Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
This commit is contained in:
commit
8a0c3146d3
35
CHANGELOG.md
35
CHANGELOG.md
|
@ -1,3 +1,38 @@
|
||||||
|
# 2020-01-30
|
||||||
|
|
||||||
|
## Disabling TLSv1.1
|
||||||
|
|
||||||
|
To improve security, we've removed TLSv1.1 support from our default matrix-nginx-proxy configuration.
|
||||||
|
|
||||||
|
If you need to support old clients, you can re-enable it with the following configuration: `matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"`
|
||||||
|
|
||||||
|
|
||||||
|
# 2020-01-21
|
||||||
|
|
||||||
|
## Postgres collation changes (action required!)
|
||||||
|
|
||||||
|
By default, we've been using a UTF-8 collation for Postgres. This is known to cause Synapse some troubles (see the [relevant issue](https://github.com/matrix-org/synapse/issues/6722)) on systems that use [glibc](https://www.gnu.org/software/libc/). We run Postgres in an [Alpine Linux](https://alpinelinux.org/) container (which uses [musl](https://www.musl-libc.org/), and not glibc), so our users are likely not affected by the index corruption problem observed by others.
|
||||||
|
|
||||||
|
Still, we might become affected in the future. In any case, it's imminent that Synapse will complain about databases which do not use a C collation.
|
||||||
|
|
||||||
|
To avoid future problems, we recommend that you run the following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres --extra-vars='{"postgres_force_upgrade": true}'
|
||||||
|
```
|
||||||
|
|
||||||
|
It forces a [Postgres database upgrade](docs/maintenance-postgres.md#upgrading-postgresql), which would recreate your Postgres database using the proper (`C`) collation. If you are low on disk space, or run into trouble, refer to the Postgres database upgrade documentation page.
|
||||||
|
|
||||||
|
|
||||||
|
# 2020-01-14
|
||||||
|
|
||||||
|
## Added support for Appservice Webhooks
|
||||||
|
|
||||||
|
Thanks to a contribution from [Björn Marten](https://github.com/tripleawwy) from [netresearch](https://www.netresearch.de/), the playbook can now install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. This bridge provides support for Slack-compatible webhooks.
|
||||||
|
|
||||||
|
Learn more in [Setting up Appservice Webhooks](docs/configuring-playbook-bridge-appservice-webhooks.md).
|
||||||
|
|
||||||
|
|
||||||
# 2020-01-12
|
# 2020-01-12
|
||||||
|
|
||||||
## Added support for automatic Double Puppeting for all Mautrix bridges
|
## Added support for automatic Double Puppeting for all Mautrix bridges
|
||||||
|
|
|
@ -44,12 +44,14 @@ Using this playbook, you can get the following services configured on your serve
|
||||||
|
|
||||||
- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
|
- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)
|
- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)
|
||||||
|
|
||||||
|
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
|
||||||
|
|
||||||
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
|
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
|
||||||
|
|
||||||
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
|
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
|
||||||
|
@ -132,12 +134,14 @@ This playbook sets up your server using the following Docker images:
|
||||||
|
|
||||||
- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
|
- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
|
||||||
|
|
||||||
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
||||||
|
|
||||||
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
|
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
|
||||||
|
|
||||||
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
|
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
|
||||||
|
|
||||||
|
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
|
||||||
|
|
||||||
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
|
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -9,9 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
|
||||||
|
|
||||||
## Supported Ansible versions
|
## Supported Ansible versions
|
||||||
|
|
||||||
Ansible 2.5 or newer is required.
|
Ansible 2.5.2 or newer is required.
|
||||||
|
|
||||||
If you're on Ansible 2.5.x, due to bugs in Ansible 2.5.0 and 2.5.1, at least Ansible 2.5.2 is required.
|
|
||||||
|
|
||||||
|
|
||||||
## Checking your Ansible version
|
## Checking your Ansible version
|
||||||
|
@ -28,7 +26,7 @@ If you're on an old version of Ansible, you should [upgrade Ansible to a newer v
|
||||||
|
|
||||||
Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
|
Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
|
||||||
|
|
||||||
- by using an additional repository (PPA, etc.), which provides newer Ansible versions
|
- by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
|
||||||
|
|
||||||
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
|
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Setting up Appservice IRC (optional)
|
# Setting up Appservice IRC (optional)
|
||||||
|
|
||||||
The playbook can install and configure [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) for you.
|
The playbook can install and configure [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) for you.
|
||||||
|
|
||||||
See the project's [documentation](https://github.com/TeDomum/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.
|
See the project's [documentation](https://github.com/matrix-org/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.
|
||||||
|
|
||||||
You'll need to use the following playbook configuration:
|
You'll need to use the following playbook configuration:
|
||||||
|
|
||||||
|
|
61
docs/configuring-playbook-bridge-appservice-webhooks.md
Normal file
61
docs/configuring-playbook-bridge-appservice-webhooks.md
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# Setting up Appservice Webhooks (optional)
|
||||||
|
|
||||||
|
The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you.
|
||||||
|
|
||||||
|
This bridge provides support for Slack-compatible webhooks.
|
||||||
|
|
||||||
|
Setup Instructions:
|
||||||
|
|
||||||
|
loosely based on [this](https://github.com/turt2live/matrix-appservice-webhooks/blob/master/README.md)
|
||||||
|
|
||||||
|
1. All you basically need is to adjust your `inventory/host_vars/matrix.<domain-name>/vars.yml`:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_appservice_webhooks_enabled: true
|
||||||
|
matrix_appservice_webhooks_api_secret: '<your_secret>'
|
||||||
|
```
|
||||||
|
|
||||||
|
2. In case you want to change the verbosity of logging via `journalctl -fu matrix-appservice-webhooks.service`
|
||||||
|
you can adjust this in `inventory/host_vars/matrix.<domain-name>/vars.yml` as well.
|
||||||
|
|
||||||
|
*Note*: default value is: `info` and availabe log levels are : `info`, `verbose`
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_appservice_webhooks_log_level: '<log_level>'
|
||||||
|
```
|
||||||
|
|
||||||
|
3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||||
|
|
||||||
|
4. Invite the bridge bot user to your room:
|
||||||
|
|
||||||
|
- either with `/invite @_webhook:<domain.name>` (*Note*: Make sure you have administration permissions in your room)
|
||||||
|
|
||||||
|
- or simply add the bridge bot to a private channel (personal channels imply you being an administrator)
|
||||||
|
|
||||||
|
5. Send a message to the bridge bot in order to receive a private message including the webhook link.
|
||||||
|
```
|
||||||
|
!webhook
|
||||||
|
```
|
||||||
|
|
||||||
|
6. The JSON body for posting messages will have to look like this:
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"text": "Hello world!",
|
||||||
|
"format": "plain",
|
||||||
|
"displayName": "My Cool Webhook",
|
||||||
|
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
You can test this via curl like so:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl --header "Content-Type: application/json" \
|
||||||
|
--data '{
|
||||||
|
"text": "Hello world!",
|
||||||
|
"format": "plain",
|
||||||
|
"displayName": "My Cool Webhook",
|
||||||
|
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
|
||||||
|
}' \
|
||||||
|
<the link you've gotten in 5.>
|
||||||
|
```
|
|
@ -52,7 +52,7 @@ Note that if your nginx version is old, it might not like our default choice of
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Custom protocol list (removing `TLSv1.3`) to suit your nginx version.
|
# Custom protocol list (removing `TLSv1.3`) to suit your nginx version.
|
||||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -93,4 +93,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
||||||
|
|
||||||
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
|
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
|
||||||
|
|
||||||
|
- [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)
|
||||||
|
|
||||||
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
||||||
|
|
|
@ -8,9 +8,11 @@ Run this as-is to set up a server:
|
||||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
|
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
|
||||||
```
|
```
|
||||||
|
|
||||||
This **doesn't start any services just yet** (another step does this later - below).
|
**Note**: if you don't use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
|
||||||
|
|
||||||
Feel free to **re-run this any time** you think something is off with the server configuration.
|
The above command **doesn't start any services just yet** (another step does this later - below).
|
||||||
|
|
||||||
|
Feel free to **re-run this setup command any time** you think something is off with the server configuration.
|
||||||
|
|
||||||
|
|
||||||
## Things you might want to do after installing
|
## Things you might want to do after installing
|
||||||
|
|
|
@ -42,7 +42,7 @@ docker run \
|
||||||
--rm \
|
--rm \
|
||||||
--network=matrix \
|
--network=matrix \
|
||||||
--env-file=/matrix/postgres/env-postgres-psql \
|
--env-file=/matrix/postgres/env-postgres-psql \
|
||||||
postgres:12.0-alpine \
|
postgres:12.1-alpine \
|
||||||
pg_dumpall -h matrix-postgres \
|
pg_dumpall -h matrix-postgres \
|
||||||
| gzip -c \
|
| gzip -c \
|
||||||
> /postgres.sql.gz
|
> /postgres.sql.gz
|
||||||
|
|
|
@ -24,11 +24,14 @@ If you've just installed Matrix, **to finalize the installation process**, it's
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user's privileges:
|
|
||||||
|
## Adding/Removing Administrator privileges to an existing user.
|
||||||
|
|
||||||
|
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
|
||||||
|
|
||||||
* log on to your server with ssh
|
* log on to your server with ssh
|
||||||
* execute with the username:
|
* execute with the username and 0/1 (0 = non-admin | 1 = admin)
|
||||||
|
|
||||||
```
|
```
|
||||||
/usr/local/bin/matrix-make-user-admin <username>
|
/usr/local/bin/matrix-change-user-admin-status <username> <0/1>
|
||||||
```
|
```
|
||||||
|
|
|
@ -34,7 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
|
||||||
|
|
||||||
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
|
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
|
||||||
|
|
||||||
This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not.
|
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
|
||||||
|
|
||||||
|
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
|
||||||
|
|
||||||
### Example:
|
### Example:
|
||||||
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
|
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
SSLCertificateKeyFile /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
|
SSLCertificateKeyFile /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
|
||||||
|
|
||||||
SSLProxyEngine on
|
SSLProxyEngine on
|
||||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
|
||||||
ProxyPreserveHost On
|
ProxyPreserveHost On
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
||||||
|
|
||||||
SSLProxyEngine on
|
SSLProxyEngine on
|
||||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
|
||||||
ProxyPreserveHost On
|
ProxyPreserveHost On
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
||||||
|
|
||||||
SSLProxyEngine on
|
SSLProxyEngine on
|
||||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
|
||||||
ProxyPreserveHost On
|
ProxyPreserveHost On
|
||||||
|
@ -103,7 +103,7 @@ Listen 8448
|
||||||
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
||||||
|
|
||||||
SSLProxyEngine on
|
SSLProxyEngine on
|
||||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
|
||||||
ProxyPreserveHost On
|
ProxyPreserveHost On
|
||||||
|
|
|
@ -60,6 +60,40 @@ matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_k
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# matrix-appservice-webhooks
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
# We don't enable bridges by default.
|
||||||
|
matrix_appservice_webhooks_enabled: false
|
||||||
|
|
||||||
|
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
|
||||||
|
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||||
|
# matrix-appservice-webhooks' client-server port to the local host.
|
||||||
|
matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_webhooks_webhooks_port }}' }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_systemd_required_services_list: |
|
||||||
|
{{
|
||||||
|
['docker.service']
|
||||||
|
+
|
||||||
|
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||||
|
}}
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
#
|
||||||
|
# /matrix-appservice-webhooks
|
||||||
|
#
|
||||||
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-appservice-slack
|
# matrix-appservice-slack
|
||||||
|
@ -74,11 +108,11 @@ matrix_appservice_slack_enabled: false
|
||||||
# matrix-appservice-slack's client-server port to the local host.
|
# matrix-appservice-slack's client-server port to the local host.
|
||||||
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_slack_slack_port }}' }}"
|
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_slack_slack_port }}' }}"
|
||||||
|
|
||||||
matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-appservice-token') | to_uuid }}"
|
matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}"
|
||||||
|
|
||||||
matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-homeserver-token') | to_uuid }}"
|
matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
|
||||||
|
|
||||||
matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-id-token') | to_uuid }}"
|
matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}"
|
||||||
|
|
||||||
matrix_appservice_slack_systemd_required_services_list: |
|
matrix_appservice_slack_systemd_required_services_list: |
|
||||||
{{
|
{{
|
||||||
|
@ -604,7 +638,6 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
|
||||||
matrix_synapse_email_smtp_port: 8025
|
matrix_synapse_email_smtp_port: 8025
|
||||||
matrix_synapse_email_smtp_require_transport_security: false
|
matrix_synapse_email_smtp_require_transport_security: false
|
||||||
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
||||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
|
||||||
|
|
||||||
# Even if TURN doesn't support TLS (it does by default),
|
# Even if TURN doesn't support TLS (it does by default),
|
||||||
# it doesn't hurt to try a secure connection anyway.
|
# it doesn't hurt to try a secure connection anyway.
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- bash-completion
|
- bash-completion
|
||||||
- python-docker
|
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
|
||||||
- ntp
|
- ntp
|
||||||
- fuse
|
- fuse
|
||||||
state: latest
|
state: latest
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
matrix_appservice_irc_enabled: true
|
matrix_appservice_irc_enabled: true
|
||||||
|
|
||||||
matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
|
matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.14.1"
|
||||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
||||||
|
@ -377,11 +377,6 @@ matrix_appservice_irc_configuration_yaml: |
|
||||||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||||
|
|
||||||
ircService:
|
ircService:
|
||||||
# The nedb database URI to connect to. This is the name of the directory to
|
|
||||||
# dump .db files to. This is relative to the project directory.
|
|
||||||
# Required.
|
|
||||||
databaseUri: "nedb:///data"
|
|
||||||
|
|
||||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||||
# the database.
|
# the database.
|
||||||
|
@ -474,6 +469,15 @@ matrix_appservice_irc_configuration_yaml: |
|
||||||
# enough for the vast majority of use cases.
|
# enough for the vast majority of use cases.
|
||||||
maxHttpSockets: 1000
|
maxHttpSockets: 1000
|
||||||
|
|
||||||
|
# Use an external database to store bridge state.
|
||||||
|
database:
|
||||||
|
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||||
|
engine: "nedb"
|
||||||
|
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||||
|
# For postgres, it must start with postgres://
|
||||||
|
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||||
|
connectionString: "nedb:///data"
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_extension_yaml: |
|
matrix_appservice_irc_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for Appservice IRC servers goes here.
|
# Your custom YAML configuration for Appservice IRC servers goes here.
|
||||||
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
|
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
|
||||||
|
|
|
@ -98,13 +98,15 @@
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
||||||
-v {{ matrix_appservice_irc_data_path }}:/data:z
|
-v {{ matrix_appservice_irc_data_path }}:/data:z
|
||||||
|
--entrypoint=/bin/bash
|
||||||
{{ matrix_appservice_irc_docker_image }}
|
{{ matrix_appservice_irc_docker_image }}
|
||||||
node app.js
|
-c
|
||||||
|
'node app.js
|
||||||
-r
|
-r
|
||||||
-f /config/registration-template.yaml
|
-f /config/registration-template.yaml
|
||||||
-u "http://matrix-appservice-irc:9999"
|
-u "http://matrix-appservice-irc:9999"
|
||||||
-c /config/config.yaml
|
-c /config/config.yaml
|
||||||
-l irc_bot
|
-l irc_bot'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Read Appservice IRC registration-template.yaml
|
- name: Read Appservice IRC registration-template.yaml
|
||||||
|
|
|
@ -30,8 +30,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||||
{% for arg in matrix_appservice_irc_container_extra_arguments %}
|
{% for arg in matrix_appservice_irc_container_extra_arguments %}
|
||||||
{{ arg }} \
|
{{ arg }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
--entrypoint=/bin/bash \
|
||||||
{{ matrix_appservice_irc_docker_image }} \
|
{{ matrix_appservice_irc_docker_image }} \
|
||||||
-c /config/config.yaml -f /config/registration.yaml -p 9999
|
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
matrix_appservice_slack_enabled: true
|
matrix_appservice_slack_enabled: true
|
||||||
|
|
||||||
matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.0.2"
|
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest"
|
||||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
|
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
|
||||||
|
@ -51,24 +51,6 @@ matrix_appservice_slack_configuration_yaml: |
|
||||||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||||
|
|
||||||
# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise.
|
|
||||||
rtm:
|
|
||||||
# Use the RTM API to listen for requests, which does not require
|
|
||||||
# the bridge to listen on the hook port.
|
|
||||||
# You should leave this enabled, unless you plan to use the
|
|
||||||
# bridge exclusively for webhooks.
|
|
||||||
enable: true
|
|
||||||
logging: "silent" # Logging level specific to RTM traffic.
|
|
||||||
# A prefix similar to inbound_uri_prefix for oauth2 requests. inbound_uri_prefix will be used if this is not set
|
|
||||||
# Optional
|
|
||||||
# redirect_prefix: "https://my.server.here:9898/mycustomoauthendpoint"
|
|
||||||
|
|
||||||
# Allow users to add channels dynamically by using oauth, or puppet themselves.
|
|
||||||
# Optional
|
|
||||||
oauth2:
|
|
||||||
client_id: ""
|
|
||||||
client_secret: ""
|
|
||||||
|
|
||||||
homeserver:
|
homeserver:
|
||||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||||
|
|
105
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
Normal file
105
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
# matrix-appservice-webhooks is a Matrix <-> webhook bridge
|
||||||
|
# See: https://github.com/turt2live/matrix-appservice-webhooks
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_enabled: true
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_docker_image: "turt2live/matrix-appservice-webhooks:latest"
|
||||||
|
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
|
||||||
|
matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config"
|
||||||
|
matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data"
|
||||||
|
|
||||||
|
# If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789")
|
||||||
|
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
|
||||||
|
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
|
||||||
|
|
||||||
|
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
|
||||||
|
matrix_appservice_webhooks_control_room_id: ''
|
||||||
|
matrix_appservice_webhooks_bot_name: 'webhookbot'
|
||||||
|
matrix_appservice_webhooks_user_prefix: '_webhook'
|
||||||
|
|
||||||
|
# Controls the webhooks_PORT and MATRIX_PORT of the installation
|
||||||
|
matrix_appservice_webhooks_matrix_port: 6789
|
||||||
|
matrix_appservice_webhooks_webhooks_port: 6788
|
||||||
|
|
||||||
|
# Controls whether the appservice-webhooks container exposes its HTTP port (tcp/6788 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
|
||||||
|
matrix_appservice_webhooks_container_http_host_bind_port: ''
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_homeserver_media_url: "matrix.{{ matrix_domain }}"
|
||||||
|
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008"
|
||||||
|
matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
|
||||||
|
matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_appservice_webhooks_container_extra_arguments: []
|
||||||
|
|
||||||
|
# List of systemd services that matrix-appservice-webhooks.service depends on.
|
||||||
|
matrix_appservice_webhooks_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']
|
||||||
|
|
||||||
|
# List of systemd services that matrix-appservice-webhooks.service wants
|
||||||
|
matrix_appservice_webhooks_systemd_wanted_services_list: []
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_appservice_token: ''
|
||||||
|
matrix_appservice_webhooks_homeserver_token: ''
|
||||||
|
matrix_appservice_webhooks_id_token: ''
|
||||||
|
matrix_appservice_webhooks_api_secret: ''
|
||||||
|
|
||||||
|
# Logging information (info and verbose is available) default is: info
|
||||||
|
matrix_appservice_webhooks_log_level: 'info'
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_configuration_yaml: |
|
||||||
|
|
||||||
|
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||||
|
homeserver:
|
||||||
|
# The domain for the client-server API calls.
|
||||||
|
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||||
|
|
||||||
|
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||||
|
# home server's URL.
|
||||||
|
domain: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||||
|
webhookBot:
|
||||||
|
# The localpart to use for the bot. May require re-registering the application service.
|
||||||
|
localpart: "_webhook"
|
||||||
|
|
||||||
|
# Provisioning API options
|
||||||
|
provisioning:
|
||||||
|
# Your secret for the API. Required for all provisioning API requests.
|
||||||
|
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||||
|
|
||||||
|
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||||
|
web:
|
||||||
|
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||||
|
|
||||||
|
logging:
|
||||||
|
console: true
|
||||||
|
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||||
|
writeFiles: false
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_configuration_extension_yaml: |
|
||||||
|
#
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml|from_yaml if matrix_appservice_webhooks_configuration_extension_yaml|from_yaml else {} }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml|from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_registration_yaml: |
|
||||||
|
id: "{{ matrix_appservice_webhooks_id_token }}"
|
||||||
|
hs_token: "{{ matrix_appservice_webhooks_homeserver_token }}"
|
||||||
|
as_token: "{{ matrix_appservice_webhooks_appservice_token }}"
|
||||||
|
namespaces:
|
||||||
|
users:
|
||||||
|
- exclusive: true
|
||||||
|
regex: '^@{{ matrix_appservice_webhooks_user_prefix | regex_escape }}.*:{{ matrix_domain | regex_escape }}$'
|
||||||
|
aliases: []
|
||||||
|
rooms: []
|
||||||
|
url: "{{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}"
|
||||||
|
sender_localpart: _webhook
|
||||||
|
rate_limited: false
|
||||||
|
protocols: null
|
||||||
|
|
||||||
|
matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml|from_yaml }}"
|
78
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
Normal file
78
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
|
# We don't want to fail in such cases.
|
||||||
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
|
||||||
|
when: "matrix_synapse_role_executed|default(False)"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks'] }}"
|
||||||
|
when: matrix_appservice_webhooks_enabled|bool
|
||||||
|
|
||||||
|
# If the matrix-synapse role is not used, these variables may not exist.
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_container_extra_arguments: >
|
||||||
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
+
|
||||||
|
["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
|
||||||
|
|
||||||
|
matrix_synapse_app_service_config_files: >
|
||||||
|
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||||
|
+
|
||||||
|
{{ ["/matrix-appservice-webhooks-registration.yaml"] }}
|
||||||
|
when: matrix_appservice_webhooks_enabled|bool
|
||||||
|
|
||||||
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
|
# We don't want to fail in such cases.
|
||||||
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
|
||||||
|
when: "matrix_synapse_role_executed|default(False)"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Fail if matrix-nginx-proxy role already executed
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
|
||||||
|
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||||
|
To fix this, please change the order of roles in your plabook,
|
||||||
|
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
|
||||||
|
when: matrix_nginx_proxy_role_executed|default(False)|bool
|
||||||
|
|
||||||
|
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
|
||||||
|
set_fact:
|
||||||
|
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
|
||||||
|
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
|
||||||
|
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
proxy_pass {{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}/;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
|
||||||
|
set_fact:
|
||||||
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
||||||
|
{{
|
||||||
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
|
||||||
|
+
|
||||||
|
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
|
||||||
|
}}
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
when: matrix_appservice_webhooks_enabled|bool
|
||||||
|
|
||||||
|
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||||
|
debug:
|
||||||
|
msg: >-
|
||||||
|
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
|
||||||
|
reverse proxy.
|
||||||
|
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
|
||||||
|
URL endpoint to the matrix-appservice-webhooks container.
|
||||||
|
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
|
||||||
|
when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
21
roles/matrix-bridge-appservice-webhooks/tasks/main.yml
Normal file
21
roles/matrix-bridge-appservice-webhooks/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||||
|
when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-appservice-webhooks
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||||
|
when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-appservice-webhooks
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
when: "run_setup|bool and not matrix_appservice_webhooks_enabled|bool"
|
||||||
|
tags:
|
||||||
|
- setup-all
|
||||||
|
- setup-appservice-webhooks
|
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Appservice webhooks image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_appservice_webhooks_docker_image }}"
|
||||||
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
|
force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}"
|
||||||
|
|
||||||
|
- name: Ensure AppService webhooks paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ matrix_appservice_webhooks_base_path }}"
|
||||||
|
- "{{ matrix_appservice_webhooks_config_path }}"
|
||||||
|
- "{{ matrix_appservice_webhooks_data_path }}"
|
||||||
|
|
||||||
|
- name: Ensure Matrix Appservice webhooks config is installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Ensure Matrix Appservice webhooks schema.yml template exists
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/schema.yml.j2"
|
||||||
|
dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Ensure Matrix Appservice webhooks database.json template exists
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/database.json.j2"
|
||||||
|
dest: "{{ matrix_appservice_webhooks_data_path }}/database.json"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Ensure appservice-webhooks registration.yaml installed
|
||||||
|
copy:
|
||||||
|
content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}"
|
||||||
|
dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
|
- name: Ensure matrix-appservice-webhooks.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
|
||||||
|
dest: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_appservice_webhooks_systemd_service_result
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_appservice_webhooks_systemd_service_result.changed"
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check existence of matrix-appservice-webhooks service
|
||||||
|
stat:
|
||||||
|
path: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||||
|
register: matrix_appservice_webhooks_service_stat
|
||||||
|
|
||||||
|
- name: Ensure matrix-appservice-webhooks is stopped
|
||||||
|
service:
|
||||||
|
name: matrix-appservice-webhooks
|
||||||
|
state: stopped
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-appservice-webhooks.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||||
|
state: absent
|
||||||
|
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if required settings not defined
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
You need to define a required configuration setting (`{{ item }}`).
|
||||||
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_appservice_webhooks_appservice_token"
|
||||||
|
- "matrix_appservice_webhooks_homeserver_token"
|
||||||
|
- "matrix_appservice_webhooks_id_token"
|
||||||
|
- "matrix_appservice_webhooks_api_secret"
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"defaultEnv": {
|
||||||
|
"ENV": "NODE_ENV"
|
||||||
|
},
|
||||||
|
"development": {
|
||||||
|
"driver": "sqlite3",
|
||||||
|
"filename": "/data/development.db"
|
||||||
|
},
|
||||||
|
"production": {
|
||||||
|
"driver": "sqlite3",
|
||||||
|
"filename": "/data/production.db"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,54 @@
|
||||||
|
"$schema": "http://json-schema.org/draft-04/schema#"
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
provisioning:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
secret:
|
||||||
|
type: "string"
|
||||||
|
homeserver:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
domain:
|
||||||
|
type: "string"
|
||||||
|
url:
|
||||||
|
type: "string"
|
||||||
|
mediaUrl:
|
||||||
|
type: "string"
|
||||||
|
web:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
hookUrlBase:
|
||||||
|
type: "string"
|
||||||
|
webhookBot:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
localpart:
|
||||||
|
type: "string"
|
||||||
|
appearance:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
displayName:
|
||||||
|
type: "string"
|
||||||
|
avatarUrl:
|
||||||
|
type: "string"
|
||||||
|
logging:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
file:
|
||||||
|
type: "string"
|
||||||
|
console:
|
||||||
|
type: "boolean"
|
||||||
|
consoleLevel:
|
||||||
|
type: "string"
|
||||||
|
fileLevel:
|
||||||
|
type: "string"
|
||||||
|
writeFiles:
|
||||||
|
type: "boolean"
|
||||||
|
rotate:
|
||||||
|
type: "object"
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
type: "number"
|
||||||
|
count:
|
||||||
|
type: "number"
|
|
@ -0,0 +1,43 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Appservice webhooks server
|
||||||
|
{% for service in matrix_appservice_webhooks_systemd_required_services_list %}
|
||||||
|
Requires={{ service }}
|
||||||
|
After={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for service in matrix_appservice_webhooks_systemd_wanted_services_list %}
|
||||||
|
Wants={{ service }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||||
|
|
||||||
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
|
ExecStartPre=/bin/sleep 5
|
||||||
|
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_appservice_webhooks_container_http_host_bind_port %}
|
||||||
|
-p {{ matrix_appservice_webhooks_container_http_host_bind_port }}:{{matrix_appservice_webhooks_matrix_port}} \
|
||||||
|
{% endif %}
|
||||||
|
-v {{ matrix_appservice_webhooks_config_path }}:/config:z \
|
||||||
|
-v {{ matrix_appservice_webhooks_data_path }}:/data:z \
|
||||||
|
{% for arg in matrix_appservice_webhooks_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
|
{{ matrix_appservice_webhooks_docker_image }} \
|
||||||
|
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
||||||
|
|
||||||
|
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
SyslogIdentifier=matrix-appservice-webhooks
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -4,7 +4,7 @@
|
||||||
matrix_mautrix_telegram_enabled: true
|
matrix_mautrix_telegram_enabled: true
|
||||||
|
|
||||||
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
||||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.1"
|
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
|
||||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- name: Check Matrix Corporal HTTP gateway
|
- name: Check Matrix Corporal HTTP gateway
|
||||||
uri:
|
uri:
|
||||||
url: "{{ corporal_client_api_url_endpoint_public }}"
|
url: "{{ corporal_client_api_url_endpoint_public }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
return_content: true
|
return_content: true
|
||||||
register: result_corporal_client_api
|
register: result_corporal_client_api
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- name: Check mxisd Identity Service
|
- name: Check mxisd Identity Service
|
||||||
uri:
|
uri:
|
||||||
url: "{{ mxisd_url_endpoint_public }}"
|
url: "{{ mxisd_url_endpoint_public }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
validate_certs: "{{ matrix_mxisd_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_mxisd_self_check_validate_certificates }}"
|
||||||
register: result_mxisd
|
register: result_mxisd
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
|
@ -152,15 +152,27 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_s
|
||||||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||||
matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"
|
matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the matrix domain's server configuration.
|
# A list of strings containing additional configuration blocks to add to the nginx http's server configuration.
|
||||||
|
matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
|
||||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
|
||||||
|
matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
|
||||||
|
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
|
||||||
|
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
# Specifies when to reload the matrix-nginx-proxy service so that
|
# Specifies when to reload the matrix-nginx-proxy service so that
|
||||||
# a new SSL certificate could go into effect.
|
# a new SSL certificate could go into effect.
|
||||||
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
||||||
|
|
||||||
# Specifies which SSL protocols to use when serving Riot and Synapse
|
# Specifies which SSL protocols to use when serving Riot and Synapse
|
||||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
|
||||||
|
|
||||||
# Controls whether the self-check feature should validate SSL certificates.
|
# Controls whether the self-check feature should validate SSL certificates.
|
||||||
matrix_nginx_proxy_self_check_validate_certificates: true
|
matrix_nginx_proxy_self_check_validate_certificates: true
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- path: /.well-known/matrix/client
|
- path: /.well-known/matrix/client
|
||||||
purpose: Client Discovery
|
purpose: Client Discovery
|
||||||
cors: true
|
cors: true
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
path: /.well-known/matrix/server
|
path: /.well-known/matrix/server
|
||||||
purpose: Server Discovery
|
purpose: Server Discovery
|
||||||
cors: false
|
cors: false
|
||||||
follow_redirects: true
|
follow_redirects: safe
|
||||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||||
|
|
||||||
- name: Determine domains that we require certificates for (mxisd)
|
- name: Determine domains that we require certificates for (mxisd)
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
- name: Check .well-known on the matrix hostname
|
- name: Check .well-known on the matrix hostname
|
||||||
uri:
|
uri:
|
||||||
url: "{{ well_known_url_matrix }}"
|
url: "{{ well_known_url_matrix }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
return_content: true
|
return_content: true
|
||||||
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
||||||
register: result_well_known_matrix
|
register: result_well_known_matrix
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
|
|
@ -5,6 +5,9 @@
|
||||||
|
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json;
|
gzip_types text/plain application/json;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
location /.well-known/matrix {
|
location /.well-known/matrix {
|
||||||
root {{ matrix_static_files_base_path }};
|
root {{ matrix_static_files_base_path }};
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
|
|
@ -4,3 +4,6 @@
|
||||||
#
|
#
|
||||||
# Thus, we ensure a larger bucket size value is used.
|
# Thus, we ensure a larger bucket size value is used.
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
|
{% for configuration_block in matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks %}
|
||||||
|
{{- configuration_block }}
|
||||||
|
{% endfor %}
|
||||||
|
|
|
@ -73,13 +73,19 @@
|
||||||
mode: 0750
|
mode: 0750
|
||||||
when: matrix_postgres_enabled|bool
|
when: matrix_postgres_enabled|bool
|
||||||
|
|
||||||
- name: Ensure matrix-make-user-admin script created
|
- name: Ensure matrix-change-user-admin-status script created
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2"
|
src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"
|
||||||
dest: "/usr/local/bin/matrix-make-user-admin"
|
dest: "/usr/local/bin/matrix-change-user-admin-status"
|
||||||
mode: 0750
|
mode: 0750
|
||||||
when: matrix_postgres_enabled|bool
|
when: matrix_postgres_enabled|bool
|
||||||
|
|
||||||
|
- name: (Migration) Ensure old matrix-make-user-admin script deleted
|
||||||
|
file:
|
||||||
|
path: "/usr/local/bin/matrix-make-user-admin"
|
||||||
|
state: absent
|
||||||
|
when: matrix_postgres_enabled|bool
|
||||||
|
|
||||||
- name: Ensure matrix-postgres-update-user-password-hash script created
|
- name: Ensure matrix-postgres-update-user-password-hash script created
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
|
src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
|
||||||
|
@ -146,6 +152,6 @@
|
||||||
state: absent
|
state: absent
|
||||||
with_items:
|
with_items:
|
||||||
- matrix-postgres-cli
|
- matrix-postgres-cli
|
||||||
- matrix-make-user-admin
|
- matrix-change-user-admin-status
|
||||||
- matrix-postgres-update-user-password-hash
|
- matrix-postgres-update-user-password-hash
|
||||||
when: "not matrix_postgres_enabled|bool"
|
when: "not matrix_postgres_enabled|bool"
|
||||||
|
|
|
@ -20,6 +20,11 @@
|
||||||
postgres_start_wait_time: 15
|
postgres_start_wait_time: 15
|
||||||
when: "postgres_start_wait_time|default('') == ''"
|
when: "postgres_start_wait_time|default('') == ''"
|
||||||
|
|
||||||
|
- name: Set postgres_force_upgrade, if not provided
|
||||||
|
set_fact:
|
||||||
|
postgres_force_upgrade: false
|
||||||
|
when: "postgres_force_upgrade|default('') == ''"
|
||||||
|
|
||||||
- name: Fail, if trying to upgrade external Postgres database
|
- name: Fail, if trying to upgrade external Postgres database
|
||||||
fail:
|
fail:
|
||||||
msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
|
msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
|
||||||
|
@ -45,7 +50,7 @@
|
||||||
- name: Abort, if already at latest Postgres version
|
- name: Abort, if already at latest Postgres version
|
||||||
fail:
|
fail:
|
||||||
msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do"
|
msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do"
|
||||||
when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest"
|
when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade"
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}"
|
msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}"
|
||||||
|
|
|
@ -2,3 +2,6 @@
|
||||||
POSTGRES_USER={{ matrix_postgres_connection_username }}
|
POSTGRES_USER={{ matrix_postgres_connection_username }}
|
||||||
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
|
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
|
||||||
POSTGRES_DB={{ matrix_postgres_db_name }}
|
POSTGRES_DB={{ matrix_postgres_db_name }}
|
||||||
|
# Synapse refuses to run if collation is not C.
|
||||||
|
# See https://github.com/matrix-org/synapse/issues/6722
|
||||||
|
POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ $# -ne 2 ]; then
|
||||||
|
echo "Usage: "$0" <username> <0/1>"
|
||||||
|
echo "Usage: 0 = non-admin"
|
||||||
|
echo "Usage: 1 = admin"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker run \
|
||||||
|
-it \
|
||||||
|
--rm \
|
||||||
|
--user=991:991 \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--env-file=/matrix/postgres/env-postgres-psql \
|
||||||
|
--network matrix \
|
||||||
|
postgres:12.1-alpine \
|
||||||
|
psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
|
|
@ -1,17 +0,0 @@
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ $# -ne 1 ]; then
|
|
||||||
echo "Usage: "$0" <username>"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker run \
|
|
||||||
-it \
|
|
||||||
--rm \
|
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
||||||
--cap-drop=ALL \
|
|
||||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
|
||||||
--network {{ matrix_docker_network }} \
|
|
||||||
{{ matrix_postgres_docker_image_to_use }} \
|
|
||||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
|
|
|
@ -1,6 +1,6 @@
|
||||||
matrix_riot_web_enabled: true
|
matrix_riot_web_enabled: true
|
||||||
|
|
||||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.7"
|
matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.8"
|
||||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- name: Check riot-web
|
- name: Check riot-web
|
||||||
uri:
|
uri:
|
||||||
url: "{{ riot_web_url_endpoint_public }}"
|
url: "{{ riot_web_url_endpoint_public }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
|
||||||
register: result_riot_web
|
register: result_riot_web
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
matrix_synapse_enabled: true
|
matrix_synapse_enabled: true
|
||||||
|
|
||||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.8.0"
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.9.1"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||||
|
@ -259,13 +259,13 @@ matrix_synapse_email_smtp_host: ""
|
||||||
matrix_synapse_email_smtp_port: 587
|
matrix_synapse_email_smtp_port: 587
|
||||||
matrix_synapse_email_smtp_require_transport_security: false
|
matrix_synapse_email_smtp_require_transport_security: false
|
||||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
||||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||||
|
|
||||||
|
|
||||||
# Enable this to activate the REST auth password provider module.
|
# Enable this to activate the REST auth password provider module.
|
||||||
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
# See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
|
||||||
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
||||||
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.2/rest_auth_provider.py"
|
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"
|
||||||
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
||||||
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
||||||
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- name: Check Matrix Client API
|
- name: Check Matrix Client API
|
||||||
uri:
|
uri:
|
||||||
url: "{{ matrix_synapse_client_api_url_endpoint_public }}"
|
url: "{{ matrix_synapse_client_api_url_endpoint_public }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
||||||
register: result_matrix_synapse_client_api
|
register: result_matrix_synapse_client_api
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- name: Check Matrix Federation API
|
- name: Check Matrix Federation API
|
||||||
uri:
|
uri:
|
||||||
url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
|
url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
|
||||||
follow_redirects: false
|
follow_redirects: none
|
||||||
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
||||||
register: result_matrix_synapse_federation_api
|
register: result_matrix_synapse_federation_api
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||||
when: "item.old in vars"
|
when: "item.old in vars"
|
||||||
with_items:
|
with_items:
|
||||||
|
- {'old': 'matrix_synapse_email_riot_base_url', 'new': '<superseded by client_base_url>'}
|
||||||
- {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
|
- {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
|
||||||
- {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
|
- {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
|
||||||
|
|
|
@ -392,17 +392,17 @@ retention:
|
||||||
#
|
#
|
||||||
# The rationale for this per-job configuration is that some rooms might have a
|
# The rationale for this per-job configuration is that some rooms might have a
|
||||||
# retention policy with a low 'max_lifetime', where history needs to be purged
|
# retention policy with a low 'max_lifetime', where history needs to be purged
|
||||||
# of outdated messages on a very frequent basis (e.g. every 5min), but not want
|
# of outdated messages on a more frequent basis than for the rest of the rooms
|
||||||
# that purge to be performed by a job that's iterating over every room it knows,
|
# (e.g. every 12h), but not want that purge to be performed by a job that's
|
||||||
# which would be quite heavy on the server.
|
# iterating over every room it knows, which could be heavy on the server.
|
||||||
#
|
#
|
||||||
#purge_jobs:
|
#purge_jobs:
|
||||||
# - shortest_max_lifetime: 1d
|
# - shortest_max_lifetime: 1d
|
||||||
# longest_max_lifetime: 3d
|
# longest_max_lifetime: 3d
|
||||||
# interval: 5m:
|
# interval: 12h
|
||||||
# - shortest_max_lifetime: 3d
|
# - shortest_max_lifetime: 3d
|
||||||
# longest_max_lifetime: 1y
|
# longest_max_lifetime: 1y
|
||||||
# interval: 24h
|
# interval: 1d
|
||||||
|
|
||||||
|
|
||||||
## TLS ##
|
## TLS ##
|
||||||
|
@ -891,23 +891,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
||||||
# Optional account validity configuration. This allows for accounts to be denied
|
# Optional account validity configuration. This allows for accounts to be denied
|
||||||
# any request after a given period.
|
# any request after a given period.
|
||||||
#
|
#
|
||||||
# ``enabled`` defines whether the account validity feature is enabled. Defaults
|
|
||||||
# to False.
|
|
||||||
#
|
|
||||||
# ``period`` allows setting the period after which an account is valid
|
|
||||||
# after its registration. When renewing the account, its validity period
|
|
||||||
# will be extended by this amount of time. This parameter is required when using
|
|
||||||
# the account validity feature.
|
|
||||||
#
|
|
||||||
# ``renew_at`` is the amount of time before an account's expiry date at which
|
|
||||||
# Synapse will send an email to the account's email address with a renewal link.
|
|
||||||
# This needs the ``email`` and ``public_baseurl`` configuration sections to be
|
|
||||||
# filled.
|
|
||||||
#
|
|
||||||
# ``renew_email_subject`` is the subject of the email sent out with the renewal
|
|
||||||
# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
|
|
||||||
# from the ``email`` section.
|
|
||||||
#
|
|
||||||
# Once this feature is enabled, Synapse will look for registered users without an
|
# Once this feature is enabled, Synapse will look for registered users without an
|
||||||
# expiration date at startup and will add one to every account it found using the
|
# expiration date at startup and will add one to every account it found using the
|
||||||
# current settings at that time.
|
# current settings at that time.
|
||||||
|
@ -918,32 +901,55 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
||||||
# date will be randomly selected within a range [now + period - d ; now + period],
|
# date will be randomly selected within a range [now + period - d ; now + period],
|
||||||
# where d is equal to 10% of the validity period.
|
# where d is equal to 10% of the validity period.
|
||||||
#
|
#
|
||||||
#account_validity:
|
account_validity:
|
||||||
# enabled: True
|
# The account validity feature is disabled by default. Uncomment the
|
||||||
# period: 6w
|
# following line to enable it.
|
||||||
# renew_at: 1w
|
#
|
||||||
# renew_email_subject: "Renew your %(app)s account"
|
#enabled: true
|
||||||
# # Directory in which Synapse will try to find the HTML files to serve to the
|
|
||||||
# # user when trying to renew an account. Optional, defaults to
|
|
||||||
# # synapse/res/templates.
|
|
||||||
# template_dir: "res/templates"
|
|
||||||
# # HTML to be displayed to the user after they successfully renewed their
|
|
||||||
# # account. Optional.
|
|
||||||
# account_renewed_html_path: "account_renewed.html"
|
|
||||||
# # HTML to be displayed when the user tries to renew an account with an invalid
|
|
||||||
# # renewal token. Optional.
|
|
||||||
# invalid_token_html_path: "invalid_token.html"
|
|
||||||
|
|
||||||
# Time that a user's session remains valid for, after they log in.
|
# The period after which an account is valid after its registration. When
|
||||||
|
# renewing the account, its validity period will be extended by this amount
|
||||||
|
# of time. This parameter is required when using the account validity
|
||||||
|
# feature.
|
||||||
#
|
#
|
||||||
# Note that this is not currently compatible with guest logins.
|
#period: 6w
|
||||||
|
|
||||||
|
# The amount of time before an account's expiry date at which Synapse will
|
||||||
|
# send an email to the account's email address with a renewal link. By
|
||||||
|
# default, no such emails are sent.
|
||||||
#
|
#
|
||||||
# Note also that this is calculated at login time: changes are not applied
|
# If you enable this setting, you will also need to fill out the 'email' and
|
||||||
# retrospectively to users who have already logged in.
|
# 'public_baseurl' configuration sections.
|
||||||
#
|
#
|
||||||
# By default, this is infinite.
|
#renew_at: 1w
|
||||||
|
|
||||||
|
# The subject of the email sent out with the renewal link. '%(app)s' can be
|
||||||
|
# used as a placeholder for the 'app_name' parameter from the 'email'
|
||||||
|
# section.
|
||||||
#
|
#
|
||||||
#session_lifetime: 24h
|
# Note that the placeholder must be written '%(app)s', including the
|
||||||
|
# trailing 's'.
|
||||||
|
#
|
||||||
|
# If this is not set, a default value is used.
|
||||||
|
#
|
||||||
|
#renew_email_subject: "Renew your %(app)s account"
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find templates for the HTML files to
|
||||||
|
# serve to the user when trying to renew an account. If not set, default
|
||||||
|
# templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
# File within 'template_dir' giving the HTML to be displayed to the user after
|
||||||
|
# they successfully renewed their account. If not set, default text is used.
|
||||||
|
#
|
||||||
|
#account_renewed_html_path: "account_renewed.html"
|
||||||
|
|
||||||
|
# File within 'template_dir' giving the HTML to be displayed when the user
|
||||||
|
# tries to renew an account with an invalid renewal token. If not set,
|
||||||
|
# default text is used.
|
||||||
|
#
|
||||||
|
#invalid_token_html_path: "invalid_token.html"
|
||||||
|
|
||||||
# The user must provide all of the below types of 3PID when registering.
|
# The user must provide all of the below types of 3PID when registering.
|
||||||
#
|
#
|
||||||
|
@ -1378,107 +1384,123 @@ password_config:
|
||||||
pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}
|
pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}
|
||||||
|
|
||||||
|
|
||||||
|
{% if matrix_synapse_email_enabled %}
|
||||||
|
# Configuration for sending emails from Synapse.
|
||||||
|
#
|
||||||
|
email:
|
||||||
|
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
||||||
|
#
|
||||||
|
#smtp_host: mail.server
|
||||||
|
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
|
||||||
|
|
||||||
# Enable sending emails for password resets, notification events or
|
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
||||||
# account expiry notices
|
|
||||||
#
|
#
|
||||||
# If your SMTP server requires authentication, the optional smtp_user &
|
#smtp_port: 587
|
||||||
# smtp_pass variables should be used
|
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
||||||
|
|
||||||
|
# Username/password for authentication to the SMTP server. By default, no
|
||||||
|
# authentication is attempted.
|
||||||
#
|
#
|
||||||
#email:
|
|
||||||
# enable_notifs: false
|
|
||||||
# smtp_host: "localhost"
|
|
||||||
# smtp_port: 25 # SSL: 465, STARTTLS: 587
|
|
||||||
# smtp_user: "exampleusername"
|
# smtp_user: "exampleusername"
|
||||||
# smtp_pass: "examplepassword"
|
# smtp_pass: "examplepassword"
|
||||||
# require_transport_security: False
|
|
||||||
# notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
|
# Uncomment the following to require TLS transport security for SMTP.
|
||||||
# app_name: Matrix
|
# By default, Synapse will connect over plain text, and will then switch to
|
||||||
|
# TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
|
||||||
|
# Synapse will refuse to connect unless the server supports STARTTLS.
|
||||||
#
|
#
|
||||||
# # Enable email notifications by default
|
#require_transport_security: true
|
||||||
# #
|
|
||||||
# notif_for_new_users: True
|
|
||||||
#
|
|
||||||
# # Defining a custom URL for Riot is only needed if email notifications
|
|
||||||
# # should contain links to a self-hosted installation of Riot; when set
|
|
||||||
# # the "app_name" setting is ignored
|
|
||||||
# #
|
|
||||||
# riot_base_url: "http://localhost/riot"
|
|
||||||
#
|
|
||||||
# # Configure the time that a validation email or text message code
|
|
||||||
# # will expire after sending
|
|
||||||
# #
|
|
||||||
# # This is currently used for password resets
|
|
||||||
# #
|
|
||||||
# #validation_token_lifetime: 1h
|
|
||||||
#
|
|
||||||
# # Template directory. All template files should be stored within this
|
|
||||||
# # directory. If not set, default templates from within the Synapse
|
|
||||||
# # package will be used
|
|
||||||
# #
|
|
||||||
# # For the list of default templates, please see
|
|
||||||
# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
|
||||||
# #
|
|
||||||
# #template_dir: res/templates
|
|
||||||
#
|
|
||||||
# # Templates for email notifications
|
|
||||||
# #
|
|
||||||
# notif_template_html: notif_mail.html
|
|
||||||
# notif_template_text: notif_mail.txt
|
|
||||||
#
|
|
||||||
# # Templates for account expiry notices
|
|
||||||
# #
|
|
||||||
# expiry_template_html: notice_expiry.html
|
|
||||||
# expiry_template_text: notice_expiry.txt
|
|
||||||
#
|
|
||||||
# # Templates for password reset emails sent by the homeserver
|
|
||||||
# #
|
|
||||||
# #password_reset_template_html: password_reset.html
|
|
||||||
# #password_reset_template_text: password_reset.txt
|
|
||||||
#
|
|
||||||
# # Templates for registration emails sent by the homeserver
|
|
||||||
# #
|
|
||||||
# #registration_template_html: registration.html
|
|
||||||
# #registration_template_text: registration.txt
|
|
||||||
#
|
|
||||||
# # Templates for validation emails sent by the homeserver when adding an email to
|
|
||||||
# # your user account
|
|
||||||
# #
|
|
||||||
# #add_threepid_template_html: add_threepid.html
|
|
||||||
# #add_threepid_template_text: add_threepid.txt
|
|
||||||
#
|
|
||||||
# # Templates for password reset success and failure pages that a user
|
|
||||||
# # will see after attempting to reset their password
|
|
||||||
# #
|
|
||||||
# #password_reset_template_success_html: password_reset_success.html
|
|
||||||
# #password_reset_template_failure_html: password_reset_failure.html
|
|
||||||
#
|
|
||||||
# # Templates for registration success and failure pages that a user
|
|
||||||
# # will see after attempting to register using an email or phone
|
|
||||||
# #
|
|
||||||
# #registration_template_success_html: registration_success.html
|
|
||||||
# #registration_template_failure_html: registration_failure.html
|
|
||||||
#
|
|
||||||
# # Templates for success and failure pages that a user will see after attempting
|
|
||||||
# # to add an email or phone to their account
|
|
||||||
# #
|
|
||||||
# #add_threepid_success_html: add_threepid_success.html
|
|
||||||
# #add_threepid_failure_html: add_threepid_failure.html
|
|
||||||
{% if matrix_synapse_email_enabled %}
|
|
||||||
email:
|
|
||||||
enable_notifs: true
|
|
||||||
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
|
|
||||||
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
|
||||||
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
||||||
|
|
||||||
|
# Enable sending emails for messages that the user has missed
|
||||||
|
#
|
||||||
|
#enable_notifs: false
|
||||||
|
enable_notifs: true
|
||||||
|
|
||||||
|
# notif_from defines the "From" address to use when sending emails.
|
||||||
|
# It must be set if email sending is enabled.
|
||||||
|
#
|
||||||
|
# The placeholder '%(app)s' will be replaced by the application name,
|
||||||
|
# which is normally 'app_name' (below), but may be overridden by the
|
||||||
|
# Matrix client application.
|
||||||
|
#
|
||||||
|
# Note that the placeholder must be written '%(app)s', including the
|
||||||
|
# trailing 's'.
|
||||||
|
#
|
||||||
|
#notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
|
||||||
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
|
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
|
||||||
|
|
||||||
|
# app_name defines the default value for '%(app)s' in notif_from. It
|
||||||
|
# defaults to 'Matrix'.
|
||||||
|
#
|
||||||
|
#app_name: my_branded_matrix_server
|
||||||
app_name: Matrix
|
app_name: Matrix
|
||||||
|
|
||||||
|
# Uncomment the following to disable automatic subscription to email
|
||||||
|
# notifications for new users. Enabled by default.
|
||||||
|
#
|
||||||
|
#notif_for_new_users: false
|
||||||
|
notif_for_new_users: True
|
||||||
|
|
||||||
|
# Custom URL for client links within the email notifications. By default
|
||||||
|
# links will be based on "https://matrix.to".
|
||||||
|
#
|
||||||
|
# (This setting used to be called riot_base_url; the old name is still
|
||||||
|
# supported for backwards-compatibility but is now deprecated.)
|
||||||
|
#
|
||||||
|
#client_base_url: "http://localhost/riot"
|
||||||
|
client_base_url: {{ matrix_synapse_email_client_base_url|string|to_json }}
|
||||||
|
|
||||||
|
# Configure the time that a validation email will expire after sending.
|
||||||
|
# Defaults to 1h.
|
||||||
|
#
|
||||||
|
#validation_token_lifetime: 15m
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find the template files below.
|
||||||
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * The contents of email notifications of missed events: 'notif_mail.html' and
|
||||||
|
# 'notif_mail.txt'.
|
||||||
|
#
|
||||||
|
# * The contents of account expiry notice emails: 'notice_expiry.html' and
|
||||||
|
# 'notice_expiry.txt'.
|
||||||
|
#
|
||||||
|
# * The contents of password reset emails sent by the homeserver:
|
||||||
|
# 'password_reset.html' and 'password_reset.txt'
|
||||||
|
#
|
||||||
|
# * HTML pages for success and failure that a user will see when they follow
|
||||||
|
# the link in the password reset email: 'password_reset_success.html' and
|
||||||
|
# 'password_reset_failure.html'
|
||||||
|
#
|
||||||
|
# * The contents of address verification emails sent during registration:
|
||||||
|
# 'registration.html' and 'registration.txt'
|
||||||
|
#
|
||||||
|
# * HTML pages for success and failure that a user will see when they follow
|
||||||
|
# the link in an address verification email sent during registration:
|
||||||
|
# 'registration_success.html' and 'registration_failure.html'
|
||||||
|
#
|
||||||
|
# * The contents of address verification emails sent when an address is added
|
||||||
|
# to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
|
||||||
|
#
|
||||||
|
# * HTML pages for success and failure that a user will see when they follow
|
||||||
|
# the link in an address verification email sent when an address is added
|
||||||
|
# to a Matrix account: 'add_threepid_success.html' and
|
||||||
|
# 'add_threepid_failure.html'
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
notif_template_html: notif_mail.html
|
notif_template_html: notif_mail.html
|
||||||
notif_template_text: notif_mail.txt
|
notif_template_text: notif_mail.txt
|
||||||
# Templates for account expiry notices.
|
|
||||||
expiry_template_html: notice_expiry.html
|
expiry_template_html: notice_expiry.html
|
||||||
expiry_template_text: notice_expiry.txt
|
expiry_template_text: notice_expiry.txt
|
||||||
notif_for_new_users: True
|
|
||||||
riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }}
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
- matrix-corporal
|
- matrix-corporal
|
||||||
- matrix-bridge-appservice-discord
|
- matrix-bridge-appservice-discord
|
||||||
- matrix-bridge-appservice-slack
|
- matrix-bridge-appservice-slack
|
||||||
|
- matrix-bridge-appservice-webhooks
|
||||||
- matrix-bridge-appservice-irc
|
- matrix-bridge-appservice-irc
|
||||||
- matrix-bridge-mautrix-facebook
|
- matrix-bridge-mautrix-facebook
|
||||||
- matrix-bridge-mautrix-hangouts
|
- matrix-bridge-mautrix-hangouts
|
||||||
|
|
Loading…
Reference in a new issue