Merge branch 'master' into pub.solar

This commit is contained in:
teutat3s 2022-02-01 04:32:01 +01:00
commit 851353994d
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
13 changed files with 87 additions and 47 deletions

View file

@ -1,20 +1,33 @@
# Setting up MX Puppet Slack (optional)
**Note**: bridging to [Slack](https://slack.com) can also happen via the [matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md) bridge supported by the playbook.
**Note**: bridging to [Slack](https://slack.com) can also happen via the
[matrix-appservice-slack](configuring-playbook-bridge-appservice-slack.md)
bridge supported by the playbook.
The playbook can install and configure
[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Slack](https://slack.com/) bridge just use the following
playbook configuration:
## Setup
To enable the [Slack](https://slack.com/) bridge:
```yaml
matrix_mx_puppet_slack_enabled: true
```
1. Follow the
[OAuth credentials](https://github.com/Sorunome/mx-puppet-slack#option-2-oauth)
instructions to create a new Slack app, setting the redirect URL to
`https://matrix.YOUR_DOMAIN/slack/oauth`.
2. Update your `vars.yml` with the following:
```yaml
matrix_mx_puppet_slack_enabled: true
# Client ID must be quoted so YAML does not parse it as a float.
matrix_mx_puppet_slack_oauth_client_id: "<SLACK_APP_CLIENT_ID>"
matrix_mx_puppet_slack_oauth_client_secret: "<SLACK_APP_CLIENT_SECRET>"
```
3. Run playbooks with `setup-all` and `start` tags:
```
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
```
## Usage

View file

@ -1059,7 +1059,7 @@ matrix_bot_mjolnir_systemd_required_services_list: |
matrix_corporal_enabled: false
matrix_corporal_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_corporal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-corporal over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -1482,6 +1482,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
+
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
+
(['matrix-etherpad.service'] if matrix_etherpad_enabled and matrix_dimension_enabled else [])
}}
matrix_ssl_domains_to_obtain_certificates_for: |

View file

@ -7,7 +7,7 @@ matrix_bot_honoroit_container_image_self_build: false
matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.3
matrix_bot_honoroit_version: v0.9.4
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"

View file

@ -6,7 +6,7 @@ matrix_mautrix_facebook_enabled: true
matrix_mautrix_facebook_container_image_self_build: false
matrix_mautrix_facebook_container_image_self_build_repo: "https://mau.dev/mautrix/facebook.git"
matrix_mautrix_facebook_version: v0.3.2
matrix_mautrix_facebook_version: v0.3.3
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}mautrix/facebook:{{ matrix_mautrix_facebook_version }}"
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"

View file

@ -27,7 +27,7 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
matrix_mx_puppet_discord_bridge_mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver

View file

@ -3,6 +3,9 @@
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_oauth_client_id: ''
matrix_mx_puppet_slack_oauth_client_secret: ''
matrix_mx_puppet_slack_container_image_self_build: false
matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git"

View file

@ -18,6 +18,10 @@ bridge:
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: true
# Slack app credentials.
# N.B. This must be quoted so YAML does not parse it as a float.
clientId: '{{ matrix_mx_puppet_slack_oauth_client_id }}'
clientSecret: {{ matrix_mx_puppet_slack_oauth_client_secret|to_json }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,

View file

@ -3,7 +3,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v1.6.1
matrix_client_cinny_version: v1.7.0
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

View file

@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.9.9
matrix_client_element_version: v1.10.0
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View file

@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_version: 2.2.2
matrix_corporal_version: 2.2.3
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

View file

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.50.1
matrix_synapse_version_arm64: v1.50.1
matrix_synapse_version: v1.51.0
matrix_synapse_version_arm64: v1.51.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

View file

@ -18,25 +18,33 @@
group: "{{ matrix_user_groupname }}"
when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
- name: Ensure Synapse repository is present on self-build
git:
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
dest: "{{ matrix_synapse_docker_src_files_path }}"
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_synapse_git_pull_results
when: "matrix_synapse_container_image_self_build|bool"
- block:
- name: Ensure Synapse repository is present on self-build
git:
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
dest: "{{ matrix_synapse_docker_src_files_path }}"
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_synapse_git_pull_results
- name: Ensure Synapse Docker image is built
docker_image:
name: "{{ matrix_synapse_docker_image }}"
source: build
force_source: "{{ matrix_synapse_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_git_pull_results.changed }}"
build:
dockerfile: docker/Dockerfile
path: "{{ matrix_synapse_docker_src_files_path }}"
pull: yes
- name: Check if Synapse Docker image exists
command: "{{ matrix_host_command_docker }} images --quiet --filter 'reference={{ matrix_synapse_docker_image }}'"
register: matrix_synapse_docker_image_check_result
# Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
# because the latter does not support BuildKit.
# See: https://github.com/ansible-collections/community.general/issues/514
- name: Ensure Synapse Docker image is built
shell:
chdir: "{{ matrix_synapse_docker_src_files_path }}"
cmd: |
{{ matrix_host_command_docker }} build \
-t "{{ matrix_synapse_docker_image }}" \
-f docker/Dockerfile \
.
environment:
DOCKER_BUILDKIT: 1
when: "matrix_synapse_git_pull_results.changed|bool or matrix_synapse_docker_image_check_result.stdout == ''"
when: "matrix_synapse_container_image_self_build|bool"
- name: Ensure Synapse Docker image is pulled

View file

@ -50,13 +50,7 @@ server_name: "{{ matrix_domain }}"
#
pid_file: /homeserver.pid
# The absolute URL to the web client which /_matrix/client will redirect
# to if 'webclient' is configured under the 'listeners' configuration.
#
# This option can be also set to the filesystem path to the web client
# which will be served at /_matrix/client/ if 'webclient' is configured
# under the 'listeners' configuration, however this is a security risk:
# https://github.com/matrix-org/synapse#security-note
# The absolute URL to the web client which / will redirect to.
#
#web_client_location: https://riot.example.com/
@ -140,7 +134,7 @@ allow_public_rooms_over_federation: {{ matrix_synapse_allow_public_rooms_over_fe
# The default room version for newly created rooms.
#
# Known room versions are listed here:
# https://matrix.org/docs/spec/#complete-list-of-room-versions
# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions
#
# For example, for room version 1, default_room_version should be set
# to "1".
@ -285,8 +279,6 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }}
# static: static resources under synapse/static (/_matrix/static). (Mostly
# useful for 'fallback authentication'.)
#
# webclient: A web client. Requires web_client_location to be set.
#
listeners:
{% if matrix_synapse_metrics_enabled %}
- type: metrics
@ -1535,6 +1527,21 @@ room_prejoin_state:
#additional_event_types:
# - org.example.custom.event.type
# We record the IP address of clients used to access the API for various
# reasons, including displaying it to the user in the "Where you're signed in"
# dialog.
#
# By default, when puppeting another user via the admin API, the client IP
# address is recorded against the user who created the access token (ie, the
# admin user), and *not* the puppeted user.
#
# Uncomment the following to also record the IP address against the puppeted
# user. (This also means that the puppeted user will count as an "active" user
# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc
# above.)
#
#track_puppeted_user_ips: true
# A list of application service config files to use
#
@ -1900,10 +1907,13 @@ saml2_config:
# Defaults to false. Avoid this in production.
#
# user_profile_method: Whether to fetch the user profile from the userinfo
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
# endpoint, or to rely on the data returned in the id_token from the
# token_endpoint.
#
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
# Valid values are: 'auto' or 'userinfo_endpoint'.
#
# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
# userinfo endpoint.
#
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to