Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
This commit is contained in:
commit
8a0c3146d3
35
CHANGELOG.md
35
CHANGELOG.md
|
@ -1,3 +1,38 @@
|
|||
# 2020-01-30
|
||||
|
||||
## Disabling TLSv1.1
|
||||
|
||||
To improve security, we've removed TLSv1.1 support from our default matrix-nginx-proxy configuration.
|
||||
|
||||
If you need to support old clients, you can re-enable it with the following configuration: `matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"`
|
||||
|
||||
|
||||
# 2020-01-21
|
||||
|
||||
## Postgres collation changes (action required!)
|
||||
|
||||
By default, we've been using a UTF-8 collation for Postgres. This is known to cause Synapse some troubles (see the [relevant issue](https://github.com/matrix-org/synapse/issues/6722)) on systems that use [glibc](https://www.gnu.org/software/libc/). We run Postgres in an [Alpine Linux](https://alpinelinux.org/) container (which uses [musl](https://www.musl-libc.org/), and not glibc), so our users are likely not affected by the index corruption problem observed by others.
|
||||
|
||||
Still, we might become affected in the future. In any case, it's imminent that Synapse will complain about databases which do not use a C collation.
|
||||
|
||||
To avoid future problems, we recommend that you run the following command:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=upgrade-postgres --extra-vars='{"postgres_force_upgrade": true}'
|
||||
```
|
||||
|
||||
It forces a [Postgres database upgrade](docs/maintenance-postgres.md#upgrading-postgresql), which would recreate your Postgres database using the proper (`C`) collation. If you are low on disk space, or run into trouble, refer to the Postgres database upgrade documentation page.
|
||||
|
||||
|
||||
# 2020-01-14
|
||||
|
||||
## Added support for Appservice Webhooks
|
||||
|
||||
Thanks to a contribution from [Björn Marten](https://github.com/tripleawwy) from [netresearch](https://www.netresearch.de/), the playbook can now install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you. This bridge provides support for Slack-compatible webhooks.
|
||||
|
||||
Learn more in [Setting up Appservice Webhooks](docs/configuring-playbook-bridge-appservice-webhooks.md).
|
||||
|
||||
|
||||
# 2020-01-12
|
||||
|
||||
## Added support for automatic Double Puppeting for all Mautrix bridges
|
||||
|
|
|
@ -44,12 +44,14 @@ Using this playbook, you can get the following services configured on your serve
|
|||
|
||||
- (optional) the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
|
||||
|
||||
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
||||
- (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
||||
|
||||
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
||||
|
||||
- (optional) the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge for bridging your Matrix server to [Slack](https://slack.com/)
|
||||
|
||||
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
|
||||
|
||||
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
|
||||
|
||||
- (optional) [Dimension](https://github.com/turt2live/matrix-dimension), an open source integrations manager for matrix clients
|
||||
|
@ -132,12 +134,14 @@ This playbook sets up your server using the following Docker images:
|
|||
|
||||
- [tulir/mautrix-hangouts](https://hub.docker.com/r/tulir/mautrix-hangouts/) - the [mautrix-hangouts](https://github.com/tulir/mautrix-hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
|
||||
|
||||
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
||||
- [matrixdotorg/matrix-appservice-irc](https://hub.docker.com/r/matrixdotorg/matrix-appservice-irc) - the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
||||
|
||||
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
|
||||
|
||||
- [cadair/matrix-appservice-slack](https://hub.docker.com/r/cadair/matrix-appservice-slack) - the [matrix-appservice-slack](https://github.com/matrix-org/matrix-appservice-slack) bridge to [Slack](https://slack.com/) (optional)
|
||||
|
||||
- [turt2live/matrix-appservice-webhooks](https://hub.docker.com/r/turt2live/matrix-appservice-webhooks) - the [Appservice Webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge (optional)
|
||||
|
||||
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
|
||||
|
||||
|
||||
|
|
|
@ -9,9 +9,7 @@ If your local computer cannot run Ansible, you can also run Ansible on some serv
|
|||
|
||||
## Supported Ansible versions
|
||||
|
||||
Ansible 2.5 or newer is required.
|
||||
|
||||
If you're on Ansible 2.5.x, due to bugs in Ansible 2.5.0 and 2.5.1, at least Ansible 2.5.2 is required.
|
||||
Ansible 2.5.2 or newer is required.
|
||||
|
||||
|
||||
## Checking your Ansible version
|
||||
|
@ -28,7 +26,7 @@ If you're on an old version of Ansible, you should [upgrade Ansible to a newer v
|
|||
|
||||
Depending on your distribution, you may be able to upgrade Ansible in a few different ways:
|
||||
|
||||
- by using an additional repository (PPA, etc.), which provides newer Ansible versions
|
||||
- by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
|
||||
|
||||
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# Setting up Appservice IRC (optional)
|
||||
|
||||
The playbook can install and configure [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) for you.
|
||||
The playbook can install and configure [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) for you.
|
||||
|
||||
See the project's [documentation](https://github.com/TeDomum/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.
|
||||
See the project's [documentation](https://github.com/matrix-org/matrix-appservice-irc/blob/master/HOWTO.md) to learn what it does and why it might be useful to you.
|
||||
|
||||
You'll need to use the following playbook configuration:
|
||||
|
||||
|
|
61
docs/configuring-playbook-bridge-appservice-webhooks.md
Normal file
61
docs/configuring-playbook-bridge-appservice-webhooks.md
Normal file
|
@ -0,0 +1,61 @@
|
|||
# Setting up Appservice Webhooks (optional)
|
||||
|
||||
The playbook can install and configure [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) for you.
|
||||
|
||||
This bridge provides support for Slack-compatible webhooks.
|
||||
|
||||
Setup Instructions:
|
||||
|
||||
loosely based on [this](https://github.com/turt2live/matrix-appservice-webhooks/blob/master/README.md)
|
||||
|
||||
1. All you basically need is to adjust your `inventory/host_vars/matrix.<domain-name>/vars.yml`:
|
||||
|
||||
```yaml
|
||||
matrix_appservice_webhooks_enabled: true
|
||||
matrix_appservice_webhooks_api_secret: '<your_secret>'
|
||||
```
|
||||
|
||||
2. In case you want to change the verbosity of logging via `journalctl -fu matrix-appservice-webhooks.service`
|
||||
you can adjust this in `inventory/host_vars/matrix.<domain-name>/vars.yml` as well.
|
||||
|
||||
*Note*: default value is: `info` and availabe log levels are : `info`, `verbose`
|
||||
|
||||
```yaml
|
||||
matrix_appservice_webhooks_log_level: '<log_level>'
|
||||
```
|
||||
|
||||
3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||
|
||||
4. Invite the bridge bot user to your room:
|
||||
|
||||
- either with `/invite @_webhook:<domain.name>` (*Note*: Make sure you have administration permissions in your room)
|
||||
|
||||
- or simply add the bridge bot to a private channel (personal channels imply you being an administrator)
|
||||
|
||||
5. Send a message to the bridge bot in order to receive a private message including the webhook link.
|
||||
```
|
||||
!webhook
|
||||
```
|
||||
|
||||
6. The JSON body for posting messages will have to look like this:
|
||||
```json
|
||||
{
|
||||
"text": "Hello world!",
|
||||
"format": "plain",
|
||||
"displayName": "My Cool Webhook",
|
||||
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
|
||||
}
|
||||
```
|
||||
|
||||
You can test this via curl like so:
|
||||
|
||||
```
|
||||
curl --header "Content-Type: application/json" \
|
||||
--data '{
|
||||
"text": "Hello world!",
|
||||
"format": "plain",
|
||||
"displayName": "My Cool Webhook",
|
||||
"avatarUrl": "http://i.imgur.com/IDOBtEJ.png"
|
||||
}' \
|
||||
<the link you've gotten in 5.>
|
||||
```
|
|
@ -52,7 +52,7 @@ Note that if your nginx version is old, it might not like our default choice of
|
|||
|
||||
```yaml
|
||||
# Custom protocol list (removing `TLSv1.3`) to suit your nginx version.
|
||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2"
|
||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
|
||||
```
|
||||
|
||||
|
||||
|
|
|
@ -93,4 +93,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
|
||||
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
|
||||
|
||||
- [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)
|
||||
|
||||
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
||||
|
|
|
@ -8,9 +8,11 @@ Run this as-is to set up a server:
|
|||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all
|
||||
```
|
||||
|
||||
This **doesn't start any services just yet** (another step does this later - below).
|
||||
**Note**: if you don't use SSH keys for authentication, but rather a regular password, you may need to add `--ask-pass` to the above (and all other) Ansible commands.
|
||||
|
||||
Feel free to **re-run this any time** you think something is off with the server configuration.
|
||||
The above command **doesn't start any services just yet** (another step does this later - below).
|
||||
|
||||
Feel free to **re-run this setup command any time** you think something is off with the server configuration.
|
||||
|
||||
|
||||
## Things you might want to do after installing
|
||||
|
|
|
@ -42,7 +42,7 @@ docker run \
|
|||
--rm \
|
||||
--network=matrix \
|
||||
--env-file=/matrix/postgres/env-postgres-psql \
|
||||
postgres:12.0-alpine \
|
||||
postgres:12.1-alpine \
|
||||
pg_dumpall -h matrix-postgres \
|
||||
| gzip -c \
|
||||
> /postgres.sql.gz
|
||||
|
|
|
@ -24,11 +24,14 @@ If you've just installed Matrix, **to finalize the installation process**, it's
|
|||
|
||||
-----
|
||||
|
||||
The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user's privileges:
|
||||
|
||||
## Adding/Removing Administrator privileges to an existing user.
|
||||
|
||||
The script `/usr/local/bin/matrix-change-user-admin-status` may be used to change a user's admin privileges.
|
||||
|
||||
* log on to your server with ssh
|
||||
* execute with the username:
|
||||
* execute with the username and 0/1 (0 = non-admin | 1 = admin)
|
||||
|
||||
```
|
||||
/usr/local/bin/matrix-make-user-admin <username>
|
||||
/usr/local/bin/matrix-change-user-admin-status <username> <0/1>
|
||||
```
|
||||
|
|
|
@ -34,7 +34,9 @@ where `<password-hash>` is the hash returned by the docker command above.
|
|||
|
||||
Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password
|
||||
|
||||
This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not.
|
||||
This requires an access token from a server admin account. *This method will also log the user out of all of their clients while the other options do not.*
|
||||
|
||||
If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-change-user-admin-status` script as described in [registering-users.md](registering-users.md).
|
||||
|
||||
### Example:
|
||||
To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command:
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
SSLCertificateKeyFile /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
SSLCertificateKeyFile /matrix/ssl/config/live/riot.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
@ -103,7 +103,7 @@ Listen 8448
|
|||
SSLCertificateKeyFile /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem
|
||||
|
||||
SSLProxyEngine on
|
||||
SSLProxyProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
|
||||
SSLProxyProtocol +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
|
|
@ -60,6 +60,40 @@ matrix_appservice_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_k
|
|||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-appservice-webhooks
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# We don't enable bridges by default.
|
||||
matrix_appservice_webhooks_enabled: false
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-webhooks over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
# matrix-appservice-webhooks' client-server port to the local host.
|
||||
matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_webhooks_webhooks_port }}' }}"
|
||||
|
||||
matrix_appservice_webhooks_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_webhooks_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
}}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-appservice-webhooks
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-appservice-slack
|
||||
|
@ -74,11 +108,11 @@ matrix_appservice_slack_enabled: false
|
|||
# matrix-appservice-slack's client-server port to the local host.
|
||||
matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:{{ matrix_appservice_slack_slack_port }}' }}"
|
||||
|
||||
matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-appservice-token') | to_uuid }}"
|
||||
matrix_appservice_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.as.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-homeserver-token') | to_uuid }}"
|
||||
matrix_appservice_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack-id-token') | to_uuid }}"
|
||||
matrix_appservice_slack_id_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'slack.id.token') | to_uuid }}"
|
||||
|
||||
matrix_appservice_slack_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -604,7 +638,6 @@ matrix_synapse_email_smtp_host: "matrix-mailer"
|
|||
matrix_synapse_email_smtp_port: 8025
|
||||
matrix_synapse_email_smtp_require_transport_security: false
|
||||
matrix_synapse_email_notif_from: "Matrix <{{ matrix_mailer_sender_address }}>"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||
|
||||
# Even if TURN doesn't support TLS (it does by default),
|
||||
# it doesn't hurt to try a secure connection anyway.
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
apt:
|
||||
name:
|
||||
- bash-completion
|
||||
- python-docker
|
||||
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
|
||||
- ntp
|
||||
- fuse
|
||||
state: latest
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_appservice_irc_enabled: true
|
||||
|
||||
matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
|
||||
matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.14.1"
|
||||
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
||||
|
@ -377,11 +377,6 @@ matrix_appservice_irc_configuration_yaml: |
|
|||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||
|
||||
ircService:
|
||||
# The nedb database URI to connect to. This is the name of the directory to
|
||||
# dump .db files to. This is relative to the project directory.
|
||||
# Required.
|
||||
databaseUri: "nedb:///data"
|
||||
|
||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||
# the database.
|
||||
|
@ -474,6 +469,15 @@ matrix_appservice_irc_configuration_yaml: |
|
|||
# enough for the vast majority of use cases.
|
||||
maxHttpSockets: 1000
|
||||
|
||||
# Use an external database to store bridge state.
|
||||
database:
|
||||
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||
engine: "nedb"
|
||||
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||
# For postgres, it must start with postgres://
|
||||
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||
connectionString: "nedb:///data"
|
||||
|
||||
matrix_appservice_irc_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for Appservice IRC servers goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
|
||||
|
|
|
@ -98,13 +98,15 @@
|
|||
--cap-drop=ALL
|
||||
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
||||
-v {{ matrix_appservice_irc_data_path }}:/data:z
|
||||
--entrypoint=/bin/bash
|
||||
{{ matrix_appservice_irc_docker_image }}
|
||||
node app.js
|
||||
-c
|
||||
'node app.js
|
||||
-r
|
||||
-f /config/registration-template.yaml
|
||||
-u "http://matrix-appservice-irc:9999"
|
||||
-c /config/config.yaml
|
||||
-l irc_bot
|
||||
-l irc_bot'
|
||||
changed_when: false
|
||||
|
||||
- name: Read Appservice IRC registration-template.yaml
|
||||
|
|
|
@ -30,8 +30,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
|||
{% for arg in matrix_appservice_irc_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
--entrypoint=/bin/bash \
|
||||
{{ matrix_appservice_irc_docker_image }} \
|
||||
-c /config/config.yaml -f /config/registration.yaml -p 9999
|
||||
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_appservice_slack_enabled: true
|
||||
|
||||
matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.0.2"
|
||||
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest"
|
||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
|
||||
|
@ -51,24 +51,6 @@ matrix_appservice_slack_configuration_yaml: |
|
|||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||
|
||||
# Optional if slack_hook_port and inbound_uri_prefix are defined, required otherwise.
|
||||
rtm:
|
||||
# Use the RTM API to listen for requests, which does not require
|
||||
# the bridge to listen on the hook port.
|
||||
# You should leave this enabled, unless you plan to use the
|
||||
# bridge exclusively for webhooks.
|
||||
enable: true
|
||||
logging: "silent" # Logging level specific to RTM traffic.
|
||||
# A prefix similar to inbound_uri_prefix for oauth2 requests. inbound_uri_prefix will be used if this is not set
|
||||
# Optional
|
||||
# redirect_prefix: "https://my.server.here:9898/mycustomoauthendpoint"
|
||||
|
||||
# Allow users to add channels dynamically by using oauth, or puppet themselves.
|
||||
# Optional
|
||||
oauth2:
|
||||
client_id: ""
|
||||
client_secret: ""
|
||||
|
||||
homeserver:
|
||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||
|
|
105
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
Normal file
105
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
Normal file
|
@ -0,0 +1,105 @@
|
|||
# matrix-appservice-webhooks is a Matrix <-> webhook bridge
|
||||
# See: https://github.com/turt2live/matrix-appservice-webhooks
|
||||
|
||||
matrix_appservice_webhooks_enabled: true
|
||||
|
||||
matrix_appservice_webhooks_docker_image: "turt2live/matrix-appservice-webhooks:latest"
|
||||
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"
|
||||
matrix_appservice_webhooks_config_path: "{{ matrix_appservice_webhooks_base_path }}/config"
|
||||
matrix_appservice_webhooks_data_path: "{{ matrix_appservice_webhooks_base_path }}/data"
|
||||
|
||||
# If nginx-proxy is disabled, the bridge itself expects its endpoint to be on its own domain (e.g. "localhost:6789")
|
||||
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
|
||||
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
|
||||
|
||||
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
|
||||
matrix_appservice_webhooks_control_room_id: ''
|
||||
matrix_appservice_webhooks_bot_name: 'webhookbot'
|
||||
matrix_appservice_webhooks_user_prefix: '_webhook'
|
||||
|
||||
# Controls the webhooks_PORT and MATRIX_PORT of the installation
|
||||
matrix_appservice_webhooks_matrix_port: 6789
|
||||
matrix_appservice_webhooks_webhooks_port: 6788
|
||||
|
||||
# Controls whether the appservice-webhooks container exposes its HTTP port (tcp/6788 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
|
||||
matrix_appservice_webhooks_container_http_host_bind_port: ''
|
||||
|
||||
matrix_appservice_webhooks_homeserver_media_url: "matrix.{{ matrix_domain }}"
|
||||
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:8008"
|
||||
matrix_appservice_webhooks_homeserver_domain: "{{ matrix_domain }}"
|
||||
matrix_appservice_webhooks_appservice_url: 'http://matrix-appservice-webhooks'
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_appservice_webhooks_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-appservice-webhooks.service depends on.
|
||||
matrix_appservice_webhooks_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']
|
||||
|
||||
# List of systemd services that matrix-appservice-webhooks.service wants
|
||||
matrix_appservice_webhooks_systemd_wanted_services_list: []
|
||||
|
||||
matrix_appservice_webhooks_appservice_token: ''
|
||||
matrix_appservice_webhooks_homeserver_token: ''
|
||||
matrix_appservice_webhooks_id_token: ''
|
||||
matrix_appservice_webhooks_api_secret: ''
|
||||
|
||||
# Logging information (info and verbose is available) default is: info
|
||||
matrix_appservice_webhooks_log_level: 'info'
|
||||
|
||||
matrix_appservice_webhooks_configuration_yaml: |
|
||||
|
||||
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||
homeserver:
|
||||
# The domain for the client-server API calls.
|
||||
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||
|
||||
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||
# home server's URL.
|
||||
domain: "{{ matrix_domain }}"
|
||||
|
||||
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||
webhookBot:
|
||||
# The localpart to use for the bot. May require re-registering the application service.
|
||||
localpart: "_webhook"
|
||||
|
||||
# Provisioning API options
|
||||
provisioning:
|
||||
# Your secret for the API. Required for all provisioning API requests.
|
||||
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||
|
||||
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||
web:
|
||||
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||
|
||||
logging:
|
||||
console: true
|
||||
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||
writeFiles: false
|
||||
|
||||
matrix_appservice_webhooks_configuration_extension_yaml: |
|
||||
#
|
||||
|
||||
matrix_appservice_webhooks_configuration_extension: "{{ matrix_appservice_webhooks_configuration_extension_yaml|from_yaml if matrix_appservice_webhooks_configuration_extension_yaml|from_yaml else {} }}"
|
||||
|
||||
matrix_appservice_webhooks_configuration: "{{ matrix_appservice_webhooks_configuration_yaml|from_yaml|combine(matrix_appservice_webhooks_configuration_extension, recursive=True) }}"
|
||||
|
||||
matrix_appservice_webhooks_registration_yaml: |
|
||||
id: "{{ matrix_appservice_webhooks_id_token }}"
|
||||
hs_token: "{{ matrix_appservice_webhooks_homeserver_token }}"
|
||||
as_token: "{{ matrix_appservice_webhooks_appservice_token }}"
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '^@{{ matrix_appservice_webhooks_user_prefix | regex_escape }}.*:{{ matrix_domain | regex_escape }}$'
|
||||
aliases: []
|
||||
rooms: []
|
||||
url: "{{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}"
|
||||
sender_localpart: _webhook
|
||||
rate_limited: false
|
||||
protocols: null
|
||||
|
||||
matrix_appservice_webhooks_registration: "{{ matrix_appservice_webhooks_registration_yaml|from_yaml }}"
|
78
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
Normal file
78
roles/matrix-bridge-appservice-webhooks/tasks/init.yml
Normal file
|
@ -0,0 +1,78 @@
|
|||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||
# We don't want to fail in such cases.
|
||||
- name: Fail if matrix-synapse role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-webhooks'] }}"
|
||||
when: matrix_appservice_webhooks_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
["--mount type=bind,src={{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml,dst=/matrix-appservice-webhooks-registration.yaml,ro"]
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["/matrix-appservice-webhooks-registration.yaml"] }}
|
||||
when: matrix_appservice_webhooks_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||
# We don't want to fail in such cases.
|
||||
- name: Fail if matrix-synapse role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
The matrix-bridge-appservice-webhooks role needs to execute before the matrix-synapse role.
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- block:
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
Trying to append webhooks Appservice's reverse-proxying configuration to matrix-nginx-proxy,
|
||||
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||
To fix this, please change the order of roles in your plabook,
|
||||
so that the matrix-nginx-proxy role would run after the matrix-bridge-appservice-webhooks role.
|
||||
when: matrix_nginx_proxy_role_executed|default(False)|bool
|
||||
|
||||
- name: Generate Matrix Appservice webhooks proxying configuration for matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_appservice_webhooks_matrix_nginx_proxy_configuration: |
|
||||
location {{ matrix_appservice_webhooks_public_endpoint }}/ {
|
||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
proxy_pass {{ matrix_appservice_webhooks_appservice_url }}:{{ matrix_appservice_webhooks_matrix_port }}/;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_appservice_webhooks_matrix_port }}/;
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
- name: Register webhooks Appservice proxying configuration with matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
||||
{{
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
|
||||
+
|
||||
[matrix_appservice_webhooks_matrix_nginx_proxy_configuration]
|
||||
}}
|
||||
tags:
|
||||
- always
|
||||
when: matrix_appservice_webhooks_enabled|bool
|
||||
|
||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||
debug:
|
||||
msg: >-
|
||||
NOTE: You've enabled the Matrix webhooks bridge but are not using the matrix-nginx-proxy
|
||||
reverse proxy.
|
||||
Please make sure that you're proxying the `{{ matrix_appservice_webhooks_public_endpoint }}`
|
||||
URL endpoint to the matrix-appservice-webhooks container.
|
||||
You can expose the container's port using the `matrix_appservice_webhooks_container_http_host_bind_port` variable.
|
||||
when: "matrix_appservice_webhooks_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
21
roles/matrix-bridge-appservice-webhooks/tasks/main.yml
Normal file
21
roles/matrix-bridge-appservice-webhooks/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-appservice-webhooks
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_appservice_webhooks_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-appservice-webhooks
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_appservice_webhooks_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-appservice-webhooks
|
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
|
||||
- name: Ensure Appservice webhooks image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_appservice_webhooks_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_appservice_webhooks_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_webhooks_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure AppService webhooks paths exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
with_items:
|
||||
- "{{ matrix_appservice_webhooks_base_path }}"
|
||||
- "{{ matrix_appservice_webhooks_config_path }}"
|
||||
- "{{ matrix_appservice_webhooks_data_path }}"
|
||||
|
||||
- name: Ensure Matrix Appservice webhooks config is installed
|
||||
copy:
|
||||
content: "{{ matrix_appservice_webhooks_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_appservice_webhooks_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure Matrix Appservice webhooks schema.yml template exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/schema.yml.j2"
|
||||
dest: "{{ matrix_appservice_webhooks_config_path }}/schema.yml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure Matrix Appservice webhooks database.json template exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/database.json.j2"
|
||||
dest: "{{ matrix_appservice_webhooks_data_path }}/database.json"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure appservice-webhooks registration.yaml installed
|
||||
copy:
|
||||
content: "{{ matrix_appservice_webhooks_registration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_appservice_webhooks_config_path }}/webhooks-registration.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure matrix-appservice-webhooks.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-appservice-webhooks.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||
mode: 0644
|
||||
register: matrix_appservice_webhooks_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_appservice_webhooks_systemd_service_result.changed"
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-appservice-webhooks service
|
||||
stat:
|
||||
path: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||
register: matrix_appservice_webhooks_service_stat
|
||||
|
||||
- name: Ensure matrix-appservice-webhooks is stopped
|
||||
service:
|
||||
name: matrix-appservice-webhooks
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-appservice-webhooks.service doesn't exist
|
||||
file:
|
||||
path: "/etc/systemd/system/matrix-appservice-webhooks.service"
|
||||
state: absent
|
||||
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-appservice-webhooks.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_appservice_webhooks_service_stat.stat.exists"
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
- name: Fail if required settings not defined
|
||||
fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`).
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_appservice_webhooks_appservice_token"
|
||||
- "matrix_appservice_webhooks_homeserver_token"
|
||||
- "matrix_appservice_webhooks_id_token"
|
||||
- "matrix_appservice_webhooks_api_secret"
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"defaultEnv": {
|
||||
"ENV": "NODE_ENV"
|
||||
},
|
||||
"development": {
|
||||
"driver": "sqlite3",
|
||||
"filename": "/data/development.db"
|
||||
},
|
||||
"production": {
|
||||
"driver": "sqlite3",
|
||||
"filename": "/data/production.db"
|
||||
}
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
"$schema": "http://json-schema.org/draft-04/schema#"
|
||||
type: "object"
|
||||
properties:
|
||||
provisioning:
|
||||
type: "object"
|
||||
properties:
|
||||
secret:
|
||||
type: "string"
|
||||
homeserver:
|
||||
type: "object"
|
||||
properties:
|
||||
domain:
|
||||
type: "string"
|
||||
url:
|
||||
type: "string"
|
||||
mediaUrl:
|
||||
type: "string"
|
||||
web:
|
||||
type: "object"
|
||||
properties:
|
||||
hookUrlBase:
|
||||
type: "string"
|
||||
webhookBot:
|
||||
type: "object"
|
||||
properties:
|
||||
localpart:
|
||||
type: "string"
|
||||
appearance:
|
||||
type: "object"
|
||||
properties:
|
||||
displayName:
|
||||
type: "string"
|
||||
avatarUrl:
|
||||
type: "string"
|
||||
logging:
|
||||
type: "object"
|
||||
properties:
|
||||
file:
|
||||
type: "string"
|
||||
console:
|
||||
type: "boolean"
|
||||
consoleLevel:
|
||||
type: "string"
|
||||
fileLevel:
|
||||
type: "string"
|
||||
writeFiles:
|
||||
type: "boolean"
|
||||
rotate:
|
||||
type: "object"
|
||||
properties:
|
||||
size:
|
||||
type: "number"
|
||||
count:
|
||||
type: "number"
|
|
@ -0,0 +1,43 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Appservice webhooks server
|
||||
{% for service in matrix_appservice_webhooks_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_appservice_webhooks_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_appservice_webhooks_container_http_host_bind_port %}
|
||||
-p {{ matrix_appservice_webhooks_container_http_host_bind_port }}:{{matrix_appservice_webhooks_matrix_port}} \
|
||||
{% endif %}
|
||||
-v {{ matrix_appservice_webhooks_config_path }}:/config:z \
|
||||
-v {{ matrix_appservice_webhooks_data_path }}:/data:z \
|
||||
{% for arg in matrix_appservice_webhooks_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_appservice_webhooks_docker_image }} \
|
||||
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-appservice-webhooks
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -4,7 +4,7 @@
|
|||
matrix_mautrix_telegram_enabled: true
|
||||
|
||||
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.6.1"
|
||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
|
||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: Check Matrix Corporal HTTP gateway
|
||||
uri:
|
||||
url: "{{ corporal_client_api_url_endpoint_public }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
return_content: true
|
||||
register: result_corporal_client_api
|
||||
ignore_errors: true
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: Check mxisd Identity Service
|
||||
uri:
|
||||
url: "{{ mxisd_url_endpoint_public }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_mxisd_self_check_validate_certificates }}"
|
||||
register: result_mxisd
|
||||
ignore_errors: true
|
||||
|
|
|
@ -152,15 +152,27 @@ matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_s
|
|||
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
|
||||
matrix_nginx_proxy_tmp_directory_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb | int) * 50 }}"
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the matrix domain's server configuration.
|
||||
# A list of strings containing additional configuration blocks to add to the nginx http's server configuration.
|
||||
matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the matrix synapse's server configuration.
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the matrix riot's server configuration.
|
||||
matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the matrix dimension's server configuration.
|
||||
matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the matrix domain server configuration.
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
# Specifies when to reload the matrix-nginx-proxy service so that
|
||||
# a new SSL certificate could go into effect.
|
||||
matrix_nginx_proxy_reload_cron_time_definition: "20 4 */5 * *"
|
||||
|
||||
# Specifies which SSL protocols to use when serving Riot and Synapse
|
||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.1 TLSv1.2 TLSv1.3"
|
||||
matrix_nginx_proxy_ssl_protocols: "TLSv1.2 TLSv1.3"
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_nginx_proxy_self_check_validate_certificates: true
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- path: /.well-known/matrix/client
|
||||
purpose: Client Discovery
|
||||
cors: true
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||
|
||||
- block:
|
||||
|
@ -15,7 +15,7 @@
|
|||
path: /.well-known/matrix/server
|
||||
purpose: Server Discovery
|
||||
cors: false
|
||||
follow_redirects: true
|
||||
follow_redirects: safe
|
||||
validate_certs: "{{ matrix_nginx_proxy_self_check_validate_certificates }}"
|
||||
|
||||
- name: Determine domains that we require certificates for (mxisd)
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
- name: Check .well-known on the matrix hostname
|
||||
uri:
|
||||
url: "{{ well_known_url_matrix }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
return_content: true
|
||||
validate_certs: "{{ well_known_file_check.validate_certs }}"
|
||||
register: result_well_known_matrix
|
||||
|
|
|
@ -3,6 +3,9 @@
|
|||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
|
|
|
@ -5,6 +5,9 @@
|
|||
|
||||
gzip on;
|
||||
gzip_types text/plain application/json;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location /.well-known/matrix {
|
||||
root {{ matrix_static_files_base_path }};
|
||||
|
|
|
@ -3,6 +3,9 @@
|
|||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
|
|
|
@ -4,3 +4,6 @@
|
|||
#
|
||||
# Thus, we ensure a larger bucket size value is used.
|
||||
server_names_hash_bucket_size 64;
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
|
|
@ -73,13 +73,19 @@
|
|||
mode: 0750
|
||||
when: matrix_postgres_enabled|bool
|
||||
|
||||
- name: Ensure matrix-make-user-admin script created
|
||||
- name: Ensure matrix-change-user-admin-status script created
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2"
|
||||
dest: "/usr/local/bin/matrix-make-user-admin"
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-change-user-admin-status.j2"
|
||||
dest: "/usr/local/bin/matrix-change-user-admin-status"
|
||||
mode: 0750
|
||||
when: matrix_postgres_enabled|bool
|
||||
|
||||
- name: (Migration) Ensure old matrix-make-user-admin script deleted
|
||||
file:
|
||||
path: "/usr/local/bin/matrix-make-user-admin"
|
||||
state: absent
|
||||
when: matrix_postgres_enabled|bool
|
||||
|
||||
- name: Ensure matrix-postgres-update-user-password-hash script created
|
||||
template:
|
||||
src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
|
||||
|
@ -146,6 +152,6 @@
|
|||
state: absent
|
||||
with_items:
|
||||
- matrix-postgres-cli
|
||||
- matrix-make-user-admin
|
||||
- matrix-change-user-admin-status
|
||||
- matrix-postgres-update-user-password-hash
|
||||
when: "not matrix_postgres_enabled|bool"
|
||||
|
|
|
@ -20,6 +20,11 @@
|
|||
postgres_start_wait_time: 15
|
||||
when: "postgres_start_wait_time|default('') == ''"
|
||||
|
||||
- name: Set postgres_force_upgrade, if not provided
|
||||
set_fact:
|
||||
postgres_force_upgrade: false
|
||||
when: "postgres_force_upgrade|default('') == ''"
|
||||
|
||||
- name: Fail, if trying to upgrade external Postgres database
|
||||
fail:
|
||||
msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade."
|
||||
|
@ -45,7 +50,7 @@
|
|||
- name: Abort, if already at latest Postgres version
|
||||
fail:
|
||||
msg: "You are already running the latest Postgres version supported ({{ matrix_postgres_docker_image_latest }}). Nothing to do"
|
||||
when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest"
|
||||
when: "matrix_postgres_detected_version_corresponding_docker_image == matrix_postgres_docker_image_latest and not postgres_force_upgrade"
|
||||
|
||||
- debug:
|
||||
msg: "Upgrading database from {{ matrix_postgres_detected_version_corresponding_docker_image }} to {{ matrix_postgres_docker_image_latest }}"
|
||||
|
|
|
@ -2,3 +2,6 @@
|
|||
POSTGRES_USER={{ matrix_postgres_connection_username }}
|
||||
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
|
||||
POSTGRES_DB={{ matrix_postgres_db_name }}
|
||||
# Synapse refuses to run if collation is not C.
|
||||
# See https://github.com/matrix-org/synapse/issues/6722
|
||||
POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "Usage: "$0" <username> <0/1>"
|
||||
echo "Usage: 0 = non-admin"
|
||||
echo "Usage: 1 = admin"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker run \
|
||||
-it \
|
||||
--rm \
|
||||
--user=991:991 \
|
||||
--cap-drop=ALL \
|
||||
--env-file=/matrix/postgres/env-postgres-psql \
|
||||
--network matrix \
|
||||
postgres:12.1-alpine \
|
||||
psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
|
|
@ -1,17 +0,0 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: "$0" <username>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker run \
|
||||
-it \
|
||||
--rm \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||
--network {{ matrix_docker_network }} \
|
||||
{{ matrix_postgres_docker_image_to_use }} \
|
||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=1 WHERE name like '@$1:{{ matrix_domain }}'"
|
|
@ -1,6 +1,6 @@
|
|||
matrix_riot_web_enabled: true
|
||||
|
||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.7"
|
||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.5.8"
|
||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
- name: Check riot-web
|
||||
uri:
|
||||
url: "{{ riot_web_url_endpoint_public }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
|
||||
register: result_riot_web
|
||||
ignore_errors: true
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_synapse_enabled: true
|
||||
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.8.0"
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.9.1"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||
|
@ -259,13 +259,13 @@ matrix_synapse_email_smtp_host: ""
|
|||
matrix_synapse_email_smtp_port: 587
|
||||
matrix_synapse_email_smtp_require_transport_security: false
|
||||
matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>"
|
||||
matrix_synapse_email_riot_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||
matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_riot }}"
|
||||
|
||||
|
||||
# Enable this to activate the REST auth password provider module.
|
||||
# See: https://github.com/kamax-io/matrix-synapse-rest-auth
|
||||
# See: https://github.com/ma1uta/matrix-synapse-rest-password-provider
|
||||
matrix_synapse_ext_password_provider_rest_auth_enabled: false
|
||||
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/kamax-io/matrix-synapse-rest-auth/v0.1.2/rest_auth_provider.py"
|
||||
matrix_synapse_ext_password_provider_rest_auth_download_url: "https://raw.githubusercontent.com/ma1uta/matrix-synapse-rest-password-provider/ed377fb70513c2e51b42055eb364195af1ccaf33/rest_auth_provider.py"
|
||||
matrix_synapse_ext_password_provider_rest_auth_endpoint: ""
|
||||
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
||||
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- name: Check Matrix Client API
|
||||
uri:
|
||||
url: "{{ matrix_synapse_client_api_url_endpoint_public }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
||||
register: result_matrix_synapse_client_api
|
||||
ignore_errors: true
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- name: Check Matrix Federation API
|
||||
uri:
|
||||
url: "{{ matrix_synapse_federation_api_url_endpoint_public }}"
|
||||
follow_redirects: false
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
|
||||
register: result_matrix_synapse_federation_api
|
||||
ignore_errors: true
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
|
||||
when: "item.old in vars"
|
||||
with_items:
|
||||
- {'old': 'matrix_synapse_email_riot_base_url', 'new': '<superseded by client_base_url>'}
|
||||
- {'old': 'matrix_synapse_container_expose_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||
- {'old': 'matrix_synapse_no_tls', 'new': '<removed>'}
|
||||
- {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'}
|
||||
|
|
|
@ -392,17 +392,17 @@ retention:
|
|||
#
|
||||
# The rationale for this per-job configuration is that some rooms might have a
|
||||
# retention policy with a low 'max_lifetime', where history needs to be purged
|
||||
# of outdated messages on a very frequent basis (e.g. every 5min), but not want
|
||||
# that purge to be performed by a job that's iterating over every room it knows,
|
||||
# which would be quite heavy on the server.
|
||||
# of outdated messages on a more frequent basis than for the rest of the rooms
|
||||
# (e.g. every 12h), but not want that purge to be performed by a job that's
|
||||
# iterating over every room it knows, which could be heavy on the server.
|
||||
#
|
||||
#purge_jobs:
|
||||
# - shortest_max_lifetime: 1d
|
||||
# longest_max_lifetime: 3d
|
||||
# interval: 5m:
|
||||
# interval: 12h
|
||||
# - shortest_max_lifetime: 3d
|
||||
# longest_max_lifetime: 1y
|
||||
# interval: 24h
|
||||
# interval: 1d
|
||||
|
||||
|
||||
## TLS ##
|
||||
|
@ -891,23 +891,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|||
# Optional account validity configuration. This allows for accounts to be denied
|
||||
# any request after a given period.
|
||||
#
|
||||
# ``enabled`` defines whether the account validity feature is enabled. Defaults
|
||||
# to False.
|
||||
#
|
||||
# ``period`` allows setting the period after which an account is valid
|
||||
# after its registration. When renewing the account, its validity period
|
||||
# will be extended by this amount of time. This parameter is required when using
|
||||
# the account validity feature.
|
||||
#
|
||||
# ``renew_at`` is the amount of time before an account's expiry date at which
|
||||
# Synapse will send an email to the account's email address with a renewal link.
|
||||
# This needs the ``email`` and ``public_baseurl`` configuration sections to be
|
||||
# filled.
|
||||
#
|
||||
# ``renew_email_subject`` is the subject of the email sent out with the renewal
|
||||
# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter
|
||||
# from the ``email`` section.
|
||||
#
|
||||
# Once this feature is enabled, Synapse will look for registered users without an
|
||||
# expiration date at startup and will add one to every account it found using the
|
||||
# current settings at that time.
|
||||
|
@ -918,32 +901,55 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|||
# date will be randomly selected within a range [now + period - d ; now + period],
|
||||
# where d is equal to 10% of the validity period.
|
||||
#
|
||||
#account_validity:
|
||||
# enabled: True
|
||||
# period: 6w
|
||||
# renew_at: 1w
|
||||
# renew_email_subject: "Renew your %(app)s account"
|
||||
# # Directory in which Synapse will try to find the HTML files to serve to the
|
||||
# # user when trying to renew an account. Optional, defaults to
|
||||
# # synapse/res/templates.
|
||||
# template_dir: "res/templates"
|
||||
# # HTML to be displayed to the user after they successfully renewed their
|
||||
# # account. Optional.
|
||||
# account_renewed_html_path: "account_renewed.html"
|
||||
# # HTML to be displayed when the user tries to renew an account with an invalid
|
||||
# # renewal token. Optional.
|
||||
# invalid_token_html_path: "invalid_token.html"
|
||||
account_validity:
|
||||
# The account validity feature is disabled by default. Uncomment the
|
||||
# following line to enable it.
|
||||
#
|
||||
#enabled: true
|
||||
|
||||
# Time that a user's session remains valid for, after they log in.
|
||||
#
|
||||
# Note that this is not currently compatible with guest logins.
|
||||
#
|
||||
# Note also that this is calculated at login time: changes are not applied
|
||||
# retrospectively to users who have already logged in.
|
||||
#
|
||||
# By default, this is infinite.
|
||||
#
|
||||
#session_lifetime: 24h
|
||||
# The period after which an account is valid after its registration. When
|
||||
# renewing the account, its validity period will be extended by this amount
|
||||
# of time. This parameter is required when using the account validity
|
||||
# feature.
|
||||
#
|
||||
#period: 6w
|
||||
|
||||
# The amount of time before an account's expiry date at which Synapse will
|
||||
# send an email to the account's email address with a renewal link. By
|
||||
# default, no such emails are sent.
|
||||
#
|
||||
# If you enable this setting, you will also need to fill out the 'email' and
|
||||
# 'public_baseurl' configuration sections.
|
||||
#
|
||||
#renew_at: 1w
|
||||
|
||||
# The subject of the email sent out with the renewal link. '%(app)s' can be
|
||||
# used as a placeholder for the 'app_name' parameter from the 'email'
|
||||
# section.
|
||||
#
|
||||
# Note that the placeholder must be written '%(app)s', including the
|
||||
# trailing 's'.
|
||||
#
|
||||
# If this is not set, a default value is used.
|
||||
#
|
||||
#renew_email_subject: "Renew your %(app)s account"
|
||||
|
||||
# Directory in which Synapse will try to find templates for the HTML files to
|
||||
# serve to the user when trying to renew an account. If not set, default
|
||||
# templates from within the Synapse package will be used.
|
||||
#
|
||||
#template_dir: "res/templates"
|
||||
|
||||
# File within 'template_dir' giving the HTML to be displayed to the user after
|
||||
# they successfully renewed their account. If not set, default text is used.
|
||||
#
|
||||
#account_renewed_html_path: "account_renewed.html"
|
||||
|
||||
# File within 'template_dir' giving the HTML to be displayed when the user
|
||||
# tries to renew an account with an invalid renewal token. If not set,
|
||||
# default text is used.
|
||||
#
|
||||
#invalid_token_html_path: "invalid_token.html"
|
||||
|
||||
# The user must provide all of the below types of 3PID when registering.
|
||||
#
|
||||
|
@ -1378,107 +1384,123 @@ password_config:
|
|||
pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}
|
||||
|
||||
|
||||
|
||||
# Enable sending emails for password resets, notification events or
|
||||
# account expiry notices
|
||||
#
|
||||
# If your SMTP server requires authentication, the optional smtp_user &
|
||||
# smtp_pass variables should be used
|
||||
#
|
||||
#email:
|
||||
# enable_notifs: false
|
||||
# smtp_host: "localhost"
|
||||
# smtp_port: 25 # SSL: 465, STARTTLS: 587
|
||||
# smtp_user: "exampleusername"
|
||||
# smtp_pass: "examplepassword"
|
||||
# require_transport_security: False
|
||||
# notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
|
||||
# app_name: Matrix
|
||||
#
|
||||
# # Enable email notifications by default
|
||||
# #
|
||||
# notif_for_new_users: True
|
||||
#
|
||||
# # Defining a custom URL for Riot is only needed if email notifications
|
||||
# # should contain links to a self-hosted installation of Riot; when set
|
||||
# # the "app_name" setting is ignored
|
||||
# #
|
||||
# riot_base_url: "http://localhost/riot"
|
||||
#
|
||||
# # Configure the time that a validation email or text message code
|
||||
# # will expire after sending
|
||||
# #
|
||||
# # This is currently used for password resets
|
||||
# #
|
||||
# #validation_token_lifetime: 1h
|
||||
#
|
||||
# # Template directory. All template files should be stored within this
|
||||
# # directory. If not set, default templates from within the Synapse
|
||||
# # package will be used
|
||||
# #
|
||||
# # For the list of default templates, please see
|
||||
# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||
# #
|
||||
# #template_dir: res/templates
|
||||
#
|
||||
# # Templates for email notifications
|
||||
# #
|
||||
# notif_template_html: notif_mail.html
|
||||
# notif_template_text: notif_mail.txt
|
||||
#
|
||||
# # Templates for account expiry notices
|
||||
# #
|
||||
# expiry_template_html: notice_expiry.html
|
||||
# expiry_template_text: notice_expiry.txt
|
||||
#
|
||||
# # Templates for password reset emails sent by the homeserver
|
||||
# #
|
||||
# #password_reset_template_html: password_reset.html
|
||||
# #password_reset_template_text: password_reset.txt
|
||||
#
|
||||
# # Templates for registration emails sent by the homeserver
|
||||
# #
|
||||
# #registration_template_html: registration.html
|
||||
# #registration_template_text: registration.txt
|
||||
#
|
||||
# # Templates for validation emails sent by the homeserver when adding an email to
|
||||
# # your user account
|
||||
# #
|
||||
# #add_threepid_template_html: add_threepid.html
|
||||
# #add_threepid_template_text: add_threepid.txt
|
||||
#
|
||||
# # Templates for password reset success and failure pages that a user
|
||||
# # will see after attempting to reset their password
|
||||
# #
|
||||
# #password_reset_template_success_html: password_reset_success.html
|
||||
# #password_reset_template_failure_html: password_reset_failure.html
|
||||
#
|
||||
# # Templates for registration success and failure pages that a user
|
||||
# # will see after attempting to register using an email or phone
|
||||
# #
|
||||
# #registration_template_success_html: registration_success.html
|
||||
# #registration_template_failure_html: registration_failure.html
|
||||
#
|
||||
# # Templates for success and failure pages that a user will see after attempting
|
||||
# # to add an email or phone to their account
|
||||
# #
|
||||
# #add_threepid_success_html: add_threepid_success.html
|
||||
# #add_threepid_failure_html: add_threepid_failure.html
|
||||
{% if matrix_synapse_email_enabled %}
|
||||
# Configuration for sending emails from Synapse.
|
||||
#
|
||||
email:
|
||||
enable_notifs: true
|
||||
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
|
||||
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
||||
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
||||
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
|
||||
app_name: Matrix
|
||||
notif_template_html: notif_mail.html
|
||||
notif_template_text: notif_mail.txt
|
||||
# Templates for account expiry notices.
|
||||
expiry_template_html: notice_expiry.html
|
||||
expiry_template_text: notice_expiry.txt
|
||||
notif_for_new_users: True
|
||||
riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }}
|
||||
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
||||
#
|
||||
#smtp_host: mail.server
|
||||
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
|
||||
|
||||
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
||||
#
|
||||
#smtp_port: 587
|
||||
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
||||
|
||||
# Username/password for authentication to the SMTP server. By default, no
|
||||
# authentication is attempted.
|
||||
#
|
||||
# smtp_user: "exampleusername"
|
||||
# smtp_pass: "examplepassword"
|
||||
|
||||
# Uncomment the following to require TLS transport security for SMTP.
|
||||
# By default, Synapse will connect over plain text, and will then switch to
|
||||
# TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
|
||||
# Synapse will refuse to connect unless the server supports STARTTLS.
|
||||
#
|
||||
#require_transport_security: true
|
||||
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
||||
|
||||
# Enable sending emails for messages that the user has missed
|
||||
#
|
||||
#enable_notifs: false
|
||||
enable_notifs: true
|
||||
|
||||
# notif_from defines the "From" address to use when sending emails.
|
||||
# It must be set if email sending is enabled.
|
||||
#
|
||||
# The placeholder '%(app)s' will be replaced by the application name,
|
||||
# which is normally 'app_name' (below), but may be overridden by the
|
||||
# Matrix client application.
|
||||
#
|
||||
# Note that the placeholder must be written '%(app)s', including the
|
||||
# trailing 's'.
|
||||
#
|
||||
#notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
|
||||
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
|
||||
|
||||
# app_name defines the default value for '%(app)s' in notif_from. It
|
||||
# defaults to 'Matrix'.
|
||||
#
|
||||
#app_name: my_branded_matrix_server
|
||||
app_name: Matrix
|
||||
|
||||
# Uncomment the following to disable automatic subscription to email
|
||||
# notifications for new users. Enabled by default.
|
||||
#
|
||||
#notif_for_new_users: false
|
||||
notif_for_new_users: True
|
||||
|
||||
# Custom URL for client links within the email notifications. By default
|
||||
# links will be based on "https://matrix.to".
|
||||
#
|
||||
# (This setting used to be called riot_base_url; the old name is still
|
||||
# supported for backwards-compatibility but is now deprecated.)
|
||||
#
|
||||
#client_base_url: "http://localhost/riot"
|
||||
client_base_url: {{ matrix_synapse_email_client_base_url|string|to_json }}
|
||||
|
||||
# Configure the time that a validation email will expire after sending.
|
||||
# Defaults to 1h.
|
||||
#
|
||||
#validation_token_lifetime: 15m
|
||||
|
||||
# Directory in which Synapse will try to find the template files below.
|
||||
# If not set, default templates from within the Synapse package will be used.
|
||||
#
|
||||
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||
# below are in the directory.
|
||||
#
|
||||
# Synapse will look for the following templates in this directory:
|
||||
#
|
||||
# * The contents of email notifications of missed events: 'notif_mail.html' and
|
||||
# 'notif_mail.txt'.
|
||||
#
|
||||
# * The contents of account expiry notice emails: 'notice_expiry.html' and
|
||||
# 'notice_expiry.txt'.
|
||||
#
|
||||
# * The contents of password reset emails sent by the homeserver:
|
||||
# 'password_reset.html' and 'password_reset.txt'
|
||||
#
|
||||
# * HTML pages for success and failure that a user will see when they follow
|
||||
# the link in the password reset email: 'password_reset_success.html' and
|
||||
# 'password_reset_failure.html'
|
||||
#
|
||||
# * The contents of address verification emails sent during registration:
|
||||
# 'registration.html' and 'registration.txt'
|
||||
#
|
||||
# * HTML pages for success and failure that a user will see when they follow
|
||||
# the link in an address verification email sent during registration:
|
||||
# 'registration_success.html' and 'registration_failure.html'
|
||||
#
|
||||
# * The contents of address verification emails sent when an address is added
|
||||
# to a Matrix account: 'add_threepid.html' and 'add_threepid.txt'
|
||||
#
|
||||
# * HTML pages for success and failure that a user will see when they follow
|
||||
# the link in an address verification email sent when an address is added
|
||||
# to a Matrix account: 'add_threepid_success.html' and
|
||||
# 'add_threepid_failure.html'
|
||||
#
|
||||
# You can see the default templates at:
|
||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||
#
|
||||
#template_dir: "res/templates"
|
||||
notif_template_html: notif_mail.html
|
||||
notif_template_text: notif_mail.txt
|
||||
expiry_template_html: notice_expiry.html
|
||||
expiry_template_text: notice_expiry.txt
|
||||
{% endif %}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue