one var to control encryption across all bridges (#2629)

* one var to control encryption across all bridges

* move var to matrix-base
This commit is contained in:
Aine 2023-04-05 14:59:48 +03:00 committed by GitHub
parent 6132c444da
commit 7399496d33
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 61 additions and 23 deletions

View file

@ -33,6 +33,13 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
```
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
**for all bridges with encryption support**:
```yaml
matrix_bridges_encryption_enabled: true
```
**Alternatively**, for a specific bridge:
```yaml
matrix_mautrix_SERVICENAME_configuration_extension_yaml: |
bridge:

View file

@ -13,6 +13,9 @@ matrix_domain: ~
# Example value: "@someone:{{ matrix_domain }}"
matrix_admin: ''
# Global var to enable/disable encryption across all bridges with encryption support
matrix_bridges_encryption_enabled: false
# matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc.
#
# Unless you're wrapping this playbook in another one

View file

@ -120,7 +120,7 @@ matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
# End-to-bridge encryption configuration
matrix_appservice_kakaotalk_bridge_encryption_allow: false
matrix_appservice_kakaotalk_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
# Specifies the default log level for all bridge loggers.

View file

@ -83,6 +83,11 @@ matrix_beeper_linkedin_login_shared_secret: ''
# Specifies the default log level for all bridge loggers.
matrix_beeper_linkedin_logging_level: WARNING
# Enable End-to-bridge encryption
matrix_beeper_linkedin_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_beeper_linkedin_bridge_encryption_default: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
matrix_beeper_linkedin_bridge_encryption_key_sharing_allow: "{{ matrix_beeper_linkedin_bridge_encryption_allow }}"
# Default beeper-linkedin configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

View file

@ -156,15 +156,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_beeper_linkedin_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_beeper_linkedin_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_beeper_linkedin_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -86,7 +86,7 @@ matrix_go_skype_bridge_bridge_double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.

View file

@ -137,7 +137,7 @@ matrix_mautrix_discord_registration_yaml: |
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_discord_bridge_encryption_allow: false
matrix_mautrix_discord_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"

View file

@ -149,3 +149,8 @@ matrix_mautrix_facebook_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_facebook_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_facebook_bridge_encryption_default: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"
matrix_mautrix_facebook_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_facebook_bridge_encryption_allow }}"

View file

@ -126,15 +126,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_facebook_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_facebook_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow_key_sharing: {{ matrix_mautrix_facebook_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -129,3 +129,7 @@ matrix_mautrix_googlechat_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_googlechat_registration: "{{ matrix_mautrix_googlechat_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_googlechat_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_googlechat_bridge_encryption_default: "{{ matrix_mautrix_googlechat_bridge_encryption_allow }}"

View file

@ -88,10 +88,10 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_googlechat_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_googlechat_bridge_encryption_default|to_json }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.

View file

@ -126,3 +126,7 @@ matrix_mautrix_hangouts_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_hangouts_registration: "{{ matrix_mautrix_hangouts_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_hangouts_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_hangouts_bridge_encryption_default: "{{ matrix_mautrix_hangouts_bridge_encryption_allow }}"

View file

@ -88,10 +88,10 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_hangouts_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_hangouts_bridge_encryption_default|to_json }}
# Public website and API configs
web:

View file

@ -129,3 +129,8 @@ matrix_mautrix_instagram_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_instagram_registration: "{{ matrix_mautrix_instagram_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_instagram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_instagram_bridge_encryption_default: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"
matrix_mautrix_instagram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_instagram_bridge_encryption_allow }}"

View file

@ -143,15 +143,15 @@ bridge:
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -152,7 +152,7 @@ matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml
matrix_mautrix_signal_log_level: 'DEBUG'
matrix_mautrix_signal_bridge_encryption_allow: false
matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"

View file

@ -133,6 +133,6 @@ matrix_mautrix_slack_registration_yaml: |
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_slack_bridge_encryption_allow: false
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

View file

@ -163,6 +163,6 @@ matrix_mautrix_telegram_alias_template: 'telegram_{groupname}'
matrix_mautrix_telegram_displayname_template: '{displayname} (Telegram)'
# Enable End-to-bridge encryption
matrix_mautrix_telegram_bridge_encryption_allow: false
matrix_mautrix_telegram_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_telegram_bridge_encryption_default: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"
matrix_mautrix_telegram_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_telegram_bridge_encryption_allow }}"

View file

@ -127,3 +127,8 @@ matrix_mautrix_twitter_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_twitter_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_twitter_bridge_encryption_default: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"
matrix_mautrix_twitter_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_twitter_bridge_encryption_allow }}"

View file

@ -126,15 +126,15 @@ bridge:
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
allow: {{ matrix_mautrix_twitter_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
default: {{ matrix_mautrix_twitter_bridge_encryption_default|to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
allow: {{ matrix_mautrix_twitter_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.

View file

@ -97,7 +97,7 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_whatsapp_homeserver_domain: matrix_mautrix_whatsapp_login_shared_secret} if matrix_mautrix_whatsapp_login_shared_secret else {} }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"