From 174a6fcd1b3da6e59f6fab9fb6f42c4bb9b75ddc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 19 Jun 2019 12:28:58 +0300 Subject: [PATCH 01/15] Make IRC bridge configuration entirely managed by the playbook --- CHANGELOG.md | 24 +- ...figuring-playbook-bridge-appservice-irc.md | 109 +-- group_vars/matrix_servers | 4 + .../defaults/main.yml | 815 +++++++++--------- .../tasks/init.yml | 10 +- .../tasks/setup_install.yml | 141 ++- .../tasks/validate_config.yml | 17 +- .../systemd/matrix-appservice-irc.service.j2 | 5 +- 8 files changed, 615 insertions(+), 510 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58466aa8..6f632d62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,30 @@ +# 2019-06-19 + +## (BC Break) IRC bridge configuration is now entirely managed by the playbook + +Until now, configuration files for the [IRC bridge](docs/configuring-playbook-bridge-appservice-irc.md) were created by the playbook initially, but never modified later on. + +From now on, the playbook will keep the configuration in sync for you. + +This means that if you were making manual changes to the `/matrix/appservice-irc/config.yaml` or `/matrix/appservice-irc/registration.yaml` configuration files, those would be lost the next time you run the playbook. + +The bridge now stores configuration in a subdirectory (`/matrix/appservice-irc/config`), so your old configuration remains in the base directory (`/matrix/appservice-irc`). + +Previously, we asked people to configure bridged IRC servers by extending the bridge configuration (`matrix_appservice_irc_configuration_extension_yaml`). While this is still possible and will continue working forever, **we now recommend defining IRC servers in the easier to use `matrix_appservice_irc_ircService_servers` variable**. See [our IRC bridge documentation page](docs/configuring-playbook-bridge-appservice-irc.md) for an example. + +If you decide to continue using `matrix_appservice_irc_configuration_extension_yaml`, you might be interested to know that `ircService.databaseUri` and a few other keys now have default values in the base configuration (`matrix_appservice_irc_configuration_yaml`). You may wish to stop redefining those keys, unless you really intend to override them. You most likely only need to override `ircService.servers`. + +Bridge data (`passkey.pem` and database files) is now also stored in a subdirectory (`/matrix/appservice-irc/data`). +When you run the playbook with an existing `/matrix/appservice-irc/passkey.pem` file, the playbook will stop the bridge and relocate the passkey and database files (`rooms.db` and `users.db`) to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`). + + # 2019-06-15 ## (BC Break) Telegram bridge configuration is now entirely managed by the playbook Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on. -From now on, the playbook will keep those configuration in sync for you. +From now on, the playbook will keep the configuration in sync for you. This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook. @@ -44,7 +64,7 @@ Besides this optional/non-urgent DNS change, assuming you're already on Synapse Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on. -From now on, the playbook will keep those configuration in sync for you. +From now on, the playbook will keep the configuration in sync for you. This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook. diff --git a/docs/configuring-playbook-bridge-appservice-irc.md b/docs/configuring-playbook-bridge-appservice-irc.md index bec1791b..f66c9631 100644 --- a/docs/configuring-playbook-bridge-appservice-irc.md +++ b/docs/configuring-playbook-bridge-appservice-irc.md @@ -8,69 +8,52 @@ You'll need to use the following playbook configuration: ```yaml matrix_appservice_irc_enabled: true -matrix_appservice_irc_configuration_extension_yaml: | - # Your custom YAML configuration for Appservice IRC servers goes here. - # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_appservice_irc_configuration_yaml`. - # - # For a full example configuration with comments, see `roles/matrix-synapse/defaults/main.yml` - # - # A simple example configuration extension follows: - # - ircService: - databaseUri: "nedb:///data" # does not typically need modification - passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification - matrixHandler: - eventCacheSize: 4096 - servers: - irc.example.com: - name: "ExampleNet" - port: 6697 - ssl: true - sasl: false - allowExpiredCerts: false - sendConnectionMessages: true - botConfig: - enabled: true - nick: "MatrixBot" - joinChannelsIfNoUsers: true - privateMessages: - enabled: true - federate: true - dynamicChannels: - enabled: true - createAlias: true - published: true - joinRule: public - groupId: +myircnetwork:localhost - federate: true - aliasTemplate: "#irc_$CHANNEL" - membershipLists: - enabled: false - floodDelayMs: 10000 - global: - ircToMatrix: - initial: false - incremental: false - matrixToIrc: - initial: false - incremental: false - matrixClients: - userTemplate: "@irc_$NICK" - displayName: "$NICK (IRC)" - joinAttempts: -1 - ircClients: - nickTemplate: "$DISPLAY[m]" - allowNickChanges: true - maxClients: 30 - idleTimeout: 10800 - reconnectIntervalMs: 5000 - concurrentReconnectLimit: 50 - lineLimit: 3 + +matrix_appservice_irc_ircService_servers: + irc.example.com: + name: "ExampleNet" + port: 6697 + ssl: true + sasl: false + allowExpiredCerts: false + sendConnectionMessages: true + botConfig: + enabled: true + nick: "MatrixBot" + joinChannelsIfNoUsers: true + privateMessages: + enabled: true + federate: true + dynamicChannels: + enabled: true + createAlias: true + published: true + joinRule: public + groupId: +myircnetwork:localhost + federate: true + aliasTemplate: "#irc_$CHANNEL" + membershipLists: + enabled: false + floodDelayMs: 10000 + global: + ircToMatrix: + initial: false + incremental: false + matrixToIrc: + initial: false + incremental: false + matrixClients: + userTemplate: "@irc_$NICK" + displayName: "$NICK (IRC)" + joinAttempts: -1 + ircClients: + nickTemplate: "$DISPLAY[m]" + allowNickChanges: true + maxClients: 30 + idleTimeout: 10800 + reconnectIntervalMs: 5000 + concurrentReconnectLimit: 50 + lineLimit: 3 ``` You then need to start a chat with `@irc_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index aa558e71..8d70bce0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -78,6 +78,10 @@ matrix_appservice_irc_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} +matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-appservice-token') | to_uuid }}" + +matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-homeserver-token') | to_uuid }}" + ###################################################################### # # /matrix-bridge-appservice-irc diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index a29f25a6..53282f98 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -7,11 +7,323 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" +matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config" +matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data" matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008' matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' matrix_appservice_irc_homeserver_enablePresence: true +matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999' + +matrix_appservice_irc_ircService_servers: [] + +# Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options): +# +# matrix_appservice_irc_ircService_servers: +# # The address of the server to connect to. +# irc.example.com: +# # A human-readable short name. This is used to label IRC status rooms +# # where matrix users control their connections. +# # E.g. 'ExampleNet IRC Bridge status'. +# # It is also used in the Third Party Lookup API as the instance `desc` +# # property, where each server is an instance. +# name: "ExampleNet" + +# additionalAddresses: [ "irc2.example.com" ] +# # +# # [DEPRECATED] Use `name`, above, instead. +# # A human-readable description string +# # description: "Example.com IRC network" + +# # An ID for uniquely identifying this server amongst other servers being bridged. +# # networkId: "example" + +# # URL to an icon used as the network icon whenever this network appear in +# # a network list. (Like in the riot room directory, for instance.) +# # icon: https://example.com/images/hash.png + +# # The port to connect to. Optional. +# port: 6697 +# # Whether to use SSL or not. Default: false. +# ssl: true +# # Whether or not IRC server is using a self-signed cert or not providing CA Chain +# sslselfsign: false +# # Should the connection attempt to identify via SASL (if a server or user password is given) +# # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. +# sasl: false +# # Whether to allow expired certs when connecting to the IRC server. +# # Usually this should be off. Default: false. +# allowExpiredCerts: false +# # A specific CA to trust instead of the default CAs. Optional. +# #ca: | +# # -----BEGIN CERTIFICATE----- +# # ... +# # -----END CERTIFICATE----- + +# # +# # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. +# # password: 'pa$$w0rd' +# # +# # Whether or not to send connection/error notices to real Matrix users. Default: true. +# sendConnectionMessages: true + +# quitDebounce: +# # Whether parts due to net-splits are debounced for delayMs, to allow +# # time for the netsplit to resolve itself. A netsplit is detected as being +# # a QUIT rate higher than quitsPerSecond. Default: false. +# enabled: false +# # The maximum number of quits per second acceptable above which a netsplit is +# # considered ongoing. Default: 5. +# quitsPerSecond: 5 +# # The time window in which to wait before bridging a QUIT to Matrix that occurred during +# # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS +# # is not sent many requests to leave rooms all at once if a netsplit occurs and many +# # people to not rejoin. +# # If the user with the same IRC nick as the one who sent the quit rejoins a channel +# # they are considered back online and the quit is not bridged, so long as the rejoin +# # occurs before the randomly-jittered timeout is not reached. +# # Default: 3600000, = 1h +# delayMinMs: 3600000 # 1h +# # Default: 7200000, = 2h +# delayMaxMs: 7200000 # 2h + +# # A map for conversion of IRC user modes to Matrix power levels. This enables bridging +# # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has +# # been given multiple modes, the one that maps to the highest power level will be used. +# modePowerMap: +# o: 50 + +# botConfig: +# # Enable the presence of the bot in IRC channels. The bot serves as the entity +# # which maps from IRC -> Matrix. You can disable the bot entirely which +# # means IRC -> Matrix chat will be shared by active "M-Nick" connections +# # in the room. If there are no users in the room (or if there are users +# # but their connections are not on IRC) then nothing will be bridged to +# # Matrix. If you're concerned about the bot being treated as a "logger" +# # entity, then you may want to disable the bot. If you want IRC->Matrix +# # but don't want to have TCP connections to IRC unless a Matrix user speaks +# # (because your client connection limit is low), then you may want to keep +# # the bot enabled. Default: true. +# # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned +# # on, else there will be no users and no bot in a channel (meaning no +# # messages to Matrix!) until a Matrix user speaks which makes a client +# # join the target IRC channel. +# # NBB: The bridge bot IRC client will still join the target IRC network so +# # it can service bridge-specific queries from the IRC-side e.g. so +# # real IRC clients have a way to change their Matrix display name. +# # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 +# enabled: true +# # The nickname to give the AS bot. +# nick: "MatrixBot" +# # The password to give to NickServ or IRC Server for this nick. Optional. +# # password: "helloworld" +# # +# # Join channels even if there are no Matrix users on the other side of +# # the bridge. Set to false to prevent the bot from joining channels which have no +# # real matrix users in them, even if there is a mapping for the channel. +# # Default: true +# joinChannelsIfNoUsers: true + +# # Configuration for PMs / private 1:1 communications between users. +# privateMessages: +# # Enable the ability for PMs to be sent to/from IRC/Matrix. +# # Default: true. +# enabled: true +# # Prevent Matrix users from sending PMs to the following IRC nicks. +# # Optional. Default: []. +# # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED + +# # Should created Matrix PM rooms be federated? If false, only users on the +# # HS attached to this AS will be able to interact with this room. +# # Optional. Default: true. +# federate: true + +# # Configuration for mappings not explicitly listed in the 'mappings' +# # section. +# dynamicChannels: +# # Enable the ability for Matrix users to join *any* channel on this IRC +# # network. +# # Default: false. +# enabled: true +# # Should the AS create a room alias for the new Matrix room? The form of +# # the alias can be modified via 'aliasTemplate'. Default: true. +# createAlias: true +# # Should the AS publish the new Matrix room to the public room list so +# # anyone can see it? Default: true. +# published: true +# # What should the join_rule be for the new Matrix room? If 'public', +# # anyone can join the room. If 'invite', only users with an invite can +# # join the room. Note that if an IRC channel has +k or +i set on it, +# # join_rules will be set to 'invite' until these modes are removed. +# # Default: "public". +# joinRule: public +# # This will set the m.room.related_groups state event in newly created rooms +# # with the given groupId. This means flares will show up on IRC users in those rooms. +# # This should be set to the same thing as namespaces.users.group_id in irc_registration. +# # This does not alter existing rooms. +# # Leaving this option empty will not set the event. +# groupId: +myircnetwork:localhost +# # Should created Matrix rooms be federated? If false, only users on the +# # HS attached to this AS will be able to interact with this room. +# # Default: true. +# federate: true +# # The room alias template to apply when creating new aliases. This only +# # applies if createAlias is 'true'. The following variables are exposed: +# # $SERVER => The IRC server address (e.g. "irc.example.com") +# # $CHANNEL => The IRC channel (e.g. "#python") +# # This MUST have $CHANNEL somewhere in it. +# # Default: '#irc_$SERVER_$CHANNEL' +# aliasTemplate: "#irc_$CHANNEL" +# # A list of user IDs which the AS bot will send invites to in response +# # to a !join. Only applies if joinRule is 'invite'. Default: [] +# # whitelist: +# # - "@foo:example.com" +# # - "@bar:example.com" +# # +# # Prevent the given list of channels from being mapped under any +# # circumstances. +# # exclude: ["#foo", "#bar"] + +# # Configuration for controlling how Matrix and IRC membership lists are +# # synced. +# membershipLists: +# # Enable the syncing of membership lists between IRC and Matrix. This +# # can have a significant effect on performance on startup as the lists are +# # synced. This must be enabled for anything else in this section to take +# # effect. Default: false. +# enabled: false + +# # Syncing membership lists at startup can result in hundreds of members to +# # process all at once. This timer drip feeds membership entries at the +# # specified rate. Default: 10000. (10s) +# floodDelayMs: 10000 + +# global: +# ircToMatrix: +# # Get a snapshot of all real IRC users on a channel (via NAMES) and +# # join their virtual matrix clients to the room. +# initial: false +# # Make virtual matrix clients join and leave rooms as their real IRC +# # counterparts join/part channels. Default: false. +# incremental: false + +# matrixToIrc: +# # Get a snapshot of all real Matrix users in the room and join all of +# # them to the mapped IRC channel on startup. Default: false. +# initial: false +# # Make virtual IRC clients join and leave channels as their real Matrix +# # counterparts join/leave rooms. Make sure your 'maxClients' value is +# # high enough! Default: false. +# incremental: false + +# # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. +# rooms: +# - room: "!fuasirouddJoxtwfge:localhost" +# matrixToIrc: +# initial: false +# incremental: false + +# # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. +# channels: +# - channel: "#foo" +# ircToMatrix: +# initial: false +# incremental: false + +# mappings: +# # 1:many mappings from IRC channels to room IDs on this IRC server. +# # The matrix room must already exist. Your matrix client should expose +# # the room ID in a "settings" page for the room. +# "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] + +# # Configuration for virtual matrix users. The following variables are +# # exposed: +# # $NICK => The IRC nick +# # $SERVER => The IRC server address (e.g. "irc.example.com") +# matrixClients: +# # The user ID template to use when creating virtual matrix users. This +# # MUST have $NICK somewhere in it. +# # Optional. Default: "@$SERVER_$NICK". +# # Example: "@irc.example.com_Alice:example.com" +# userTemplate: "@irc_$NICK" +# # The display name to use for created matrix clients. This should have +# # $NICK somewhere in it if it is specified. Can also use $SERVER to +# # insert the IRC domain. +# # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)" +# displayName: "$NICK (IRC)" +# # Number of tries a client can attempt to join a room before the request +# # is discarded. You can also use -1 to never retry or 0 to never give up. +# # Optional. Default: -1 +# joinAttempts: -1 + +# # Configuration for virtual IRC users. The following variables are exposed: +# # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) +# # $USERID => The user ID +# # $DISPLAY => The display name of this user, with excluded characters +# # (e.g. space) removed. If the user has no display name, this +# # falls back to $LOCALPART. +# ircClients: +# # The template to apply to every IRC client nick. This MUST have either +# # $DISPLAY or $USERID or $LOCALPART somewhere in it. +# # Optional. Default: "M-$DISPLAY". Example: "M-Alice". +# nickTemplate: "$DISPLAY[m]" +# # True to allow virtual IRC clients to change their nick on this server +# # by issuing !nick commands to the IRC AS bot. +# # This is completely freeform: it will NOT follow the nickTemplate. +# allowNickChanges: true +# # The max number of IRC clients that will connect. If the limit is +# # reached, the client that spoke the longest time ago will be +# # disconnected and replaced. +# # Optional. Default: 30. +# maxClients: 30 +# # IPv6 configuration. +# ipv6: +# # Optional. Set to true to force IPv6 for outgoing connections. +# only: false +# # Optional. The IPv6 prefix to use for generating unique addresses for each +# # connected user. If not specified, all users will connect from the same +# # (default) address. This may require additional OS-specific work to allow +# # for the node process to bind to multiple different source addresses +# # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library +# # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. +# # prefix: "2001:0db8:85a3::" # modify appropriately +# # +# # The maximum amount of time in seconds that the client can exist +# # without sending another message before being disconnected. Use 0 to +# # not apply an idle timeout. This value is ignored if this IRC server is +# # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) +# idleTimeout: 10800 +# # The number of millseconds to wait between consecutive reconnections if a +# # client gets disconnected. Setting to 0 will cause the scheduling to be +# # disabled, i.e. it will be scheduled immediately (with jitter. +# # Otherwise, the scheduling interval will be used such that one client +# # reconnect for this server will be handled every reconnectIntervalMs ms using +# # a FIFO queue. +# # Default: 5000 (5 seconds) +# reconnectIntervalMs: 5000 +# # The number of concurrent reconnects if a user has been disconnected unexpectedly +# # (e.g. a netsplit). You should set this to a reasonably high number so that +# # bridges are not waiting an eternity to reconnect all its clients if +# # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs +# # setting above which is for connecting on restart of the bridge. Set to 0 to +# # immediately try to reconnect all users. +# # Default: 50 +# concurrentReconnectLimit: 50 +# # The number of lines to allow being sent by the IRC client that has received +# # a large block of text to send from matrix. If the number of lines that would +# # be sent is > lineLimit, the text will instead be uploaded to matrix and the +# # resulting URI is treated as a file. As such, a link will be sent to the IRC +# # side instead of potentially spamming IRC and getting the IRC client kicked. +# # Default: 3. +# lineLimit: 3 +# # A list of user modes to set on every IRC client. For example, "RiG" would set +# # +R, +i and +G on every IRC connection when they have successfully connected. +# # User modes vary wildly depending on the IRC network you're connecting to, +# # so check before setting this value. Some modes may not work as intended +# # through the bridge e.g. caller ID as there is no way to /ACCEPT. +# # Default: "" (no user modes) +# # userModes: "R" # Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container). # @@ -27,6 +339,9 @@ matrix_appservice_irc_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-appservice-irc.service wants matrix_appservice_irc_systemd_wanted_services_list: [] +matrix_appservice_irc_appservice_token: '' +matrix_appservice_irc_homeserver_token: '' + matrix_appservice_irc_configuration_yaml: | #jinja2: lstrip_blocks: True homeserver: @@ -61,6 +376,95 @@ matrix_appservice_irc_configuration_yaml: | # Default: true enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }} + ircService: + # The nedb database URI to connect to. This is the name of the directory to + # dump .db files to. This is relative to the project directory. + # Required. + databaseUri: "nedb:///data" + + # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot + # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in + # the database. + # + # To generate a .pem file: + # $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 + # + # The path to the RSA PEM-formatted private key to use when encrypting IRC passwords + # for storage in the database. Passwords are stored by using the admin room command + # `!storepass server.name passw0rd. When a connection is made to IRC on behalf of + # the Matrix user, this password will be sent as the server password (PASS command). + passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification + + # Config for Matrix -> IRC bridging + matrixHandler: + # Cache this many matrix events in memory to be used for m.relates_to messages (usually replies). + eventCacheSize: 4096 + + servers: {{ matrix_appservice_irc_ircService_servers|to_json }} + + # Configuration for an ident server. If you are running a public bridge it is + # advised you setup an ident server so IRC mods can ban specific matrix users + # rather than the application service itself. + ident: + # True to listen for Ident requests and respond with the + # matrix user's user_id (converted to ASCII, respecting RFC 1413). + # Default: false. + enabled: false + # The port to listen on for incoming ident requests. + # Ports below 1024 require root to listen on, and you may not want this to + # run as root. Instead, you can get something like an Apache to yank up + # incoming requests to 113 to a high numbered port. Set the port to listen + # on instead of 113 here. + # Default: 113. + port: 1113 + # The address to listen on for incoming ident requests. + # Default: 0.0.0.0 + address: "::" + + # Configuration for logging. Optional. Default: console debug level logging + # only. + logging: + # Level to log on console/logfile. One of error|warn|info|debug + level: "debug" + # The file location to log to. This is relative to the project directory. + logfile: "debug.log" + # The file location to log errors to. This is relative to the project + # directory. + errfile: "errors.log" + # Whether to log to the console or not. + toConsole: true + # The max number of files to keep. Files will be overwritten eventually due + # to rotations. + maxFiles: 5 + + # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: + # $ npm install prom-client@6.3.0 + # Metrics will then be available via GET /metrics on the bridge listening port (-p). + metrics: + # Whether to actually enable the metric endpoint. Default: false + enabled: true + # When collecting remote user active times, which "buckets" should be used. Defaults are given below. + # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). + remoteUserAgeBuckets: + - "1h" + - "1d" + - "1w" + + # Configuration for the provisioning API. + # + # GET /_matrix/provision/link + # GET /_matrix/provision/unlink + # GET /_matrix/provision/listlinks + # + provisioning: + # True to enable the provisioning HTTP endpoint. Default: false. + enabled: false + # The number of seconds to wait before giving up on getting a response from + # an IRC channel operator. If the channel operator does not respond within the + # allotted time period, the provisioning request will fail. + # Default: 300 seconds (5 mins) + requestTimeoutSeconds: 300 + # Options here are generally only applicable to large-scale bridges and may have # consequences greater than other options in this configuration file. advanced: @@ -78,403 +482,22 @@ matrix_appservice_irc_configuration_extension_yaml: | # # If you need something more special, you can take full control by # completely redefining `matrix_appservice_irc_configuration_yaml`. - # - # Example configuration extension follows: - # - # ircService: - # databaseUri: "nedb:///data" # does not typically need modification - # passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification - # matrixHandler: - # eventCacheSize: 4096 - # servers: - # # The address of the server to connect to. - # irc.example.com: - # # A human-readable short name. This is used to label IRC status rooms - # # where matrix users control their connections. - # # E.g. 'ExampleNet IRC Bridge status'. - # # It is also used in the Third Party Lookup API as the instance `desc` - # # property, where each server is an instance. - # name: "ExampleNet" - # - # additionalAddresses: [ "irc2.example.com" ] - # # - # # [DEPRECATED] Use `name`, above, instead. - # # A human-readable description string - # # description: "Example.com IRC network" - # - # # An ID for uniquely identifying this server amongst other servers being bridged. - # # networkId: "example" - # - # # URL to an icon used as the network icon whenever this network appear in - # # a network list. (Like in the riot room directory, for instance.) - # # icon: https://example.com/images/hash.png - # - # # The port to connect to. Optional. - # port: 6697 - # # Whether to use SSL or not. Default: false. - # ssl: true - # # Whether or not IRC server is using a self-signed cert or not providing CA Chain - # sslselfsign: false - # # Should the connection attempt to identify via SASL (if a server or user password is given) - # # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. - # sasl: false - # # Whether to allow expired certs when connecting to the IRC server. - # # Usually this should be off. Default: false. - # allowExpiredCerts: false - # # A specific CA to trust instead of the default CAs. Optional. - # #ca: | - # # -----BEGIN CERTIFICATE----- - # # ... - # # -----END CERTIFICATE----- - # - # # - # # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. - # # password: 'pa$$w0rd' - # # - # # Whether or not to send connection/error notices to real Matrix users. Default: true. - # sendConnectionMessages: true - # - # quitDebounce: - # # Whether parts due to net-splits are debounced for delayMs, to allow - # # time for the netsplit to resolve itself. A netsplit is detected as being - # # a QUIT rate higher than quitsPerSecond. Default: false. - # enabled: false - # # The maximum number of quits per second acceptable above which a netsplit is - # # considered ongoing. Default: 5. - # quitsPerSecond: 5 - # # The time window in which to wait before bridging a QUIT to Matrix that occurred during - # # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS - # # is not sent many requests to leave rooms all at once if a netsplit occurs and many - # # people to not rejoin. - # # If the user with the same IRC nick as the one who sent the quit rejoins a channel - # # they are considered back online and the quit is not bridged, so long as the rejoin - # # occurs before the randomly-jittered timeout is not reached. - # # Default: 3600000, = 1h - # delayMinMs: 3600000 # 1h - # # Default: 7200000, = 2h - # delayMaxMs: 7200000 # 2h - # - # # A map for conversion of IRC user modes to Matrix power levels. This enables bridging - # # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has - # # been given multiple modes, the one that maps to the highest power level will be used. - # modePowerMap: - # o: 50 - # - # botConfig: - # # Enable the presence of the bot in IRC channels. The bot serves as the entity - # # which maps from IRC -> Matrix. You can disable the bot entirely which - # # means IRC -> Matrix chat will be shared by active "M-Nick" connections - # # in the room. If there are no users in the room (or if there are users - # # but their connections are not on IRC) then nothing will be bridged to - # # Matrix. If you're concerned about the bot being treated as a "logger" - # # entity, then you may want to disable the bot. If you want IRC->Matrix - # # but don't want to have TCP connections to IRC unless a Matrix user speaks - # # (because your client connection limit is low), then you may want to keep - # # the bot enabled. Default: true. - # # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned - # # on, else there will be no users and no bot in a channel (meaning no - # # messages to Matrix!) until a Matrix user speaks which makes a client - # # join the target IRC channel. - # # NBB: The bridge bot IRC client will still join the target IRC network so - # # it can service bridge-specific queries from the IRC-side e.g. so - # # real IRC clients have a way to change their Matrix display name. - # # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 - # enabled: true - # # The nickname to give the AS bot. - # nick: "MatrixBot" - # # The password to give to NickServ or IRC Server for this nick. Optional. - # # password: "helloworld" - # # - # # Join channels even if there are no Matrix users on the other side of - # # the bridge. Set to false to prevent the bot from joining channels which have no - # # real matrix users in them, even if there is a mapping for the channel. - # # Default: true - # joinChannelsIfNoUsers: true - # - # # Configuration for PMs / private 1:1 communications between users. - # privateMessages: - # # Enable the ability for PMs to be sent to/from IRC/Matrix. - # # Default: true. - # enabled: true - # # Prevent Matrix users from sending PMs to the following IRC nicks. - # # Optional. Default: []. - # # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED - # - # # Should created Matrix PM rooms be federated? If false, only users on the - # # HS attached to this AS will be able to interact with this room. - # # Optional. Default: true. - # federate: true - # - # # Configuration for mappings not explicitly listed in the 'mappings' - # # section. - # dynamicChannels: - # # Enable the ability for Matrix users to join *any* channel on this IRC - # # network. - # # Default: false. - # enabled: true - # # Should the AS create a room alias for the new Matrix room? The form of - # # the alias can be modified via 'aliasTemplate'. Default: true. - # createAlias: true - # # Should the AS publish the new Matrix room to the public room list so - # # anyone can see it? Default: true. - # published: true - # # What should the join_rule be for the new Matrix room? If 'public', - # # anyone can join the room. If 'invite', only users with an invite can - # # join the room. Note that if an IRC channel has +k or +i set on it, - # # join_rules will be set to 'invite' until these modes are removed. - # # Default: "public". - # joinRule: public - # # This will set the m.room.related_groups state event in newly created rooms - # # with the given groupId. This means flares will show up on IRC users in those rooms. - # # This should be set to the same thing as namespaces.users.group_id in irc_registration. - # # This does not alter existing rooms. - # # Leaving this option empty will not set the event. - # groupId: +myircnetwork:localhost - # # Should created Matrix rooms be federated? If false, only users on the - # # HS attached to this AS will be able to interact with this room. - # # Default: true. - # federate: true - # # The room alias template to apply when creating new aliases. This only - # # applies if createAlias is 'true'. The following variables are exposed: - # # $SERVER => The IRC server address (e.g. "irc.example.com") - # # $CHANNEL => The IRC channel (e.g. "#python") - # # This MUST have $CHANNEL somewhere in it. - # # Default: '#irc_$SERVER_$CHANNEL' - # aliasTemplate: "#irc_$CHANNEL" - # # A list of user IDs which the AS bot will send invites to in response - # # to a !join. Only applies if joinRule is 'invite'. Default: [] - # # whitelist: - # # - "@foo:example.com" - # # - "@bar:example.com" - # # - # # Prevent the given list of channels from being mapped under any - # # circumstances. - # # exclude: ["#foo", "#bar"] - # - # # Configuration for controlling how Matrix and IRC membership lists are - # # synced. - # membershipLists: - # # Enable the syncing of membership lists between IRC and Matrix. This - # # can have a significant effect on performance on startup as the lists are - # # synced. This must be enabled for anything else in this section to take - # # effect. Default: false. - # enabled: false - # - # # Syncing membership lists at startup can result in hundreds of members to - # # process all at once. This timer drip feeds membership entries at the - # # specified rate. Default: 10000. (10s) - # floodDelayMs: 10000 - # - # global: - # ircToMatrix: - # # Get a snapshot of all real IRC users on a channel (via NAMES) and - # # join their virtual matrix clients to the room. - # initial: false - # # Make virtual matrix clients join and leave rooms as their real IRC - # # counterparts join/part channels. Default: false. - # incremental: false - # - # matrixToIrc: - # # Get a snapshot of all real Matrix users in the room and join all of - # # them to the mapped IRC channel on startup. Default: false. - # initial: false - # # Make virtual IRC clients join and leave channels as their real Matrix - # # counterparts join/leave rooms. Make sure your 'maxClients' value is - # # high enough! Default: false. - # incremental: false - # - # # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. - # rooms: - # - room: "!fuasirouddJoxtwfge:localhost" - # matrixToIrc: - # initial: false - # incremental: false - # - # # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. - # channels: - # - channel: "#foo" - # ircToMatrix: - # initial: false - # incremental: false - # - # mappings: - # # 1:many mappings from IRC channels to room IDs on this IRC server. - # # The matrix room must already exist. Your matrix client should expose - # # the room ID in a "settings" page for the room. - # "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] - # - # # Configuration for virtual matrix users. The following variables are - # # exposed: - # # $NICK => The IRC nick - # # $SERVER => The IRC server address (e.g. "irc.example.com") - # matrixClients: - # # The user ID template to use when creating virtual matrix users. This - # # MUST have $NICK somewhere in it. - # # Optional. Default: "@$SERVER_$NICK". - # # Example: "@irc.example.com_Alice:example.com" - # userTemplate: "@irc_$NICK" - # # The display name to use for created matrix clients. This should have - # # $NICK somewhere in it if it is specified. Can also use $SERVER to - # # insert the IRC domain. - # # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)" - # displayName: "$NICK (IRC)" - # # Number of tries a client can attempt to join a room before the request - # # is discarded. You can also use -1 to never retry or 0 to never give up. - # # Optional. Default: -1 - # joinAttempts: -1 - # - # # Configuration for virtual IRC users. The following variables are exposed: - # # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) - # # $USERID => The user ID - # # $DISPLAY => The display name of this user, with excluded characters - # # (e.g. space) removed. If the user has no display name, this - # # falls back to $LOCALPART. - # ircClients: - # # The template to apply to every IRC client nick. This MUST have either - # # $DISPLAY or $USERID or $LOCALPART somewhere in it. - # # Optional. Default: "M-$DISPLAY". Example: "M-Alice". - # nickTemplate: "$DISPLAY[m]" - # # True to allow virtual IRC clients to change their nick on this server - # # by issuing !nick commands to the IRC AS bot. - # # This is completely freeform: it will NOT follow the nickTemplate. - # allowNickChanges: true - # # The max number of IRC clients that will connect. If the limit is - # # reached, the client that spoke the longest time ago will be - # # disconnected and replaced. - # # Optional. Default: 30. - # maxClients: 30 - # # IPv6 configuration. - # ipv6: - # # Optional. Set to true to force IPv6 for outgoing connections. - # only: false - # # Optional. The IPv6 prefix to use for generating unique addresses for each - # # connected user. If not specified, all users will connect from the same - # # (default) address. This may require additional OS-specific work to allow - # # for the node process to bind to multiple different source addresses - # # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library - # # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. - # # prefix: "2001:0db8:85a3::" # modify appropriately - # # - # # The maximum amount of time in seconds that the client can exist - # # without sending another message before being disconnected. Use 0 to - # # not apply an idle timeout. This value is ignored if this IRC server is - # # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) - # idleTimeout: 10800 - # # The number of millseconds to wait between consecutive reconnections if a - # # client gets disconnected. Setting to 0 will cause the scheduling to be - # # disabled, i.e. it will be scheduled immediately (with jitter. - # # Otherwise, the scheduling interval will be used such that one client - # # reconnect for this server will be handled every reconnectIntervalMs ms using - # # a FIFO queue. - # # Default: 5000 (5 seconds) - # reconnectIntervalMs: 5000 - # # The number of concurrent reconnects if a user has been disconnected unexpectedly - # # (e.g. a netsplit). You should set this to a reasonably high number so that - # # bridges are not waiting an eternity to reconnect all its clients if - # # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs - # # setting above which is for connecting on restart of the bridge. Set to 0 to - # # immediately try to reconnect all users. - # # Default: 50 - # concurrentReconnectLimit: 50 - # # The number of lines to allow being sent by the IRC client that has received - # # a large block of text to send from matrix. If the number of lines that would - # # be sent is > lineLimit, the text will instead be uploaded to matrix and the - # # resulting URI is treated as a file. As such, a link will be sent to the IRC - # # side instead of potentially spamming IRC and getting the IRC client kicked. - # # Default: 3. - # lineLimit: 3 - # # A list of user modes to set on every IRC client. For example, "RiG" would set - # # +R, +i and +G on every IRC connection when they have successfully connected. - # # User modes vary wildly depending on the IRC network you're connecting to, - # # so check before setting this value. Some modes may not work as intended - # # through the bridge e.g. caller ID as there is no way to /ACCEPT. - # # Default: "" (no user modes) - # # userModes: "R" - # - # # Configuration for an ident server. If you are running a public bridge it is - # # advised you setup an ident server so IRC mods can ban specific matrix users - # # rather than the application service itself. - # ident: - # # True to listen for Ident requests and respond with the - # # matrix user's user_id (converted to ASCII, respecting RFC 1413). - # # Default: false. - # enabled: false - # # The port to listen on for incoming ident requests. - # # Ports below 1024 require root to listen on, and you may not want this to - # # run as root. Instead, you can get something like an Apache to yank up - # # incoming requests to 113 to a high numbered port. Set the port to listen - # # on instead of 113 here. - # # Default: 113. - # port: 1113 - # # The address to listen on for incoming ident requests. - # # Default: 0.0.0.0 - # address: "::" - # - # # Configuration for logging. Optional. Default: console debug level logging - # # only. - # logging: - # # Level to log on console/logfile. One of error|warn|info|debug - # level: "debug" - # # The file location to log to. This is relative to the project directory. - # logfile: "debug.log" - # # The file location to log errors to. This is relative to the project - # # directory. - # errfile: "errors.log" - # # Whether to log to the console or not. - # toConsole: true - # # The max number of files to keep. Files will be overwritten eventually due - # # to rotations. - # maxFiles: 5 - # - # # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: - # # $ npm install prom-client@6.3.0 - # # Metrics will then be available via GET /metrics on the bridge listening port (-p). - # metrics: - # # Whether to actually enable the metric endpoint. Default: false - # enabled: true - # # When collecting remote user active times, which "buckets" should be used. Defaults are given below. - # # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). - # remoteUserAgeBuckets: - # - "1h" - # - "1d" - # - "1w" - # - # # Configuration options for the debug HTTP API. To access this API, you must - # # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests. - # # - # # The debug API exposes the following endpoints: - # # - # # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID. - # # - # # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection. - # # Format: new line delimited commands as per IRC protocol. - # # - # debugApi: - # # True to enable the HTTP API endpoint. Default: false. - # enabled: false - # # The port to host the HTTP API. - # port: 11100 - # - # # Configuration for the provisioning API. - # # - # # GET /_matrix/provision/link - # # GET /_matrix/provision/unlink - # # GET /_matrix/provision/listlinks - # # - # provisioning: - # # True to enable the provisioning HTTP endpoint. Default: false. - # enabled: false - # # The number of seconds to wait before giving up on getting a response from - # # an IRC channel operator. If the channel operator does not respond within the - # # allotted time period, the provisioning request will fail. - # # Default: 300 seconds (5 mins) - # requestTimeoutSeconds: 300 - # - # # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot - # # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in - # # the database. - # # matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}" matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" + +# The original registration.yaml file generated by AppService IRC is merged with this config override, +# to produce the final registration.yaml file ultimately used by both the bridge and the homeserver. +# +# We do this to ensure consistency: +# - always having an up-to-date registration.yaml file (synced with the configuration file) +# - always having the same AS/HS token and appservice id in the registration.yaml file +# +# Learn more about this in `setup_install.yml` +matrix_appservice_irc_registration_override_yaml: | + id: appservice-irc + as_token: "{{ matrix_appservice_irc_appservice_token }}" + hs_token: "{{ matrix_appservice_irc_homeserver_token }}" + +matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index 1ebfd073..d6a1c2fb 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -1,3 +1,11 @@ +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. + when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)" + - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}" when: matrix_appservice_irc_enabled|bool @@ -7,7 +15,7 @@ matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} + - {{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} + {{ ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ matrix_synapse_app_service_config_files|default([]) }} diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 8681c4e0..a4601a60 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -1,13 +1,5 @@ --- -# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. -# We don't want to fail in such cases. -- name: Fail if matrix-synapse role already executed - fail: - msg: >- - The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. - when: "matrix_synapse_role_executed|default(False)" - - name: Ensure Appservice IRC image is pulled docker_image: name: "{{ matrix_appservice_irc_docker_image }}" @@ -15,31 +7,122 @@ force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" -- name: Ensure Appservice IRC base directory exists +- name: Ensure Appservice IRC paths exist file: - path: "{{ matrix_appservice_irc_base_path }}" + path: "{{ item }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" + with_items: + - "{{ matrix_appservice_irc_base_path }}" + - "{{ matrix_appservice_irc_config_path }}" + - "{{ matrix_appservice_irc_data_path }}" + +- name: Check if an old passkey file already exists + stat: + path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" + register: matrix_appservice_irc_stat_passkey + +- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped + service: + name: matrix-appservice-irc + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_appservice_irc_stat_passkey.stat.exists" + +- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory + command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem" + when: "matrix_appservice_irc_stat_passkey.stat.exists" + +- name: (Data relocation) Move AppService database files to ./data directory + command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}" + with_items: + - rooms.db + - users.db + failed_when: false + when: "matrix_appservice_irc_stat_passkey.stat.exists" - name: Ensure Matrix Appservice IRC config installed copy: content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" - dest: "{{ matrix_appservice_irc_base_path }}/config.yaml" + dest: "{{ matrix_appservice_irc_config_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" -- name: Check if matrix-appservice-irc passkey exists +- name: Check if Appservice IRC passkey exists stat: - path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" + path: "{{ matrix_appservice_irc_data_path }}/passkey.pem" register: irc_passkey_file -- name: Generate matrix-appservice-irc passkey if it doesn't exist - shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 +- name: Generate Appservice IRC passkey if it doesn't exist + shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 when: "not irc_passkey_file.stat.exists" +# Ideally, we'd like to generate the final registration.yaml file by ourselves. +# +# However, the IRC bridge supports multiple servers, which leads to multiple +# users/aliases/rooms rules in the registration file. +# +# Generating a proper file by ourselves is complicated and may lead to deviation +# from what the bridge is doing. +# +# Instead, we do another hacky thing - asking the bridge to generate a template, +# and then we parse it and fix it up with our own AS/HS token. +# We need to do this, because: +# - we'd like to have an up-to-date registration file +# - we can achieve this by asking the bridge to rebuild it each time +# - however, the bridge insists on regenerating all tokens each time +# - .. which is not friendly for integrating with the homeserver +# +# So we have a hybrid approach. We ask the bridge to always generate +# an up-to-date file, and we fix it up with some static values later on, +# to produce a final registration.yaml file, as we desire. +- name: Generate Appservice IRC registration-template.yaml + shell: >- + /usr/bin/docker run --rm --name matrix-appservice-irc-gen + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} + --cap-drop=ALL + -v {{ matrix_appservice_irc_config_path }}:/config:z + -v {{ matrix_appservice_irc_data_path }}:/data:z + {{ matrix_appservice_irc_docker_image }} + node app.js + -r + -f /config/registration-template.yaml + -u "http://matrix-appservice-irc:9999" + -c /config/config.yaml + -l irc_bot + changed_when: false + +- name: Read Appservice IRC registration-template.yaml + slurp: + src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" + register: matrix_appservice_irc_registration_template_slurp + +- name: Remove unnecessary Appservice IRC registration-template.yaml + file: + path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml" + state: absent + changed_when: false + +- name: Parse registration-template.yaml + set_fact: + matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}" + +- name: Combine registration-template.yaml and own registration override config + set_fact: + matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}" + +- name: Ensure Appservice IRC registration.yaml installed + copy: + content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}" + dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + - name: Ensure matrix-appservice-irc.service installed template: src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" @@ -51,31 +134,3 @@ service: daemon_reload: yes when: "matrix_appservice_irc_systemd_service_result.changed" - -- name: Check if a matrix-appservice-irc registration file exists - stat: - path: "{{ matrix_appservice_irc_base_path }}/registration.yaml" - register: appservice_irc_registration_file - -- name: Generate matrix-appservice-irc registration.yaml if it doesn't exist - shell: >- - /usr/bin/docker run --rm --name matrix-appservice-irc-gen - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ - -v {{ matrix_appservice_irc_base_path }}:/data:z - {{ matrix_appservice_irc_docker_image }} - node app.js - -r - -f /data/registration.yaml - -u "http://matrix-appservice-irc:9999" - -c /data/config.yaml - -l irc_bot - when: "not appservice_irc_registration_file.stat.exists" - -- name: Ensure IRC configuration directory permissions are correct - file: - path: "{{ matrix_appservice_irc_base_path }}" - state: directory - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - recurse: true diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml index cd4c1a31..bd08427c 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -1,5 +1,14 @@ --- +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_appservice_irc_appservice_token" + - "matrix_appservice_irc_homeserver_token" + # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to # let the playbook run without errors. # @@ -10,9 +19,11 @@ - name: Fail if no additional configuration provided fail: msg: >- - Your Appservice IRC configuration is incomplete (lacking an `ircService` key). - You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`. - when: "matrix_appservice_irc_configuration.ircService|default(none) is none" + Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration). + You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers` + or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`. + Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility. + when: "matrix_appservice_irc_configuration.ircService.servers|length == 0" - name: (Deprecation) Catch and report renamed appservice-irc variables fail: diff --git a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 14a54794..596a6005 100644 --- a/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -25,12 +25,13 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ {% if matrix_appservice_irc_container_http_host_bind_port %} -p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ {% endif %} - -v {{ matrix_appservice_irc_base_path }}:/data:z \ + -v {{ matrix_appservice_irc_config_path }}:/config:z \ + -v {{ matrix_appservice_irc_data_path }}:/data:z \ {% for arg in matrix_appservice_irc_container_extra_arguments %} {{ arg }} \ {% endfor %} {{ matrix_appservice_irc_docker_image }} \ - -c /data/config.yaml -f /data/registration.yaml -p 9999 + -c /config/config.yaml -f /config/registration.yaml -p 9999 ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc From c98eacdd701100e4232125bdbe1a8034df2b8e4b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 20 Jun 2019 16:59:04 +0300 Subject: [PATCH 02/15] Add BC Break label to old changelog entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 58466aa8..8db470cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -91,7 +91,7 @@ As always, if you forget to remove usage of some outdated variable, the playbook # 2019-05-23 -## Ansible 2.8 compatibility +## (BC Break) Ansible 2.8 compatibility Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187). From 764feb4d7b88eb62faf0e6351305331fdda0df18 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 20 Jun 2019 17:00:05 +0300 Subject: [PATCH 03/15] Bump changelog entry date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f632d62..6f23e58b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# 2019-06-19 +# 2019-06-20 ## (BC Break) IRC bridge configuration is now entirely managed by the playbook From 9195ef4c074fb0469f80c19cff0a8722ef815093 Mon Sep 17 00:00:00 2001 From: Lee Verberne Date: Sat, 22 Jun 2019 08:36:16 +0200 Subject: [PATCH 04/15] Disable appservice-irc log files appservice-irc doesn't have permission to create files in its project directory and the intention is to log to the console, anyway. By commenting out the file names, appservice-irc won't attempt to open the files. --- roles/matrix-bridge-appservice-irc/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml index 53282f98..354e5fdb 100644 --- a/roles/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -427,10 +427,10 @@ matrix_appservice_irc_configuration_yaml: | # Level to log on console/logfile. One of error|warn|info|debug level: "debug" # The file location to log to. This is relative to the project directory. - logfile: "debug.log" + #logfile: "debug.log" # The file location to log errors to. This is relative to the project # directory. - errfile: "errors.log" + #errfile: "errors.log" # Whether to log to the console or not. toConsole: true # The max number of files to keep. Files will be overwritten eventually due From 4797469383c83f94f0ea67e0dc45c63bd691f26f Mon Sep 17 00:00:00 2001 From: Thomas Kuehne Date: Mon, 24 Jun 2019 00:16:04 +0200 Subject: [PATCH 05/15] Make WhatsApp bridge configuration playbook-managed - following spantaleev transition of the telegram brigde - adding a validate_config task --- group_vars/matrix_servers | 4 + .../defaults/main.yml | 169 ++++++++++++++++++ .../tasks/init.yml | 2 +- .../tasks/main.yml | 6 + .../tasks/setup_install.yml | 72 +++++--- .../tasks/validate_config.yml | 11 ++ .../templates/config.yaml.j2 | 87 --------- .../matrix-mautrix-whatsapp.service.j2 | 5 +- 8 files changed, 237 insertions(+), 119 deletions(-) create mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml delete mode 100644 roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d70bce0..d050d53e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -164,6 +164,10 @@ matrix_mautrix_whatsapp_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} +matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whatsapp-appservice-token') | to_uuid }}" + +matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whatsapp-homeserver-token') | to_uuid }}" + ###################################################################### # # /matrix-bridge-mautrix-whatsapp diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 946e64af..e16e1608 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -7,6 +7,8 @@ matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" +matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config" +matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data" matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" @@ -20,3 +22,170 @@ matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service'] # List of systemd services that matrix-mautrix-whatsapp.service wants matrix_mautrix_whatsapp_systemd_wanted_services_list: [] + +matrix_mautrix_whatsapp_appservice_token: '' +matrix_mautrix_whatsapp_homeserver_token: '' + +# Default mautrix-whatsapp configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_whatsapp_configuration_yaml: | + # Homeserver details. + homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_whatsapp_homeserver_address }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} + # Application service host/registration related details. + # Changing these values requires regeneration of the registration. + + appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_whatsapp_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: sqlite3 + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database + uri: mautrix-whatsapp.db + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + + # Path to the Matrix room state store. + state_store_path: ./mx-state.json + + # The unique ID of this appservice. + id: whatsapp + # Appservice bot details. + bot: + # Username of the appservice bot. + username: whatsappbot + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: WhatsApp bridge bot + avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" + hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" + + # Bridge config + bridge: + # Localpart template of MXIDs for WhatsApp users. + # {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user. + username_template: "{{ 'whatsapp_{{.}}' }}" + # Displayname template for WhatsApp users. + # {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user + # {{ '{{.Jid}}' }} - phone number (international format) + # The following variables are also available, but will cause problems on multi-user instances: + # {{ '{{.Name}}' }} - display name from contact list + # {{ '{{.Short}}' }} - short display name from contact list + displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}" + # WhatsApp connection timeout in seconds. + connection_timeout: 20 + # Maximum number of times to retry connecting on connection error. + max_connection_attempts: 3 + # Number of seconds to wait between connection attempts. + # Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts + connection_retry_delay: -1 + # Whether or not the bridge should send a notice to the user's management room when it retries connecting. + # If false, it will only report when it stops retrying. + report_connection_retry: true + # Number of seconds to wait for contacts and chats to be sent at startup before syncing. + # If you have lots of chats, it might take more than a second. + contact_wait_delay: 1 + # Number of chats to sync for new users. + initial_chat_sync_count: 10 + # Number of old messages to fill when creating new portal rooms. + initial_history_fill_count: 20 + # Maximum number of chats to sync when recovering from downtime. + # Set to -1 to sync all new chats during downtime. + recovery_chat_sync_limit: -1 + # Whether or not to sync history when recovering from downtime. + recovery_history_backfill: true + # Maximum number of seconds since last message in chat to skip + # syncing the chat in any case. This setting will take priority + # over both recovery_chat_sync_limit and initial_chat_sync_count. + # Default is 3 days = 259200 seconds + sync_max_chat_age: 259200 + + # Whether or not to sync with custom puppets to receive EDUs that + # are not normally sent to appservices. + sync_with_custom_puppets: true + # Whether or not to invite own WhatsApp user's Matrix puppet into private + # chat portals when backfilling if needed. + # This always uses the default puppet instead of custom puppets due to + # rate limits and timestamp massaging. + invite_own_puppet_for_backfilling: true + # Whether or not to explicitly set the avatar and room name for private + # chat portal rooms. This can be useful if the previous field works fine, + # but causes room avatar/name bugs. + private_chat_portal_meta: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!wa" + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to chat with a WhatsApp account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user + # Logging config. + logging: + # The directory for log files. Will be created if not found. + directory: ./logs + # Available variables: .Date for the file date and .Index for different log files on the same day. + file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}" + # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants + file_date_format: "2006-01-02" + # Log file permissions. + file_mode: 0600 + # Timestamp format for log entries in the Go time format. + timestamp_format: "Jan _2, 2006 15:04:05" + # Minimum severity for log messages. + # Options: debug, info, warn, error, fatal + print_level: debug + +matrix_mautrix_whatsapp_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_whatsapp_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_whatsapp_configuration_yaml`. + +matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`. +matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml|from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}" + +matrix_mautrix_whatsapp_registration_yaml: | + id: whatsapp + url: {{ matrix_mautrix_whatsapp_appservice_address }} + as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}" + hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}" + sender_localpart: whatsappbot + rate_limited: false + namespaces: + users: + - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain }}$' + exclusive: true + +matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index aff34f6d..6ae13812 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -7,7 +7,7 @@ matrix_synapse_container_extra_arguments: > {{ matrix_synapse_container_extra_arguments|default([]) }} + - {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} + {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} matrix_synapse_app_service_config_files: > {{ matrix_synapse_app_service_config_files|default([]) }} diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index f74eca0a..188eae4a 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -2,6 +2,12 @@ tags: - always +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mautrix_whatsapp_enabled|bool" + tags: + - setup-all + - setup-mautrix-whatsapp + - import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_mautrix_whatsapp_enabled" tags: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 5c176e3a..0806e559 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -15,27 +15,59 @@ force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" -- name: Ensure Mautrix Whatsapp base directory exists +- name: Ensure Mautrix Whatsapp paths exists file: - path: "{{ matrix_mautrix_whatsapp_base_path }}" + path: "{{ item }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - -- name: Check if a mautrix-whatsapp configuration file exists + with_items: + - "{{ matrix_mautrix_whatsapp_base_path }}" + - "{{ matrix_mautrix_whatsapp_config_path }}" + - "{{ matrix_mautrix_whatsapp_data_path }}" + +- name: Check if an old database file exists stat: - path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" - register: mautrix_whatsapp_config_file_stat + path: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db" + register: matrix_mautrix_whatsapp_stat_database + +- name: Check if an old matrix state file exists + stat: + path: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json" + register: matrix_mautrix_whatsapp_stat_mx_state -- name: Ensure Matrix Mautrix whatsapp config installed - template: - src: "{{ role_path }}/templates//config.yaml.j2" - dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" +- name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped + service: + name: matrix-mautrix-whatsapp + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mautrix_whatsapp_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-whatsapp database file to ./data directory + command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db" + when: "matrix_mautrix_whatsapp_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory + command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json" + when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists" + +- name: Ensure mautrix-whatsapp config.yaml installed + copy: + content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure mautrix-whatsapp registration.yaml installed + copy: + content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "not mautrix_whatsapp_config_file_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service installed template: @@ -48,21 +80,3 @@ service: daemon_reload: yes when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - -- name: Check if a mautrix-whatsapp registration file exists - stat: - path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml" - register: mautrix_whatsapp_registration_file_stat - -- name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist - shell: - cmd: >- - /usr/bin/docker run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --name matrix-mautrix-whatsapp-gen - -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z - {{ matrix_mautrix_whatsapp_docker_image }} - /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml - when: "not mautrix_whatsapp_registration_file_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml new file mode 100644 index 00000000..48314190 --- /dev/null +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_whatsapp_appservice_token" + - "matrix_mautrix_whatsapp_homeserver_token" + diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 deleted file mode 100644 index 310acb4f..00000000 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ /dev/null @@ -1,87 +0,0 @@ -#jinja2: lstrip_blocks: "True" -# Homeserver details. -homeserver: - # The address that this appservice can use to connect to the homeserver. - address: {{ matrix_mautrix_whatsapp_homeserver_address }} - # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} - -# Application service host/registration related details. -# Changing these values requires regeneration of the registration. -appservice: - # The address that the homeserver can use to connect to this appservice. - address: {{ matrix_mautrix_whatsapp_appservice_address }} - - # The hostname and port where this appservice should listen. - hostname: 0.0.0.0 - port: 8080 - - # Database config. - database: - # The database type. Only "sqlite3" is supported. - type: sqlite3 - # The database URI. Usually file name. https://github.com/mattn/go-sqlite3#connection-string - uri: mautrix-whatsapp.db - # Path to the Matrix room state store. - state_store_path: ./mx-state.json - - # The unique ID of this appservice. - id: whatsapp - # Appservice bot details. - bot: - # Username of the appservice bot. - username: whatsappbot - # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty - # to leave display name/avatar as-is. - displayname: WhatsApp bridge bot - avatar: remove - - # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. - as_token: "This value is generated when generating the registration" - hs_token: "This value is generated when generating the registration" - -# Bridge config. Currently unused. -bridge: - # {% raw %} - # protecting the go templates inside the raw section. - # Localpart template of MXIDs for WhatsApp users. - # {{.}} is replaced with the phone number of the WhatsApp user. - username_template: whatsapp_{{.}} - # Displayname template for WhatsApp users. - # {{.Notify}} - nickname set by the WhatsApp user - # {{.Jid}} - phone number (international format) - # The following variables are also available, but will cause problems on multi-user instances: - # {{.Name}} - display name from contact list - # {{.Short}} - short display name from contact list - displayname_template: "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)" - # {% endraw %} - - # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" - - # Permissions for using the bridge. - # Permitted values: - # user - Access to use the bridge to chat with a WhatsApp account. - # admin - User level and some additional administration tools - # Permitted keys: - # * - All Matrix users - # domain - All users on that homeserver - # mxid - Specific user - permissions: - '{{ matrix_mautrix_whatsapp_homeserver_domain }}': user - -# Logging config. -logging: - # The directory for log files. Will be created if not found. - directory: ./logs - # Available variables: .Date for the file date and .Index for different log files on the same day. - file_name_format: {% raw %}"{{.Date}}-{{.Index}}.log"{% endraw %} - # Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants - file_date_format: 2006-01-02 - # Log file permissions. - file_mode: 0600 - # Timestamp format for log entries in the Go time format. - timestamp_format: Jan _2, 2006 15:04:05 - # Minimum severity for log messages. - # Options: debug, info, warn, error, fatal - print_level: debug diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index f0913864..e2289063 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -22,13 +22,14 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ - -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \ + -v {{ matrix_mautrix_whatsapp_config_path }}:/config:z \ + -v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \ --workdir=/data \ {% for arg in matrix_mautrix_whatsapp_container_extra_arguments %} {{ arg }} \ {% endfor %} {{ matrix_mautrix_whatsapp_docker_image }} \ - /usr/bin/mautrix-whatsapp + /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp From 39b6e3ed26d2bf3dc9798512c2f2d8f9ab2cda7d Mon Sep 17 00:00:00 2001 From: Thomas Kuehne Date: Mon, 24 Jun 2019 00:22:02 +0200 Subject: [PATCH 06/15] Added a changelog for the new WhatsApp config style - changelog entry for commit 4797469383c83f94f0ea67e0dc45c63bd691f26f --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee739679..16801d24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +# 2019-06-24 + +## (BC Break) WhatsApp bridge configuration is now entirely managed by the playbook + +Until now, configuration files for the [WhatsApp bridge](docs/configuring-playbook-bridge-mautrix-whatsapp.md) were created by the playbook initially, but never modified later on. + +From now on, the playbook will keep the configuration in sync for you. + +This means that if you were making manual changes to the `/matrix/mautrix-whatsapp/config.yaml` or `/matrix/mautrix-whatsapp/registration.yaml` configuration files, those would be lost the next time you run the playbook. + +The bridge now stores configuration in a subdirectory (`/matrix/mautrix-whatsapp/config`), so your old configuration remains in the base directory (`/matrix/mautrix-whatsapp`). +You need to migrate any manual changes over to the new `matrix_mautrix_whatsapp_configuration_extension_yaml` variable, so that the playbook would apply them for you. + +Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/data`). When you run the playbook with an existing database file (`/matrix/mautrix-whatsapp/mautrix-whatsapp.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`). + +We're now following the default configuration for the WhatsApp bridge. + # 2019-06-20 ## (BC Break) IRC bridge configuration is now entirely managed by the playbook From 62509e4849696f1e322f8ae173ddf3caa5967ab3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jun 2019 07:42:39 +0300 Subject: [PATCH 07/15] Fix indentation consistency --- .../templates/systemd/matrix-mautrix-whatsapp.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index e2289063..d864c041 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -23,7 +23,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_whatsapp_config_path }}:/config:z \ - -v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \ + -v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \ --workdir=/data \ {% for arg in matrix_mautrix_whatsapp_container_extra_arguments %} {{ arg }} \ From 3ff57ed74daf3ecdd00f572c78d29fc91f1b2edf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jun 2019 07:48:56 +0300 Subject: [PATCH 08/15] Use container network for communication between homeserver and Whatsapp bridge --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index e16e1608..bb13fea6 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -10,7 +10,7 @@ matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config" matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data" -matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}" +matrix_mautrix_whatsapp_homeserver_address: "http://matrix-synapse:8008" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" From c876a7df1d8103cd326349f76a314f98a114f20f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jun 2019 07:49:19 +0300 Subject: [PATCH 09/15] Use |regex_escape in Whatsapp registration.yaml Doesn't matter much, but it makes it consistent with the other bridges. --- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index bb13fea6..5ae2d39c 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -185,7 +185,7 @@ matrix_mautrix_whatsapp_registration_yaml: | rate_limited: false namespaces: users: - - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain }}$' + - regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$' exclusive: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}" From 37c8b96d06a0800491348c811e5a0437e5198164 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jun 2019 07:50:47 +0300 Subject: [PATCH 10/15] Use stricter regex in bridges' registration.yaml I've been thinking of doing before, but haven't. Now that the Whatsapp bridge does it (since 4797469383c83f94f0ea67e0d), it makes sense to do it for all other bridges as well. (Except for the IRC bridge - that one manages most of registration.yaml by itself) --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index fc888675..9a1214f3 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -171,7 +171,7 @@ matrix_mautrix_facebook_registration_yaml: | namespaces: users: - exclusive: true - regex: '@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}' + regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_facebook_appservice_address }} sender_localpart: facebookbot rate_limited: false diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index af80ff31..df87de26 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -367,10 +367,10 @@ matrix_mautrix_telegram_registration_yaml: | namespaces: users: - exclusive: true - regex: '@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}' + regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' aliases: - exclusive: true - regex: '#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}' + regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$' url: {{ matrix_mautrix_telegram_appservice_address }} sender_localpart: telegrambot rate_limited: false From ae3a1bb148785ad8079a92ebcf970b36052cb92f Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Mon, 24 Jun 2019 13:10:58 -0500 Subject: [PATCH 11/15] Update nginx to 1.17.0 --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 47897489..b4b181ff 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.15.12-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.17.0-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" From 1eaa7b6967da7f6fb653d21f267975e5dc6bc94b Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Mon, 24 Jun 2019 13:11:23 -0500 Subject: [PATCH 12/15] Update postgres versions to latest --- roles/matrix-postgres/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 3971eb92..9a2ca703 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -8,9 +8,9 @@ matrix_postgres_db_name: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -matrix_postgres_docker_image_v9: "postgres:9.6.13-alpine" -matrix_postgres_docker_image_v10: "postgres:10.8-alpine" -matrix_postgres_docker_image_v11: "postgres:11.3-alpine" +matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine" +matrix_postgres_docker_image_v10: "postgres:10.9-alpine" +matrix_postgres_docker_image_v11: "postgres:11.4-alpine" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" # This variable is assigned at runtime. Overriding its value has no effect. From 918526c5fe56725d4578479899c9cdfdbbc882e3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Jun 2019 14:42:54 +0300 Subject: [PATCH 13/15] Update riot-web (1.2.1 -> 1.2.2) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 9ca25c33..d5648044 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.1" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.2" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 59b56fa5048cdba07bbd11f55f71308a5d47bf84 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jun 2019 07:40:36 +0300 Subject: [PATCH 14/15] Update Docker image of Ansible (2.7.0 -> 2.8.1) --- docs/ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ansible.md b/docs/ansible.md index 0987ca7f..fddcdc2f 100644 --- a/docs/ansible.md +++ b/docs/ansible.md @@ -50,7 +50,7 @@ docker run -it --rm \ -v `pwd`:/work \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ --entrypoint=/bin/sh \ -devture/ansible:2.7.0-r1 +devture/ansible:2.8.1-r0 ``` The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). From 782356d42171142dc9a485aaca71ca1271916e5c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jun 2019 09:19:36 +0300 Subject: [PATCH 15/15] Use password_hash salts that obey passlib requirements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha512_crypt.html: > salt (str) – Optional salt string. If not specified, one will be autogenerated (this is recommended). > If specified, it must be 0-16 characters, drawn from the regexp range [./0-9A-Za-z]. Until now, we were using invalid characters (like `-`). We were also going over the requested length limit of 16 characters. This is most likely what was causing `ValueError` exceptions for some people, as reported in #209 (Github Issue). Ansible's source code (`lib/ansible/utils/encrypt.py`) shows that Ansible tries to use passlib if available and falls back to Python's `crypt` module if not. For Mac, `crypt.crypt` doesn't seem to work, so Ansible always requires passlib. Looks like crypt is forgiving when length or character requirements are not obeyed. It would auto-trim a salt string to make it work, which means that we could end up with the same hash if we call it with salts which aer only different after their 16th character. For these reasons (crypt autotriming and passlib downright complaining), we're now using shorter and more diverse salts. --- group_vars/matrix_servers | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index d050d53e..356f6cf1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -78,9 +78,9 @@ matrix_appservice_irc_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-appservice-token') | to_uuid }}" +matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}" -matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'appservice-irc-homeserver-token') | to_uuid }}" +matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.hs.token') | to_uuid }}" ###################################################################### # @@ -105,9 +105,9 @@ matrix_mautrix_facebook_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-appservice-token') | to_uuid }}" +matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}" -matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-homeserver-token') | to_uuid }}" +matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}" ###################################################################### # @@ -133,9 +133,9 @@ matrix_mautrix_telegram_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-appservice-token') | to_uuid }}" +matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}" -matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-homeserver-token') | to_uuid }}" +matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.hs.token') | to_uuid }}" matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" @@ -164,9 +164,9 @@ matrix_mautrix_whatsapp_systemd_required_services_list: | (['matrix-synapse.service'] if matrix_synapse_enabled else []) }} -matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whatsapp-appservice-token') | to_uuid }}" +matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}" -matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whatsapp-homeserver-token') | to_uuid }}" +matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}" ###################################################################### #