pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2020-07-08 14:16:57 +02:00
parent 5e657795e0 18ab677a96
commit 9759cc7ccc
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
62 changed files with 2081 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
CHANGELOG.md
View file

@ -1,3 +1,40 @@
# 2020-07-03
## Steam bridging support via mx-puppet-steam
Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Steam](https://steamapp.com/) via the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge. See our [Setting up MX Puppet Steam bridging](docs/configuring-playbook-bridge-mx-puppet-steam.md) documentation page for getting started.
# 2020-07-01
## Discord bridging support via mx-puppet-discord
Thanks to [Hugues Morisset](https://github.com/izissise)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge. See our [Setting up MX Puppet Discord bridging](docs/configuring-playbook-bridge-mx-puppet-discord.md) documentation page for getting started.
**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md). You're free too use the bridge that serves you better, or even both (for different users and use-cases).
# 2020-06-30
## Instagram and Twitter bridging support
Thanks to [Johanna Dorothea Reichmann](https://github.com/jdreichmann)'s efforts, the playbook now supports bridging to [Instagram](https://www.instagram.com/) via the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge. See our [Setting up MX Puppet Instagram bridging](docs/configuring-playbook-bridge-mx-puppet-instagram.md) documentation page for getting started.
Thanks to [Tulir Asokan](https://github.com/tulir)'s efforts, the playbook now supports bridging to [Twitter](https://twitter.com/) via the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge. See our [Setting up MX Puppet Twitter bridging](docs/configuring-playbook-bridge-mx-puppet-twitter.md) documentation page for getting started.
# 2020-06-28
## (Post Mortem / fixed Security Issue) Re-enabling User Directory search powered by the ma1sd Identity Server
User Directory search requests used to go to the ma1sd identity server by default, which queried its own stores and the Synapse database.
ma1sd's [security issue](https://github.com/ma1uta/ma1sd/issues/44) has been fixed in version `2.4.0`, with [this commit](ma1uta/ma1sd@2bb5a734d11662b06471113cf3d6b4cee5e33a85). `ma1sd 2.4.0` is now the default version for this playbook. For more information on what happened, please check the mentioned issue.
We are re-enabling user directory search with this update. Those who would like to keep it disabled can use this configuration: `matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false`
As always, re-running the playbook is enough to get the updated bits.
# 2020-06-11
## SMS bridging requires db reset

16
README.md
View file

@ -52,6 +52,14 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [matrix-appservice-webhooks](https://github.com/turt2live/matrix-appservice-webhooks) bridge for slack compatible webhooks ([ConcourseCI](https://concourse-ci.org/), [Slack](https://slack.com/) etc. pp.)
- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
- (optional) the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge for Twitter-DMs ([Twitter](https://twitter.com/) - see [docs/configuring-playbook-bridge-mx-puppet-twitter.md](docs/configuring-playbook-bridge-mx-puppet-twitter.md) for setup documentation
- (optional) the [mx-puppet-discord](https://github.com/Sorunome/mx-puppet-discord) bridge for [Discord](https://discordapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation
- (optional) the [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge) for bridging your Matrix server to SMS
- (optional) [Email2Matrix](https://github.com/devture/email2matrix) for relaying email messages to Matrix rooms
@ -152,6 +160,14 @@ This playbook sets up your server using the following Docker images:
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
- [sorunome/mx-puppet-instagram](https://hub.docker.com/r/sorunome/mx-puppet-instagram) - the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge to [Instagram](https://www.instagram.com) (optional)
- [sorunome/mx-puppet-twitter](https://hub.docker.com/r/sorunome/mx-puppet-twitter) - the [mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) bridge to [Twitter](https://twitter.com) (optional)
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https:/discordapp.com) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)

9
docs/alternative-architectures.md
View file

@ -1,6 +1,6 @@
# Alternative architectures
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
As stated in the [Prerequisites](prerequisites.md), currently only `x86_64` is fully supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
@ -21,9 +21,6 @@ matrix_architecture: "arm32"
## Implementation details
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
For `amd64`, prebuilt images are used everywhere (because all images are available for this architecture).
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
For other architectures, components which have a prebuilt image make use of it. If the component is not available for the specific architecture, [self-building](self-building.md) will be used. Not all components support self-building though, so your mileage may vary.

23
docs/configuring-captcha.md Normal file
View file

@ -0,0 +1,23 @@
(Adapted from the [upstream project](https://github.com/matrix-org/synapse/blob/develop/docs/CAPTCHA_SETUP.md))
# Overview
Captcha can be enabled for this home server. This file explains how to do that.
The captcha mechanism used is Google's [ReCaptcha](https://www.google.com/recaptcha/). This requires API keys from Google.
## Getting keys
Requires a site/secret key pair from:
<http://www.google.com/recaptcha/admin>
Must be a reCAPTCHA **v2** key using the "I'm not a robot" Checkbox option
## Setting ReCaptcha Keys
Once registered as above, set the following values:
```yaml
matrix_synapse_enable_registration_captcha: true
matrix_synapse_recaptcha_public_key: 'YOUR_SITE_KEY'
matrix_synapse_recaptcha_private_key: 'YOUR_SECRET_KEY'
```

2
docs/configuring-playbook-bridge-appservice-discord.md
View file

@ -1,5 +1,7 @@
# Setting up Appservice Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook.
The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you.
See the project's [documentation](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/README.md) to learn what it does and why it might be useful to you.

36
docs/configuring-playbook-bridge-mx-puppet-discord.md Normal file
View file

@ -0,0 +1,36 @@
# Setting up MX Puppet Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.
The playbook can install and configure
[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Discord](https://discordapp.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: ""
matrix_mx_puppet_discord_client_secret: ""
```
## Usage
Once the bot is enabled you need to start a chat with `Discord Puppet Bridge` with
the handle `@_discordpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Three authentication methods are available, Legacy Token, OAuth and xoxc token.
See mx-puppet-discord [documentation](https://github.com/matrix-discord/mx-puppet-discord)
for more information about how to configure the bridge.
Once logged in, send `list` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.

36
docs/configuring-playbook-bridge-mx-puppet-instagram.md Normal file
View file

@ -0,0 +1,36 @@
# Setting up mx-puppet-instagram (optional)
The playbook can install and configure
[mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) for you.
This allows you to bridge Instagram DirectMessages into Matrix.
To enable the [Instagram](https://www.instagram.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_instagram_enabled: true
```
## Usage
Once the bot is enabled, you need to start a chat with `Instagram Puppet Bridge` with
the handle `@_instagrampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Send `link <username> <password>` to the bridge bot to link your instagram account.
The `list` commands shows which accounts are linked and which `puppetId` is associated.
For double-puppeting, you probably want to issue these commands:
- `settype $puppetId puppet` to enable puppeting for the link (instead of relaying)
- `setautoinvite $puppetId 1` to automatically invite you to chats
- `setmatrixtoken $accessToken` to set the access token to enable puppeting from the other side (the "double" in double puppeting)
If you are linking only one Instagram account, your `$puppetId` is probably 1, but use the `list` command find out.
The `help` command shows which commands are available, though at the time of writing, not every command is fully implemented.

34
docs/configuring-playbook-bridge-mx-puppet-steam.md Normal file
View file

@ -0,0 +1,34 @@
# Setting up MX Puppet Steam (optional)
The playbook can install and configure
[mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Steam](https://steampowered.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_steam_enabled: true
matrix_mx_puppet_steam_client_id: ""
matrix_mx_puppet_steam_client_secret: ""
```
## Usage
Once the bot is enabled you need to start a chat with `Steam Puppet Bridge` with
the handle `@_steampuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Three authentication methods are available, Legacy Token, OAuth and xoxc token.
See mx-puppet-steam [documentation](https://github.com/icewind1991/mx-puppet-steam)
for more information about how to configure the bridge.
Once logged in, send `list` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.

34
docs/configuring-playbook-bridge-mx-puppet-twitter.md Normal file
View file

@ -0,0 +1,34 @@
# Setting up MX Puppet Twitter (optional)
The playbook can install and configure
[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Twitter](https://twitter.com) bridge, make an app on [developer.twitter.com](https://developer.twitter.com/en/apps)
and fill out the following playbook configuration.
```yaml
matrix_mx_puppet_twitter_enabled: true
matrix_mx_puppet_twitter_consumer_key: ''
matrix_mx_puppet_twitter_consumer_secret: ''
matrix_mx_puppet_twitter_access_token: ''
matrix_mx_puppet_twitter_access_token_secret: ''
matrix_mx_puppet_twitter_environment: ''
```
## Usage
Once the bot is enabled you need to start a chat with `Twitter Puppet Bridge` with
the handle `@_twitterpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
To log in, use `link` and click the link.
Once logged in, send `list` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.

2
docs/configuring-playbook-ma1sd.md
View file

@ -31,6 +31,8 @@ To use the [Registration](https://github.com/ma1uta/ma1sd/blob/master/docs/featu
- `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse
- `matrix_synapse_enable_registration_captcha` - to validate registering users using reCAPTCHA, as described in the [enabling reCAPTCHA](configuring_captcha.md) documentation.
- `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering
- variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to ma1sd (instead of Synapse), so it can apply its additional functionality

8
docs/configuring-playbook.md
View file

@ -101,6 +101,14 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
- [Setting up MX Puppet Instagram bridging](configuring-playbook-bridge-mx-puppet-instagram.md) (optional)
- [Setting up MX Puppet Twitter bridging](configuring-playbook-bridge-mx-puppet-twitter.md) (optional)
- [Setting up MX Puppet Discord bridging](configuring-playbook-bridge-mx-puppet-discord.md) (optional)
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
- [Setting up Matrix SMS bridging](configuring-playbook-matrix-bridge-sms.md) (optional)

19
docs/self-building.md
View file

@ -2,22 +2,23 @@
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
The playbook supports the self-building of various components, which don't have a container image for your architecture. For `amd64`, self-building is not required.
To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:
```yaml
matrix_container_images_self_build: true
```
Setting that variable will self-build every role which supports self-building. Self-building can be set on a per-role basis as well.
For other architectures (e.g. `arm32`, `arm64`), ready-made container images are used when available. If there's no ready-made image for a specific component and said component supports self-building, an image will be built on the host. Building images like this takes more time and resources (some build tools need to get installed by the playbook to assist building).
To make use of self-building, you don't need to do anything besides change your architecture variable (e.g. `matrix_architecture: arm64`). If a component has an image for the specified architecture, the playbook will use it. If not, it will build the image.
Note that **not all components support self-building yet**.
List of roles where self-building the Docker image is currently possible:
- `matrix-synapse`
- `matrix-riot-web`
- `matrix-coturn`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-mautrix-facebook`
- `matrix-mautrix-hangouts`
- `matrix-mx-puppet-skype`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mx-puppet-skype`
Adding self-building support to other roles is welcome. Feel free to contribute!
If you'd like **to force self-building** even if an image is available for your architecture, look into the `matrix_*_self_build` variables provided by individual roles.

139
group_vars/matrix_servers
View file

@ -393,6 +393,128 @@ matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_prov
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_twitter_enabled: false
matrix_mx_puppet_twitter_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_twitter_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mx_puppet_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.as.tok') | to_uuid }}"
matrix_mx_puppet_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxtwt.hs.tok') | to_uuid }}"
matrix_mx_puppet_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_mx_puppet_twitter_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' ~ matrix_mx_puppet_twitter_appservice_port) }}"
######################################################################
#
# /matrix-bridge-mx-puppet-twitter
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-instagram
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_instagram_enabled: false
matrix_mx_puppet_instagram_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_instagram_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mx_puppet_instagram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.as.tok') | to_uuid }}"
matrix_mx_puppet_instagram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxig.hs.tok') | to_uuid }}"
matrix_mx_puppet_instagram_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
######################################################################
#
# /matrix-bridge-mx-puppet-instagram
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_discord_enabled: false
matrix_mx_puppet_discord_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_discord_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mx_puppet_discord_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.as.tok') | to_uuid }}"
matrix_mx_puppet_discord_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxdsc.hs.tok') | to_uuid }}"
matrix_mx_puppet_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
######################################################################
#
# /matrix-bridge-mx-puppet-discord
#
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-steam
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_steam_enabled: false
matrix_mx_puppet_steam_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_steam_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mx_puppet_steam_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.as.tok') | to_uuid }}"
matrix_mx_puppet_steam_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxste.hs.tok') | to_uuid }}"
matrix_mx_puppet_steam_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
######################################################################
#
# /matrix-bridge-mx-puppet-steam
#
######################################################################
######################################################################
#
@ -564,7 +686,17 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# There's no prebuilt ma1sd image for the `arm32` architecture.
# We're relying on self-building there.
matrix_ma1sd_architecture: "{{
{
'amd64': 'amd64',
'arm32': 'arm32',
'arm64': 'arm64',
}[matrix_architecture]
}}"
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -646,10 +778,7 @@ matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
# Not proxying the user directory search to the identity server by default anymore,
# because it currently leaks data.
# See: https://github.com/ma1uta/ma1sd/issues/44
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: "{{ matrix_ma1sd_enabled }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container }}"
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "{{ matrix_nginx_proxy_proxy_matrix_identity_api_addr_sans_container }}"

10
roles/matrix-base/defaults/main.yml
View file

@ -26,6 +26,12 @@ matrix_federation_public_port: 8448
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
# By default, the playbook creates the user (`matrix_user_username`)
# and group (`matrix_user_groupname`) with a random id.
# To use a specific user/group id, override these variables.
matrix_user_uid: ~
matrix_user_gid: ~
matrix_base_data_path: "/matrix"
matrix_base_data_path_mode: "750"
@ -99,7 +105,3 @@ run_setup: true
run_self_check: true
run_start: true
run_stop: true
# Building every docker image from source on the target host
# Controlling docker image build is possible on a per unit base
matrix_container_images_self_build: false

2
roles/matrix-base/tasks/setup_matrix_user.yml
View file

@ -3,6 +3,7 @@
- name: Ensure Matrix group is created
group:
name: "{{ matrix_user_groupname }}"
gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
state: present
register: matrix_group
@ -13,6 +14,7 @@
- name: Ensure Matrix user is created
user:
name: "{{ matrix_user_username }}"
uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
state: present
group: "{{ matrix_user_groupname }}"
register: matrix_user

10
roles/matrix-base/tasks/validate_config.yml
View file

@ -1,11 +1 @@
---
- name: (Deprecation) Warn about unused user/group variables
fail:
msg: >
The `{{ item }}` variable defined in your configuration is not used by this playbook anymore.
User/group creation is now dynamic. You can remove these variables from your configuration, as they have no effect on anything.
when: "item in vars"
with_items:
- 'matrix_user_uid'
- 'matrix_user_gid'

95
roles/matrix-bridge-mx-puppet-discord/defaults/main.yml Normal file
View file

@ -0,0 +1,95 @@
# Mx Puppet Discord is a Matrix <-> Discord bridge
# See: https://github.com/matrix-discord/mx-puppet-discord
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_container_image_self_build: false
# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_discord_container_http_host_bind_port: ''
matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest"
matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord"
matrix_mx_puppet_discord_config_path: "{{ matrix_mx_puppet_discord_base_path }}/config"
matrix_mx_puppet_discord_data_path: "{{ matrix_mx_puppet_discord_base_path }}/data"
matrix_mx_puppet_discord_docker_src_files_path: "{{ matrix_mx_puppet_discord_base_path }}/docker-src"
matrix_mx_puppet_discord_appservice_port: "8432"
matrix_mx_puppet_discord_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
matrix_mx_puppet_discord_client_id: ''
matrix_mx_puppet_discord_client_secret: ''
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_discord_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_discord_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_discord_container_extra_arguments: []
# List of systemd services that matrix-puppet-discord.service depends on.
matrix_mx_puppet_discord_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-puppet-discord.service wants
matrix_mx_puppet_discord_systemd_wanted_services_list: []
matrix_mx_puppet_discord_appservice_token: ''
matrix_mx_puppet_discord_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_discord_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_discord_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_discord_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_discord_configuration_yaml`.
matrix_mx_puppet_discord_configuration_extension: "{{ matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml if matrix_mx_puppet_discord_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_discord_configuration_yaml`.
matrix_mx_puppet_discord_configuration: "{{ matrix_mx_puppet_discord_configuration_yaml|from_yaml|combine(matrix_mx_puppet_discord_configuration_extension, recursive=True) }}"
matrix_mx_puppet_discord_registration_yaml: |
as_token: "{{ matrix_mx_puppet_discord_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_discord_homeserver_token }}"
id: discord-puppet
namespaces:
users:
- exclusive: true
regex: '@_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_discordpuppet_.*:{{ matrix_mx_puppet_discord_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _discordpuppet_bot
url: {{ matrix_mx_puppet_discord_appservice_address }}
matrix_mx_puppet_discord_registration: "{{ matrix_mx_puppet_discord_registration_yaml|from_yaml }}"

23
roles/matrix-bridge-mx-puppet-discord/tasks/init.yml Normal file
View file

@ -0,0 +1,23 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-discord'] }}"
when: matrix_mx_puppet_discord_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_discord_config_path }}/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-discord-registration.yaml"] }}
when: matrix_mx_puppet_discord_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_discord_container_image_self_build"

21
roles/matrix-bridge-mx-puppet-discord/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-discord
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_discord_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-discord
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_discord_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-discord

93
roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,93 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-discord role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure MX Puppet Discord image is pulled
docker_image:
name: "{{ matrix_mx_puppet_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_discord_docker_image_force_pull }}"
when: matrix_mx_puppet_discord_enabled|bool and not matrix_mx_puppet_discord_container_image_self_build
- name: Ensure MX Puppet Discord paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mx_puppet_discord_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_discord_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_discord_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}", when: "{{ matrix_mx_puppet_discord_container_image_self_build }}" }
when: matrix_mx_puppet_discord_enabled|bool and item.when|bool
- name: Ensure MX Puppet Discord repository is present on self build
git:
repo: https://github.com/matrix-discord/mx-puppet-discord.git
dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
- name: Ensure MX Puppet Discord Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_discord_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mx_puppet_discord_base_path }}/database.db"
register: matrix_mx_puppet_discord_stat_database
- name: (Data relocation) Ensure matrix-mx-puppet-discord.service is stopped
service:
name: matrix-mx-puppet-discord
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mx_puppet_discord_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-discord database file to ./data directory
command: "mv {{ matrix_mx_puppet_discord_base_path }}/database.db {{ matrix_mx_puppet_discord_data_path }}/database.db"
when: "matrix_mx_puppet_discord_stat_database.stat.exists"
- name: Ensure mx-puppet-discord config.yaml installed
copy:
content: "{{ matrix_mx_puppet_discord_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_discord_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mx-puppet-discord discord-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_discord_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_discord_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mx-puppet-discord.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-discord.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-discord.service"
mode: 0644
register: matrix_mx_puppet_discord_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_discord_systemd_service_result.changed"

24
roles/matrix-bridge-mx-puppet-discord/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-discord service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
register: matrix_mx_puppet_discord_service_stat
- name: Ensure matrix-mx-puppet-discord is stopped
service:
name: matrix-mx-puppet-discord
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_discord_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-discord.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-discord.service"
state: absent
when: "matrix_mx_puppet_discord_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-discord.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_discord_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-discord/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_discord_appservice_token"
- "matrix_mx_puppet_discord_homeserver_token"

138
roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,138 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_discord_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
{% if matrix_mx_puppet_discord_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
{% endif %}
# Display name of the bridge bot
displayname: Discord Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
relay:
# Regex of Matrix IDs who are allowed to use the bridge in relay mode.
# Relay mode is when a single Discord bot account relays messages of
# multiple Matrix users
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
selfService:
# Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_discord_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_discord_provisioning_blacklist|to_json }}
# Override the default name patterns for users, rooms and groups
#
# Variable names must be prefixed with a ':'
namePatterns:
# The default displayname for a bridged user
#
# Available variables:
#
# name: username of the user
# discriminator: hashtag of the user (ex. #1234)
user: :name
# A user's guild-specific displayname - if they've set a custom nick in
# a guild
#
# Available variables:
#
# name: username of the user
# discriminator: hashtag of the user (ex. #1234)
# displayname: the user's custom group-specific nick
# channel: the name of the channel
# guild: the name of the guild
userOverride: :name
# Room names for bridged Discord channels
#
# Available variables:
#
# name: name of the channel
# guild: name of the guild
room: :name
# Group names for bridged Discord servers
#
# Available variables:
#
# name: name of the guide
group: :name
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

41
roles/matrix-bridge-mx-puppet-discord/templates/systemd/matrix-mx-puppet-discord.service.j2 Normal file
View file

@ -0,0 +1,41 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mx Puppet Discord server
{% for service in matrix_mx_puppet_discord_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_discord_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-discord \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_discord_config_path }}:/config:z \
-v {{ matrix_mx_puppet_discord_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_discord_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_discord_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-discord
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-discord
[Install]
WantedBy=multi-user.target

86
roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml Normal file
View file

@ -0,0 +1,86 @@
# mx-puppet-instagram bridges instagram DMs
# See: https://github.com/Sorunome/mx-puppet-instagram
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_image_self_build: false
matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest"
matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}"
matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram"
matrix_mx_puppet_instagram_config_path: "{{ matrix_mx_puppet_instagram_base_path }}/config"
matrix_mx_puppet_instagram_data_path: "{{ matrix_mx_puppet_instagram_base_path }}/data"
matrix_mx_puppet_instagram_docker_src_files_path: "{{ matrix_mx_puppet_instagram_base_path }}/docker-src"
matrix_mx_puppet_instagram_appservice_port: "8440"
matrix_mx_puppet_instagram_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_instagram_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_instagram_appservice_address: 'http://matrix-mx-puppet-instagram:{{ matrix_mx_puppet_instagram_appservice_port }}'
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_instagram_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_instagram_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_instagram_container_extra_arguments: []
# List of systemd services that matrix-puppet-instagram.service depends on.
matrix_mx_puppet_instagram_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-puppet-instagram.service wants
matrix_mx_puppet_instagram_systemd_wanted_services_list: []
matrix_mx_puppet_instagram_appservice_token: ''
matrix_mx_puppet_instagram_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_instagram_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_instagram_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_instagram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_instagram_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_instagram_configuration_yaml`.
matrix_mx_puppet_instagram_configuration_extension: "{{ matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml if matrix_mx_puppet_instagram_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_instagram_configuration_yaml`.
matrix_mx_puppet_instagram_configuration: "{{ matrix_mx_puppet_instagram_configuration_yaml|from_yaml|combine(matrix_mx_puppet_instagram_configuration_extension, recursive=True) }}"
matrix_mx_puppet_instagram_registration_yaml: |
as_token: "{{ matrix_mx_puppet_instagram_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_instagram_homeserver_token }}"
id: instagram-puppet
namespaces:
users:
- exclusive: true
regex: '@_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_instagrampuppet_.*:{{ matrix_mx_puppet_instagram_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _instagrampuppet_bot
url: {{ matrix_mx_puppet_instagram_appservice_address }}
matrix_mx_puppet_instagram_registration: "{{ matrix_mx_puppet_instagram_registration_yaml|from_yaml }}"

17
roles/matrix-bridge-mx-puppet-instagram/tasks/init.yml Normal file
View file

@ -0,0 +1,17 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-instagram'] }}"
when: matrix_mx_puppet_instagram_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_instagram_config_path }}/registration.yaml,dst=/matrix-mx-puppet-instagram-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-instagram-registration.yaml"] }}
when: matrix_mx_puppet_instagram_enabled|bool

21
roles/matrix-bridge-mx-puppet-instagram/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-instagram
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_instagram_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-instagram
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_instagram_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-instagram

78
roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,78 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-instagram role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure mx-puppet-instagram image is pulled
docker_image:
name: "{{ matrix_mx_puppet_instagram_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_instagram_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_instagram_docker_image_force_pull }}"
when: matrix_mx_puppet_instagram_enabled|bool and not matrix_mx_puppet_instagram_container_image_self_build
- name: Ensure mx-puppet-instagram paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mx_puppet_instagram_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_instagram_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_instagram_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}", when: "{{ matrix_mx_puppet_instagram_container_image_self_build }}" }
when: matrix_mx_puppet_instagram_enabled|bool and item.when|bool
- name: Ensure mx-puppet-instagram repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-instagram.git
dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
- name: Ensure mx-puppet-instagram Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_instagram_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
- name: Ensure mx-puppet-instagram config.yaml installed
copy:
content: "{{ matrix_mx_puppet_instagram_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_instagram_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mx-puppet-instagram-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_instagram_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_instagram_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mx-puppet-instagram.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-instagram.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
mode: 0644
register: matrix_mx_puppet_instagram_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_instagram_systemd_service_result.changed"

24
roles/matrix-bridge-mx-puppet-instagram/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-instagram service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
register: matrix_mx_puppet_instagram_service_stat
- name: Ensure matrix-mx-puppet-instagram is stopped
service:
name: matrix-mx-puppet-instagram
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-instagram.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-instagram.service"
state: absent
when: "matrix_mx_puppet_instagram_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-instagram.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_instagram_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-instagram/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_instagram_appservice_token"
- "matrix_mx_puppet_instagram_homeserver_token"

82
roles/matrix-bridge-mx-puppet-instagram/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,82 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_instagram_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_instagram_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_instagram_homeserver_address }}
{% if matrix_mx_puppet_instagram_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_instagram_login_shared_secret }}
{% endif %}
presence:
# Bridge Instagram online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_instagram_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_instagram_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

41
roles/matrix-bridge-mx-puppet-instagram/templates/systemd/matrix-mx-puppet-instagram.service.j2 Normal file
View file

@ -0,0 +1,41 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix mx-puppet-instagram bridge
{% for service in matrix_mx_puppet_instagram_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_instagram_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-instagram \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_instagram_config_path }}:/config:z \
-v {{ matrix_mx_puppet_instagram_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_instagram_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_instagram_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-instagram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-instagram
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-instagram
[Install]
WantedBy=multi-user.target

95
roles/matrix-bridge-mx-puppet-steam/defaults/main.yml Normal file
View file

@ -0,0 +1,95 @@
# Mx Puppet Steam is a Matrix <-> Steam bridge
# See: https://github.com/matrix-steam/mx-puppet-steam
matrix_mx_puppet_steam_enabled: true
matrix_mx_puppet_steam_container_image_self_build: false
# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_steam_container_http_host_bind_port: ''
matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest"
matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}"
matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam"
matrix_mx_puppet_steam_config_path: "{{ matrix_mx_puppet_steam_base_path }}/config"
matrix_mx_puppet_steam_data_path: "{{ matrix_mx_puppet_steam_base_path }}/data"
matrix_mx_puppet_steam_docker_src_files_path: "{{ matrix_mx_puppet_steam_base_path }}/docker-src"
matrix_mx_puppet_steam_appservice_port: "8432"
matrix_mx_puppet_steam_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_steam_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_steam_appservice_address: 'http://matrix-mx-puppet-steam:{{ matrix_mx_puppet_steam_appservice_port }}'
matrix_mx_puppet_steam_client_id: ''
matrix_mx_puppet_steam_client_secret: ''
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_steam_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_steam_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_steam_container_extra_arguments: []
# List of systemd services that matrix-puppet-steam.service depends on.
matrix_mx_puppet_steam_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-puppet-steam.service wants
matrix_mx_puppet_steam_systemd_wanted_services_list: []
matrix_mx_puppet_steam_appservice_token: ''
matrix_mx_puppet_steam_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_steam_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_steam_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_steam_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_steam_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_steam_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_steam_configuration_yaml`.
matrix_mx_puppet_steam_configuration_extension: "{{ matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml if matrix_mx_puppet_steam_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_steam_configuration_yaml`.
matrix_mx_puppet_steam_configuration: "{{ matrix_mx_puppet_steam_configuration_yaml|from_yaml|combine(matrix_mx_puppet_steam_configuration_extension, recursive=True) }}"
matrix_mx_puppet_steam_registration_yaml: |
as_token: "{{ matrix_mx_puppet_steam_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_steam_homeserver_token }}"
id: steam-puppet
namespaces:
users:
- exclusive: true
regex: '@_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_steampuppet_.*:{{ matrix_mx_puppet_steam_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _steampuppet_bot
url: {{ matrix_mx_puppet_steam_appservice_address }}
matrix_mx_puppet_steam_registration: "{{ matrix_mx_puppet_steam_registration_yaml|from_yaml }}"

23
roles/matrix-bridge-mx-puppet-steam/tasks/init.yml Normal file
View file

@ -0,0 +1,23 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-steam'] }}"
when: matrix_mx_puppet_steam_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_steam_config_path }}/registration.yaml,dst=/matrix-mx-puppet-steam-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-steam-registration.yaml"] }}
when: matrix_mx_puppet_steam_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_steam_container_image_self_build"

21
roles/matrix-bridge-mx-puppet-steam/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-steam
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_steam_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-steam
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_steam_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-steam

93
roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,93 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-steam role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure MX Puppet Steam image is pulled
docker_image:
name: "{{ matrix_mx_puppet_steam_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_steam_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_steam_docker_image_force_pull }}"
when: matrix_mx_puppet_steam_enabled|bool and not matrix_mx_puppet_steam_container_image_self_build
- name: Ensure MX Puppet Steam paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mx_puppet_steam_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_steam_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_steam_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}", when: "{{ matrix_mx_puppet_steam_container_image_self_build }}" }
when: matrix_mx_puppet_steam_enabled|bool and item.when|bool
- name: Ensure MX Puppet Steam repository is present on self build
git:
repo: https://github.com/icewind1991/mx-puppet-steam.git
dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
- name: Ensure MX Puppet Steam Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_steam_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mx_puppet_steam_base_path }}/database.db"
register: matrix_mx_puppet_steam_stat_database
- name: (Data relocation) Ensure matrix-mx-puppet-steam.service is stopped
service:
name: matrix-mx-puppet-steam
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mx_puppet_steam_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-steam database file to ./data directory
command: "mv {{ matrix_mx_puppet_steam_base_path }}/database.db {{ matrix_mx_puppet_steam_data_path }}/database.db"
when: "matrix_mx_puppet_steam_stat_database.stat.exists"
- name: Ensure mx-puppet-steam config.yaml installed
copy:
content: "{{ matrix_mx_puppet_steam_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_steam_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mx-puppet-steam steam-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_steam_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_steam_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mx-puppet-steam.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-steam.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-steam.service"
mode: 0644
register: matrix_mx_puppet_steam_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_steam_systemd_service_result.changed"

24
roles/matrix-bridge-mx-puppet-steam/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-steam service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
register: matrix_mx_puppet_steam_service_stat
- name: Ensure matrix-mx-puppet-steam is stopped
service:
name: matrix-mx-puppet-steam
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_steam_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-steam.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-steam.service"
state: absent
when: "matrix_mx_puppet_steam_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-steam.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_steam_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-steam/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_steam_appservice_token"
- "matrix_mx_puppet_steam_homeserver_token"

99
roles/matrix-bridge-mx-puppet-steam/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,99 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_steam_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_steam_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_steam_homeserver_address }}
{% if matrix_mx_puppet_steam_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_steam_login_shared_secret }}
{% endif %}
# Display name of the bridge bot
displayname: Steam Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where Steam will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence:
# Bridge Steam online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 5000
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
relay:
# Regex of Matrix IDs who are allowed to use the bridge in relay mode.
# Relay mode is when a single Steam bot account relays messages of
# multiple Matrix users
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
selfService:
# Regex of Matrix IDs who are allowed to use bridge self-servicing (plumbed rooms)
#
# Same format as in provisioning
whitelist: {{ matrix_mx_puppet_steam_provisioning_whitelist|to_json }}
blacklist: {{ matrix_mx_puppet_steam_provisioning_blacklist|to_json }}
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

41
roles/matrix-bridge-mx-puppet-steam/templates/systemd/matrix-mx-puppet-steam.service.j2 Normal file
View file

@ -0,0 +1,41 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mx Puppet Steam server
{% for service in matrix_mx_puppet_steam_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_steam_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-steam \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_steam_config_path }}:/config:z \
-v {{ matrix_mx_puppet_steam_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_steam_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_steam_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-steam
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-steam
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-steam
[Install]
WantedBy=multi-user.target

104
roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml Normal file
View file

@ -0,0 +1,104 @@
# Mx Puppet Twitter is a Matrix <-> Twitter bridge
# See: https://github.com/Sorunome/mx-puppet-twitter
matrix_mx_puppet_twitter_enabled: true
matrix_mx_puppet_twitter_container_image_self_build: false
# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_twitter_container_http_host_bind_port: ''
matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest"
matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}"
matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter"
matrix_mx_puppet_twitter_config_path: "{{ matrix_mx_puppet_twitter_base_path }}/config"
matrix_mx_puppet_twitter_data_path: "{{ matrix_mx_puppet_twitter_base_path }}/data"
matrix_mx_puppet_twitter_docker_src_files_path: "{{ matrix_mx_puppet_twitter_base_path }}/docker-src"
matrix_mx_puppet_twitter_appservice_port: "8432"
matrix_mx_puppet_twitter_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_twitter_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_twitter_appservice_address: 'http://matrix-mx-puppet-twitter:{{ matrix_mx_puppet_twitter_appservice_port }}'
matrix_mx_puppet_twitter_consumer_key: ''
matrix_mx_puppet_twitter_consumer_secret: ''
matrix_mx_puppet_twitter_access_token: ''
matrix_mx_puppet_twitter_access_token_secret: ''
matrix_mx_puppet_twitter_environment: ''
matrix_mx_puppet_twitter_webhook_path: '/twitter/webhook'
matrix_mx_puppet_twitter_webhook_url: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_twitter_webhook_path }}'
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_twitter_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_twitter_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_twitter_container_extra_arguments: []
# List of systemd services that mx-puppet-twitter.service depends on.
matrix_mx_puppet_twitter_systemd_required_services_list: ['docker.service']
# List of systemd services that mx-puppet-twitter.service wants
matrix_mx_puppet_twitter_systemd_wanted_services_list: []
matrix_mx_puppet_twitter_appservice_token: ''
matrix_mx_puppet_twitter_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_twitter_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_twitter_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_twitter_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_twitter_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_twitter_configuration_yaml`.
matrix_mx_puppet_twitter_configuration_extension: "{{ matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml if matrix_mx_puppet_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_twitter_configuration_yaml`.
matrix_mx_puppet_twitter_configuration: "{{ matrix_mx_puppet_twitter_configuration_yaml|from_yaml|combine(matrix_mx_puppet_twitter_configuration_extension, recursive=True) }}"
# The prefix for user IDs and aliases
matrix_mx_puppet_twitter_namespace_prefix: _twitterpuppet_
matrix_mx_puppet_twitter_bot_localpart: _twitterpuppet_bot
matrix_mx_puppet_twitter_registration_yaml: |
as_token: "{{ matrix_mx_puppet_twitter_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_twitter_homeserver_token }}"
id: twitter-puppet
namespaces:
users:
- exclusive: true
regex: '@{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#{{ matrix_mx_puppet_twitter_namespace_prefix|regex_escape }}.*:{{ matrix_mx_puppet_twitter_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: "{{ matrix_mx_puppet_twitter_bot_localpart }}"
url: {{ matrix_mx_puppet_twitter_appservice_address }}
matrix_mx_puppet_twitter_registration: "{{ matrix_mx_puppet_twitter_registration_yaml|from_yaml }}"

70
roles/matrix-bridge-mx-puppet-twitter/tasks/init.yml Normal file
View file

@ -0,0 +1,70 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-twitter'] }}"
when: matrix_mx_puppet_twitter_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_twitter_config_path }}/registration.yaml,dst=/matrix-mx-puppet-twitter-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-twitter-registration.yaml"] }}
when: matrix_mx_puppet_twitter_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Twitter Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-twitter role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Matrix MX Puppet Twitter proxying configuration for matrix-nginx-proxy
set_fact:
matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_twitter_webhook_path }} {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_twitter_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_twitter_appservice_port }};
{% endif %}
}
- name: Register Twitter Appservice proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+
[matrix_mx_puppet_twitter_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_mx_puppet_twitter_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Matrix Twitter bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_mx_puppet_twitter_redirect_path }}`
URL endpoint to the matrix-mx-puppet-twitter container.
You can expose the container's port using the `matrix_mx_puppet_twitter_container_http_host_bind_port` variable.
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_twitter_container_image_self_build"

21
roles/matrix-bridge-mx-puppet-twitter/tasks/main.yml Normal file
View file

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-twitter
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_twitter_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-twitter
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_twitter_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-twitter

93
roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,93 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-twitter role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure MX Puppet Twitter image is pulled
docker_image:
name: "{{ matrix_mx_puppet_twitter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_twitter_docker_image_force_pull }}"
when: matrix_mx_puppet_twitter_enabled|bool and not matrix_mx_puppet_twitter_container_image_self_build
- name: Ensure MX Puppet Twitter paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mx_puppet_twitter_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_twitter_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_twitter_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}", when: "{{ matrix_mx_puppet_twitter_container_image_self_build }}" }
when: matrix_mx_puppet_twitter_enabled|bool and item.when|bool
- name: Ensure MX Puppet Twitter repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-twitter.git
dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
- name: Ensure MX Puppet Twitter Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_twitter_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mx_puppet_twitter_base_path }}/database.db"
register: matrix_mx_puppet_twitter_stat_database
- name: (Data relocation) Ensure matrix-mx-puppet-twitter.service is stopped
service:
name: matrix-mx-puppet-twitter
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-twitter database file to ./data directory
command: "mv {{ matrix_mx_puppet_twitter_base_path }}/database.db {{ matrix_mx_puppet_twitter_data_path }}/database.db"
when: "matrix_mx_puppet_twitter_stat_database.stat.exists"
- name: Ensure mx-puppet-twitter config.yaml installed
copy:
content: "{{ matrix_mx_puppet_twitter_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_twitter_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mx-puppet-twitter twitter-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_twitter_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_twitter_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mx-puppet-twitter.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-twitter.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
mode: 0644
register: matrix_mx_puppet_twitter_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_twitter_systemd_service_result.changed"

24
roles/matrix-bridge-mx-puppet-twitter/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-twitter service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
register: matrix_mx_puppet_twitter_service_stat
- name: Ensure matrix-mx-puppet-twitter is stopped
service:
name: matrix-mx-puppet-twitter
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-twitter.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-twitter.service"
state: absent
when: "matrix_mx_puppet_twitter_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-twitter.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_twitter_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-twitter/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_twitter_appservice_token"
- "matrix_mx_puppet_twitter_homeserver_token"

92
roles/matrix-bridge-mx-puppet-twitter/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,92 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_twitter_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_twitter_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_twitter_homeserver_address }}
{% if matrix_mx_puppet_twitter_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_twitter_login_shared_secret }}
{% endif %}
twitter:
consumerKey: "{{ matrix_mx_puppet_twitter_consumer_key }}"
consumerSecret: "{{ matrix_mx_puppet_twitter_consumer_secret }}"
accessToken: "{{ matrix_mx_puppet_twitter_access_token }}"
accessTokenSecret: "{{ matrix_mx_puppet_twitter_access_token_secret }}"
environment: "{{ matrix_mx_puppet_twitter_environment }}"
server:
url: "{{ matrix_mx_puppet_twitter_webhook_url }}"
path: "{{ matrix_mx_puppet_twitter_webhook_path }}"
presence:
# Bridge Twitter online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_twitter_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_twitter_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

44
roles/matrix-bridge-mx-puppet-twitter/templates/systemd/matrix-mx-puppet-twitter.service.j2 Normal file
View file

@ -0,0 +1,44 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mx Puppet Twitter server
{% for service in matrix_mx_puppet_twitter_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_twitter_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-twitter \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_mx_puppet_twitter_container_http_host_bind_port %}
-p {{ matrix_mx_puppet_twitter_container_http_host_bind_port }}:{{ matrix_mx_puppet_twitter_appservice_port }} \
{% endif %}
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_twitter_config_path }}:/config:z \
-v {{ matrix_mx_puppet_twitter_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_twitter_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_twitter_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-twitter
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-twitter
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-twitter
[Install]
WantedBy=multi-user.target

1
roles/matrix-corporal/tasks/self_check_corporal.yml
View file

@ -8,6 +8,7 @@
url: "{{ corporal_client_api_url_endpoint_public }}"
follow_redirects: none
return_content: true
check_mode: no
register: result_corporal_client_api
ignore_errors: true

2
roles/matrix-coturn/defaults/main.yml
View file

@ -2,7 +2,7 @@ matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: false
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.2"
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
# The Docker network that Coturn would be put into.

9
roles/matrix-jitsi/defaults/main.yml
View file

@ -49,8 +49,9 @@ matrix_jitsi_jibri_xmpp_password: ''
matrix_jitsi_jibri_recorder_user: recorder
matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_container_image_tag: "stable-4627-1"
matrix_jitsi_web_docker_image: "jitsi/web:stable-4548-1"
matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
@ -111,7 +112,7 @@ matrix_jitsi_web_config_constraints_video_height_ideal: 720
matrix_jitsi_web_config_constraints_video_height_max: 720
matrix_jitsi_web_config_constraints_video_height_min: 240
matrix_jitsi_prosody_docker_image: "jitsi/prosody:stable-4548-1"
matrix_jitsi_prosody_docker_image: "jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
@ -125,7 +126,7 @@ matrix_jitsi_prosody_container_extra_arguments: []
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:stable-4548-1"
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
@ -142,7 +143,7 @@ matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: ''
matrix_jitsi_jvb_docker_image: "jitsi/jvb:stable-4548-1"
matrix_jitsi_jvb_docker_image: "jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"

4
roles/matrix-ma1sd/defaults/main.yml
View file

@ -5,7 +5,9 @@ matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.3.0"
matrix_ma1sd_architecture: "amd64"
matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"

1
roles/matrix-ma1sd/tasks/self_check_ma1sd.yml
View file

@ -8,6 +8,7 @@
url: "{{ ma1sd_url_endpoint_public }}"
follow_redirects: none
validate_certs: "{{ matrix_ma1sd_self_check_validate_certificates }}"
check_mode: no
register: result_ma1sd
ignore_errors: true

2
roles/matrix-nginx-proxy/tasks/self_check_well_known_file.yml
View file

@ -12,6 +12,7 @@
follow_redirects: none
return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}"
check_mode: no
register: result_well_known_matrix
ignore_errors: true
@ -39,6 +40,7 @@
follow_redirects: "{{ well_known_file_check.follow_redirects }}"
return_content: true
validate_certs: "{{ well_known_file_check.validate_certs }}"
check_mode: no
register: result_well_known_identity
ignore_errors: true

2
roles/matrix-riot-web/defaults/main.yml
View file

@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: false
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.6"
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.7"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"

1
roles/matrix-riot-web/tasks/self_check_riot_web.yml
View file

@ -9,6 +9,7 @@
follow_redirects: none
validate_certs: "{{ matrix_riot_web_self_check_validate_certificates }}"
register: result_riot_web
check_mode: no
ignore_errors: true
- name: Fail if riot-web not working

7
roles/matrix-synapse/defaults/main.yml
View file

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.1"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.2"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -162,6 +162,11 @@ matrix_synapse_allow_public_rooms_over_federation: false
# Controls whether people with access to the homeserver can register by themselves.
matrix_synapse_enable_registration: false
# reCAPTCHA API for validating registration attempts
matrix_synapse_enable_registration_captcha: false
matrix_synapse_recaptcha_public_key: ''
matrix_synapse_recaptcha_private_key: ''
# Allows non-server-admin users to create groups on this server
matrix_synapse_enable_group_creation: false

1
roles/matrix-synapse/tasks/self_check_client_api.yml
View file

@ -7,6 +7,7 @@
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
register: result_matrix_synapse_client_api
ignore_errors: true
check_mode: no
when: matrix_synapse_enabled|bool
- name: Fail if Matrix Client API not working

1
roles/matrix-synapse/tasks/self_check_federation_api.yml
View file

@ -7,6 +7,7 @@
validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}"
register: result_matrix_synapse_federation_api
ignore_errors: true
check_mode: no
when: matrix_synapse_enabled|bool
- name: Fail if Matrix Federation API not working

3
roles/matrix-synapse/templates/synapse/env-synapse.j2
View file

@ -1,3 +0,0 @@
#jinja2: lstrip_blocks: "True"
SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }}

6
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View file

@ -934,18 +934,18 @@ url_preview_accept_language:
# This homeserver's ReCAPTCHA public key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
recaptcha_public_key: {{ matrix_synapse_recaptcha_public_key|to_json }}
# This homeserver's ReCAPTCHA private key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
recaptcha_private_key: {{ matrix_synapse_recaptcha_private_key|to_json }}
# Uncomment to enable ReCaptcha checks when registering, preventing signup
# unless a captcha is answered. Requires a valid ReCaptcha
# public/private key. Defaults to 'false'.
#
#enable_registration_captcha: true
enable_registration_captcha: {{ matrix_synapse_enable_registration_captcha|to_json }}
# The API endpoint to use for verifying m.login.recaptcha responses.
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".

4
setup.yml
View file

@ -16,8 +16,12 @@
- matrix-bridge-mautrix-hangouts
- matrix-bridge-mautrix-telegram
- matrix-bridge-mautrix-whatsapp
- matrix-bridge-mx-puppet-discord
- matrix-bridge-mx-puppet-steam
- matrix-bridge-mx-puppet-skype
- matrix-bridge-mx-puppet-slack
- matrix-bridge-mx-puppet-twitter
- matrix-bridge-mx-puppet-instagram
- matrix-bridge-sms
- matrix-synapse
- matrix-riot-web