3d673880f33b42c04068f6f39ba2 Mon Sep 17 00:00:00 2001 From: Marcel Ackermann <31695+dreamflasher@users.noreply.github.com> Date: Wed, 14 Aug 2019 08:49:06 +0200 Subject: [PATCH 54/74] quotes, simplify --- examples/apache/matrix-synapse.conf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index a56a835b..e7e36fac 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -47,7 +47,7 @@ Require all granted - + Header always set Content-Type "application/json" Header always set Access-Control-Allow-Origin "*" @@ -56,10 +56,6 @@ Require all granted - - Header always set Content-Type "application/json" - Header always set Access-Control-Allow-Origin "*" - AllowOverride All # Apache 2.4: From a1afafeb3516ac8b180005621cf4df7d633c3497 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 15 Aug 2019 09:36:04 +0300 Subject: [PATCH 55/74] Upgrade mxisd (1.4.5 -> 1.4.6) --- roles/matrix-mxisd/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index e0988c65..40eab830 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -3,7 +3,7 @@ matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.4.5" +matrix_mxisd_docker_image: "kamax/mxisd:1.4.6" matrix_mxisd_docker_image_force_pull: "{{ matrix_mxisd_docker_image.endswith(':latest') }}" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" From 7b5e633776cf07de5e0c67a884f704b5f5f1c5c1 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Thu, 15 Aug 2019 06:59:37 -0500 Subject: [PATCH 56/74] Update synapse (1.2.1 -> 1.3.0) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index b4ac75e3..d211b895 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -3,7 +3,7 @@ matrix_synapse_enabled: true -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.2.1" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.3.0" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 1b2191a0f10fdd1ba39a6c79490f52fc5b0851c2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 Aug 2019 09:57:51 +0300 Subject: [PATCH 57/74] Add new Synapse configuration options (since 1.3.0) Continuation of #246 (Github Pull Request) --- .../templates/synapse/homeserver.yaml.j2 | 57 +++++++++++++++++-- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 5eddfb6e..220e62cd 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -280,6 +280,26 @@ listeners: # - medium: 'email' # address: 'reserved_user@example.com' +# Used by phonehome stats to group together related servers. +#server_context: context + +# Resource-constrained Homeserver Settings +# +# If limit_remote_rooms.enabled is True, the room complexity will be +# checked before a user joins a new remote room. If it is above +# limit_remote_rooms.complexity, it will disallow joining or +# instantly leave. +# +# limit_remote_rooms.complexity_error can be set to customise the text +# displayed to the user when a room above the complexity threshold has +# its join cancelled. +# +# Uncomment the below lines to enable: +#limit_remote_rooms: +# enabled: True +# complexity: 1.0 +# complexity_error: "This room is too complex." + # Whether to require a user to be in the room to add an alias to it. # Defaults to 'true'. # @@ -559,6 +579,13 @@ federation_rr_transactions_per_room_per_second: {{ matrix_synapse_federation_rr_ +## Media Store ## + +# Enable the media store service in the Synapse master. Uncomment the +# following if you are using a separate media store worker. +# +#enable_media_repo: false + # Directory where uploaded images and attachments are stored. # media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}" @@ -796,6 +823,16 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }} # period: 6w # renew_at: 1w # renew_email_subject: "Renew your %(app)s account" +# # Directory in which Synapse will try to find the HTML files to serve to the +# # user when trying to renew an account. Optional, defaults to +# # synapse/res/templates. +# template_dir: "res/templates" +# # HTML to be displayed to the user after they successfully renewed their +# # account. Optional. +# account_renewed_html_path: "account_renewed.html" +# # HTML to be displayed when the user tries to renew an account with an invalid +# # renewal token. Optional. +# invalid_token_html_path: "invalid_token.html" # Time that a user's session remains valid for, after they log in. # @@ -945,10 +982,6 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files|to_json }} # macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }} -# Used to enable access token expiration. -# -#expire_access_token: False - # a secret which is used to calculate HMACs for form values, to stop # falsification of values. Must be specified for the User Consent # forms to work. @@ -1509,3 +1542,19 @@ opentracing: # #homeserver_whitelist: # - ".*" + + # Jaeger can be configured to sample traces at different rates. + # All configuration options provided by Jaeger can be set here. + # Jaeger's configuration mostly related to trace sampling which + # is documented here: + # https://www.jaegertracing.io/docs/1.13/sampling/. + # + #jaeger_config: + # sampler: + # type: const + # param: 1 + + # Logging whether spans were started and reported + # + # logging: + # false From d675cb3d4b420a0df7f68dc6b9941837660407d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 Aug 2019 10:00:26 +0300 Subject: [PATCH 58/74] Serve /.well-known/matrix/server with proper Content-Type --- examples/apache/matrix-synapse.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index e7e36fac..7ed712ab 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -56,6 +56,9 @@ Require all granted + + Header always set Content-Type "application/json" + AllowOverride All # Apache 2.4: From e22672911d1146df7c6bca82867e03a48782ef55 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 16 Aug 2019 10:06:53 +0300 Subject: [PATCH 59/74] Add Server-Server API proxying to Apache example configuration Contributed by @ralfi. --- examples/apache/matrix-synapse.conf | 37 +++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 7ed712ab..88e24305 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -15,6 +15,7 @@ Redirect permanent / https://matrix.DOMAIN/ +# Client-Server API ServerName matrix.DOMAIN @@ -80,3 +81,39 @@ ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined + +# Server-Server (federation) API +# Use this apache reverse proxy template to enable matrix server-to-server federation traffic +# Be sure that network traffic on port 8448 is possible +# +# You can check your federation config at https://federationtester.matrix.org/ +# Enter there your base DOMAIN address, NOT your matrix.DOMAIN address, ex. https://DOMAIN +# +# In this example we use all services on the same machine (127.0.0.1) but you can do this with different machines. +# If you do so be sure to reach the destinated IPADRESS and the correspondending port. Check this with netstat, nmap or your favourite tool. + + ServerName matrix.DOMAIN + + SSLEngine On + + # If you manage SSL certificates by yourself, these paths will differ. + SSLCertificateFile /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem + SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem + + SSLProxyEngine on + SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3 + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH + + ProxyPreserveHost On + ProxyRequests Off + ProxyVia On + + # Proxy all remaining traffic to the Synapse port + # Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1 + # Of course you can use another IPADRESS in case of using other synapse servers in your network + ProxyPass / http://127.0.0.1:8048/ + ProxyPassReverse / http://127.0.0.1:8048/ + + ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log + CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined + From 3cb34e6998c9937a19fac33bc9cc0056fb837f09 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Aug 2019 10:13:39 +0300 Subject: [PATCH 60/74] Improve Synapse reverse-proxying Apache examples Thanks to @ralfi! --- examples/apache/matrix-synapse.conf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index 88e24305..dcfc51b5 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -40,8 +40,9 @@ ProxyPassMatch ^/_matrix/client/r0/user_directory/search ! # Proxy all remaining traffic to Synapse - ProxyPass / http://127.0.0.1:8008/ - ProxyPassReverse / http://127.0.0.1:8008/ + AllowEncodedSlashes NoDecode + ProxyPass /_matrix http://127.0.0.1:8008/_matrix retry=0 nocanon + ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix # Map /.well-known/matrix/client for client discovery Alias /.well-known/matrix/client /matrix/static-files/.well-known/matrix/client @@ -111,8 +112,9 @@ # Proxy all remaining traffic to the Synapse port # Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1 # Of course you can use another IPADRESS in case of using other synapse servers in your network - ProxyPass / http://127.0.0.1:8048/ - ProxyPassReverse / http://127.0.0.1:8048/ + AllowEncodedSlashes NoDecode + ProxyPass /_matrix http://127.0.0.1:8048/_matrix + ProxyPassReverse /_matrix http://127.0.0.1:8048/_matrix ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log CustomLog ${APACHE_LOG_DIR}/matrix.DOMAIN-access.log combined From fcd96b5dee3cb14e6d4b770e48b8621a37049129 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Aug 2019 10:14:40 +0300 Subject: [PATCH 61/74] Add missing options to ProxyPass --- examples/apache/matrix-synapse.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/apache/matrix-synapse.conf b/examples/apache/matrix-synapse.conf index dcfc51b5..bfd1abc7 100644 --- a/examples/apache/matrix-synapse.conf +++ b/examples/apache/matrix-synapse.conf @@ -113,7 +113,7 @@ # Beware: In this example the local traffic goes to the local synapse server at 127.0.0.1 # Of course you can use another IPADRESS in case of using other synapse servers in your network AllowEncodedSlashes NoDecode - ProxyPass /_matrix http://127.0.0.1:8048/_matrix + ProxyPass /_matrix http://127.0.0.1:8048/_matrix retry=0 nocanon ProxyPassReverse /_matrix http://127.0.0.1:8048/_matrix ErrorLog ${APACHE_LOG_DIR}/matrix.DOMAIN-error.log From db57618abd2e76ed7082394ba8572b807335fb8b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 17 Aug 2019 10:21:23 +0300 Subject: [PATCH 62/74] Update nginx and certbot --- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 82cc8d5c..698d4a6c 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.17.2-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.17.3-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" @@ -144,7 +144,7 @@ matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.33.1" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v0.37.1" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From ecff0f4a67fd6f627005d04507db722a82610e19 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Sun, 18 Aug 2019 19:55:54 -0700 Subject: [PATCH 63/74] Describe setting up SMTP server with Sendgrid --- docs/configuring-playbook-email.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/configuring-playbook-email.md b/docs/configuring-playbook-email.md index 2da52ddd..0933fb54 100644 --- a/docs/configuring-playbook-email.md +++ b/docs/configuring-playbook-email.md @@ -7,6 +7,8 @@ This may or may not work, depending on your domain configuration (SPF settings, By default, emails are sent from `matrix@` (as specified by the `matrix_mailer_sender_address` playbook variable). +**Note**: If you are using a Google Cloud instance, [port 25 is always blocked](https://cloud.google.com/compute/docs/tutorials/sending-mail/), so you need to relay email through another SMTP server as described below. + ## Firewall settings @@ -31,6 +33,23 @@ matrix_mailer_relay_auth_password: "some-password" **Note**: only the secure submission protocol (using `STARTTLS`, usually on port `587`) is supported. **SMTPS** (encrypted SMTP, usually on port `465`) **is not supported**. +### Configuations for sending emails using Sendgrid +An easy and free STMP service to set up is [Sendgrid](https://sendgrid.com/), the free tier allows for up to 100 emails per day to be sent. In the settings below you can provide any email for `matrix_mailer_sender_address`. + +The only other thing you need to change is the `matrix_mailer_relay_auth_password`, which you can generate at https://app.sendgrid.com/settings/api_keys. The API key password looks something like `SG.955oW1mLSfwds7i9Yd6IA5Q.q8GTaB8q9kGDzasegdG6u95fQ-6zkdwrPP8bOeuI`. + +Note that the `matrix_mailer_relay_auth_username` is literally the string `apikey`, it's always the same for Sendgrid. + +```yaml +matrix_mailer_sender_address: "arbitrary@email.com" +matrix_mailer_relay_use: true +matrix_mailer_relay_host_name: "smtp.sendgrid.net" +matrix_mailer_relay_host_port: 587 +matrix_mailer_relay_auth: true +matrix_mailer_relay_auth_username: "apikey" +matrix_mailer_relay_auth_password: "" +``` + ## Troubleshooting If you're having trouble with email not being delivered, it may be useful to inspect the mailer logs: `journalctl -f -u matrix-mailer`. From 42ea3cb0e145aae3111a50b4c1291acfc46581d5 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Mon, 19 Aug 2019 06:45:51 -0500 Subject: [PATCH 64/74] Update synapse (1.3.0 -> 1.3.1) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index d211b895..e290712f 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -3,7 +3,7 @@ matrix_synapse_enabled: true -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.3.0" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.3.1" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 1ce3526bf2d21ee7a23baf6914057a354c2f34ca Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Mon, 19 Aug 2019 06:46:11 -0500 Subject: [PATCH 65/74] Update riot-web (1.3.2 -> 1.3.3) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 7a4421b7..93f322af 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.2" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.3.3" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 88aef08af21bd816695c2d47d600fee97c6bc7f8 Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 19 Aug 2019 22:36:16 -0700 Subject: [PATCH 66/74] Add description of mautrix hangouts bridge in readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f35081d..5443d87a 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,9 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/) -- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [facebook](https://facebook.com/) +- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/) + +- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) - (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) @@ -120,6 +122,8 @@ This playbook sets up your server using the following Docker images: - [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional) +- [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) + - [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional) - [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional) From 53ae84f6275e043f9e365cb9179b7e2f213fe48d Mon Sep 17 00:00:00 2001 From: Eduardo Beltrame Date: Mon, 19 Aug 2019 23:00:05 -0700 Subject: [PATCH 67/74] Add documentation on mautrix-hangouts bridge --- ...guring-playbook-bridge-mautrix-hangouts.md | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mautrix-hangouts.md diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md new file mode 100644 index 00000000..8e0720ab --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -0,0 +1,24 @@ +# Setting up Mautrix Hangouts (optional) + +The playbook can install and configure [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) for you. + +See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you. + +To enable the Google Hangouts bridge just use the following playbook configuration: + + +```yaml +matrix_mautrix_hangouts_enabled: true +``` + +## Usage + +Once the bot is enabled you need to start a chat with `Hangouts bridge bot` with handle `@hangoutsbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login` to the bridge bot to receive a link to the portal from which you can enable the bridging. Open the link sent by the bot and follow the instructions. + +Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools. + +Once logged in recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages + +You can learn more here about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). From 2efcf11ee8ddf60dd802cd1d3ca62eb54411970c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 20 Aug 2019 09:06:14 +0300 Subject: [PATCH 68/74] Remove some whitespace --- .../templates/nginx/conf.d/matrix-synapse.conf.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 1b2e0db5..eda0929b 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -191,7 +191,6 @@ server { location / { rewrite ^/$ /_matrix/static/ last; } - } {% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled %} @@ -212,7 +211,6 @@ server { ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - location / { {% if matrix_nginx_proxy_enabled %} From 4c9105eeeca9aa4bf0c952a814989375846c5cf8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 20 Aug 2019 09:06:54 +0300 Subject: [PATCH 69/74] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5443d87a..413a5b41 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ This playbook sets up your server using the following Docker images: - [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional) -- [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) +- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional) - [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional) From e4b67fdb6b7ad87ec9c2d72bcdb34d123270b1b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 20 Aug 2019 09:07:54 +0300 Subject: [PATCH 70/74] Fix typo --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b08cdce5..7e1cc2b1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -145,7 +145,7 @@ matrix_mautrix_hangouts_homeserver_token: "{{ matrix_synapse_macaroon_secret_key ###################################################################### # -# /matrix-bridge-mautrix-hangouts_ +# /matrix-bridge-mautrix-hangouts # ###################################################################### From 1bcbc4a9ba42058e578dcca528d413a98cd6fe54 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 20 Aug 2019 11:20:26 +0300 Subject: [PATCH 71/74] Update matrix-corporal (1.4.0 -> 1.5.0) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index af9d1001..c8694535 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.4.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.5.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From 97fb71d98c744993c741013203bfb096e5363204 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 21 Aug 2019 07:12:46 +0300 Subject: [PATCH 72/74] Change privilege level --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index b66dbfdd..b23a12fa 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -136,7 +136,7 @@ matrix_mautrix_hangouts_configuration_yaml: | # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': admin + '{{ matrix_mautrix_hangouts_homeserver_domain }}': user # Python logging configuration. # From 2ef8898421a1396d01c1047d4353eb96c95ef5e6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 21 Aug 2019 07:14:31 +0300 Subject: [PATCH 73/74] Add comment --- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index b23a12fa..01ada495 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -3,6 +3,7 @@ matrix_mautrix_hangouts_enabled: true +# See: https://mau.dev/tulir/mautrix-hangouts/container_registry matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest" matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}" From 63d1ed1d56431e00cce1ad02747eb56222e2c341 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 21 Aug 2019 07:24:58 +0300 Subject: [PATCH 74/74] Update changelog and documentation --- CHANGELOG.md | 9 +++++++++ docs/configuring-playbook-bridge-mautrix-hangouts.md | 6 +++--- docs/configuring-playbook.md | 2 ++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d73d19f6..85f4a4e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2019-08-21 + +## Google Hangouts support + +Thanks to the [great work](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/251) of [Eduardo Beltrame (Munfred)](https://github.com/Munfred) and [Robbie D (microchipster)](https://github.com/microchipster), the playbook now supports bridging to [Google Hangouts](https://hangouts.google.com/) via the [mautrix-hangouts](https://mau.dev/tulir/mautrix-hangouts) bridge. + +Additional details are available in [Setting up Mautrix Hangouts bridging](docs/configuring-playbook-bridge-mautrix-hangouts.md). + + # 2019-08-05 ## Email2Matrix support diff --git a/docs/configuring-playbook-bridge-mautrix-hangouts.md b/docs/configuring-playbook-bridge-mautrix-hangouts.md index 8e0720ab..f7f89291 100644 --- a/docs/configuring-playbook-bridge-mautrix-hangouts.md +++ b/docs/configuring-playbook-bridge-mautrix-hangouts.md @@ -4,7 +4,7 @@ The playbook can install and configure [mautrix-hangouts](https://github.com/tul See the project's [documentation](https://github.com/tulir/mautrix-hangouts/wiki#usage) to learn what it does and why it might be useful to you. -To enable the Google Hangouts bridge just use the following playbook configuration: +To enable the [Google Hangouts](https://hangouts.google.com/) bridge just use the following playbook configuration: ```yaml @@ -19,6 +19,6 @@ Send `login` to the bridge bot to receive a link to the portal from which you ca Automatic login may not work. If it does not, reload the page and select the "Manual login" checkbox before starting. Manual login involves logging into your Google account normally and then manually getting the OAuth token from browser cookies with developer tools. -Once logged in recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages +Once logged in, recent chats should show up as new conversations automatically. Other chats will get portals as you receive messages. -You can learn more here about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). +You can learn more about authentication from the bridge's [official documentation on Authentication](https://github.com/tulir/mautrix-hangouts/wiki/Authentication). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index e9575c62..ec81e630 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -79,6 +79,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional) +- [Setting up Mautrix Hangouts bridging](configuring-playbook-bridge-mautrix-hangouts.md) (optional) + - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)