This commit is contained in:
p5t2vspoqqw 2019-06-26 10:41:14 +02:00
commit 9874c3df90
21 changed files with 884 additions and 644 deletions

View file

@ -1,10 +1,47 @@
# 2019-06-24
## (BC Break) WhatsApp bridge configuration is now entirely managed by the playbook
Until now, configuration files for the [WhatsApp bridge](docs/configuring-playbook-bridge-mautrix-whatsapp.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/mautrix-whatsapp/config.yaml` or `/matrix/mautrix-whatsapp/registration.yaml` configuration files, those would be lost the next time you run the playbook.
The bridge now stores configuration in a subdirectory (`/matrix/mautrix-whatsapp/config`), so your old configuration remains in the base directory (`/matrix/mautrix-whatsapp`).
You need to migrate any manual changes over to the new `matrix_mautrix_whatsapp_configuration_extension_yaml` variable, so that the playbook would apply them for you.
Likewise, data is now also stored in a subdirectory (`/matrix/mautrix-whatsapp/data`). When you run the playbook with an existing database file (`/matrix/mautrix-whatsapp/mautrix-whatsapp.db`), the playbook will stop the bridge and relocate the database file to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`).
We're now following the default configuration for the WhatsApp bridge.
# 2019-06-20
## (BC Break) IRC bridge configuration is now entirely managed by the playbook
Until now, configuration files for the [IRC bridge](docs/configuring-playbook-bridge-appservice-irc.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/appservice-irc/config.yaml` or `/matrix/appservice-irc/registration.yaml` configuration files, those would be lost the next time you run the playbook.
The bridge now stores configuration in a subdirectory (`/matrix/appservice-irc/config`), so your old configuration remains in the base directory (`/matrix/appservice-irc`).
Previously, we asked people to configure bridged IRC servers by extending the bridge configuration (`matrix_appservice_irc_configuration_extension_yaml`). While this is still possible and will continue working forever, **we now recommend defining IRC servers in the easier to use `matrix_appservice_irc_ircService_servers` variable**. See [our IRC bridge documentation page](docs/configuring-playbook-bridge-appservice-irc.md) for an example.
If you decide to continue using `matrix_appservice_irc_configuration_extension_yaml`, you might be interested to know that `ircService.databaseUri` and a few other keys now have default values in the base configuration (`matrix_appservice_irc_configuration_yaml`). You may wish to stop redefining those keys, unless you really intend to override them. You most likely only need to override `ircService.servers`.
Bridge data (`passkey.pem` and database files) is now also stored in a subdirectory (`/matrix/appservice-irc/data`).
When you run the playbook with an existing `/matrix/appservice-irc/passkey.pem` file, the playbook will stop the bridge and relocate the passkey and database files (`rooms.db` and `users.db`) to the `./data` directory. There's no data-loss involved. You'll need to restart the bridge manually though (`--tags=start`).
# 2019-06-15 # 2019-06-15
## (BC Break) Telegram bridge configuration is now entirely managed by the playbook ## (BC Break) Telegram bridge configuration is now entirely managed by the playbook
Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on. Until now, configuration files for the [Telegram bridge](docs/configuring-playbook-bridge-mautrix-telegram.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep those configuration in sync for you. From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook. This means that if you were making manual changes to the `/matrix/mautrix-telegram/config.yaml` or `/matrix/mautrix-telegram/registration.yaml` configuration files, those would be lost the next time you run the playbook.
@ -44,7 +81,7 @@ Besides this optional/non-urgent DNS change, assuming you're already on Synapse
Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on. Until now, configuration files for the [Facebook bridge](docs/configuring-playbook-bridge-mautrix-facebook.md) were created by the playbook initially, but never modified later on.
From now on, the playbook will keep those configuration in sync for you. From now on, the playbook will keep the configuration in sync for you.
This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook. This means that if you were making manual changes to the `/matrix/mautrix-facebook/config.yaml` or `/matrix/mautrix-facebook/registration.yaml` configuration files, those would be lost the next time you run the playbook.
@ -91,7 +128,7 @@ As always, if you forget to remove usage of some outdated variable, the playbook
# 2019-05-23 # 2019-05-23
## Ansible 2.8 compatibility ## (BC Break) Ansible 2.8 compatibility
Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187). Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187).

View file

@ -50,7 +50,7 @@ docker run -it --rm \
-v `pwd`:/work \ -v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \ -v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \ --entrypoint=/bin/sh \
devture/ansible:2.7.0-r1 devture/ansible:2.8.1-r0
``` ```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`). The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

View file

@ -8,25 +8,8 @@ You'll need to use the following playbook configuration:
```yaml ```yaml
matrix_appservice_irc_enabled: true matrix_appservice_irc_enabled: true
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here. matrix_appservice_irc_ircService_servers:
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_appservice_irc_configuration_yaml`.
#
# For a full example configuration with comments, see `roles/matrix-synapse/defaults/main.yml`
#
# A simple example configuration extension follows:
#
ircService:
databaseUri: "nedb:///data" # does not typically need modification
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
matrixHandler:
eventCacheSize: 4096
servers:
irc.example.com: irc.example.com:
name: "ExampleNet" name: "ExampleNet"
port: 6697 port: 6697

View file

@ -78,6 +78,10 @@ matrix_appservice_irc_systemd_required_services_list: |
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
}} }}
matrix_appservice_irc_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.as.token') | to_uuid }}"
matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'irc.hs.token') | to_uuid }}"
###################################################################### ######################################################################
# #
# /matrix-bridge-appservice-irc # /matrix-bridge-appservice-irc
@ -101,9 +105,9 @@ matrix_mautrix_facebook_systemd_required_services_list: |
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
}} }}
matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-appservice-token') | to_uuid }}" matrix_mautrix_facebook_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.as.token') | to_uuid }}"
matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'facebook-homeserver-token') | to_uuid }}" matrix_mautrix_facebook_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'fb.hs.token') | to_uuid }}"
###################################################################### ######################################################################
# #
@ -129,9 +133,9 @@ matrix_mautrix_telegram_systemd_required_services_list: |
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
}} }}
matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-appservice-token') | to_uuid }}" matrix_mautrix_telegram_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.as.token') | to_uuid }}"
matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram-homeserver-token') | to_uuid }}" matrix_mautrix_telegram_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegr.hs.token') | to_uuid }}"
matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
@ -160,6 +164,10 @@ matrix_mautrix_whatsapp_systemd_required_services_list: |
(['matrix-synapse.service'] if matrix_synapse_enabled else []) (['matrix-synapse.service'] if matrix_synapse_enabled else [])
}} }}
matrix_mautrix_whatsapp_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.as.token') | to_uuid }}"
matrix_mautrix_whatsapp_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'whats.hs.token') | to_uuid }}"
###################################################################### ######################################################################
# #
# /matrix-bridge-mautrix-whatsapp # /matrix-bridge-mautrix-whatsapp

View file

@ -7,86 +7,20 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
matrix_appservice_irc_config_path: "{{ matrix_appservice_irc_base_path }}/config"
matrix_appservice_irc_data_path: "{{ matrix_appservice_irc_base_path }}/data"
matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008' matrix_appservice_irc_homeserver_url: 'http://matrix-synapse:8008'
matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}' matrix_appservice_irc_homeserver_media_url: 'https://{{ matrix_server_fqn_matrix }}'
matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}' matrix_appservice_irc_homeserver_domain: '{{ matrix_domain }}'
matrix_appservice_irc_homeserver_enablePresence: true matrix_appservice_irc_homeserver_enablePresence: true
matrix_appservice_irc_appservice_address: 'http://matrix-appservice-irc:9999'
# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container). matrix_appservice_irc_ircService_servers: []
# Example of `matrix_appservice_irc_ircService_servers` with one server (and all its options):
# #
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose. # matrix_appservice_irc_ircService_servers:
matrix_appservice_irc_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_appservice_irc_container_extra_arguments: []
# List of systemd services that matrix-appservice-irc.service depends on.
matrix_appservice_irc_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-appservice-irc.service wants
matrix_appservice_irc_systemd_wanted_services_list: []
matrix_appservice_irc_configuration_yaml: |
#jinja2: lstrip_blocks: True
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
#
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here.
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_appservice_irc_configuration_yaml`.
#
# Example configuration extension follows:
#
# ircService:
# databaseUri: "nedb:///data" # does not typically need modification
# passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# matrixHandler:
# eventCacheSize: 4096
# servers:
# # The address of the server to connect to. # # The address of the server to connect to.
# irc.example.com: # irc.example.com:
# # A human-readable short name. This is used to label IRC status rooms # # A human-readable short name. This is used to label IRC status rooms
@ -95,20 +29,20 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # It is also used in the Third Party Lookup API as the instance `desc` # # It is also used in the Third Party Lookup API as the instance `desc`
# # property, where each server is an instance. # # property, where each server is an instance.
# name: "ExampleNet" # name: "ExampleNet"
#
# additionalAddresses: [ "irc2.example.com" ] # additionalAddresses: [ "irc2.example.com" ]
# # # #
# # [DEPRECATED] Use `name`, above, instead. # # [DEPRECATED] Use `name`, above, instead.
# # A human-readable description string # # A human-readable description string
# # description: "Example.com IRC network" # # description: "Example.com IRC network"
#
# # An ID for uniquely identifying this server amongst other servers being bridged. # # An ID for uniquely identifying this server amongst other servers being bridged.
# # networkId: "example" # # networkId: "example"
#
# # URL to an icon used as the network icon whenever this network appear in # # URL to an icon used as the network icon whenever this network appear in
# # a network list. (Like in the riot room directory, for instance.) # # a network list. (Like in the riot room directory, for instance.)
# # icon: https://example.com/images/hash.png # # icon: https://example.com/images/hash.png
#
# # The port to connect to. Optional. # # The port to connect to. Optional.
# port: 6697 # port: 6697
# # Whether to use SSL or not. Default: false. # # Whether to use SSL or not. Default: false.
@ -126,14 +60,14 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # -----BEGIN CERTIFICATE----- # # -----BEGIN CERTIFICATE-----
# # ... # # ...
# # -----END CERTIFICATE----- # # -----END CERTIFICATE-----
#
# # # #
# # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. # # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# # password: 'pa$$w0rd' # # password: 'pa$$w0rd'
# # # #
# # Whether or not to send connection/error notices to real Matrix users. Default: true. # # Whether or not to send connection/error notices to real Matrix users. Default: true.
# sendConnectionMessages: true # sendConnectionMessages: true
#
# quitDebounce: # quitDebounce:
# # Whether parts due to net-splits are debounced for delayMs, to allow # # Whether parts due to net-splits are debounced for delayMs, to allow
# # time for the netsplit to resolve itself. A netsplit is detected as being # # time for the netsplit to resolve itself. A netsplit is detected as being
@ -153,13 +87,13 @@ matrix_appservice_irc_configuration_extension_yaml: |
# delayMinMs: 3600000 # 1h # delayMinMs: 3600000 # 1h
# # Default: 7200000, = 2h # # Default: 7200000, = 2h
# delayMaxMs: 7200000 # 2h # delayMaxMs: 7200000 # 2h
#
# # A map for conversion of IRC user modes to Matrix power levels. This enables bridging # # A map for conversion of IRC user modes to Matrix power levels. This enables bridging
# # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has # # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
# # been given multiple modes, the one that maps to the highest power level will be used. # # been given multiple modes, the one that maps to the highest power level will be used.
# modePowerMap: # modePowerMap:
# o: 50 # o: 50
#
# botConfig: # botConfig:
# # Enable the presence of the bot in IRC channels. The bot serves as the entity # # Enable the presence of the bot in IRC channels. The bot serves as the entity
# # which maps from IRC -> Matrix. You can disable the bot entirely which # # which maps from IRC -> Matrix. You can disable the bot entirely which
@ -190,7 +124,7 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # real matrix users in them, even if there is a mapping for the channel. # # real matrix users in them, even if there is a mapping for the channel.
# # Default: true # # Default: true
# joinChannelsIfNoUsers: true # joinChannelsIfNoUsers: true
#
# # Configuration for PMs / private 1:1 communications between users. # # Configuration for PMs / private 1:1 communications between users.
# privateMessages: # privateMessages:
# # Enable the ability for PMs to be sent to/from IRC/Matrix. # # Enable the ability for PMs to be sent to/from IRC/Matrix.
@ -199,12 +133,12 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # Prevent Matrix users from sending PMs to the following IRC nicks. # # Prevent Matrix users from sending PMs to the following IRC nicks.
# # Optional. Default: []. # # Optional. Default: [].
# # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED # # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
#
# # Should created Matrix PM rooms be federated? If false, only users on the # # Should created Matrix PM rooms be federated? If false, only users on the
# # HS attached to this AS will be able to interact with this room. # # HS attached to this AS will be able to interact with this room.
# # Optional. Default: true. # # Optional. Default: true.
# federate: true # federate: true
#
# # Configuration for mappings not explicitly listed in the 'mappings' # # Configuration for mappings not explicitly listed in the 'mappings'
# # section. # # section.
# dynamicChannels: # dynamicChannels:
@ -250,7 +184,7 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # Prevent the given list of channels from being mapped under any # # Prevent the given list of channels from being mapped under any
# # circumstances. # # circumstances.
# # exclude: ["#foo", "#bar"] # # exclude: ["#foo", "#bar"]
#
# # Configuration for controlling how Matrix and IRC membership lists are # # Configuration for controlling how Matrix and IRC membership lists are
# # synced. # # synced.
# membershipLists: # membershipLists:
@ -259,12 +193,12 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # synced. This must be enabled for anything else in this section to take # # synced. This must be enabled for anything else in this section to take
# # effect. Default: false. # # effect. Default: false.
# enabled: false # enabled: false
#
# # Syncing membership lists at startup can result in hundreds of members to # # Syncing membership lists at startup can result in hundreds of members to
# # process all at once. This timer drip feeds membership entries at the # # process all at once. This timer drip feeds membership entries at the
# # specified rate. Default: 10000. (10s) # # specified rate. Default: 10000. (10s)
# floodDelayMs: 10000 # floodDelayMs: 10000
#
# global: # global:
# ircToMatrix: # ircToMatrix:
# # Get a snapshot of all real IRC users on a channel (via NAMES) and # # Get a snapshot of all real IRC users on a channel (via NAMES) and
@ -273,7 +207,7 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # Make virtual matrix clients join and leave rooms as their real IRC # # Make virtual matrix clients join and leave rooms as their real IRC
# # counterparts join/part channels. Default: false. # # counterparts join/part channels. Default: false.
# incremental: false # incremental: false
#
# matrixToIrc: # matrixToIrc:
# # Get a snapshot of all real Matrix users in the room and join all of # # Get a snapshot of all real Matrix users in the room and join all of
# # them to the mapped IRC channel on startup. Default: false. # # them to the mapped IRC channel on startup. Default: false.
@ -282,27 +216,27 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # counterparts join/leave rooms. Make sure your 'maxClients' value is # # counterparts join/leave rooms. Make sure your 'maxClients' value is
# # high enough! Default: false. # # high enough! Default: false.
# incremental: false # incremental: false
#
# # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. # # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
# rooms: # rooms:
# - room: "!fuasirouddJoxtwfge:localhost" # - room: "!fuasirouddJoxtwfge:localhost"
# matrixToIrc: # matrixToIrc:
# initial: false # initial: false
# incremental: false # incremental: false
#
# # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. # # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
# channels: # channels:
# - channel: "#foo" # - channel: "#foo"
# ircToMatrix: # ircToMatrix:
# initial: false # initial: false
# incremental: false # incremental: false
#
# mappings: # mappings:
# # 1:many mappings from IRC channels to room IDs on this IRC server. # # 1:many mappings from IRC channels to room IDs on this IRC server.
# # The matrix room must already exist. Your matrix client should expose # # The matrix room must already exist. Your matrix client should expose
# # the room ID in a "settings" page for the room. # # the room ID in a "settings" page for the room.
# "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] # "#thepub": ["!kieouiJuedJoxtVdaG:localhost"]
#
# # Configuration for virtual matrix users. The following variables are # # Configuration for virtual matrix users. The following variables are
# # exposed: # # exposed:
# # $NICK => The IRC nick # # $NICK => The IRC nick
@ -322,7 +256,7 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # is discarded. You can also use -1 to never retry or 0 to never give up. # # is discarded. You can also use -1 to never retry or 0 to never give up.
# # Optional. Default: -1 # # Optional. Default: -1
# joinAttempts: -1 # joinAttempts: -1
#
# # Configuration for virtual IRC users. The following variables are exposed: # # Configuration for virtual IRC users. The following variables are exposed:
# # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) # # $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
# # $USERID => The user ID # # $USERID => The user ID
@ -390,91 +324,180 @@ matrix_appservice_irc_configuration_extension_yaml: |
# # through the bridge e.g. caller ID as there is no way to /ACCEPT. # # through the bridge e.g. caller ID as there is no way to /ACCEPT.
# # Default: "" (no user modes) # # Default: "" (no user modes)
# # userModes: "R" # # userModes: "R"
# Controls whether the matrix-appservice-discord container exposes its HTTP port (tcp/9999 in the container).
# #
# # Configuration for an ident server. If you are running a public bridge it is # Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9999"), or empty string to not expose.
# # advised you setup an ident server so IRC mods can ban specific matrix users matrix_appservice_irc_container_http_host_bind_port: ''
# # rather than the application service itself.
# ident: # A list of extra arguments to pass to the container
# # True to listen for Ident requests and respond with the matrix_appservice_irc_container_extra_arguments: []
# # matrix user's user_id (converted to ASCII, respecting RFC 1413).
# # Default: false. # List of systemd services that matrix-appservice-irc.service depends on.
# enabled: false matrix_appservice_irc_systemd_required_services_list: ['docker.service']
# # The port to listen on for incoming ident requests.
# # Ports below 1024 require root to listen on, and you may not want this to # List of systemd services that matrix-appservice-irc.service wants
# # run as root. Instead, you can get something like an Apache to yank up matrix_appservice_irc_systemd_wanted_services_list: []
# # incoming requests to 113 to a high numbered port. Set the port to listen
# # on instead of 113 here. matrix_appservice_irc_appservice_token: ''
# # Default: 113. matrix_appservice_irc_homeserver_token: ''
# port: 1113
# # The address to listen on for incoming ident requests. matrix_appservice_irc_configuration_yaml: |
# # Default: 0.0.0.0 #jinja2: lstrip_blocks: True
# address: "::" homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
# #
# # Configuration for logging. Optional. Default: console debug level logging # The URL of the homeserver hosting media files. This is only used to transform
# # only. # mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# logging: # default, this is the homeserver URL, specified above.
# # Level to log on console/logfile. One of error|warn|info|debug #
# level: "debug" media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# # The file location to log to. This is relative to the project directory.
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# The nedb database URI to connect to. This is the name of the directory to
# dump .db files to. This is relative to the project directory.
# Required.
databaseUri: "nedb:///data"
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
#logfile: "debug.log" #logfile: "debug.log"
# # The file location to log errors to. This is relative to the project # The file location to log errors to. This is relative to the project
# # directory. # directory.
#errfile: "errors.log" #errfile: "errors.log"
# # Whether to log to the console or not. # Whether to log to the console or not.
# toConsole: true toConsole: true
# # The max number of files to keep. Files will be overwritten eventually due # The max number of files to keep. Files will be overwritten eventually due
# # to rotations. # to rotations.
# maxFiles: 5 maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
# #
# # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: # GET /_matrix/provision/link
# # $ npm install prom-client@6.3.0 # GET /_matrix/provision/unlink
# # Metrics will then be available via GET /metrics on the bridge listening port (-p). # GET /_matrix/provision/listlinks
# metrics:
# # Whether to actually enable the metric endpoint. Default: false
# enabled: true
# # When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
# remoteUserAgeBuckets:
# - "1h"
# - "1d"
# - "1w"
# #
# # Configuration options for the debug HTTP API. To access this API, you must provisioning:
# # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests. # True to enable the provisioning HTTP endpoint. Default: false.
# # enabled: false
# # The debug API exposes the following endpoints: # The number of seconds to wait before giving up on getting a response from
# # # an IRC channel operator. If the channel operator does not respond within the
# # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID. # allotted time period, the provisioning request will fail.
# # # Default: 300 seconds (5 mins)
# # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection. requestTimeoutSeconds: 300
# # Format: new line delimited commands as per IRC protocol.
# # # Options here are generally only applicable to large-scale bridges and may have
# debugApi: # consequences greater than other options in this configuration file.
# # True to enable the HTTP API endpoint. Default: false. advanced:
# enabled: false # The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# # The port to host the HTTP API. # however for large bridges it is important to rate limit the bridge to avoid
# port: 11100 # accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here.
# This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`).
# #
# # Configuration for the provisioning API. # You can override individual variables from the default configuration, or introduce new ones.
# #
# # GET /_matrix/provision/link
# # GET /_matrix/provision/unlink
# # GET /_matrix/provision/listlinks
# #
# provisioning:
# # True to enable the provisioning HTTP endpoint. Default: false.
# enabled: false
# # The number of seconds to wait before giving up on getting a response from
# # an IRC channel operator. If the channel operator does not respond within the
# # allotted time period, the provisioning request will fail.
# # Default: 300 seconds (5 mins)
# requestTimeoutSeconds: 300
# #
# # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot # If you need something more special, you can take full control by
# # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in # completely redefining `matrix_appservice_irc_configuration_yaml`.
# # the database.
# #
matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}" matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml is mapping else {} }}"
matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}"
# The original registration.yaml file generated by AppService IRC is merged with this config override,
# to produce the final registration.yaml file ultimately used by both the bridge and the homeserver.
#
# We do this to ensure consistency:
# - always having an up-to-date registration.yaml file (synced with the configuration file)
# - always having the same AS/HS token and appservice id in the registration.yaml file
#
# Learn more about this in `setup_install.yml`
matrix_appservice_irc_registration_override_yaml: |
id: appservice-irc
as_token: "{{ matrix_appservice_irc_appservice_token }}"
hs_token: "{{ matrix_appservice_irc_homeserver_token }}"
matrix_appservice_irc_registration_override: "{{ matrix_appservice_irc_registration_override_yaml|from_yaml }}"

View file

@ -1,3 +1,11 @@
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
when: "matrix_appservice_irc_enabled|bool and matrix_synapse_role_executed|default(False)"
- set_fact: - set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}" matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}"
when: matrix_appservice_irc_enabled|bool when: matrix_appservice_irc_enabled|bool
@ -7,7 +15,7 @@
matrix_synapse_container_extra_arguments: > matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }} {{ matrix_synapse_container_extra_arguments|default([]) }}
+ +
{{ ["--mount type=bind,src={{ matrix_appservice_irc_base_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }} {{ ["--mount type=bind,src={{ matrix_appservice_irc_config_path }}/registration.yaml,dst=/matrix-appservice-irc-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: > matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }} {{ matrix_synapse_app_service_config_files|default([]) }}

View file

@ -1,13 +1,5 @@
--- ---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Appservice IRC image is pulled - name: Ensure Appservice IRC image is pulled
docker_image: docker_image:
name: "{{ matrix_appservice_irc_docker_image }}" name: "{{ matrix_appservice_irc_docker_image }}"
@ -15,31 +7,122 @@
force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_appservice_irc_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_irc_docker_image_force_pull }}"
- name: Ensure Appservice IRC base directory exists - name: Ensure Appservice IRC paths exist
file: file:
path: "{{ matrix_appservice_irc_base_path }}" path: "{{ item }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_appservice_irc_base_path }}"
- "{{ matrix_appservice_irc_config_path }}"
- "{{ matrix_appservice_irc_data_path }}"
- name: Check if an old passkey file already exists
stat:
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem"
register: matrix_appservice_irc_stat_passkey
- name: (Data relocation) Ensure matrix-appservice-irc.service is stopped
service:
name: matrix-appservice-irc
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
command: "mv {{ matrix_appservice_irc_base_path }}/passkey.pem {{ matrix_appservice_irc_data_path }}/passkey.pem"
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: (Data relocation) Move AppService database files to ./data directory
command: "mv {{ matrix_appservice_irc_base_path }}/{{ item }} {{ matrix_appservice_irc_data_path }}/{{ item }}"
with_items:
- rooms.db
- users.db
failed_when: false
when: "matrix_appservice_irc_stat_passkey.stat.exists"
- name: Ensure Matrix Appservice IRC config installed - name: Ensure Matrix Appservice IRC config installed
copy: copy:
content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}" content: "{{ matrix_appservice_irc_configuration|to_nice_yaml }}"
dest: "{{ matrix_appservice_irc_base_path }}/config.yaml" dest: "{{ matrix_appservice_irc_config_path }}/config.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
- name: Check if matrix-appservice-irc passkey exists - name: Check if Appservice IRC passkey exists
stat: stat:
path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" path: "{{ matrix_appservice_irc_data_path }}/passkey.pem"
register: irc_passkey_file register: irc_passkey_file
- name: Generate matrix-appservice-irc passkey if it doesn't exist - name: Generate Appservice IRC passkey if it doesn't exist
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
when: "not irc_passkey_file.stat.exists" when: "not irc_passkey_file.stat.exists"
# Ideally, we'd like to generate the final registration.yaml file by ourselves.
#
# However, the IRC bridge supports multiple servers, which leads to multiple
# users/aliases/rooms rules in the registration file.
#
# Generating a proper file by ourselves is complicated and may lead to deviation
# from what the bridge is doing.
#
# Instead, we do another hacky thing - asking the bridge to generate a template,
# and then we parse it and fix it up with our own AS/HS token.
# We need to do this, because:
# - we'd like to have an up-to-date registration file
# - we can achieve this by asking the bridge to rebuild it each time
# - however, the bridge insists on regenerating all tokens each time
# - .. which is not friendly for integrating with the homeserver
#
# So we have a hybrid approach. We ask the bridge to always generate
# an up-to-date file, and we fix it up with some static values later on,
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_irc_config_path }}:/config:z
-v {{ matrix_appservice_irc_data_path }}:/data:z
{{ matrix_appservice_irc_docker_image }}
node app.js
-r
-f /config/registration-template.yaml
-u "http://matrix-appservice-irc:9999"
-c /config/config.yaml
-l irc_bot
changed_when: false
- name: Read Appservice IRC registration-template.yaml
slurp:
src: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
register: matrix_appservice_irc_registration_template_slurp
- name: Remove unnecessary Appservice IRC registration-template.yaml
file:
path: "{{ matrix_appservice_irc_config_path }}/registration-template.yaml"
state: absent
changed_when: false
- name: Parse registration-template.yaml
set_fact:
matrix_appservice_irc_registration_template: "{{ matrix_appservice_irc_registration_template_slurp['content'] | b64decode | from_yaml }}"
- name: Combine registration-template.yaml and own registration override config
set_fact:
matrix_appservice_irc_registration: "{{ matrix_appservice_irc_registration_template|combine(matrix_appservice_irc_registration_override, recursive=True) }}"
- name: Ensure Appservice IRC registration.yaml installed
copy:
content: "{{ matrix_appservice_irc_registration|to_nice_yaml }}"
dest: "{{ matrix_appservice_irc_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure matrix-appservice-irc.service installed - name: Ensure matrix-appservice-irc.service installed
template: template:
src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2"
@ -51,31 +134,3 @@
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_appservice_irc_systemd_service_result.changed" when: "matrix_appservice_irc_systemd_service_result.changed"
- name: Check if a matrix-appservice-irc registration file exists
stat:
path: "{{ matrix_appservice_irc_base_path }}/registration.yaml"
register: appservice_irc_registration_file
- name: Generate matrix-appservice-irc registration.yaml if it doesn't exist
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
-v {{ matrix_appservice_irc_base_path }}:/data:z
{{ matrix_appservice_irc_docker_image }}
node app.js
-r
-f /data/registration.yaml
-u "http://matrix-appservice-irc:9999"
-c /data/config.yaml
-l irc_bot
when: "not appservice_irc_registration_file.stat.exists"
- name: Ensure IRC configuration directory permissions are correct
file:
path: "{{ matrix_appservice_irc_base_path }}"
state: directory
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
recurse: true

View file

@ -1,5 +1,14 @@
--- ---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_appservice_irc_appservice_token"
- "matrix_appservice_irc_homeserver_token"
# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to # Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to
# let the playbook run without errors. # let the playbook run without errors.
# #
@ -10,9 +19,11 @@
- name: Fail if no additional configuration provided - name: Fail if no additional configuration provided
fail: fail:
msg: >- msg: >-
Your Appservice IRC configuration is incomplete (lacking an `ircService` key). Your Appservice IRC configuration is incomplete (lacking an `ircService.servers` configuration).
You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`. You need to define one or more servers by either using `matrix_appservice_irc_ircService_servers`
when: "matrix_appservice_irc_configuration.ircService|default(none) is none" or by extending the base configuration with additional configuration in `matrix_appservice_irc_configuration_extension_yaml`.
Overriding the whole bridge's configuration (`matrix_appservice_irc_configuration`) is yet another possibility.
when: "matrix_appservice_irc_configuration.ircService.servers|length == 0"
- name: (Deprecation) Catch and report renamed appservice-irc variables - name: (Deprecation) Catch and report renamed appservice-irc variables
fail: fail:

View file

@ -25,12 +25,13 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
{% if matrix_appservice_irc_container_http_host_bind_port %} {% if matrix_appservice_irc_container_http_host_bind_port %}
-p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \ -p {{ matrix_appservice_irc_container_http_host_bind_port }}:9999 \
{% endif %} {% endif %}
-v {{ matrix_appservice_irc_base_path }}:/data:z \ -v {{ matrix_appservice_irc_config_path }}:/config:z \
-v {{ matrix_appservice_irc_data_path }}:/data:z \
{% for arg in matrix_appservice_irc_container_extra_arguments %} {% for arg in matrix_appservice_irc_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}
{{ matrix_appservice_irc_docker_image }} \ {{ matrix_appservice_irc_docker_image }} \
-c /data/config.yaml -f /data/registration.yaml -p 9999 -c /config/config.yaml -f /config/registration.yaml -p 9999
ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker kill matrix-appservice-irc
ExecStop=-/usr/bin/docker rm matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc

View file

@ -171,7 +171,7 @@ matrix_mautrix_facebook_registration_yaml: |
namespaces: namespaces:
users: users:
- exclusive: true - exclusive: true
regex: '@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}' regex: '^@facebook_.+:{{ matrix_mautrix_facebook_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_facebook_appservice_address }} url: {{ matrix_mautrix_facebook_appservice_address }}
sender_localpart: facebookbot sender_localpart: facebookbot
rate_limited: false rate_limited: false

View file

@ -367,10 +367,10 @@ matrix_mautrix_telegram_registration_yaml: |
namespaces: namespaces:
users: users:
- exclusive: true - exclusive: true
regex: '@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}' regex: '^@telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
aliases: aliases:
- exclusive: true - exclusive: true
regex: '#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}' regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_telegram_appservice_address }} url: {{ matrix_mautrix_telegram_appservice_address }}
sender_localpart: telegrambot sender_localpart: telegrambot
rate_limited: false rate_limited: false

View file

@ -7,8 +7,10 @@ matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}" matrix_mautrix_whatsapp_docker_image_force_pull: "{{ matrix_mautrix_whatsapp_docker_image.endswith(':latest') }}"
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
matrix_mautrix_whatsapp_config_path: "{{ matrix_mautrix_whatsapp_base_path }}/config"
matrix_mautrix_whatsapp_data_path: "{{ matrix_mautrix_whatsapp_base_path }}/data"
matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}" matrix_mautrix_whatsapp_homeserver_address: "http://matrix-synapse:8008"
matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
@ -20,3 +22,170 @@ matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-whatsapp.service wants # List of systemd services that matrix-mautrix-whatsapp.service wants
matrix_mautrix_whatsapp_systemd_wanted_services_list: [] matrix_mautrix_whatsapp_systemd_wanted_services_list: []
matrix_mautrix_whatsapp_appservice_token: ''
matrix_mautrix_whatsapp_homeserver_token: ''
# Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_whatsapp_configuration_yaml: |
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: sqlite3
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database
uri: mautrix-whatsapp.db
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users.
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
# WhatsApp connection timeout in seconds.
connection_timeout: 20
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Number of seconds to wait for contacts and chats to be sent at startup before syncing.
# If you have lots of chats, it might take more than a second.
contact_wait_delay: 1
# Number of chats to sync for new users.
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug
matrix_mautrix_whatsapp_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_whatsapp_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_whatsapp_configuration_yaml`.
matrix_mautrix_whatsapp_configuration_extension: "{{ matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml if matrix_mautrix_whatsapp_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_whatsapp_configuration_yaml`.
matrix_mautrix_whatsapp_configuration: "{{ matrix_mautrix_whatsapp_configuration_yaml|from_yaml|combine(matrix_mautrix_whatsapp_configuration_extension, recursive=True) }}"
matrix_mautrix_whatsapp_registration_yaml: |
id: whatsapp
url: {{ matrix_mautrix_whatsapp_appservice_address }}
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
sender_localpart: whatsappbot
rate_limited: false
namespaces:
users:
- regex: '^@whatsapp_[0-9]+:{{ matrix_mautrix_whatsapp_homeserver_domain|regex_escape }}$'
exclusive: true
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml|from_yaml }}"

View file

@ -7,7 +7,7 @@
matrix_synapse_container_extra_arguments: > matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }} {{ matrix_synapse_container_extra_arguments|default([]) }}
+ +
{{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_base_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }} {{ ["--mount type=bind,src={{ matrix_mautrix_whatsapp_config_path }}/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro"] }}
matrix_synapse_app_service_config_files: > matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }} {{ matrix_synapse_app_service_config_files|default([]) }}

View file

@ -2,6 +2,12 @@
tags: tags:
- always - always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_whatsapp_enabled|bool"
tags:
- setup-all
- setup-mautrix-whatsapp
- import_tasks: "{{ role_path }}/tasks/setup_install.yml" - import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup and matrix_mautrix_whatsapp_enabled" when: "run_setup and matrix_mautrix_whatsapp_enabled"
tags: tags:

View file

@ -15,27 +15,59 @@
force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_mautrix_whatsapp_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_whatsapp_docker_image_force_pull }}"
- name: Ensure Mautrix Whatsapp base directory exists - name: Ensure Mautrix Whatsapp paths exists
file: file:
path: "{{ matrix_mautrix_whatsapp_base_path }}" path: "{{ item }}"
state: directory state: directory
mode: 0750 mode: 0750
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_mautrix_whatsapp_base_path }}"
- "{{ matrix_mautrix_whatsapp_config_path }}"
- "{{ matrix_mautrix_whatsapp_data_path }}"
- name: Check if a mautrix-whatsapp configuration file exists - name: Check if an old database file exists
stat: stat:
path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" path: "{{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db"
register: mautrix_whatsapp_config_file_stat register: matrix_mautrix_whatsapp_stat_database
- name: Ensure Matrix Mautrix whatsapp config installed - name: Check if an old matrix state file exists
template: stat:
src: "{{ role_path }}/templates//config.yaml.j2" path: "{{ matrix_mautrix_whatsapp_base_path }}/mx-state.json"
dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" register: matrix_mautrix_whatsapp_stat_mx_state
- name: (Data relocation) Ensure matrix-mautrix-whatsapp.service is stopped
service:
name: matrix-mautrix-whatsapp
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-whatsapp database file to ./data directory
command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mautrix-whatsapp.db {{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"
when: "matrix_mautrix_whatsapp_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-whatsapp mx-state file to ./data directory
command: "mv {{ matrix_mautrix_whatsapp_base_path }}/mx-state.json {{ matrix_mautrix_whatsapp_data_path }}/mx-state.json"
when: "matrix_mautrix_whatsapp_stat_mx_state.stat.exists"
- name: Ensure mautrix-whatsapp config.yaml installed
copy:
content: "{{ matrix_mautrix_whatsapp_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_whatsapp_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure mautrix-whatsapp registration.yaml installed
copy:
content: "{{ matrix_mautrix_whatsapp_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_whatsapp_config_path }}/registration.yaml"
mode: 0644 mode: 0644
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}"
when: "not mautrix_whatsapp_config_file_stat.stat.exists"
- name: Ensure matrix-mautrix-whatsapp.service installed - name: Ensure matrix-mautrix-whatsapp.service installed
template: template:
@ -48,21 +80,3 @@
service: service:
daemon_reload: yes daemon_reload: yes
when: "matrix_mautrix_whatsapp_systemd_service_result.changed" when: "matrix_mautrix_whatsapp_systemd_service_result.changed"
- name: Check if a mautrix-whatsapp registration file exists
stat:
path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml"
register: mautrix_whatsapp_registration_file_stat
- name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist
shell:
cmd: >-
/usr/bin/docker run
--rm
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--name matrix-mautrix-whatsapp-gen
-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z
{{ matrix_mautrix_whatsapp_docker_image }}
/usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
when: "not mautrix_whatsapp_registration_file_stat.stat.exists"

View file

@ -0,0 +1,11 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_whatsapp_appservice_token"
- "matrix_mautrix_whatsapp_homeserver_token"

View file

@ -1,87 +0,0 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. Only "sqlite3" is supported.
type: sqlite3
# The database URI. Usually file name. https://github.com/mattn/go-sqlite3#connection-string
uri: mautrix-whatsapp.db
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: remove
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "This value is generated when generating the registration"
hs_token: "This value is generated when generating the registration"
# Bridge config. Currently unused.
bridge:
# {% raw %}
# protecting the go templates inside the raw section.
# Localpart template of MXIDs for WhatsApp users.
# {{.}} is replaced with the phone number of the WhatsApp user.
username_template: whatsapp_{{.}}
# Displayname template for WhatsApp users.
# {{.Notify}} - nickname set by the WhatsApp user
# {{.Jid}} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{.Name}} - display name from contact list
# {{.Short}} - short display name from contact list
displayname_template: "{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)"
# {% endraw %}
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_whatsapp_homeserver_domain }}': user
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: {% raw %}"{{.Date}}-{{.Index}}.log"{% endraw %}
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: 2006-01-02
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: Jan _2, 2006 15:04:05
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug

View file

@ -22,13 +22,14 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \ --cap-drop=ALL \
--network={{ matrix_docker_network }} \ --network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \ -v {{ matrix_mautrix_whatsapp_config_path }}:/config:z \
-v {{ matrix_mautrix_whatsapp_data_path }}:/data:z \
--workdir=/data \ --workdir=/data \
{% for arg in matrix_mautrix_whatsapp_container_extra_arguments %} {% for arg in matrix_mautrix_whatsapp_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}
{{ matrix_mautrix_whatsapp_docker_image }} \ {{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp /usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp

View file

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged. # We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but # An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date. # that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.15.12-alpine" matrix_nginx_proxy_docker_image: "nginx:1.17.0-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"

View file

@ -8,9 +8,9 @@ matrix_postgres_db_name: ""
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "postgres:9.6.13-alpine" matrix_postgres_docker_image_v9: "postgres:9.6.14-alpine"
matrix_postgres_docker_image_v10: "postgres:10.8-alpine" matrix_postgres_docker_image_v10: "postgres:10.9-alpine"
matrix_postgres_docker_image_v11: "postgres:11.3-alpine" matrix_postgres_docker_image_v11: "postgres:11.4-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
# This variable is assigned at runtime. Overriding its value has no effect. # This variable is assigned at runtime. Overriding its value has no effect.

View file

@ -1,6 +1,6 @@
matrix_riot_web_enabled: true matrix_riot_web_enabled: true
matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.1" matrix_riot_web_docker_image: "bubuntux/riot-web:v1.2.2"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}" matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"