Merge branch 'master' into pub.solar
This commit is contained in:
commit
851353994d
|
@ -1,20 +1,33 @@
|
|||
# Setting up MX Puppet Slack (optional)
|
||||
|
||||
**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook.
|
||||
**Note**: bridging to [Slack](https://slack.com) can also happen via the
|
||||
[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)
|
||||
bridge supported by the playbook.
|
||||
|
||||
The playbook can install and configure
|
||||
[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you.
|
||||
|
||||
See the project page to learn what it does and why it might be useful to you.
|
||||
|
||||
To enable the [Slack](https://slack.com/) bridge just use the following
|
||||
playbook configuration:
|
||||
## Setup
|
||||
|
||||
To enable the [Slack](https://slack.com/) bridge:
|
||||
|
||||
```yaml
|
||||
matrix_mx_puppet_slack_enabled: true
|
||||
```
|
||||
|
||||
1. Follow the
|
||||
[OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth)
|
||||
instructions to create a new Slack app, setting the redirect URL to
|
||||
`https://matrix.YOUR_DOMAIN/slack/oauth`.
|
||||
2. Update your `vars.yml` with the following:
|
||||
```yaml
|
||||
matrix_mx_puppet_slack_enabled: true
|
||||
# Client ID must be quoted so YAML does not parse it as a float.
|
||||
matrix_mx_puppet_slack_oauth_client_id: "<SLACK_APP_CLIENT_ID>"
|
||||
matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
|
||||
```
|
||||
3. Run playbooks with `setup-all` and `start` tags:
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
|
|
|
@ -1059,7 +1059,7 @@ matrix_bot_mjolnir_systemd_required_services_list: |
|
|||
|
||||
matrix_corporal_enabled: false
|
||||
|
||||
matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
|
||||
matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
|
@ -1482,6 +1482,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
|||
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
|
||||
+
|
||||
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
|
||||
+
|
||||
(['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_ssl_domains_to_obtain_certificates_for: |
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_bot_honoroit_container_image_self_build: false
|
|||
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
|
||||
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
|
||||
|
||||
matrix_bot_honoroit_version: v0.9.3
|
||||
matrix_bot_honoroit_version: v0.9.4
|
||||
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
|
||||
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
|
||||
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true
|
|||
matrix_mautrix_facebook_container_image_self_build: false
|
||||
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
|
||||
|
||||
matrix_mautrix_facebook_version: v0.3.2
|
||||
matrix_mautrix_facebook_version: v0.3.3
|
||||
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
|
||||
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
|
||||
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -27,7 +27,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
|
|||
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
|
||||
|
||||
matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
|
||||
matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# "@user:server.com" to allow specific user
|
||||
# "@.*:yourserver.com" to allow users on a specific homeserver
|
||||
|
|
|
@ -3,6 +3,9 @@
|
|||
|
||||
matrix_mx_puppet_slack_enabled: true
|
||||
|
||||
matrix_mx_puppet_slack_oauth_client_id: ''
|
||||
matrix_mx_puppet_slack_oauth_client_secret: ''
|
||||
|
||||
matrix_mx_puppet_slack_container_image_self_build: false
|
||||
matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git"
|
||||
|
||||
|
|
|
@ -18,6 +18,10 @@ bridge:
|
|||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||
oauth:
|
||||
enabled: true
|
||||
# Slack app credentials.
|
||||
# N.B. This must be quoted so YAML does not parse it as a float.
|
||||
clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}'
|
||||
clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }}
|
||||
# Path where to listen for OAuth redirect callbacks.
|
||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||
|
|
|
@ -3,7 +3,7 @@ matrix_client_cinny_enabled: true
|
|||
matrix_client_cinny_container_image_self_build: false
|
||||
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
|
||||
|
||||
matrix_client_cinny_version: v1.6.1
|
||||
matrix_client_cinny_version: v1.7.0
|
||||
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
|
||||
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
|||
# - https://github.com/vector-im/element-web/issues/19544
|
||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||
|
||||
matrix_client_element_version: v1.9.9
|
||||
matrix_client_element_version: v1.10.0
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
|
|||
# List of systemd services that matrix-corporal.service depends on
|
||||
matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_corporal_version: 2.2.2
|
||||
matrix_corporal_version: 2.2.3
|
||||
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
|
||||
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility
|
||||
|
|
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||
# amd64 gets released first.
|
||||
# arm32 relies on self-building, so the same version can be built immediately.
|
||||
# arm64 users need to wait for a prebuilt image to become available.
|
||||
matrix_synapse_version: v1.50.1
|
||||
matrix_synapse_version_arm64: v1.50.1
|
||||
matrix_synapse_version: v1.51.0
|
||||
matrix_synapse_version_arm64: v1.51.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -18,25 +18,33 @@
|
|||
group: "{{ matrix_user_groupname }}"
|
||||
when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
|
||||
|
||||
- name: Ensure Synapse repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_synapse_docker_src_files_path }}"
|
||||
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_synapse_git_pull_results
|
||||
when: "matrix_synapse_container_image_self_build|bool"
|
||||
- block:
|
||||
- name: Ensure Synapse repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
|
||||
dest: "{{ matrix_synapse_docker_src_files_path }}"
|
||||
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
register: matrix_synapse_git_pull_results
|
||||
|
||||
- name: Ensure Synapse Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_synapse_docker_image }}"
|
||||
source: build
|
||||
force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}"
|
||||
build:
|
||||
dockerfile: docker/Dockerfile
|
||||
path: "{{ matrix_synapse_docker_src_files_path }}"
|
||||
pull: yes
|
||||
- name: Check if Synapse Docker image exists
|
||||
command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'"
|
||||
register: matrix_synapse_docker_image_check_result
|
||||
|
||||
# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
|
||||
# because the latter does not support BuildKit.
|
||||
# See: https://github.com/ansible-collections/community.general/issues/514
|
||||
- name: Ensure Synapse Docker image is built
|
||||
shell:
|
||||
chdir: "{{ matrix_synapse_docker_src_files_path }}"
|
||||
cmd: |
|
||||
{{ matrix_host_command_docker }} build \
|
||||
-t "{{ matrix_synapse_docker_image }}" \
|
||||
-f docker/Dockerfile \
|
||||
.
|
||||
environment:
|
||||
DOCKER_BUILDKIT: 1
|
||||
when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''"
|
||||
when: "matrix_synapse_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure Synapse Docker image is pulled
|
||||
|
|
|
@ -50,13 +50,7 @@ server_name: "{{ matrix_domain }}"
|
|||
#
|
||||
pid_file: /homeserver.pid
|
||||
|
||||
# The absolute URL to the web client which /_matrix/client will redirect
|
||||
# to if 'webclient' is configured under the 'listeners' configuration.
|
||||
#
|
||||
# This option can be also set to the filesystem path to the web client
|
||||
# which will be served at /_matrix/client/ if 'webclient' is configured
|
||||
# under the 'listeners' configuration, however this is a security risk:
|
||||
# https://github.com/matrix-org/synapse#security-note
|
||||
# The absolute URL to the web client which / will redirect to.
|
||||
#
|
||||
#web_client_location: https://riot.example.com/
|
||||
|
||||
|
@ -140,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe
|
|||
# The default room version for newly created rooms.
|
||||
#
|
||||
# Known room versions are listed here:
|
||||
# https://matrix.org/docs/spec/#complete-list-of-room-versions
|
||||
# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
|
||||
#
|
||||
# For example, for room version 1, default_room_version should be set
|
||||
# to "1".
|
||||
|
@ -285,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
|
|||
# static: static resources under synapse/static (/_matrix/static). (Mostly
|
||||
# useful for 'fallback authentication'.)
|
||||
#
|
||||
# webclient: A web client. Requires web_client_location to be set.
|
||||
#
|
||||
listeners:
|
||||
{% if matrix_synapse_metrics_enabled %}
|
||||
- type: metrics
|
||||
|
@ -1535,6 +1527,21 @@ room_prejoin_state:
|
|||
#additional_event_types:
|
||||
# - org.example.custom.event.type
|
||||
|
||||
# We record the IP address of clients used to access the API for various
|
||||
# reasons, including displaying it to the user in the "Where you're signed in"
|
||||
# dialog.
|
||||
#
|
||||
# By default, when puppeting another user via the admin API, the client IP
|
||||
# address is recorded against the user who created the access token (ie, the
|
||||
# admin user), and *not* the puppeted user.
|
||||
#
|
||||
# Uncomment the following to also record the IP address against the puppeted
|
||||
# user. (This also means that the puppeted user will count as an "active" user
|
||||
# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc
|
||||
# above.)
|
||||
#
|
||||
#track_puppeted_user_ips: true
|
||||
|
||||
|
||||
# A list of application service config files to use
|
||||
#
|
||||
|
@ -1900,10 +1907,13 @@ saml2_config:
|
|||
# Defaults to false. Avoid this in production.
|
||||
#
|
||||
# user_profile_method: Whether to fetch the user profile from the userinfo
|
||||
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
|
||||
# endpoint, or to rely on the data returned in the id_token from the
|
||||
# token_endpoint.
|
||||
#
|
||||
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
|
||||
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
|
||||
# Valid values are: 'auto' or 'userinfo_endpoint'.
|
||||
#
|
||||
# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
|
||||
# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
|
||||
# userinfo endpoint.
|
||||
#
|
||||
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
||||
|
|
Loading…
Reference in a new issue