Merge remote-tracking branch 'github/master'
This commit is contained in:
commit
99639d7d7a
|
@ -1,3 +1,12 @@
|
||||||
|
# 2020-06-05
|
||||||
|
|
||||||
|
## SMS bridging support
|
||||||
|
|
||||||
|
Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge).
|
||||||
|
|
||||||
|
See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started.
|
||||||
|
|
||||||
|
|
||||||
# 2020-05-19
|
# 2020-05-19
|
||||||
|
|
||||||
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
||||||
|
|
|
@ -1,24 +1,29 @@
|
||||||
# Alternative architectures
|
# Alternative architectures
|
||||||
|
|
||||||
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||||
|
|
||||||
To that end add the following variable to your `vars.yaml` file:
|
To that end add the following variable to your `vars.yaml` file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_architecture: <your-matrix-server-architecture>
|
||||||
```
|
```
|
||||||
matrix_architecture = <your-matrix-server-architecture>
|
|
||||||
```
|
|
||||||
Currently supported architectures are the following:
|
Currently supported architectures are the following:
|
||||||
- `amd64` (the default)
|
- `amd64` (the default)
|
||||||
- `arm64`
|
- `arm64`
|
||||||
- `arm32`
|
- `arm32`
|
||||||
|
|
||||||
so for the Raspberry Pi the following should be in your `vars.yaml` file:
|
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
|
||||||
```
|
|
||||||
matrix_architecture = "arm32"
|
```yaml
|
||||||
|
matrix_architecture: "arm32"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Implementation details
|
## Implementation details
|
||||||
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
|
||||||
|
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||||
|
|
||||||
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
||||||
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
|
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
|
||||||
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
|
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
|
||||||
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
|
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
|
||||||
|
|
|
@ -49,7 +49,7 @@ docker run -it --rm \
|
||||||
-v `pwd`:/work \
|
-v `pwd`:/work \
|
||||||
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
||||||
--entrypoint=/bin/sh \
|
--entrypoint=/bin/sh \
|
||||||
devture/ansible:2.8.1-r0
|
devture/ansible:2.9.9-r0
|
||||||
```
|
```
|
||||||
|
|
||||||
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
||||||
|
|
|
@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
|
||||||
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||||
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
||||||
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
||||||
7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id`
|
7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
|
||||||
|
|
||||||
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||||
```
|
```
|
||||||
|
|
||||||
|
You can generate a strong shared secret with a command like this: `pwgen -s 64 1`
|
||||||
|
|
||||||
|
|
||||||
## Authenticating only using a password provider
|
## Authenticating only using a password provider
|
||||||
|
|
||||||
|
|
|
@ -136,7 +136,7 @@ backend matrix-backend
|
||||||
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
||||||
# Rewrite redirects as ProxyPassReverse does
|
# Rewrite redirects as ProxyPassReverse does
|
||||||
acl response-is-redirect res.hdr(Location) -m found
|
acl response-is-redirect res.hdr(Location) -m found
|
||||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect
|
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
|
||||||
```
|
```
|
||||||
|
|
||||||
Make sure to:
|
Make sure to:
|
||||||
|
|
|
@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als
|
||||||
|
|
||||||
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
||||||
|
|
||||||
To upgrade the services:
|
To upgrade services:
|
||||||
|
|
||||||
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
||||||
|
|
||||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of
|
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
|
||||||
|
|
||||||
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
||||||
|
|
||||||
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
||||||
|
|
||||||
**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||||
|
|
|
@ -6,16 +6,16 @@
|
||||||
|
|
||||||
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
||||||
|
|
||||||
- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||||
|
|
||||||
- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||||
|
|
||||||
- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||||
|
|
||||||
- an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||||
|
|
||||||
- properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md))
|
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
|
||||||
|
|
||||||
- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP)
|
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
|
||||||
|
|
||||||
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
||||||
|
|
|
@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||||
- `matrix-riot-web`
|
- `matrix-riot-web`
|
||||||
- `matrix-coturn`
|
- `matrix-coturn`
|
||||||
- `matrix-ma1sd`
|
- `matrix-ma1sd`
|
||||||
|
- `matrix-mailer`
|
||||||
- `matrix-mautrix-facebook`
|
- `matrix-mautrix-facebook`
|
||||||
- `matrix-mautrix-hangouts`
|
- `matrix-mautrix-hangouts`
|
||||||
- `matrix-mx-puppet-skype`
|
- `matrix-mx-puppet-skype`
|
||||||
|
|
|
@ -537,11 +537,13 @@ matrix_jitsi_web_stun_servers: |
|
||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
# By default, this playbook sets up a postfix mailer server (running in a container).
|
# By default, this playbook sets up an exim mailer server (running in a container).
|
||||||
# This is so that Synapse can send email reminders for unread messages.
|
# This is so that Synapse can send email reminders for unread messages.
|
||||||
# Other services (like ma1sd), also use the mailer.
|
# Other services (like ma1sd), also use the mailer.
|
||||||
matrix_mailer_enabled: true
|
matrix_mailer_enabled: true
|
||||||
|
|
||||||
|
matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# /matrix-mailer
|
# /matrix-mailer
|
||||||
|
@ -636,6 +638,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
|
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
|
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
|
||||||
|
|
||||||
|
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
||||||
|
@ -673,7 +677,13 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
||||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||||
}}
|
}}
|
||||||
|
|
||||||
matrix_ssl_architecture: "{{ matrix_architecture }}"
|
matrix_ssl_architecture: "{{
|
||||||
|
{
|
||||||
|
'amd64': 'amd64',
|
||||||
|
'arm32': 'arm32v6',
|
||||||
|
'arm64': 'arm64v8',
|
||||||
|
}[matrix_architecture]
|
||||||
|
}}"
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
@ -780,7 +790,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy
|
||||||
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
||||||
#
|
#
|
||||||
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||||
#
|
#
|
||||||
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
||||||
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||||
|
|
|
@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
||||||
# This is where you access Jitsi.
|
# This is where you access Jitsi.
|
||||||
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
matrix_federation_public_port: 8448
|
||||||
|
|
||||||
matrix_user_username: "matrix"
|
matrix_user_username: "matrix"
|
||||||
matrix_user_groupname: "matrix"
|
matrix_user_groupname: "matrix"
|
||||||
|
|
||||||
|
@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system"
|
||||||
matrix_cron_path: "/etc/cron.d"
|
matrix_cron_path: "/etc/cron.d"
|
||||||
matrix_local_bin_path: "/usr/local/bin"
|
matrix_local_bin_path: "/usr/local/bin"
|
||||||
|
|
||||||
|
matrix_host_command_docker: "/usr/bin/env docker"
|
||||||
|
matrix_host_command_sleep: "/usr/bin/env sleep"
|
||||||
|
matrix_host_command_chown: "/usr/bin/env chown"
|
||||||
|
matrix_host_command_fusermount: "/usr/bin/env fusermount"
|
||||||
|
matrix_host_command_openssl: "/usr/bin/env openssl"
|
||||||
|
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
||||||
|
|
||||||
matrix_ntpd_package: "ntp"
|
matrix_ntpd_package: "ntp"
|
||||||
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
|
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#jinja2: lstrip_blocks: "True"
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
|
||||||
matrix_appservice_discord_bridge_disablePresence: false
|
matrix_appservice_discord_bridge_disablePresence: false
|
||||||
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
|
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
|
||||||
|
|
||||||
matrix_appservice_discord_configuration_yaml: |
|
matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Domain part of the bridge, e.g. matrix.org
|
|
||||||
domain: {{ matrix_appservice_discord_bridge_domain }}
|
|
||||||
# This should be your publically facing URL because Discord may use it to
|
|
||||||
# fetch media from the media store.
|
|
||||||
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
|
||||||
# Interval at which to process users in the 'presence queue'. If you have
|
|
||||||
# 5 users, one user will be processed every 500 milliseconds according to the
|
|
||||||
# value below. This has a minimum value of 250.
|
|
||||||
# WARNING: This has a high chance of spamming the homeserver with presence
|
|
||||||
# updates since it will send one each time somebody changes state or is online.
|
|
||||||
presenceInterval: 500
|
|
||||||
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
|
||||||
# will not be shown as away or online.
|
|
||||||
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
|
||||||
# Disable sending typing notifications when somebody on Discord types.
|
|
||||||
disableTypingNotifications: false
|
|
||||||
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
|
||||||
disableDeletionForwarding: false
|
|
||||||
# Enable users to bridge rooms using !discord commands. See
|
|
||||||
# https://t2bot.io/discord for instructions.
|
|
||||||
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
|
||||||
# Disable sending of read receipts for Matrix events which have been
|
|
||||||
# successfully bridged to Discord.
|
|
||||||
disableReadReceipts: false
|
|
||||||
# Disable Join Leave echos from matrix
|
|
||||||
disableJoinLeaveNotifications: false
|
|
||||||
# Authentication configuration for the discord bot.
|
|
||||||
auth:
|
|
||||||
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
|
||||||
botToken: {{ matrix_appservice_discord_bot_token }}
|
|
||||||
logging:
|
|
||||||
# What level should the logger output to the console at.
|
|
||||||
console: "warn" #silly, verbose, info, http, warn, error, silent
|
|
||||||
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
|
||||||
# files:
|
|
||||||
# - file: "debug.log"
|
|
||||||
# disable:
|
|
||||||
# - "PresenceHandler" # Will not capture presence logging
|
|
||||||
# - file: "warn.log" # Will capture warnings
|
|
||||||
# level: "warn"
|
|
||||||
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
|
||||||
# level: "info"
|
|
||||||
# enable:
|
|
||||||
# - "DiscordBot"
|
|
||||||
database:
|
|
||||||
userStorePath: "/data/user-store.db"
|
|
||||||
roomStorePath: "/data/room-store.db"
|
|
||||||
# You may either use SQLite or Postgresql for the bridge database, which contains
|
|
||||||
# important mappings for events and user puppeting configurations.
|
|
||||||
# Use the filename option for SQLite, or connString for Postgresql.
|
|
||||||
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
|
||||||
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
|
||||||
# is in heavy demand and you suffer from IO slowness.
|
|
||||||
filename: "/data/discord.db"
|
|
||||||
# connString: "postgresql://user:password@localhost/database_name"
|
|
||||||
room:
|
|
||||||
# Set the default visibility of alias rooms, defaults to "public".
|
|
||||||
# One of: "public", "private"
|
|
||||||
defaultVisibility: "public"
|
|
||||||
channel:
|
|
||||||
# Pattern of the name given to bridged rooms.
|
|
||||||
# Can use :guild for the guild name and :name for the channel name.
|
|
||||||
namePattern: "[Discord] :guild :name"
|
|
||||||
# Changes made to rooms when a channel is deleted.
|
|
||||||
deleteOptions:
|
|
||||||
# Prefix the room name with a string.
|
|
||||||
#namePrefix: "[Deleted]"
|
|
||||||
# Prefix the room topic with a string.
|
|
||||||
#topicPrefix: "This room has been deleted"
|
|
||||||
# Disable people from talking in the room by raising the event PL to 50
|
|
||||||
disableMessaging: false
|
|
||||||
# Remove the discord alias from the room.
|
|
||||||
unsetRoomAlias: true
|
|
||||||
# Remove the room from the directory.
|
|
||||||
unlistFromDirectory: true
|
|
||||||
# Set the room to be unavaliable for joining without an invite.
|
|
||||||
setInviteOnly: true
|
|
||||||
# Make all the discord users leave the room.
|
|
||||||
ghostsLeave: true
|
|
||||||
limits:
|
|
||||||
# Delay in milliseconds between discord users joining a room.
|
|
||||||
roomGhostJoinDelay: 6000
|
|
||||||
# Delay in milliseconds before sending messages to discord to avoid echos.
|
|
||||||
# (Copies of a sent message may arrive from discord before we've
|
|
||||||
# fininished handling it, causing us to echo it back to the room)
|
|
||||||
discordSendDelay: 750
|
|
||||||
ghosts:
|
|
||||||
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
|
||||||
nickPattern: ":nick"
|
|
||||||
# Pattern for the ghosts username, available is :username, :tag and :id
|
|
||||||
usernamePattern: ":username#:tag"
|
|
||||||
|
|
||||||
matrix_appservice_discord_configuration_extension_yaml: |
|
matrix_appservice_discord_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
|
@ -60,7 +60,7 @@
|
||||||
# We intentionally suppress Ansible changes.
|
# We intentionally suppress Ansible changes.
|
||||||
- name: Generate AppService Discord invite link
|
- name: Generate AppService Discord invite link
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name matrix-appservice-discord-link-gen
|
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_appservice_discord_config_path }}:/cfg
|
-v {{ matrix_appservice_discord_config_path }}:/cfg
|
||||||
|
|
|
@ -0,0 +1,93 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Domain part of the bridge, e.g. matrix.org
|
||||||
|
domain: {{ matrix_appservice_discord_bridge_domain }}
|
||||||
|
# This should be your publically facing URL because Discord may use it to
|
||||||
|
# fetch media from the media store.
|
||||||
|
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
||||||
|
# Interval at which to process users in the 'presence queue'. If you have
|
||||||
|
# 5 users, one user will be processed every 500 milliseconds according to the
|
||||||
|
# value below. This has a minimum value of 250.
|
||||||
|
# WARNING: This has a high chance of spamming the homeserver with presence
|
||||||
|
# updates since it will send one each time somebody changes state or is online.
|
||||||
|
presenceInterval: 500
|
||||||
|
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
||||||
|
# will not be shown as away or online.
|
||||||
|
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
||||||
|
# Disable sending typing notifications when somebody on Discord types.
|
||||||
|
disableTypingNotifications: false
|
||||||
|
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
||||||
|
disableDeletionForwarding: false
|
||||||
|
# Enable users to bridge rooms using !discord commands. See
|
||||||
|
# https://t2bot.io/discord for instructions.
|
||||||
|
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
||||||
|
# Disable sending of read receipts for Matrix events which have been
|
||||||
|
# successfully bridged to Discord.
|
||||||
|
disableReadReceipts: false
|
||||||
|
# Disable Join Leave echos from matrix
|
||||||
|
disableJoinLeaveNotifications: false
|
||||||
|
# Authentication configuration for the discord bot.
|
||||||
|
auth:
|
||||||
|
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
||||||
|
botToken: {{ matrix_appservice_discord_bot_token }}
|
||||||
|
logging:
|
||||||
|
# What level should the logger output to the console at.
|
||||||
|
console: "warn" #silly, verbose, info, http, warn, error, silent
|
||||||
|
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
||||||
|
# files:
|
||||||
|
# - file: "debug.log"
|
||||||
|
# disable:
|
||||||
|
# - "PresenceHandler" # Will not capture presence logging
|
||||||
|
# - file: "warn.log" # Will capture warnings
|
||||||
|
# level: "warn"
|
||||||
|
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
||||||
|
# level: "info"
|
||||||
|
# enable:
|
||||||
|
# - "DiscordBot"
|
||||||
|
database:
|
||||||
|
userStorePath: "/data/user-store.db"
|
||||||
|
roomStorePath: "/data/room-store.db"
|
||||||
|
# You may either use SQLite or Postgresql for the bridge database, which contains
|
||||||
|
# important mappings for events and user puppeting configurations.
|
||||||
|
# Use the filename option for SQLite, or connString for Postgresql.
|
||||||
|
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
||||||
|
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
||||||
|
# is in heavy demand and you suffer from IO slowness.
|
||||||
|
filename: "/data/discord.db"
|
||||||
|
# connString: "postgresql://user:password@localhost/database_name"
|
||||||
|
room:
|
||||||
|
# Set the default visibility of alias rooms, defaults to "public".
|
||||||
|
# One of: "public", "private"
|
||||||
|
defaultVisibility: "public"
|
||||||
|
channel:
|
||||||
|
# Pattern of the name given to bridged rooms.
|
||||||
|
# Can use :guild for the guild name and :name for the channel name.
|
||||||
|
namePattern: "[Discord] :guild :name"
|
||||||
|
# Changes made to rooms when a channel is deleted.
|
||||||
|
deleteOptions:
|
||||||
|
# Prefix the room name with a string.
|
||||||
|
#namePrefix: "[Deleted]"
|
||||||
|
# Prefix the room topic with a string.
|
||||||
|
#topicPrefix: "This room has been deleted"
|
||||||
|
# Disable people from talking in the room by raising the event PL to 50
|
||||||
|
disableMessaging: false
|
||||||
|
# Remove the discord alias from the room.
|
||||||
|
unsetRoomAlias: true
|
||||||
|
# Remove the room from the directory.
|
||||||
|
unlistFromDirectory: true
|
||||||
|
# Set the room to be unavaliable for joining without an invite.
|
||||||
|
setInviteOnly: true
|
||||||
|
# Make all the discord users leave the room.
|
||||||
|
ghostsLeave: true
|
||||||
|
limits:
|
||||||
|
# Delay in milliseconds between discord users joining a room.
|
||||||
|
roomGhostJoinDelay: 6000
|
||||||
|
# Delay in milliseconds before sending messages to discord to avoid echos.
|
||||||
|
# (Copies of a sent message may arrive from discord before we've
|
||||||
|
# fininished handling it, causing us to echo it back to the room)
|
||||||
|
discordSendDelay: 750
|
||||||
|
ghosts:
|
||||||
|
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
||||||
|
nickPattern: ":nick"
|
||||||
|
# Pattern for the ghosts username, available is :username, :tag and :id
|
||||||
|
usernamePattern: ":username#:tag"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
||||||
{{ matrix_appservice_discord_docker_image }} \
|
{{ matrix_appservice_discord_docker_image }} \
|
||||||
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
|
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-discord
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-discord
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-discord
|
SyslogIdentifier=matrix-appservice-discord
|
||||||
|
|
|
@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
|
||||||
matrix_appservice_irc_appservice_token: ''
|
matrix_appservice_irc_appservice_token: ''
|
||||||
matrix_appservice_irc_homeserver_token: ''
|
matrix_appservice_irc_homeserver_token: ''
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_yaml: |
|
matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
homeserver:
|
|
||||||
# The URL to the home server for client-server API calls, also used to form the
|
|
||||||
# media URLs as displayed in bridged IRC channels:
|
|
||||||
url: {{ matrix_appservice_irc_homeserver_url }}
|
|
||||||
#
|
|
||||||
# The URL of the homeserver hosting media files. This is only used to transform
|
|
||||||
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
|
||||||
# default, this is the homeserver URL, specified above.
|
|
||||||
#
|
|
||||||
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
|
||||||
|
|
||||||
# Drop Matrix messages which are older than this number of seconds, according to
|
|
||||||
# the event's origin_server_ts.
|
|
||||||
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
|
||||||
# events on reconnection. These events may be hours old, which can be confusing to
|
|
||||||
# IRC users if they are then bridged. This option allows these old messages to be
|
|
||||||
# dropped.
|
|
||||||
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
|
||||||
# clock times and hence produce different origin_server_ts values, which may be old
|
|
||||||
# enough to cause *all* events from the homeserver to be dropped.
|
|
||||||
# Default: 0 (don't ever drop)
|
|
||||||
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
|
||||||
|
|
||||||
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
|
||||||
# is the "domain name" part of the HS URL.
|
|
||||||
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
|
||||||
|
|
||||||
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
|
||||||
# homeserver then it should also be disabled here to avoid excess traffic.
|
|
||||||
# Default: true
|
|
||||||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
|
||||||
|
|
||||||
ircService:
|
|
||||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
|
||||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
|
||||||
# the database.
|
|
||||||
#
|
|
||||||
# To generate a .pem file:
|
|
||||||
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
|
||||||
#
|
|
||||||
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
|
||||||
# for storage in the database. Passwords are stored by using the admin room command
|
|
||||||
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
|
||||||
# the Matrix user, this password will be sent as the server password (PASS command).
|
|
||||||
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
|
||||||
|
|
||||||
# Config for Matrix -> IRC bridging
|
|
||||||
matrixHandler:
|
|
||||||
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
|
||||||
eventCacheSize: 4096
|
|
||||||
|
|
||||||
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
|
||||||
|
|
||||||
# Configuration for an ident server. If you are running a public bridge it is
|
|
||||||
# advised you setup an ident server so IRC mods can ban specific matrix users
|
|
||||||
# rather than the application service itself.
|
|
||||||
ident:
|
|
||||||
# True to listen for Ident requests and respond with the
|
|
||||||
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
|
||||||
# Default: false.
|
|
||||||
enabled: false
|
|
||||||
# The port to listen on for incoming ident requests.
|
|
||||||
# Ports below 1024 require root to listen on, and you may not want this to
|
|
||||||
# run as root. Instead, you can get something like an Apache to yank up
|
|
||||||
# incoming requests to 113 to a high numbered port. Set the port to listen
|
|
||||||
# on instead of 113 here.
|
|
||||||
# Default: 113.
|
|
||||||
port: 1113
|
|
||||||
# The address to listen on for incoming ident requests.
|
|
||||||
# Default: 0.0.0.0
|
|
||||||
address: "::"
|
|
||||||
|
|
||||||
# Configuration for logging. Optional. Default: console debug level logging
|
|
||||||
# only.
|
|
||||||
logging:
|
|
||||||
# Level to log on console/logfile. One of error|warn|info|debug
|
|
||||||
level: "debug"
|
|
||||||
# The file location to log to. This is relative to the project directory.
|
|
||||||
#logfile: "debug.log"
|
|
||||||
# The file location to log errors to. This is relative to the project
|
|
||||||
# directory.
|
|
||||||
#errfile: "errors.log"
|
|
||||||
# Whether to log to the console or not.
|
|
||||||
toConsole: true
|
|
||||||
# The max number of files to keep. Files will be overwritten eventually due
|
|
||||||
# to rotations.
|
|
||||||
maxFiles: 5
|
|
||||||
|
|
||||||
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
|
||||||
# $ npm install prom-client@6.3.0
|
|
||||||
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
|
||||||
metrics:
|
|
||||||
# Whether to actually enable the metric endpoint. Default: false
|
|
||||||
enabled: true
|
|
||||||
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
|
||||||
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
|
||||||
remoteUserAgeBuckets:
|
|
||||||
- "1h"
|
|
||||||
- "1d"
|
|
||||||
- "1w"
|
|
||||||
|
|
||||||
# Configuration for the provisioning API.
|
|
||||||
#
|
|
||||||
# GET /_matrix/provision/link
|
|
||||||
# GET /_matrix/provision/unlink
|
|
||||||
# GET /_matrix/provision/listlinks
|
|
||||||
#
|
|
||||||
provisioning:
|
|
||||||
# True to enable the provisioning HTTP endpoint. Default: false.
|
|
||||||
enabled: false
|
|
||||||
# The number of seconds to wait before giving up on getting a response from
|
|
||||||
# an IRC channel operator. If the channel operator does not respond within the
|
|
||||||
# allotted time period, the provisioning request will fail.
|
|
||||||
# Default: 300 seconds (5 mins)
|
|
||||||
requestTimeoutSeconds: 300
|
|
||||||
|
|
||||||
# Options here are generally only applicable to large-scale bridges and may have
|
|
||||||
# consequences greater than other options in this configuration file.
|
|
||||||
advanced:
|
|
||||||
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
|
||||||
# however for large bridges it is important to rate limit the bridge to avoid
|
|
||||||
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
|
||||||
# enough for the vast majority of use cases.
|
|
||||||
maxHttpSockets: 1000
|
|
||||||
|
|
||||||
# Use an external database to store bridge state.
|
|
||||||
database:
|
|
||||||
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
|
||||||
engine: "nedb"
|
|
||||||
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
|
||||||
# For postgres, it must start with postgres://
|
|
||||||
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
|
||||||
connectionString: "nedb:///data"
|
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_extension_yaml: |
|
matrix_appservice_irc_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for Appservice IRC servers goes here.
|
# Your custom YAML configuration for Appservice IRC servers goes here.
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
register: irc_passkey_file
|
register: irc_passkey_file
|
||||||
|
|
||||||
- name: Generate Appservice IRC passkey if it doesn't exist
|
- name: Generate Appservice IRC passkey if it doesn't exist
|
||||||
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ matrix_user_username }}"
|
become_user: "{{ matrix_user_username }}"
|
||||||
when: "not irc_passkey_file.stat.exists"
|
when: "not irc_passkey_file.stat.exists"
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
# to produce a final registration.yaml file, as we desire.
|
# to produce a final registration.yaml file, as we desire.
|
||||||
- name: Generate Appservice IRC registration-template.yaml
|
- name: Generate Appservice IRC registration-template.yaml
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
|
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
||||||
|
|
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,134 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
homeserver:
|
||||||
|
# The URL to the home server for client-server API calls, also used to form the
|
||||||
|
# media URLs as displayed in bridged IRC channels:
|
||||||
|
url: {{ matrix_appservice_irc_homeserver_url }}
|
||||||
|
#
|
||||||
|
# The URL of the homeserver hosting media files. This is only used to transform
|
||||||
|
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
||||||
|
# default, this is the homeserver URL, specified above.
|
||||||
|
#
|
||||||
|
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
||||||
|
|
||||||
|
# Drop Matrix messages which are older than this number of seconds, according to
|
||||||
|
# the event's origin_server_ts.
|
||||||
|
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
||||||
|
# events on reconnection. These events may be hours old, which can be confusing to
|
||||||
|
# IRC users if they are then bridged. This option allows these old messages to be
|
||||||
|
# dropped.
|
||||||
|
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
||||||
|
# clock times and hence produce different origin_server_ts values, which may be old
|
||||||
|
# enough to cause *all* events from the homeserver to be dropped.
|
||||||
|
# Default: 0 (don't ever drop)
|
||||||
|
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
||||||
|
|
||||||
|
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
||||||
|
# is the "domain name" part of the HS URL.
|
||||||
|
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
||||||
|
|
||||||
|
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
||||||
|
# homeserver then it should also be disabled here to avoid excess traffic.
|
||||||
|
# Default: true
|
||||||
|
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||||
|
|
||||||
|
ircService:
|
||||||
|
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||||
|
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||||
|
# the database.
|
||||||
|
#
|
||||||
|
# To generate a .pem file:
|
||||||
|
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||||
|
#
|
||||||
|
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
||||||
|
# for storage in the database. Passwords are stored by using the admin room command
|
||||||
|
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
||||||
|
# the Matrix user, this password will be sent as the server password (PASS command).
|
||||||
|
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
||||||
|
|
||||||
|
# Config for Matrix -> IRC bridging
|
||||||
|
matrixHandler:
|
||||||
|
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
||||||
|
eventCacheSize: 4096
|
||||||
|
|
||||||
|
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
||||||
|
|
||||||
|
# Configuration for an ident server. If you are running a public bridge it is
|
||||||
|
# advised you setup an ident server so IRC mods can ban specific matrix users
|
||||||
|
# rather than the application service itself.
|
||||||
|
ident:
|
||||||
|
# True to listen for Ident requests and respond with the
|
||||||
|
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
||||||
|
# Default: false.
|
||||||
|
enabled: false
|
||||||
|
# The port to listen on for incoming ident requests.
|
||||||
|
# Ports below 1024 require root to listen on, and you may not want this to
|
||||||
|
# run as root. Instead, you can get something like an Apache to yank up
|
||||||
|
# incoming requests to 113 to a high numbered port. Set the port to listen
|
||||||
|
# on instead of 113 here.
|
||||||
|
# Default: 113.
|
||||||
|
port: 1113
|
||||||
|
# The address to listen on for incoming ident requests.
|
||||||
|
# Default: 0.0.0.0
|
||||||
|
address: "::"
|
||||||
|
|
||||||
|
# Configuration for logging. Optional. Default: console debug level logging
|
||||||
|
# only.
|
||||||
|
logging:
|
||||||
|
# Level to log on console/logfile. One of error|warn|info|debug
|
||||||
|
level: "debug"
|
||||||
|
# The file location to log to. This is relative to the project directory.
|
||||||
|
#logfile: "debug.log"
|
||||||
|
# The file location to log errors to. This is relative to the project
|
||||||
|
# directory.
|
||||||
|
#errfile: "errors.log"
|
||||||
|
# Whether to log to the console or not.
|
||||||
|
toConsole: true
|
||||||
|
# The max number of files to keep. Files will be overwritten eventually due
|
||||||
|
# to rotations.
|
||||||
|
maxFiles: 5
|
||||||
|
|
||||||
|
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
||||||
|
# $ npm install prom-client@6.3.0
|
||||||
|
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
||||||
|
metrics:
|
||||||
|
# Whether to actually enable the metric endpoint. Default: false
|
||||||
|
enabled: true
|
||||||
|
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
||||||
|
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
||||||
|
remoteUserAgeBuckets:
|
||||||
|
- "1h"
|
||||||
|
- "1d"
|
||||||
|
- "1w"
|
||||||
|
|
||||||
|
# Configuration for the provisioning API.
|
||||||
|
#
|
||||||
|
# GET /_matrix/provision/link
|
||||||
|
# GET /_matrix/provision/unlink
|
||||||
|
# GET /_matrix/provision/listlinks
|
||||||
|
#
|
||||||
|
provisioning:
|
||||||
|
# True to enable the provisioning HTTP endpoint. Default: false.
|
||||||
|
enabled: false
|
||||||
|
# The number of seconds to wait before giving up on getting a response from
|
||||||
|
# an IRC channel operator. If the channel operator does not respond within the
|
||||||
|
# allotted time period, the provisioning request will fail.
|
||||||
|
# Default: 300 seconds (5 mins)
|
||||||
|
requestTimeoutSeconds: 300
|
||||||
|
|
||||||
|
# Options here are generally only applicable to large-scale bridges and may have
|
||||||
|
# consequences greater than other options in this configuration file.
|
||||||
|
advanced:
|
||||||
|
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
||||||
|
# however for large bridges it is important to rate limit the bridge to avoid
|
||||||
|
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
||||||
|
# enough for the vast majority of use cases.
|
||||||
|
maxHttpSockets: 1000
|
||||||
|
|
||||||
|
# Use an external database to store bridge state.
|
||||||
|
database:
|
||||||
|
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||||
|
engine: "nedb"
|
||||||
|
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||||
|
# For postgres, it must start with postgres://
|
||||||
|
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||||
|
connectionString: "nedb:///data"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||||
{{ matrix_appservice_irc_docker_image }} \
|
{{ matrix_appservice_irc_docker_image }} \
|
||||||
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-irc
|
SyslogIdentifier=matrix-appservice-irc
|
||||||
|
|
|
@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
|
||||||
matrix_appservice_slack_homeserver_token: ''
|
matrix_appservice_slack_homeserver_token: ''
|
||||||
matrix_appservice_slack_id_token: ''
|
matrix_appservice_slack_id_token: ''
|
||||||
|
|
||||||
matrix_appservice_slack_configuration_yaml: |
|
matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
|
||||||
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
|
||||||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
|
||||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
|
||||||
|
|
||||||
homeserver:
|
|
||||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
|
||||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
|
||||||
server_name: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
dbdir: "/data"
|
|
||||||
|
|
||||||
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
|
||||||
|
|
||||||
|
|
||||||
matrix_appservice_slack_configuration_extension_yaml: |
|
matrix_appservice_slack_configuration_extension_yaml: |
|
||||||
#slack_hook_port: 9898
|
#slack_hook_port: 9898
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
||||||
|
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
||||||
|
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||||
|
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||||
|
|
||||||
|
homeserver:
|
||||||
|
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||||
|
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||||
|
server_name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
dbdir: "/data"
|
||||||
|
|
||||||
|
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
||||||
{{ matrix_appservice_slack_docker_image }} \
|
{{ matrix_appservice_slack_docker_image }} \
|
||||||
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
|
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-slack
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-slack
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-slack
|
SyslogIdentifier=matrix-appservice-slack
|
||||||
|
|
|
@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
|
||||||
# Logging information (info and verbose is available) default is: info
|
# Logging information (info and verbose is available) default is: info
|
||||||
matrix_appservice_webhooks_log_level: 'info'
|
matrix_appservice_webhooks_log_level: 'info'
|
||||||
|
|
||||||
matrix_appservice_webhooks_configuration_yaml: |
|
matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
|
|
||||||
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
|
||||||
homeserver:
|
|
||||||
# The domain for the client-server API calls.
|
|
||||||
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
|
||||||
|
|
||||||
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
|
||||||
# home server's URL.
|
|
||||||
domain: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
|
||||||
webhookBot:
|
|
||||||
# The localpart to use for the bot. May require re-registering the application service.
|
|
||||||
localpart: "_webhook"
|
|
||||||
|
|
||||||
# Provisioning API options
|
|
||||||
provisioning:
|
|
||||||
# Your secret for the API. Required for all provisioning API requests.
|
|
||||||
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
|
||||||
|
|
||||||
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
|
||||||
web:
|
|
||||||
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
|
||||||
|
|
||||||
logging:
|
|
||||||
console: true
|
|
||||||
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
|
||||||
writeFiles: false
|
|
||||||
|
|
||||||
matrix_appservice_webhooks_configuration_extension_yaml: |
|
matrix_appservice_webhooks_configuration_extension_yaml: |
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||||
|
homeserver:
|
||||||
|
# The domain for the client-server API calls.
|
||||||
|
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||||
|
|
||||||
|
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||||
|
# home server's URL.
|
||||||
|
domain: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||||
|
webhookBot:
|
||||||
|
# The localpart to use for the bot. May require re-registering the application service.
|
||||||
|
localpart: "_webhook"
|
||||||
|
|
||||||
|
# Provisioning API options
|
||||||
|
provisioning:
|
||||||
|
# Your secret for the API. Required for all provisioning API requests.
|
||||||
|
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||||
|
|
||||||
|
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||||
|
web:
|
||||||
|
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||||
|
|
||||||
|
logging:
|
||||||
|
console: true
|
||||||
|
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||||
|
writeFiles: false
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||||
{{ matrix_appservice_webhooks_docker_image }} \
|
{{ matrix_appservice_webhooks_docker_image }} \
|
||||||
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||||
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-appservice-webhooks
|
SyslogIdentifier=matrix-appservice-webhooks
|
||||||
|
|
|
@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_facebook_configuration_yaml: |
|
matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_facebook_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 29319
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-facebook.db
|
|
||||||
|
|
||||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
|
||||||
public:
|
|
||||||
# Whether or not the public-facing endpoints should be enabled.
|
|
||||||
enabled: false
|
|
||||||
# The prefix to use in the public-facing endpoints.
|
|
||||||
prefix: /public
|
|
||||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
|
||||||
# implicitly.
|
|
||||||
external: https://example.com/public
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: facebook
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: facebookbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Facebook bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Facebook users.
|
|
||||||
# {userid} is replaced with the user ID of the Facebook user.
|
|
||||||
username_template: "facebook_{userid}"
|
|
||||||
# Localpart template for per-user room grouping community IDs.
|
|
||||||
# The bridge will create these communities and add all of the specific user's portals to the community.
|
|
||||||
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
|
||||||
#
|
|
||||||
# `facebook_{localpart}={server}` is a good value.
|
|
||||||
community_template: null
|
|
||||||
# Displayname template for Facebook users.
|
|
||||||
# {displayname} is replaced with the display name of the Facebook user
|
|
||||||
# as defined below in displayname_preference.
|
|
||||||
# Keys available for displayname_preference are also available here.
|
|
||||||
displayname_template: '{displayname} (FB)'
|
|
||||||
# Available keys:
|
|
||||||
# "name" (full name)
|
|
||||||
# "first_name"
|
|
||||||
# "last_name"
|
|
||||||
# "nickname"
|
|
||||||
# "own_nickname" (user-specific!)
|
|
||||||
displayname_preference:
|
|
||||||
- name
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!fb"
|
|
||||||
|
|
||||||
# Number of chats to sync (and create portals for) on startup/login.
|
|
||||||
# Maximum 20, set 0 to disable automatic syncing.
|
|
||||||
initial_chat_sync: 10
|
|
||||||
# Whether or not the Facebook users of logged in Matrix users should be
|
|
||||||
# invited to private chats when the user sends a message from another client.
|
|
||||||
invite_own_puppet_to_pm: false
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Facebook account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
|
||||||
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
|
||||||
# presence, but then it won't send other users' presence to the client.
|
|
||||||
presence: true
|
|
||||||
# Whether or not to update avatars when syncing all contacts at startup.
|
|
||||||
update_avatar_initial_sync: true
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Use the bridge with puppeting.
|
|
||||||
# admin - Use and administrate the bridge.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
colored:
|
|
||||||
(): mautrix_facebook.util.ColorFormatter
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
normal:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: colored
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
fbchat:
|
|
||||||
level: DEBUG
|
|
||||||
hbmqtt:
|
|
||||||
level: INFO
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
matrix_mautrix_facebook_configuration_extension_yaml: |
|
matrix_mautrix_facebook_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,194 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_facebook_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 29319
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-facebook.db
|
||||||
|
|
||||||
|
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||||
|
public:
|
||||||
|
# Whether or not the public-facing endpoints should be enabled.
|
||||||
|
enabled: false
|
||||||
|
# The prefix to use in the public-facing endpoints.
|
||||||
|
prefix: /public
|
||||||
|
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||||
|
# implicitly.
|
||||||
|
external: https://example.com/public
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: facebook
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: facebookbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Facebook bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Facebook users.
|
||||||
|
# {userid} is replaced with the user ID of the Facebook user.
|
||||||
|
username_template: "facebook_{userid}"
|
||||||
|
# Localpart template for per-user room grouping community IDs.
|
||||||
|
# The bridge will create these communities and add all of the specific user's portals to the community.
|
||||||
|
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
||||||
|
#
|
||||||
|
# `facebook_{localpart}={server}` is a good value.
|
||||||
|
community_template: null
|
||||||
|
# Displayname template for Facebook users.
|
||||||
|
# {displayname} is replaced with the display name of the Facebook user
|
||||||
|
# as defined below in displayname_preference.
|
||||||
|
# Keys available for displayname_preference are also available here.
|
||||||
|
displayname_template: '{displayname} (FB)'
|
||||||
|
# Available keys:
|
||||||
|
# "name" (full name)
|
||||||
|
# "first_name"
|
||||||
|
# "last_name"
|
||||||
|
# "nickname"
|
||||||
|
# "own_nickname" (user-specific!)
|
||||||
|
displayname_preference:
|
||||||
|
- name
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!fb"
|
||||||
|
|
||||||
|
# Number of chats to sync (and create portals for) on startup/login.
|
||||||
|
# Maximum 20, set 0 to disable automatic syncing.
|
||||||
|
initial_chat_sync: 10
|
||||||
|
# Whether or not the Facebook users of logged in Matrix users should be
|
||||||
|
# invited to private chats when the user sends a message from another client.
|
||||||
|
invite_own_puppet_to_pm: false
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Facebook account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
||||||
|
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
||||||
|
# presence, but then it won't send other users' presence to the client.
|
||||||
|
presence: true
|
||||||
|
# Whether or not to update avatars when syncing all contacts at startup.
|
||||||
|
update_avatar_initial_sync: true
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||||
|
# been sent to Facebook.
|
||||||
|
delivery_receipts: false
|
||||||
|
# Whether to allow inviting arbitrary mxids to portal rooms
|
||||||
|
allow_invites: false
|
||||||
|
# Settings for backfilling messages from Facebook.
|
||||||
|
backfill:
|
||||||
|
# Whether or not the Facebook users of logged in Matrix users should be
|
||||||
|
# invited to private chats when backfilling history from Facebook. This is
|
||||||
|
# usually needed to prevent rate limits and to allow timestamp massaging.
|
||||||
|
invite_own_puppet: true
|
||||||
|
# Maximum number of messages to backfill initially.
|
||||||
|
# Set to 0 to disable backfilling when creating portal.
|
||||||
|
initial_limit: 0
|
||||||
|
# Maximum number of messages to backfill if messages were missed while
|
||||||
|
# the bridge was disconnected.
|
||||||
|
# Set to 0 to disable backfilling missed messages.
|
||||||
|
missed_limit: 1000
|
||||||
|
# If using double puppeting, should notifications be disabled
|
||||||
|
# while the initial backfill is in progress?
|
||||||
|
disable_notifications: false
|
||||||
|
periodic_reconnect:
|
||||||
|
# Interval in seconds in which to automatically reconnect all users.
|
||||||
|
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
|
||||||
|
# Set to -1 to disable periodic reconnections entirely.
|
||||||
|
interval: -1
|
||||||
|
# What to do in periodic reconnects. Either "refresh" or "reconnect"
|
||||||
|
mode: refresh
|
||||||
|
# Should even disconnected users be reconnected?
|
||||||
|
always: false
|
||||||
|
# The number of seconds that a disconnection can last without triggering an automatic re-sync
|
||||||
|
# and missed message backfilling when reconnecting.
|
||||||
|
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
|
||||||
|
resync_max_disconnected_time: 5
|
||||||
|
# Whether or not temporary disconnections should send notices to the notice room.
|
||||||
|
# If this is false, disconnections will never send messages and connections will only send
|
||||||
|
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
|
||||||
|
temporary_disconnect_notices: true
|
||||||
|
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
|
||||||
|
# attempt fails.
|
||||||
|
refresh_on_reconnection_fail: false
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Use the bridge with puppeting.
|
||||||
|
# admin - Use and administrate the bridge.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
colored:
|
||||||
|
(): mautrix_facebook.util.ColorFormatter
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
normal:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: colored
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
fbchat:
|
||||||
|
level: DEBUG
|
||||||
|
hbmqtt:
|
||||||
|
level: INFO
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
||||||
{{ matrix_mautrix_facebook_docker_image }} \
|
{{ matrix_mautrix_facebook_docker_image }} \
|
||||||
python3 -m mautrix_facebook -c /config/config.yaml
|
python3 -m mautrix_facebook -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-facebook
|
SyslogIdentifier=matrix-mautrix-facebook
|
||||||
|
|
|
@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_hangouts_configuration_yaml: |
|
matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-hangouts.db
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: hangouts
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: hangoutsbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Hangouts bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Hangouts users.
|
|
||||||
# {userid} is replaced with the user ID of the Hangouts user.
|
|
||||||
username_template: "hangouts_{userid}"
|
|
||||||
# Displayname template for Hangouts users.
|
|
||||||
# {displayname} is replaced with the display name of the Hangouts user
|
|
||||||
# as defined below in displayname_preference.
|
|
||||||
# Keys available for displayname_preference are also available here.
|
|
||||||
displayname_template: '{full_name} (Hangouts)'
|
|
||||||
# Available keys:
|
|
||||||
# "name" (full name)
|
|
||||||
# "first_name"
|
|
||||||
# "last_name"
|
|
||||||
# "nickname"
|
|
||||||
# "own_nickname" (user-specific!)
|
|
||||||
displayname_preference:
|
|
||||||
- name
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!HO"
|
|
||||||
|
|
||||||
# Number of chats to sync (and create portals for) on startup/login.
|
|
||||||
# Maximum 20, set 0 to disable automatic syncing.
|
|
||||||
initial_chat_sync: 20
|
|
||||||
# Whether or not the Hangouts users of logged in Matrix users should be
|
|
||||||
# invited to private chats when the user sends a message from another client.
|
|
||||||
invite_own_puppet_to_pm: false
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
|
||||||
# Whether or not to update avatars when syncing all contacts at startup.
|
|
||||||
update_avatar_initial_sync: true
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Public website and API configs
|
|
||||||
web:
|
|
||||||
# Auth server config
|
|
||||||
auth:
|
|
||||||
# Publicly accessible base URL for the login endpoints.
|
|
||||||
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
|
||||||
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
|
||||||
# This path should usually include a trailing slash.
|
|
||||||
# Internal prefix in the appservice web server for the login endpoints.
|
|
||||||
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
|
||||||
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
|
||||||
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Use the bridge with puppeting.
|
|
||||||
# admin - Use and administrate the bridge.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
colored:
|
|
||||||
(): mautrix_hangouts.util.ColorFormatter
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
normal:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: colored
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
hangups:
|
|
||||||
level: DEBUG
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
matrix_mautrix_hangouts_configuration_extension_yaml: |
|
matrix_mautrix_hangouts_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,145 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-hangouts.db
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: hangouts
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: hangoutsbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Hangouts bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Hangouts users.
|
||||||
|
# {userid} is replaced with the user ID of the Hangouts user.
|
||||||
|
username_template: "hangouts_{userid}"
|
||||||
|
# Displayname template for Hangouts users.
|
||||||
|
# {displayname} is replaced with the display name of the Hangouts user
|
||||||
|
# as defined below in displayname_preference.
|
||||||
|
# Keys available for displayname_preference are also available here.
|
||||||
|
displayname_template: '{full_name} (Hangouts)'
|
||||||
|
# Available keys:
|
||||||
|
# "name" (full name)
|
||||||
|
# "first_name"
|
||||||
|
# "last_name"
|
||||||
|
# "nickname"
|
||||||
|
# "own_nickname" (user-specific!)
|
||||||
|
displayname_preference:
|
||||||
|
- name
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!HO"
|
||||||
|
|
||||||
|
# Number of chats to sync (and create portals for) on startup/login.
|
||||||
|
# Maximum 20, set 0 to disable automatic syncing.
|
||||||
|
initial_chat_sync: 20
|
||||||
|
# Whether or not the Hangouts users of logged in Matrix users should be
|
||||||
|
# invited to private chats when the user sends a message from another client.
|
||||||
|
invite_own_puppet_to_pm: false
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
||||||
|
# Whether or not to update avatars when syncing all contacts at startup.
|
||||||
|
update_avatar_initial_sync: true
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
# Public website and API configs
|
||||||
|
web:
|
||||||
|
# Auth server config
|
||||||
|
auth:
|
||||||
|
# Publicly accessible base URL for the login endpoints.
|
||||||
|
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
||||||
|
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
||||||
|
# This path should usually include a trailing slash.
|
||||||
|
# Internal prefix in the appservice web server for the login endpoints.
|
||||||
|
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||||
|
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||||
|
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Use the bridge with puppeting.
|
||||||
|
# admin - Use and administrate the bridge.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
colored:
|
||||||
|
(): mautrix_hangouts.util.ColorFormatter
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
normal:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: colored
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
hangups:
|
||||||
|
level: DEBUG
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
||||||
{{ matrix_mautrix_hangouts_docker_image }} \
|
{{ matrix_mautrix_hangouts_docker_image }} \
|
||||||
python3 -m mautrix_hangouts -c /config/config.yaml
|
python3 -m mautrix_hangouts -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-hangouts
|
SyslogIdentifier=matrix-mautrix-hangouts
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
matrix_mautrix_telegram_enabled: true
|
matrix_mautrix_telegram_enabled: true
|
||||||
|
|
||||||
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
||||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
|
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2"
|
||||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
||||||
|
@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_telegram_configuration_yaml: |
|
matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
# Homeserver details
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
|
||||||
# Whether or not to verify the SSL certificate of the homeserver.
|
|
||||||
# Only applies if address starts with https://
|
|
||||||
verify_ssl: true
|
|
||||||
|
|
||||||
# Application service host/registration related details
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_telegram_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
|
||||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
|
||||||
max_body_size: 1
|
|
||||||
|
|
||||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
|
||||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
|
||||||
# Format examples:
|
|
||||||
# SQLite: sqlite:///filename.db
|
|
||||||
# Postgres: postgres://username:password@hostname/dbname
|
|
||||||
database: sqlite:////data/mautrix-telegram.db
|
|
||||||
|
|
||||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
|
||||||
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
|
||||||
# the HS database.
|
|
||||||
public:
|
|
||||||
# Whether or not the public-facing endpoints should be enabled.
|
|
||||||
enabled: true
|
|
||||||
# The prefix to use in the public-facing endpoints.
|
|
||||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
|
||||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
|
||||||
# implicitly.
|
|
||||||
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
|
||||||
|
|
||||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
|
||||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
|
||||||
provisioning:
|
|
||||||
# Whether or not the provisioning API should be enabled.
|
|
||||||
enabled: false
|
|
||||||
# The prefix to use in the provisioning API endpoints.
|
|
||||||
prefix: /_matrix/provision/v1
|
|
||||||
# The shared secret to authorize users of the API.
|
|
||||||
# Set to "generate" to generate and save a new token.
|
|
||||||
shared_secret: generate
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: telegram
|
|
||||||
# Username of the appservice bot.
|
|
||||||
bot_username: telegrambot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
bot_displayname: Telegram bridge bot
|
|
||||||
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication.
|
|
||||||
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for Telegram users.
|
|
||||||
# {userid} is replaced with the user ID of the Telegram user.
|
|
||||||
username_template: "telegram_{userid}"
|
|
||||||
# Localpart template of room aliases for Telegram portal rooms.
|
|
||||||
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
|
||||||
alias_template: "telegram_{groupname}"
|
|
||||||
# Displayname template for Telegram users.
|
|
||||||
# {displayname} is replaced with the display name of the Telegram user.
|
|
||||||
displayname_template: "{displayname} (Telegram)"
|
|
||||||
|
|
||||||
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
|
||||||
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
|
||||||
# ID is used.
|
|
||||||
#
|
|
||||||
# If the bridge is working properly, a phone number or an username should always be known, but
|
|
||||||
# the other one can very well be empty.
|
|
||||||
#
|
|
||||||
# Valid keys:
|
|
||||||
# "full name" (First and/or last name)
|
|
||||||
# "full name reversed" (Last and/or first name)
|
|
||||||
# "first name"
|
|
||||||
# "last name"
|
|
||||||
# "username"
|
|
||||||
# "phone number"
|
|
||||||
displayname_preference:
|
|
||||||
- full name
|
|
||||||
- username
|
|
||||||
- phone number
|
|
||||||
# Maximum length of displayname
|
|
||||||
displayname_max_length: 100
|
|
||||||
|
|
||||||
# Maximum number of members to sync per portal when starting up. Other members will be
|
|
||||||
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
|
||||||
# will not send any more members.
|
|
||||||
# Defaults to no local limit (-> limited to 10000 by server)
|
|
||||||
max_initial_member_sync: -1
|
|
||||||
# Whether or not to sync the member list in channels.
|
|
||||||
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
|
||||||
# list regardless of this setting.
|
|
||||||
sync_channel_members: true
|
|
||||||
# Whether or not to skip deleted members when syncing members.
|
|
||||||
skip_deleted_members: true
|
|
||||||
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
|
||||||
# their Telegram account at startup.
|
|
||||||
startup_sync: true
|
|
||||||
# Number of most recently active dialogs to check when syncing chats.
|
|
||||||
# Dialogs include groups and private chats, but only groups are synced.
|
|
||||||
# Set to 0 to remove limit.
|
|
||||||
sync_dialog_limit: 30
|
|
||||||
# Whether or not to sync and create portals for direct chats at startup.
|
|
||||||
sync_direct_chats: false
|
|
||||||
# The maximum number of simultaneous Telegram deletions to handle.
|
|
||||||
# A large number of simultaneous redactions could put strain on your homeserver.
|
|
||||||
max_telegram_delete: 10
|
|
||||||
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
|
||||||
# at startup and when creating a bridge.
|
|
||||||
sync_matrix_state: true
|
|
||||||
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
|
||||||
# login website (see appservice.public config section)
|
|
||||||
allow_matrix_login: true
|
|
||||||
# Whether or not to bridge plaintext highlights.
|
|
||||||
# Only enable this if your displayname_template has some static part that the bridge can use to
|
|
||||||
# reliably identify what is a plaintext highlight.
|
|
||||||
plaintext_highlights: false
|
|
||||||
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
|
||||||
public_portals: true
|
|
||||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
|
||||||
# your own Matrix account as the Matrix puppet for your Telegram account.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
|
||||||
# Set to false to disable link previews in messages sent to Telegram.
|
|
||||||
telegram_link_preview: true
|
|
||||||
# Use inline images instead of a separate message for the caption.
|
|
||||||
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
|
||||||
inline_images: false
|
|
||||||
# Maximum size of image in megabytes before sending to Telegram as a document.
|
|
||||||
image_as_file_size: 10
|
|
||||||
# Maximum size of Telegram documents in megabytes to bridge.
|
|
||||||
max_document_size: 100
|
|
||||||
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
|
||||||
# streaming from/to Matrix and using many connections for Telegram.
|
|
||||||
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
|
||||||
parallel_file_transfer: false
|
|
||||||
# Whether or not created rooms should have federation enabled.
|
|
||||||
# If false, created portal rooms will never be federated.
|
|
||||||
federate_rooms: true
|
|
||||||
# Settings for converting animated stickers.
|
|
||||||
animated_sticker:
|
|
||||||
# Format to which animated stickers should be converted.
|
|
||||||
# disable - No conversion, send as-is (gzipped lottie)
|
|
||||||
# png - converts to non-animated png (fastest),
|
|
||||||
# gif - converts to animated gif, but loses transparency
|
|
||||||
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
|
||||||
target: gif
|
|
||||||
# Arguments for converter. All converters take width and height.
|
|
||||||
# GIF converter takes background as a hex color.
|
|
||||||
args:
|
|
||||||
width: 256
|
|
||||||
height: 256
|
|
||||||
background: "020202" # only for gif
|
|
||||||
fps: 30 # only for webm
|
|
||||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
|
||||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
|
||||||
#
|
|
||||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
|
||||||
# application service.
|
|
||||||
encryption:
|
|
||||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
|
||||||
allow: false
|
|
||||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
|
||||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
|
||||||
default: false
|
|
||||||
|
|
||||||
# Overrides for base power levels.
|
|
||||||
initial_power_level_overrides:
|
|
||||||
user: {}
|
|
||||||
group: {}
|
|
||||||
|
|
||||||
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
|
||||||
bot_messages_as_notices: true
|
|
||||||
bridge_notices:
|
|
||||||
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
|
||||||
default: false
|
|
||||||
# List of user IDs for whom the previous flag is flipped.
|
|
||||||
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
|
||||||
# notices from users listed here will be bridged.
|
|
||||||
exceptions: []
|
|
||||||
|
|
||||||
# Some config options related to Telegram message deduplication.
|
|
||||||
# The default values are usually fine, but some debug messages/warnings might recommend you
|
|
||||||
# change these.
|
|
||||||
deduplication:
|
|
||||||
# Whether or not to check the database if the message about to be sent is a duplicate.
|
|
||||||
pre_db_check: false
|
|
||||||
# The number of latest events to keep when checking for duplicates.
|
|
||||||
# You might need to increase this on high-traffic bridge instances.
|
|
||||||
cache_queue_length: 20
|
|
||||||
|
|
||||||
|
|
||||||
# The formats to use when sending messages to Telegram via the relay bot.
|
|
||||||
#
|
|
||||||
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
|
||||||
#
|
|
||||||
# Available variables:
|
|
||||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
|
||||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
|
||||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
|
||||||
# $message - The message content as HTML
|
|
||||||
message_formats:
|
|
||||||
m.text: "<b>$sender_displayname</b>: $message"
|
|
||||||
m.notice: "<b>$sender_displayname</b>: $message"
|
|
||||||
m.emote: "* <b>$sender_displayname</b> $message"
|
|
||||||
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
|
||||||
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
|
||||||
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
|
||||||
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
|
||||||
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
|
||||||
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
|
||||||
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
|
||||||
# Telegram user info is available in the following variables:
|
|
||||||
# $displayname - Telegram displayname
|
|
||||||
# $username - Telegram username (may not exist)
|
|
||||||
# $mention - Telegram @username or displayname mention (depending on which exists)
|
|
||||||
emote_format: "* $mention $formatted_body"
|
|
||||||
|
|
||||||
# The formats to use when sending state events to Telegram via the relay bot.
|
|
||||||
#
|
|
||||||
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
|
||||||
# In name_change events, `$prev_displayname` is the previous displayname.
|
|
||||||
#
|
|
||||||
# Set format to an empty string to disable the messages for that event.
|
|
||||||
state_event_formats:
|
|
||||||
join: "<b>$displayname</b> joined the room."
|
|
||||||
leave: "<b>$displayname</b> left the room."
|
|
||||||
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
|
||||||
|
|
||||||
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
|
||||||
# `filter-mode` management commands.
|
|
||||||
#
|
|
||||||
# Filters do not affect direct chats.
|
|
||||||
# An empty blacklist will essentially disable the filter.
|
|
||||||
filter:
|
|
||||||
# Filter mode to use. Either "blacklist" or "whitelist".
|
|
||||||
# If the mode is "blacklist", the listed chats will never be bridged.
|
|
||||||
# If the mode is "whitelist", only the listed chats can be bridged.
|
|
||||||
mode: blacklist
|
|
||||||
# The list of group/channel IDs to filter.
|
|
||||||
list: []
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!tg"
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
|
||||||
# user - Relaybot level + access to commands to create bridges.
|
|
||||||
# puppeting - User level + logging in with a Telegram account.
|
|
||||||
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
|
||||||
# admin - Full access to use the bridge and some extra administration commands.
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
|
||||||
|
|
||||||
# Options related to the message relay Telegram bot.
|
|
||||||
relaybot:
|
|
||||||
private_chat:
|
|
||||||
# List of users to invite to the portal when someone starts a private chat with the bot.
|
|
||||||
# If empty, private chats with the bot won't create a portal.
|
|
||||||
invite: []
|
|
||||||
# Whether or not to bridge state change messages in relaybot private chats.
|
|
||||||
state_changes: true
|
|
||||||
# When private_chat_invite is empty, this message is sent to users /starting the
|
|
||||||
# relaybot. Telegram's "markdown" is supported.
|
|
||||||
message: This is a Matrix bridge relaybot and does not support direct chats
|
|
||||||
# List of users to invite to all group chat portals created by the bridge.
|
|
||||||
group_chat_invite: []
|
|
||||||
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
|
||||||
# If false, portals will be created when the relaybot receives messages, just like normal
|
|
||||||
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
|
||||||
# the chat to another room.
|
|
||||||
ignore_unbridged_group_chat: true
|
|
||||||
# Whether or not to allow creating portals from Telegram.
|
|
||||||
authless_portals: true
|
|
||||||
# Whether or not to allow Telegram group admins to use the bot commands.
|
|
||||||
whitelist_group_admins: true
|
|
||||||
# Whether or not to ignore incoming events sent by the relay bot.
|
|
||||||
ignore_own_incoming_events: true
|
|
||||||
# List of usernames/user IDs who are also allowed to use the bot commands.
|
|
||||||
whitelist: []
|
|
||||||
|
|
||||||
# Telegram config
|
|
||||||
telegram:
|
|
||||||
# Get your own API keys at https://my.telegram.org/apps
|
|
||||||
api_id: {{ matrix_mautrix_telegram_api_id }}
|
|
||||||
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
|
||||||
# (Optional) Create your own bot at https://t.me/BotFather
|
|
||||||
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
|
||||||
|
|
||||||
# Telethon connection options.
|
|
||||||
connection:
|
|
||||||
# The timeout in seconds to be used when connecting.
|
|
||||||
timeout: 120
|
|
||||||
# How many times the reconnection should retry, either on the initial connection or when
|
|
||||||
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
|
||||||
# this is not recommended, since the program can get stuck in an infinite loop.
|
|
||||||
retries: 5
|
|
||||||
# The delay in seconds to sleep between automatic reconnections.
|
|
||||||
retry_delay: 1
|
|
||||||
# The threshold below which the library should automatically sleep on flood wait errors
|
|
||||||
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
|
||||||
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
|
||||||
# the error instead. Values larger than a day (86400) will be changed to a day.
|
|
||||||
flood_sleep_threshold: 60
|
|
||||||
# How many times a request should be retried. Request are retried when Telegram is having
|
|
||||||
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
|
||||||
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
|
||||||
# is not recommended, since some requests can always trigger a call fail (such as searching
|
|
||||||
# for messages).
|
|
||||||
request_retries: 5
|
|
||||||
|
|
||||||
# Device info sent to Telegram.
|
|
||||||
device_info:
|
|
||||||
# "auto" = OS name+version.
|
|
||||||
device_model: auto
|
|
||||||
# "auto" = Telethon version.
|
|
||||||
system_version: auto
|
|
||||||
# "auto" = mautrix-telegram version.
|
|
||||||
app_version: auto
|
|
||||||
lang_code: en
|
|
||||||
system_lang_code: en
|
|
||||||
|
|
||||||
# Custom server to connect to.
|
|
||||||
server:
|
|
||||||
# Set to true to use these server settings. If false, will automatically
|
|
||||||
# use production server assigned by Telegram. Set to false in production.
|
|
||||||
enabled: false
|
|
||||||
# The DC ID to connect to.
|
|
||||||
dc: 2
|
|
||||||
# The IP to connect to.
|
|
||||||
ip: 149.154.167.40
|
|
||||||
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
|
||||||
port: 80
|
|
||||||
|
|
||||||
# Telethon proxy configuration.
|
|
||||||
# You must install PySocks from pip for proxies to work.
|
|
||||||
proxy:
|
|
||||||
# Allowed types: disabled, socks4, socks5, http
|
|
||||||
type: disabled
|
|
||||||
# Proxy IP address and port.
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 1080
|
|
||||||
# Whether or not to perform DNS resolving remotely.
|
|
||||||
rdns: true
|
|
||||||
# Proxy authentication (optional).
|
|
||||||
username: ""
|
|
||||||
password: ""
|
|
||||||
|
|
||||||
# Python logging configuration.
|
|
||||||
#
|
|
||||||
# See section 16.7.2 of the Python documentation for more info:
|
|
||||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
|
||||||
logging:
|
|
||||||
version: 1
|
|
||||||
formatters:
|
|
||||||
precise:
|
|
||||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
|
||||||
handlers:
|
|
||||||
console:
|
|
||||||
class: logging.StreamHandler
|
|
||||||
formatter: precise
|
|
||||||
loggers:
|
|
||||||
mau:
|
|
||||||
level: DEBUG
|
|
||||||
telethon:
|
|
||||||
level: DEBUG
|
|
||||||
aiohttp:
|
|
||||||
level: INFO
|
|
||||||
root:
|
|
||||||
level: DEBUG
|
|
||||||
handlers: [console]
|
|
||||||
|
|
||||||
|
|
||||||
matrix_mautrix_telegram_configuration_extension_yaml: |
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,397 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_telegram_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-telegram.db
|
||||||
|
|
||||||
|
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||||
|
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
||||||
|
# the HS database.
|
||||||
|
public:
|
||||||
|
# Whether or not the public-facing endpoints should be enabled.
|
||||||
|
enabled: true
|
||||||
|
# The prefix to use in the public-facing endpoints.
|
||||||
|
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||||
|
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||||
|
# implicitly.
|
||||||
|
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
||||||
|
|
||||||
|
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||||
|
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||||
|
provisioning:
|
||||||
|
# Whether or not the provisioning API should be enabled.
|
||||||
|
enabled: false
|
||||||
|
# The prefix to use in the provisioning API endpoints.
|
||||||
|
prefix: /_matrix/provision/v1
|
||||||
|
# The shared secret to authorize users of the API.
|
||||||
|
# Set to "generate" to generate and save a new token.
|
||||||
|
shared_secret: generate
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: telegram
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: telegrambot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Telegram bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication.
|
||||||
|
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Telegram users.
|
||||||
|
# {userid} is replaced with the user ID of the Telegram user.
|
||||||
|
username_template: "telegram_{userid}"
|
||||||
|
# Localpart template of room aliases for Telegram portal rooms.
|
||||||
|
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
||||||
|
alias_template: "telegram_{groupname}"
|
||||||
|
# Displayname template for Telegram users.
|
||||||
|
# {displayname} is replaced with the display name of the Telegram user.
|
||||||
|
displayname_template: "{displayname} (Telegram)"
|
||||||
|
|
||||||
|
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
||||||
|
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
||||||
|
# ID is used.
|
||||||
|
#
|
||||||
|
# If the bridge is working properly, a phone number or an username should always be known, but
|
||||||
|
# the other one can very well be empty.
|
||||||
|
#
|
||||||
|
# Valid keys:
|
||||||
|
# "full name" (First and/or last name)
|
||||||
|
# "full name reversed" (Last and/or first name)
|
||||||
|
# "first name"
|
||||||
|
# "last name"
|
||||||
|
# "username"
|
||||||
|
# "phone number"
|
||||||
|
displayname_preference:
|
||||||
|
- full name
|
||||||
|
- username
|
||||||
|
- phone number
|
||||||
|
# Maximum length of displayname
|
||||||
|
displayname_max_length: 100
|
||||||
|
|
||||||
|
# Maximum number of members to sync per portal when starting up. Other members will be
|
||||||
|
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
||||||
|
# will not send any more members.
|
||||||
|
# Defaults to no local limit (-> limited to 10000 by server)
|
||||||
|
max_initial_member_sync: -1
|
||||||
|
# Whether or not to sync the member list in channels.
|
||||||
|
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
||||||
|
# list regardless of this setting.
|
||||||
|
sync_channel_members: true
|
||||||
|
# Whether or not to skip deleted members when syncing members.
|
||||||
|
skip_deleted_members: true
|
||||||
|
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
||||||
|
# their Telegram account at startup.
|
||||||
|
startup_sync: true
|
||||||
|
# Number of most recently active dialogs to check when syncing chats.
|
||||||
|
# Dialogs include groups and private chats, but only groups are synced.
|
||||||
|
# Set to 0 to remove limit.
|
||||||
|
sync_dialog_limit: 30
|
||||||
|
# Whether or not to sync and create portals for direct chats at startup.
|
||||||
|
sync_direct_chats: false
|
||||||
|
# The maximum number of simultaneous Telegram deletions to handle.
|
||||||
|
# A large number of simultaneous redactions could put strain on your homeserver.
|
||||||
|
max_telegram_delete: 10
|
||||||
|
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
||||||
|
# at startup and when creating a bridge.
|
||||||
|
sync_matrix_state: true
|
||||||
|
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
||||||
|
# login website (see appservice.public config section)
|
||||||
|
allow_matrix_login: true
|
||||||
|
# Whether or not to bridge plaintext highlights.
|
||||||
|
# Only enable this if your displayname_template has some static part that the bridge can use to
|
||||||
|
# reliably identify what is a plaintext highlight.
|
||||||
|
plaintext_highlights: false
|
||||||
|
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
||||||
|
public_portals: true
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Telegram account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
||||||
|
# Set to false to disable link previews in messages sent to Telegram.
|
||||||
|
telegram_link_preview: true
|
||||||
|
# Use inline images instead of a separate message for the caption.
|
||||||
|
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
||||||
|
inline_images: false
|
||||||
|
# Maximum size of image in megabytes before sending to Telegram as a document.
|
||||||
|
image_as_file_size: 10
|
||||||
|
# Maximum size of Telegram documents in megabytes to bridge.
|
||||||
|
max_document_size: 100
|
||||||
|
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
||||||
|
# streaming from/to Matrix and using many connections for Telegram.
|
||||||
|
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
||||||
|
parallel_file_transfer: false
|
||||||
|
# Whether or not created rooms should have federation enabled.
|
||||||
|
# If false, created portal rooms will never be federated.
|
||||||
|
federate_rooms: true
|
||||||
|
# Settings for converting animated stickers.
|
||||||
|
animated_sticker:
|
||||||
|
# Format to which animated stickers should be converted.
|
||||||
|
# disable - No conversion, send as-is (gzipped lottie)
|
||||||
|
# png - converts to non-animated png (fastest),
|
||||||
|
# gif - converts to animated gif, but loses transparency
|
||||||
|
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
||||||
|
target: gif
|
||||||
|
# Arguments for converter. All converters take width and height.
|
||||||
|
# GIF converter takes background as a hex color.
|
||||||
|
args:
|
||||||
|
width: 256
|
||||||
|
height: 256
|
||||||
|
background: "020202" # only for gif
|
||||||
|
fps: 30 # only for webm
|
||||||
|
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||||
|
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||||
|
#
|
||||||
|
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||||
|
# application service.
|
||||||
|
encryption:
|
||||||
|
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||||
|
allow: false
|
||||||
|
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||||
|
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
# Overrides for base power levels.
|
||||||
|
initial_power_level_overrides:
|
||||||
|
user: {}
|
||||||
|
group: {}
|
||||||
|
|
||||||
|
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
||||||
|
bot_messages_as_notices: true
|
||||||
|
bridge_notices:
|
||||||
|
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
||||||
|
default: false
|
||||||
|
# List of user IDs for whom the previous flag is flipped.
|
||||||
|
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
||||||
|
# notices from users listed here will be bridged.
|
||||||
|
exceptions: []
|
||||||
|
|
||||||
|
# Some config options related to Telegram message deduplication.
|
||||||
|
# The default values are usually fine, but some debug messages/warnings might recommend you
|
||||||
|
# change these.
|
||||||
|
deduplication:
|
||||||
|
# Whether or not to check the database if the message about to be sent is a duplicate.
|
||||||
|
pre_db_check: false
|
||||||
|
# The number of latest events to keep when checking for duplicates.
|
||||||
|
# You might need to increase this on high-traffic bridge instances.
|
||||||
|
cache_queue_length: 20
|
||||||
|
|
||||||
|
|
||||||
|
# The formats to use when sending messages to Telegram via the relay bot.
|
||||||
|
#
|
||||||
|
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
||||||
|
#
|
||||||
|
# Available variables:
|
||||||
|
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||||
|
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||||
|
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||||
|
# $message - The message content as HTML
|
||||||
|
message_formats:
|
||||||
|
m.text: "<b>$sender_displayname</b>: $message"
|
||||||
|
m.notice: "<b>$sender_displayname</b>: $message"
|
||||||
|
m.emote: "* <b>$sender_displayname</b> $message"
|
||||||
|
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
||||||
|
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
||||||
|
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
||||||
|
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
||||||
|
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
||||||
|
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
||||||
|
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
||||||
|
# Telegram user info is available in the following variables:
|
||||||
|
# $displayname - Telegram displayname
|
||||||
|
# $username - Telegram username (may not exist)
|
||||||
|
# $mention - Telegram @username or displayname mention (depending on which exists)
|
||||||
|
emote_format: "* $mention $formatted_body"
|
||||||
|
|
||||||
|
# The formats to use when sending state events to Telegram via the relay bot.
|
||||||
|
#
|
||||||
|
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
||||||
|
# In name_change events, `$prev_displayname` is the previous displayname.
|
||||||
|
#
|
||||||
|
# Set format to an empty string to disable the messages for that event.
|
||||||
|
state_event_formats:
|
||||||
|
join: "<b>$displayname</b> joined the room."
|
||||||
|
leave: "<b>$displayname</b> left the room."
|
||||||
|
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
||||||
|
|
||||||
|
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
||||||
|
# `filter-mode` management commands.
|
||||||
|
#
|
||||||
|
# Filters do not affect direct chats.
|
||||||
|
# An empty blacklist will essentially disable the filter.
|
||||||
|
filter:
|
||||||
|
# Filter mode to use. Either "blacklist" or "whitelist".
|
||||||
|
# If the mode is "blacklist", the listed chats will never be bridged.
|
||||||
|
# If the mode is "whitelist", only the listed chats can be bridged.
|
||||||
|
mode: blacklist
|
||||||
|
# The list of group/channel IDs to filter.
|
||||||
|
list: []
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!tg"
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
||||||
|
# user - Relaybot level + access to commands to create bridges.
|
||||||
|
# puppeting - User level + logging in with a Telegram account.
|
||||||
|
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
||||||
|
# admin - Full access to use the bridge and some extra administration commands.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
||||||
|
|
||||||
|
# Options related to the message relay Telegram bot.
|
||||||
|
relaybot:
|
||||||
|
private_chat:
|
||||||
|
# List of users to invite to the portal when someone starts a private chat with the bot.
|
||||||
|
# If empty, private chats with the bot won't create a portal.
|
||||||
|
invite: []
|
||||||
|
# Whether or not to bridge state change messages in relaybot private chats.
|
||||||
|
state_changes: true
|
||||||
|
# When private_chat_invite is empty, this message is sent to users /starting the
|
||||||
|
# relaybot. Telegram's "markdown" is supported.
|
||||||
|
message: This is a Matrix bridge relaybot and does not support direct chats
|
||||||
|
# List of users to invite to all group chat portals created by the bridge.
|
||||||
|
group_chat_invite: []
|
||||||
|
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
||||||
|
# If false, portals will be created when the relaybot receives messages, just like normal
|
||||||
|
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
||||||
|
# the chat to another room.
|
||||||
|
ignore_unbridged_group_chat: true
|
||||||
|
# Whether or not to allow creating portals from Telegram.
|
||||||
|
authless_portals: true
|
||||||
|
# Whether or not to allow Telegram group admins to use the bot commands.
|
||||||
|
whitelist_group_admins: true
|
||||||
|
# Whether or not to ignore incoming events sent by the relay bot.
|
||||||
|
ignore_own_incoming_events: true
|
||||||
|
# List of usernames/user IDs who are also allowed to use the bot commands.
|
||||||
|
whitelist: []
|
||||||
|
|
||||||
|
# Telegram config
|
||||||
|
telegram:
|
||||||
|
# Get your own API keys at https://my.telegram.org/apps
|
||||||
|
api_id: {{ matrix_mautrix_telegram_api_id }}
|
||||||
|
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
||||||
|
# (Optional) Create your own bot at https://t.me/BotFather
|
||||||
|
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
||||||
|
|
||||||
|
# Telethon connection options.
|
||||||
|
connection:
|
||||||
|
# The timeout in seconds to be used when connecting.
|
||||||
|
timeout: 120
|
||||||
|
# How many times the reconnection should retry, either on the initial connection or when
|
||||||
|
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
||||||
|
# this is not recommended, since the program can get stuck in an infinite loop.
|
||||||
|
retries: 5
|
||||||
|
# The delay in seconds to sleep between automatic reconnections.
|
||||||
|
retry_delay: 1
|
||||||
|
# The threshold below which the library should automatically sleep on flood wait errors
|
||||||
|
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
||||||
|
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
||||||
|
# the error instead. Values larger than a day (86400) will be changed to a day.
|
||||||
|
flood_sleep_threshold: 60
|
||||||
|
# How many times a request should be retried. Request are retried when Telegram is having
|
||||||
|
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
||||||
|
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
||||||
|
# is not recommended, since some requests can always trigger a call fail (such as searching
|
||||||
|
# for messages).
|
||||||
|
request_retries: 5
|
||||||
|
|
||||||
|
# Device info sent to Telegram.
|
||||||
|
device_info:
|
||||||
|
# "auto" = OS name+version.
|
||||||
|
device_model: auto
|
||||||
|
# "auto" = Telethon version.
|
||||||
|
system_version: auto
|
||||||
|
# "auto" = mautrix-telegram version.
|
||||||
|
app_version: auto
|
||||||
|
lang_code: en
|
||||||
|
system_lang_code: en
|
||||||
|
|
||||||
|
# Custom server to connect to.
|
||||||
|
server:
|
||||||
|
# Set to true to use these server settings. If false, will automatically
|
||||||
|
# use production server assigned by Telegram. Set to false in production.
|
||||||
|
enabled: false
|
||||||
|
# The DC ID to connect to.
|
||||||
|
dc: 2
|
||||||
|
# The IP to connect to.
|
||||||
|
ip: 149.154.167.40
|
||||||
|
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
||||||
|
port: 80
|
||||||
|
|
||||||
|
# Telethon proxy configuration.
|
||||||
|
# You must install PySocks from pip for proxies to work.
|
||||||
|
proxy:
|
||||||
|
# Allowed types: disabled, socks4, socks5, http
|
||||||
|
type: disabled
|
||||||
|
# Proxy IP address and port.
|
||||||
|
address: 127.0.0.1
|
||||||
|
port: 1080
|
||||||
|
# Whether or not to perform DNS resolving remotely.
|
||||||
|
rdns: true
|
||||||
|
# Proxy authentication (optional).
|
||||||
|
username: ""
|
||||||
|
password: ""
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
telethon:
|
||||||
|
level: DEBUG
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [console]
|
|
@ -11,21 +11,22 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
|
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
|
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
|
||||||
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
|
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
|
||||||
{{ matrix_mautrix_telegram_docker_image }} \
|
{{ matrix_mautrix_telegram_docker_image }} \
|
||||||
alembic -x config=/config/config.yaml upgrade head
|
alembic -x config=/config/config.yaml upgrade head
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
||||||
{{ matrix_mautrix_telegram_docker_image }} \
|
{{ matrix_mautrix_telegram_docker_image }} \
|
||||||
python3 -m mautrix_telegram -c /config/config.yaml
|
python3 -m mautrix_telegram -c /config/config.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-telegram
|
SyslogIdentifier=matrix-mautrix-telegram
|
||||||
|
|
|
@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mautrix_whatsapp_configuration_yaml: |
|
matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
# Homeserver details.
|
|
||||||
homeserver:
|
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
|
||||||
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
|
||||||
# The domain of the homeserver (for MXIDs, etc).
|
|
||||||
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
|
||||||
# Application service host/registration related details.
|
|
||||||
# Changing these values requires regeneration of the registration.
|
|
||||||
|
|
||||||
appservice:
|
|
||||||
# The address that the homeserver can use to connect to this appservice.
|
|
||||||
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
|
||||||
|
|
||||||
# The hostname and port where this appservice should listen.
|
|
||||||
hostname: 0.0.0.0
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
# Database config.
|
|
||||||
database:
|
|
||||||
# The database type. "sqlite3" and "postgres" are supported.
|
|
||||||
type: sqlite3
|
|
||||||
# The database URI.
|
|
||||||
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
|
||||||
# Postgres: Connection string. For example, postgres://user:password@host/database
|
|
||||||
uri: mautrix-whatsapp.db
|
|
||||||
# Maximum number of connections. Mostly relevant for Postgres.
|
|
||||||
max_open_conns: 20
|
|
||||||
max_idle_conns: 2
|
|
||||||
|
|
||||||
# Path to the Matrix room state store.
|
|
||||||
state_store_path: ./mx-state.json
|
|
||||||
|
|
||||||
# The unique ID of this appservice.
|
|
||||||
id: whatsapp
|
|
||||||
# Appservice bot details.
|
|
||||||
bot:
|
|
||||||
# Username of the appservice bot.
|
|
||||||
username: whatsappbot
|
|
||||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
|
||||||
# to leave display name/avatar as-is.
|
|
||||||
displayname: WhatsApp bridge bot
|
|
||||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
|
||||||
|
|
||||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
|
||||||
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
|
||||||
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
|
||||||
|
|
||||||
# Bridge config
|
|
||||||
bridge:
|
|
||||||
# Localpart template of MXIDs for WhatsApp users.
|
|
||||||
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
|
||||||
username_template: "{{ 'whatsapp_{{.}}' }}"
|
|
||||||
# Displayname template for WhatsApp users.
|
|
||||||
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
|
||||||
# {{ '{{.Jid}}' }} - phone number (international format)
|
|
||||||
# The following variables are also available, but will cause problems on multi-user instances:
|
|
||||||
# {{ '{{.Name}}' }} - display name from contact list
|
|
||||||
# {{ '{{.Short}}' }} - short display name from contact list
|
|
||||||
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
|
||||||
# WhatsApp connection timeout in seconds.
|
|
||||||
connection_timeout: 20
|
|
||||||
# Maximum number of times to retry connecting on connection error.
|
|
||||||
max_connection_attempts: 3
|
|
||||||
# Number of seconds to wait between connection attempts.
|
|
||||||
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
|
||||||
connection_retry_delay: -1
|
|
||||||
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
|
||||||
# If false, it will only report when it stops retrying.
|
|
||||||
report_connection_retry: true
|
|
||||||
# Maximum number of seconds to wait for chats to be sent at startup.
|
|
||||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
|
||||||
chat_list_wait: 30
|
|
||||||
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
|
||||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
|
||||||
portal_sync_wait: 600
|
|
||||||
|
|
||||||
# Whether or not to send call start/end notices to Matrix.
|
|
||||||
call_notices:
|
|
||||||
start: true
|
|
||||||
end: true
|
|
||||||
|
|
||||||
# Number of chats to sync for new users.
|
|
||||||
initial_chat_sync_count: 10
|
|
||||||
# Number of old messages to fill when creating new portal rooms.
|
|
||||||
initial_history_fill_count: 20
|
|
||||||
# Maximum number of chats to sync when recovering from downtime.
|
|
||||||
# Set to -1 to sync all new chats during downtime.
|
|
||||||
recovery_chat_sync_limit: -1
|
|
||||||
# Whether or not to sync history when recovering from downtime.
|
|
||||||
recovery_history_backfill: true
|
|
||||||
# Maximum number of seconds since last message in chat to skip
|
|
||||||
# syncing the chat in any case. This setting will take priority
|
|
||||||
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
|
||||||
# Default is 3 days = 259200 seconds
|
|
||||||
sync_max_chat_age: 259200
|
|
||||||
|
|
||||||
# Whether or not to sync with custom puppets to receive EDUs that
|
|
||||||
# are not normally sent to appservices.
|
|
||||||
sync_with_custom_puppets: true
|
|
||||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#
|
|
||||||
# If set, custom puppets will be enabled automatically for local users
|
|
||||||
# instead of users having to find an access token and run `login-matrix`
|
|
||||||
# manually.
|
|
||||||
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
|
||||||
|
|
||||||
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
|
||||||
# chat portals when backfilling if needed.
|
|
||||||
# This always uses the default puppet instead of custom puppets due to
|
|
||||||
# rate limits and timestamp massaging.
|
|
||||||
invite_own_puppet_for_backfilling: true
|
|
||||||
# Whether or not to explicitly set the avatar and room name for private
|
|
||||||
# chat portal rooms. This can be useful if the previous field works fine,
|
|
||||||
# but causes room avatar/name bugs.
|
|
||||||
private_chat_portal_meta: false
|
|
||||||
|
|
||||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
|
||||||
# users (private chat and groups)
|
|
||||||
allow_user_invite: false
|
|
||||||
|
|
||||||
# The prefix for commands. Only required in non-management rooms.
|
|
||||||
command_prefix: "!wa"
|
|
||||||
|
|
||||||
# Permissions for using the bridge.
|
|
||||||
# Permitted values:
|
|
||||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
|
||||||
# admin - User level and some additional administration tools
|
|
||||||
# Permitted keys:
|
|
||||||
# * - All Matrix users
|
|
||||||
# domain - All users on that homeserver
|
|
||||||
# mxid - Specific user
|
|
||||||
permissions:
|
|
||||||
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
|
||||||
|
|
||||||
relaybot:
|
|
||||||
# Whether or not relaybot support is enabled.
|
|
||||||
enabled: false
|
|
||||||
# The management room for the bot. This is where all status notifications are posted and
|
|
||||||
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
|
||||||
# the command prefix completely like in user management rooms is not possible.
|
|
||||||
management: '!foo:example.com'
|
|
||||||
# List of users to invite to all created rooms that include the relaybot.
|
|
||||||
invites: []
|
|
||||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
|
||||||
message_formats:
|
|
||||||
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
|
||||||
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
|
||||||
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
|
||||||
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
|
||||||
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
|
||||||
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
|
||||||
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
|
||||||
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
|
||||||
# Logging config.
|
|
||||||
logging:
|
|
||||||
# The directory for log files. Will be created if not found.
|
|
||||||
directory: ./logs
|
|
||||||
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
|
||||||
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
|
||||||
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
|
||||||
file_date_format: "2006-01-02"
|
|
||||||
# Log file permissions.
|
|
||||||
file_mode: 0600
|
|
||||||
# Timestamp format for log entries in the Go time format.
|
|
||||||
timestamp_format: "Jan _2, 2006 15:04:05"
|
|
||||||
# Minimum severity for log messages.
|
|
||||||
# Options: debug, info, warn, error, fatal
|
|
||||||
print_level: debug
|
|
||||||
|
|
||||||
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,169 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details.
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
||||||
|
# Application service host/registration related details.
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
|
||||||
|
# Database config.
|
||||||
|
database:
|
||||||
|
# The database type. "sqlite3" and "postgres" are supported.
|
||||||
|
type: sqlite3
|
||||||
|
# The database URI.
|
||||||
|
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
||||||
|
# Postgres: Connection string. For example, postgres://user:password@host/database
|
||||||
|
uri: mautrix-whatsapp.db
|
||||||
|
# Maximum number of connections. Mostly relevant for Postgres.
|
||||||
|
max_open_conns: 20
|
||||||
|
max_idle_conns: 2
|
||||||
|
|
||||||
|
# Path to the Matrix room state store.
|
||||||
|
state_store_path: ./mx-state.json
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: whatsapp
|
||||||
|
# Appservice bot details.
|
||||||
|
bot:
|
||||||
|
# Username of the appservice bot.
|
||||||
|
username: whatsappbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
displayname: WhatsApp bridge bot
|
||||||
|
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||||
|
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
||||||
|
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for WhatsApp users.
|
||||||
|
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
||||||
|
username_template: "{{ 'whatsapp_{{.}}' }}"
|
||||||
|
# Displayname template for WhatsApp users.
|
||||||
|
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
||||||
|
# {{ '{{.Jid}}' }} - phone number (international format)
|
||||||
|
# The following variables are also available, but will cause problems on multi-user instances:
|
||||||
|
# {{ '{{.Name}}' }} - display name from contact list
|
||||||
|
# {{ '{{.Short}}' }} - short display name from contact list
|
||||||
|
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
||||||
|
# WhatsApp connection timeout in seconds.
|
||||||
|
connection_timeout: 20
|
||||||
|
# Maximum number of times to retry connecting on connection error.
|
||||||
|
max_connection_attempts: 3
|
||||||
|
# Number of seconds to wait between connection attempts.
|
||||||
|
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
||||||
|
connection_retry_delay: -1
|
||||||
|
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
||||||
|
# If false, it will only report when it stops retrying.
|
||||||
|
report_connection_retry: true
|
||||||
|
# Maximum number of seconds to wait for chats to be sent at startup.
|
||||||
|
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||||
|
chat_list_wait: 30
|
||||||
|
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
||||||
|
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||||
|
portal_sync_wait: 600
|
||||||
|
|
||||||
|
# Whether or not to send call start/end notices to Matrix.
|
||||||
|
call_notices:
|
||||||
|
start: true
|
||||||
|
end: true
|
||||||
|
|
||||||
|
# Number of chats to sync for new users.
|
||||||
|
initial_chat_sync_count: 10
|
||||||
|
# Number of old messages to fill when creating new portal rooms.
|
||||||
|
initial_history_fill_count: 20
|
||||||
|
# Maximum number of chats to sync when recovering from downtime.
|
||||||
|
# Set to -1 to sync all new chats during downtime.
|
||||||
|
recovery_chat_sync_limit: -1
|
||||||
|
# Whether or not to sync history when recovering from downtime.
|
||||||
|
recovery_history_backfill: true
|
||||||
|
# Maximum number of seconds since last message in chat to skip
|
||||||
|
# syncing the chat in any case. This setting will take priority
|
||||||
|
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
||||||
|
# Default is 3 days = 259200 seconds
|
||||||
|
sync_max_chat_age: 259200
|
||||||
|
|
||||||
|
# Whether or not to sync with custom puppets to receive EDUs that
|
||||||
|
# are not normally sent to appservices.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#
|
||||||
|
# If set, custom puppets will be enabled automatically for local users
|
||||||
|
# instead of users having to find an access token and run `login-matrix`
|
||||||
|
# manually.
|
||||||
|
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
||||||
|
|
||||||
|
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
||||||
|
# chat portals when backfilling if needed.
|
||||||
|
# This always uses the default puppet instead of custom puppets due to
|
||||||
|
# rate limits and timestamp massaging.
|
||||||
|
invite_own_puppet_for_backfilling: true
|
||||||
|
# Whether or not to explicitly set the avatar and room name for private
|
||||||
|
# chat portal rooms. This can be useful if the previous field works fine,
|
||||||
|
# but causes room avatar/name bugs.
|
||||||
|
private_chat_portal_meta: false
|
||||||
|
|
||||||
|
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||||
|
# users (private chat and groups)
|
||||||
|
allow_user_invite: false
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!wa"
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||||
|
# admin - User level and some additional administration tools
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
||||||
|
|
||||||
|
relaybot:
|
||||||
|
# Whether or not relaybot support is enabled.
|
||||||
|
enabled: false
|
||||||
|
# The management room for the bot. This is where all status notifications are posted and
|
||||||
|
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
||||||
|
# the command prefix completely like in user management rooms is not possible.
|
||||||
|
management: '!foo:example.com'
|
||||||
|
# List of users to invite to all created rooms that include the relaybot.
|
||||||
|
invites: []
|
||||||
|
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||||
|
message_formats:
|
||||||
|
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||||
|
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
||||||
|
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||||
|
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
||||||
|
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
||||||
|
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
||||||
|
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
||||||
|
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
||||||
|
# Logging config.
|
||||||
|
logging:
|
||||||
|
# The directory for log files. Will be created if not found.
|
||||||
|
directory: ./logs
|
||||||
|
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
||||||
|
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
||||||
|
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
||||||
|
file_date_format: "2006-01-02"
|
||||||
|
# Log file permissions.
|
||||||
|
file_mode: 0600
|
||||||
|
# Timestamp format for log entries in the Go time format.
|
||||||
|
timestamp_format: "Jan _2, 2006 15:04:05"
|
||||||
|
# Minimum severity for log messages.
|
||||||
|
# Options: debug, info, warn, error, fatal
|
||||||
|
print_level: debug
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
||||||
{{ matrix_mautrix_whatsapp_docker_image }} \
|
{{ matrix_mautrix_whatsapp_docker_image }} \
|
||||||
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
|
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mautrix-whatsapp
|
SyslogIdentifier=matrix-mautrix-whatsapp
|
||||||
|
|
|
@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mx_puppet_skype_configuration_yaml: |
|
matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Address for the bridge to bind to; if running as a Docker container, you
|
|
||||||
# probably want 0.0.0.0 here
|
|
||||||
bindAddress: 0.0.0.0
|
|
||||||
# Port to host the bridge on which your homeserver will connect to
|
|
||||||
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
|
||||||
# Name of your homeserver
|
|
||||||
domain: {{ matrix_domain }}
|
|
||||||
# URL where the bridge can connect to your homeserver
|
|
||||||
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
|
||||||
# Optionally specify a different media URL used for the media store
|
|
||||||
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
|
||||||
# This enabled automatic double-puppeting:
|
|
||||||
# A map for shared secrets of the homeserver URL to the shared secret
|
|
||||||
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
|
||||||
#loginSharedSecretMap:
|
|
||||||
# yourserver.com: supersecretsharedsecret
|
|
||||||
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
|
||||||
loginSharedSecretMap:
|
|
||||||
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
|
||||||
{% endif %}
|
|
||||||
# optionally override the display name of the bridge bot
|
|
||||||
#displayname: Protocol Bot
|
|
||||||
# optionally set the avatar of the bridge bot
|
|
||||||
#avatarUrl: mxc://yourserver.com/somefile
|
|
||||||
|
|
||||||
logging:
|
|
||||||
# Log level of console output
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
console: info
|
|
||||||
# Optionally, you can apply filters to the console logging
|
|
||||||
#console:
|
|
||||||
# level: info
|
|
||||||
# enabled:
|
|
||||||
# - Store
|
|
||||||
# disabled:
|
|
||||||
# - PresenceHandler
|
|
||||||
|
|
||||||
# Date and time formatting
|
|
||||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
|
||||||
# Logging files
|
|
||||||
# Log files are rotated daily by default
|
|
||||||
files:
|
|
||||||
# Log file path
|
|
||||||
- file: "/data/bridge.log"
|
|
||||||
# Log level for this file
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
level: info
|
|
||||||
# Date and time formatting
|
|
||||||
datePattern: YYYY-MM-DD
|
|
||||||
# Maximum number of logs to keep.
|
|
||||||
# This can be a number of files or number of days.
|
|
||||||
# If using days, add 'd' as a suffix
|
|
||||||
maxFiles: 14d
|
|
||||||
# Maximum size of the file after which it will rotate. This can be a
|
|
||||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
|
||||||
# 'k', 'm', or 'g' as the suffix
|
|
||||||
maxSize: 50m
|
|
||||||
# Optionally enable/disable logging for certain modules
|
|
||||||
#disabled:
|
|
||||||
# - PresenceHandler
|
|
||||||
# - module: bot-sdk-MatrixLiteClient
|
|
||||||
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
|
||||||
#enabled:
|
|
||||||
# - Store
|
|
||||||
|
|
||||||
database:
|
|
||||||
# Use Postgres as a database backend
|
|
||||||
# If set, will be used instead of SQLite3
|
|
||||||
# Connection string to connect to the Postgres instance
|
|
||||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
|
||||||
# Modify each value as necessary
|
|
||||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
|
||||||
# Use SQLite3 as a database backend
|
|
||||||
# The name of the database file
|
|
||||||
filename: /data/database.db
|
|
||||||
|
|
||||||
provisioning:
|
|
||||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
|
||||||
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
|
||||||
# Allow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Allow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
# Allow anyone
|
|
||||||
#- ".*"
|
|
||||||
|
|
||||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
|
||||||
#blacklist:
|
|
||||||
# Disallow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Disallow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
|
||||||
|
|
||||||
presence:
|
|
||||||
# Bridge online/offline status
|
|
||||||
enabled: true
|
|
||||||
# How often to send status to the homeserver in milliseconds
|
|
||||||
interval: 500
|
|
||||||
# if the im.vector.user_status state setting should be diabled
|
|
||||||
#disableStatusState: false
|
|
||||||
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
|
||||||
#statusStateBlacklist:
|
|
||||||
# - baduser
|
|
||||||
|
|
||||||
relay:
|
|
||||||
# Regex of Matrix IDs to allow to use the relay mode
|
|
||||||
# Same format as in provisioning
|
|
||||||
#whitelist:
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
|
||||||
|
|
||||||
#blacklist:
|
|
||||||
#- "@user:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
|
||||||
|
|
||||||
# Map certain homeserver URLs to the C-S API endpoint
|
|
||||||
# Useful for double-puppeting if .well-known is unavailable for some reason
|
|
||||||
#homeserverUrlMap:
|
|
||||||
# yourserver.com: http://localhost:1234
|
|
||||||
|
|
||||||
namePatterns:
|
|
||||||
# Override the protocols set default name patterns
|
|
||||||
# Which variables are available depends on protocol implementation
|
|
||||||
user: :name
|
|
||||||
room: :name
|
|
||||||
|
|
||||||
limits:
|
|
||||||
# Up to how many users should be auto-joined on room creation? -1 to disable
|
|
||||||
# Defaults to 200
|
|
||||||
maxAutojoinUsers: 200
|
|
||||||
# How long the delay between two autojoin users should be, in millisectonds.
|
|
||||||
# Defaults to 5000
|
|
||||||
roomUserAutojoinDelay: 5000
|
|
||||||
|
|
||||||
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Address for the bridge to bind to; if running as a Docker container, you
|
||||||
|
# probably want 0.0.0.0 here
|
||||||
|
bindAddress: 0.0.0.0
|
||||||
|
# Port to host the bridge on which your homeserver will connect to
|
||||||
|
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
||||||
|
# Name of your homeserver
|
||||||
|
domain: {{ matrix_domain }}
|
||||||
|
# URL where the bridge can connect to your homeserver
|
||||||
|
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
||||||
|
# Optionally specify a different media URL used for the media store
|
||||||
|
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
||||||
|
# This enabled automatic double-puppeting:
|
||||||
|
# A map for shared secrets of the homeserver URL to the shared secret
|
||||||
|
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
|
#loginSharedSecretMap:
|
||||||
|
# yourserver.com: supersecretsharedsecret
|
||||||
|
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
||||||
|
loginSharedSecretMap:
|
||||||
|
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||||
|
{% endif %}
|
||||||
|
# optionally override the display name of the bridge bot
|
||||||
|
#displayname: Protocol Bot
|
||||||
|
# optionally set the avatar of the bridge bot
|
||||||
|
#avatarUrl: mxc://yourserver.com/somefile
|
||||||
|
|
||||||
|
logging:
|
||||||
|
# Log level of console output
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
console: info
|
||||||
|
# Optionally, you can apply filters to the console logging
|
||||||
|
#console:
|
||||||
|
# level: info
|
||||||
|
# enabled:
|
||||||
|
# - Store
|
||||||
|
# disabled:
|
||||||
|
# - PresenceHandler
|
||||||
|
|
||||||
|
# Date and time formatting
|
||||||
|
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||||
|
# Logging files
|
||||||
|
# Log files are rotated daily by default
|
||||||
|
files:
|
||||||
|
# Log file path
|
||||||
|
- file: "/data/bridge.log"
|
||||||
|
# Log level for this file
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
level: info
|
||||||
|
# Date and time formatting
|
||||||
|
datePattern: YYYY-MM-DD
|
||||||
|
# Maximum number of logs to keep.
|
||||||
|
# This can be a number of files or number of days.
|
||||||
|
# If using days, add 'd' as a suffix
|
||||||
|
maxFiles: 14d
|
||||||
|
# Maximum size of the file after which it will rotate. This can be a
|
||||||
|
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||||
|
# 'k', 'm', or 'g' as the suffix
|
||||||
|
maxSize: 50m
|
||||||
|
# Optionally enable/disable logging for certain modules
|
||||||
|
#disabled:
|
||||||
|
# - PresenceHandler
|
||||||
|
# - module: bot-sdk-MatrixLiteClient
|
||||||
|
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
||||||
|
#enabled:
|
||||||
|
# - Store
|
||||||
|
|
||||||
|
database:
|
||||||
|
# Use Postgres as a database backend
|
||||||
|
# If set, will be used instead of SQLite3
|
||||||
|
# Connection string to connect to the Postgres instance
|
||||||
|
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||||
|
# Modify each value as necessary
|
||||||
|
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||||
|
# Use SQLite3 as a database backend
|
||||||
|
# The name of the database file
|
||||||
|
filename: /data/database.db
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
|
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
||||||
|
# Allow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Allow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
# Allow anyone
|
||||||
|
#- ".*"
|
||||||
|
|
||||||
|
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||||
|
#blacklist:
|
||||||
|
# Disallow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Disallow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# Bridge online/offline status
|
||||||
|
enabled: true
|
||||||
|
# How often to send status to the homeserver in milliseconds
|
||||||
|
interval: 500
|
||||||
|
# if the im.vector.user_status state setting should be diabled
|
||||||
|
#disableStatusState: false
|
||||||
|
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
||||||
|
#statusStateBlacklist:
|
||||||
|
# - baduser
|
||||||
|
|
||||||
|
relay:
|
||||||
|
# Regex of Matrix IDs to allow to use the relay mode
|
||||||
|
# Same format as in provisioning
|
||||||
|
#whitelist:
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
||||||
|
|
||||||
|
#blacklist:
|
||||||
|
#- "@user:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
||||||
|
|
||||||
|
# Map certain homeserver URLs to the C-S API endpoint
|
||||||
|
# Useful for double-puppeting if .well-known is unavailable for some reason
|
||||||
|
#homeserverUrlMap:
|
||||||
|
# yourserver.com: http://localhost:1234
|
||||||
|
|
||||||
|
namePatterns:
|
||||||
|
# Override the protocols set default name patterns
|
||||||
|
# Which variables are available depends on protocol implementation
|
||||||
|
user: :name
|
||||||
|
room: :name
|
||||||
|
|
||||||
|
limits:
|
||||||
|
# Up to how many users should be auto-joined on room creation? -1 to disable
|
||||||
|
# Defaults to 200
|
||||||
|
maxAutojoinUsers: 200
|
||||||
|
# How long the delay between two autojoin users should be, in millisectonds.
|
||||||
|
# Defaults to 5000
|
||||||
|
roomUserAutojoinDelay: 5000
|
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mx_puppet_skype_docker_image }}
|
{{ matrix_mx_puppet_skype_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mx-puppet-skype
|
SyslogIdentifier=matrix-mx-puppet-skype
|
||||||
|
|
|
@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true
|
||||||
|
|
||||||
matrix_mx_puppet_slack_container_image_self_build: false
|
matrix_mx_puppet_slack_container_image_self_build: false
|
||||||
|
|
||||||
|
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
|
||||||
|
#
|
||||||
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
|
||||||
|
matrix_mx_puppet_slack_container_http_host_bind_port: ''
|
||||||
|
|
||||||
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
|
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
|
||||||
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
|
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -47,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
|
||||||
matrix_mx_puppet_slack_appservice_token: ''
|
matrix_mx_puppet_slack_appservice_token: ''
|
||||||
matrix_mx_puppet_slack_homeserver_token: ''
|
matrix_mx_puppet_slack_homeserver_token: ''
|
||||||
|
|
||||||
|
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||||
|
matrix_mx_puppet_slack_login_shared_secret: ''
|
||||||
|
|
||||||
# Default configuration template which covers the generic use case.
|
# Default configuration template which covers the generic use case.
|
||||||
# You can customize it by controlling the various variables inside it.
|
# You can customize it by controlling the various variables inside it.
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mx_puppet_slack_configuration_yaml: |
|
matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: "True"
|
|
||||||
bridge:
|
|
||||||
# Port to host the bridge on
|
|
||||||
# Used for communication between the homeserver and the bridge
|
|
||||||
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
|
||||||
# The host connections to the bridge's webserver are allowed from
|
|
||||||
bindAddress: 0.0.0.0
|
|
||||||
# Public domain of the homeserver
|
|
||||||
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
|
||||||
# Reachable URL of the Matrix homeserver
|
|
||||||
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
|
||||||
|
|
||||||
|
|
||||||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
|
||||||
oauth:
|
|
||||||
enabled: false
|
|
||||||
# Slack app credentials.
|
|
||||||
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
|
||||||
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
|
||||||
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
|
||||||
# Path where to listen for OAuth redirect callbacks.
|
|
||||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
|
||||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
|
||||||
# then set this field and the Slack app redirect URI field to the former.
|
|
||||||
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
|
||||||
|
|
||||||
presence:
|
|
||||||
# Bridge Discord online/offline status
|
|
||||||
enabled: true
|
|
||||||
# How often to send status to the homeserver in milliseconds
|
|
||||||
interval: 500
|
|
||||||
|
|
||||||
provisioning:
|
|
||||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
|
||||||
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
|
||||||
# Allow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Allow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
# Allow anyone
|
|
||||||
#- ".*"
|
|
||||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
|
||||||
#blacklist:
|
|
||||||
# Disallow a specific user
|
|
||||||
#- "@user:server\\.com"
|
|
||||||
# Disallow users on a specific homeserver
|
|
||||||
#- "@.*:yourserver\\.com"
|
|
||||||
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
|
||||||
|
|
||||||
# Shared secret for the provisioning API for use by integration managers.
|
|
||||||
# If this is not set, the provisioning API will not be enabled.
|
|
||||||
#sharedSecret: random string
|
|
||||||
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
|
||||||
apiPrefix: /_matrix/provision
|
|
||||||
|
|
||||||
database:
|
|
||||||
# Use Postgres as a database backend
|
|
||||||
# If set, will be used instead of SQLite3
|
|
||||||
# Connection string to connect to the Postgres instance
|
|
||||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
|
||||||
# Modify each value as necessary
|
|
||||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
|
||||||
# Use SQLite3 as a database backend
|
|
||||||
# The name of the database file
|
|
||||||
filename: /data/database.db
|
|
||||||
|
|
||||||
logging:
|
|
||||||
# Log level of console output
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
console: info
|
|
||||||
# Date and time formatting
|
|
||||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
|
||||||
# Logging files
|
|
||||||
# Log files are rotated daily by default
|
|
||||||
files:
|
|
||||||
# Log file path
|
|
||||||
- file: "/data/bridge.log"
|
|
||||||
# Log level for this file
|
|
||||||
# Allowed values starting with most verbose:
|
|
||||||
# silly, debug, verbose, info, warn, error
|
|
||||||
level: info
|
|
||||||
# Date and time formatting
|
|
||||||
datePattern: YYYY-MM-DD
|
|
||||||
# Maximum number of logs to keep.
|
|
||||||
# This can be a number of files or number of days.
|
|
||||||
# If using days, add 'd' as a suffix
|
|
||||||
maxFiles: 14d
|
|
||||||
# Maximum size of the file after which it will rotate. This can be a
|
|
||||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
|
||||||
# 'k', 'm', or 'g' as the suffix
|
|
||||||
maxSize: 50m
|
|
||||||
|
|
||||||
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration goes here.
|
# Your custom YAML configuration goes here.
|
||||||
|
|
|
@ -50,17 +50,17 @@
|
||||||
}}
|
}}
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
when: matrix_appservice_slack_enabled|bool
|
when: matrix_mx_puppet_slack_enabled|bool
|
||||||
|
|
||||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||||
debug:
|
debug:
|
||||||
msg: >-
|
msg: >-
|
||||||
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
|
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
|
||||||
reverse proxy.
|
reverse proxy.
|
||||||
Please make sure that you're proxying the `{{ something }}`
|
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
|
||||||
URL endpoint to the matrix-appservice-slack container.
|
URL endpoint to the matrix-mx-puppet-slack container.
|
||||||
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
|
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
|
||||||
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||||
|
|
||||||
# ansible lower than 2.8, does not support docker_image build parameters
|
# ansible lower than 2.8, does not support docker_image build parameters
|
||||||
# for self buildig it is explicitly needed, so we rather fail here
|
# for self buildig it is explicitly needed, so we rather fail here
|
||||||
|
|
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
bridge:
|
||||||
|
# Port to host the bridge on
|
||||||
|
# Used for communication between the homeserver and the bridge
|
||||||
|
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
||||||
|
# The host connections to the bridge's webserver are allowed from
|
||||||
|
bindAddress: 0.0.0.0
|
||||||
|
# Public domain of the homeserver
|
||||||
|
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
||||||
|
# Reachable URL of the Matrix homeserver
|
||||||
|
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
||||||
|
{% if matrix_mx_puppet_slack_login_shared_secret != '' %}
|
||||||
|
loginSharedSecretMap:
|
||||||
|
{{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||||
|
oauth:
|
||||||
|
enabled: true
|
||||||
|
# Slack app credentials.
|
||||||
|
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
||||||
|
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
||||||
|
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
||||||
|
# Path where to listen for OAuth redirect callbacks.
|
||||||
|
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||||
|
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||||
|
# then set this field and the Slack app redirect URI field to the former.
|
||||||
|
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
||||||
|
|
||||||
|
presence:
|
||||||
|
# Bridge Discord online/offline status
|
||||||
|
enabled: true
|
||||||
|
# How often to send status to the homeserver in milliseconds
|
||||||
|
interval: 500
|
||||||
|
|
||||||
|
provisioning:
|
||||||
|
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||||
|
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
||||||
|
# Allow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Allow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
# Allow anyone
|
||||||
|
#- ".*"
|
||||||
|
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||||
|
#blacklist:
|
||||||
|
# Disallow a specific user
|
||||||
|
#- "@user:server\\.com"
|
||||||
|
# Disallow users on a specific homeserver
|
||||||
|
#- "@.*:yourserver\\.com"
|
||||||
|
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
||||||
|
|
||||||
|
# Shared secret for the provisioning API for use by integration managers.
|
||||||
|
# If this is not set, the provisioning API will not be enabled.
|
||||||
|
#sharedSecret: random string
|
||||||
|
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
||||||
|
apiPrefix: /_matrix/provision
|
||||||
|
|
||||||
|
database:
|
||||||
|
# Use Postgres as a database backend
|
||||||
|
# If set, will be used instead of SQLite3
|
||||||
|
# Connection string to connect to the Postgres instance
|
||||||
|
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||||
|
# Modify each value as necessary
|
||||||
|
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||||
|
# Use SQLite3 as a database backend
|
||||||
|
# The name of the database file
|
||||||
|
filename: /data/database.db
|
||||||
|
|
||||||
|
logging:
|
||||||
|
# Log level of console output
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
console: info
|
||||||
|
# Date and time formatting
|
||||||
|
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||||
|
# Logging files
|
||||||
|
# Log files are rotated daily by default
|
||||||
|
files:
|
||||||
|
# Log file path
|
||||||
|
- file: "/data/bridge.log"
|
||||||
|
# Log level for this file
|
||||||
|
# Allowed values starting with most verbose:
|
||||||
|
# silly, debug, verbose, info, warn, error
|
||||||
|
level: info
|
||||||
|
# Date and time formatting
|
||||||
|
datePattern: YYYY-MM-DD
|
||||||
|
# Maximum number of logs to keep.
|
||||||
|
# This can be a number of files or number of days.
|
||||||
|
# If using days, add 'd' as a suffix
|
||||||
|
maxFiles: 14d
|
||||||
|
# Maximum size of the file after which it will rotate. This can be a
|
||||||
|
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||||
|
# 'k', 'm', or 'g' as the suffix
|
||||||
|
maxSize: 50m
|
|
@ -11,17 +11,20 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||||
|
|
||||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||||
ExecStartPre=/bin/sleep 5
|
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if matrix_mx_puppet_slack_container_http_host_bind_port %}
|
||||||
|
-p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \
|
||||||
|
{% endif %}
|
||||||
-e CONFIG_PATH=/config/config.yaml \
|
-e CONFIG_PATH=/config/config.yaml \
|
||||||
-e REGISTRATION_PATH=/config/registration.yaml \
|
-e REGISTRATION_PATH=/config/registration.yaml \
|
||||||
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
|
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
|
||||||
|
@ -31,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mx_puppet_slack_docker_image }}
|
{{ matrix_mx_puppet_slack_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mx-puppet-slack
|
SyslogIdentifier=matrix-mx-puppet-slack
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-corporal
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-corporal
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
||||||
{{ matrix_corporal_docker_image }} \
|
{{ matrix_corporal_docker_image }} \
|
||||||
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-corporal
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||||
ExecStop=-/usr/bin/docker rm matrix-corporal
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-corporal
|
SyslogIdentifier=matrix-corporal
|
||||||
|
|
|
@ -99,7 +99,7 @@
|
||||||
hour: "4"
|
hour: "4"
|
||||||
minute: "20"
|
minute: "20"
|
||||||
day: "*/5"
|
day: "*/5"
|
||||||
job: /bin/systemctl reload matrix-coturn.service
|
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
|
||||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-coturn
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-coturn
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
||||||
{{ matrix_coturn_docker_image }} \
|
{{ matrix_coturn_docker_image }} \
|
||||||
-c /turnserver.conf
|
-c /turnserver.conf
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-coturn
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||||
ExecStop=-/usr/bin/docker rm matrix-coturn
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||||
|
|
||||||
# This only reloads certificates (not other configuration).
|
# This only reloads certificates (not other configuration).
|
||||||
# See: https://github.com/coturn/coturn/pull/236
|
# See: https://github.com/coturn/coturn/pull/236
|
||||||
ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
|
ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1
|
||||||
|
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
|
|
|
@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_dimension_configuration_yaml: |
|
matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
# The web settings for the service (API and UI).
|
|
||||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
|
||||||
web:
|
|
||||||
port: 8184
|
|
||||||
address: '0.0.0.0'
|
|
||||||
|
|
||||||
# Homeserver configuration
|
|
||||||
homeserver:
|
|
||||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
|
||||||
# setups, to identify the homeserver.
|
|
||||||
name: "{{ matrix_domain }}"
|
|
||||||
|
|
||||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
|
||||||
# use to access the homeserver with.
|
|
||||||
clientServerUrl: "http://matrix-synapse:8008"
|
|
||||||
|
|
||||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
|
||||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
|
||||||
# through the normal federation process.
|
|
||||||
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
|
||||||
|
|
||||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
|
||||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
|
||||||
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
|
||||||
|
|
||||||
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
|
||||||
# should be for a user on the configured homeserver: any user will do, however it is
|
|
||||||
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
|
||||||
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
|
||||||
accessToken: "{{ matrix_dimension_access_token }}"
|
|
||||||
|
|
||||||
# These users can modify the integrations this Dimension supports.
|
|
||||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
|
||||||
admins: {{ matrix_dimension_admins|to_json }}
|
|
||||||
|
|
||||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
|
||||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
|
||||||
widgetBlacklist:
|
|
||||||
- 10.0.0.0/8
|
|
||||||
- 172.16.0.0/12
|
|
||||||
- 192.168.0.0/16
|
|
||||||
- 127.0.0.0/8
|
|
||||||
|
|
||||||
# Where the database for Dimension is
|
|
||||||
database:
|
|
||||||
file: "dimension.db"
|
|
||||||
|
|
||||||
# Display settings that apply to self-hosted go-neb instances
|
|
||||||
goneb:
|
|
||||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
|
||||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
|
||||||
# make the bot's avatar an empty string.
|
|
||||||
avatars:
|
|
||||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
|
||||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
|
||||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
|
||||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
|
||||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
|
||||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
|
||||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
|
||||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
|
||||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
|
||||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
|
||||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
|
||||||
|
|
||||||
# Settings for how Dimension is represented to the public
|
|
||||||
dimension:
|
|
||||||
# This is where Dimension is accessible from clients. Be sure to set this
|
|
||||||
# to your own Dimension instance.
|
|
||||||
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
|
||||||
|
|
||||||
# Settings for controlling how logging works
|
|
||||||
logging:
|
|
||||||
file: /dev/null
|
|
||||||
console: true
|
|
||||||
consoleLevel: verbose
|
|
||||||
fileLevel: info
|
|
||||||
rotate:
|
|
||||||
size: 52428800 # bytes, default is 50mb
|
|
||||||
count: 5
|
|
||||||
|
|
||||||
|
|
||||||
matrix_dimension_configuration_extension_yaml: |
|
matrix_dimension_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for Dimension goes here.
|
# Your custom YAML configuration for Dimension goes here.
|
||||||
|
|
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
# The web settings for the service (API and UI).
|
||||||
|
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||||
|
web:
|
||||||
|
port: 8184
|
||||||
|
address: '0.0.0.0'
|
||||||
|
|
||||||
|
# Homeserver configuration
|
||||||
|
homeserver:
|
||||||
|
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||||
|
# setups, to identify the homeserver.
|
||||||
|
name: "{{ matrix_domain }}"
|
||||||
|
|
||||||
|
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||||
|
# use to access the homeserver with.
|
||||||
|
clientServerUrl: "http://matrix-synapse:8008"
|
||||||
|
|
||||||
|
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||||
|
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||||
|
# through the normal federation process.
|
||||||
|
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
||||||
|
|
||||||
|
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||||
|
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||||
|
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
|
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
||||||
|
# should be for a user on the configured homeserver: any user will do, however it is
|
||||||
|
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
||||||
|
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||||
|
accessToken: "{{ matrix_dimension_access_token }}"
|
||||||
|
|
||||||
|
# These users can modify the integrations this Dimension supports.
|
||||||
|
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||||
|
admins: {{ matrix_dimension_admins|to_json }}
|
||||||
|
|
||||||
|
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||||
|
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||||
|
widgetBlacklist:
|
||||||
|
- 10.0.0.0/8
|
||||||
|
- 172.16.0.0/12
|
||||||
|
- 192.168.0.0/16
|
||||||
|
- 127.0.0.0/8
|
||||||
|
|
||||||
|
# Where the database for Dimension is
|
||||||
|
database:
|
||||||
|
file: "dimension.db"
|
||||||
|
|
||||||
|
# Display settings that apply to self-hosted go-neb instances
|
||||||
|
goneb:
|
||||||
|
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||||
|
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||||
|
# make the bot's avatar an empty string.
|
||||||
|
avatars:
|
||||||
|
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||||
|
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||||
|
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||||
|
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||||
|
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||||
|
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||||
|
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||||
|
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||||
|
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||||
|
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||||
|
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||||
|
|
||||||
|
# Settings for how Dimension is represented to the public
|
||||||
|
dimension:
|
||||||
|
# This is where Dimension is accessible from clients. Be sure to set this
|
||||||
|
# to your own Dimension instance.
|
||||||
|
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
||||||
|
|
||||||
|
# Settings for controlling how logging works
|
||||||
|
logging:
|
||||||
|
file: /dev/null
|
||||||
|
console: true
|
||||||
|
consoleLevel: verbose
|
||||||
|
fileLevel: info
|
||||||
|
rotate:
|
||||||
|
size: 52428800 # bytes, default is 50mb
|
||||||
|
count: 5
|
|
@ -6,13 +6,13 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-dimension
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-dimension
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||||
|
|
||||||
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
|
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
|
||||||
ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
|
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_dimension_docker_image }}
|
{{ matrix_dimension_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-dimension
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||||
ExecStop=-/usr/bin/docker rm matrix-dimension
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-dimension
|
SyslogIdentifier=matrix-dimension
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_email2matrix_docker_image }}
|
{{ matrix_email2matrix_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-email2matrix
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||||
ExecStop=-/usr/bin/docker rm matrix-email2matrix
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-email2matrix
|
SyslogIdentifier=matrix-email2matrix
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
||||||
|
@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_jicofo_docker_image }}
|
{{ matrix_jitsi_jicofo_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-jicofo
|
SyslogIdentifier=matrix-jitsi-jicofo
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
||||||
|
@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_jvb_docker_image }}
|
{{ matrix_jitsi_jvb_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-jvb
|
SyslogIdentifier=matrix-jitsi-jvb
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
||||||
|
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_prosody_docker_image }}
|
{{ matrix_jitsi_prosody_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-prosody
|
SyslogIdentifier=matrix-jitsi-prosody
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_jitsi_web_base_path }}/env \
|
--env-file={{ matrix_jitsi_web_base_path }}/env \
|
||||||
|
@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_jitsi_web_docker_image }}
|
{{ matrix_jitsi_web_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-jitsi-web
|
SyslogIdentifier=matrix-jitsi-web
|
||||||
|
|
|
@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true
|
||||||
#
|
#
|
||||||
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_ma1sd_configuration_yaml: |
|
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
|
||||||
#jinja2: lstrip_blocks: True
|
|
||||||
matrix:
|
|
||||||
domain: {{ matrix_domain }}
|
|
||||||
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
|
||||||
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
|
||||||
|
|
||||||
server:
|
|
||||||
name: {{ matrix_server_fqn_matrix }}
|
|
||||||
|
|
||||||
key:
|
|
||||||
path: /var/ma1sd/sign.key
|
|
||||||
|
|
||||||
storage:
|
|
||||||
provider:
|
|
||||||
sqlite:
|
|
||||||
database: /var/ma1sd/ma1sd.db
|
|
||||||
|
|
||||||
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
|
||||||
dns:
|
|
||||||
overwrite:
|
|
||||||
homeserver:
|
|
||||||
client:
|
|
||||||
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
|
||||||
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
|
||||||
forward:
|
|
||||||
servers: ['matrix-org']
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
threepid:
|
|
||||||
medium:
|
|
||||||
email:
|
|
||||||
identity:
|
|
||||||
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
|
||||||
connectors:
|
|
||||||
smtp:
|
|
||||||
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
|
||||||
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
|
||||||
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
|
||||||
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
|
||||||
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
|
||||||
generators:
|
|
||||||
template:
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
|
||||||
invite: '/var/ma1sd/invite-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
||||||
session:
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
|
||||||
validation: '/var/ma1sd/validate-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
|
||||||
unbind:
|
|
||||||
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
|
||||||
generic:
|
|
||||||
matrixId: '/var/ma1sd/mxid-template.eml'
|
|
||||||
{% endif %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
synapseSql:
|
|
||||||
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
|
||||||
type: {{ matrix_ma1sd_synapsesql_type }}
|
|
||||||
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
|
||||||
|
|
||||||
matrix_ma1sd_configuration_extension_yaml: |
|
matrix_ma1sd_configuration_extension_yaml: |
|
||||||
# Your custom YAML configuration for ma1sd goes here.
|
# Your custom YAML configuration for ma1sd goes here.
|
||||||
|
|
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
|
matrix:
|
||||||
|
domain: {{ matrix_domain }}
|
||||||
|
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
||||||
|
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
||||||
|
|
||||||
|
server:
|
||||||
|
name: {{ matrix_server_fqn_matrix }}
|
||||||
|
|
||||||
|
key:
|
||||||
|
path: /var/ma1sd/sign.key
|
||||||
|
|
||||||
|
storage:
|
||||||
|
provider:
|
||||||
|
sqlite:
|
||||||
|
database: /var/ma1sd/ma1sd.db
|
||||||
|
|
||||||
|
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
||||||
|
dns:
|
||||||
|
overwrite:
|
||||||
|
homeserver:
|
||||||
|
client:
|
||||||
|
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
||||||
|
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
||||||
|
forward:
|
||||||
|
servers: ['matrix-org']
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
threepid:
|
||||||
|
medium:
|
||||||
|
email:
|
||||||
|
identity:
|
||||||
|
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
||||||
|
connectors:
|
||||||
|
smtp:
|
||||||
|
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
||||||
|
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
||||||
|
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
||||||
|
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
||||||
|
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
||||||
|
generators:
|
||||||
|
template:
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
||||||
|
invite: '/var/ma1sd/invite-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||||
|
session:
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
||||||
|
validation: '/var/ma1sd/validate-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||||
|
unbind:
|
||||||
|
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
||||||
|
generic:
|
||||||
|
matrixId: '/var/ma1sd/mxid-template.eml'
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
synapseSql:
|
||||||
|
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
||||||
|
type: {{ matrix_ma1sd_synapsesql_type }}
|
||||||
|
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
|
@ -11,12 +11,12 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-ma1sd
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-ma1sd
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||||
|
|
||||||
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
|
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
|
||||||
# so /tmp needs to be mounted with an exec option.
|
# so /tmp needs to be mounted with an exec option.
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_ma1sd_docker_image }}
|
{{ matrix_ma1sd_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-ma1sd
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||||
ExecStop=-/usr/bin/docker rm matrix-ma1sd
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-ma1sd
|
SyslogIdentifier=matrix-ma1sd
|
||||||
|
|
|
@ -2,7 +2,12 @@ matrix_mailer_enabled: true
|
||||||
|
|
||||||
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
||||||
|
|
||||||
matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0"
|
matrix_mailer_container_image_self_build: false
|
||||||
|
matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
|
||||||
|
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
|
||||||
|
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
|
||||||
|
|
||||||
|
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
|
||||||
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
# The user/group that the container runs with.
|
# The user/group that the container runs with.
|
||||||
|
|
|
@ -6,12 +6,15 @@
|
||||||
|
|
||||||
- name: Ensure mailer base path exists
|
- name: Ensure mailer base path exists
|
||||||
file:
|
file:
|
||||||
path: "{{ matrix_mailer_base_path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0750
|
mode: 0750
|
||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
when: matrix_mailer_enabled|bool
|
with_items:
|
||||||
|
- { path: "{{ matrix_mailer_base_path }}", when: true }
|
||||||
|
- { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
|
||||||
|
when: "matrix_mailer_enabled|bool and item.when"
|
||||||
|
|
||||||
- name: Ensure mailer environment variables file created
|
- name: Ensure mailer environment variables file created
|
||||||
template:
|
template:
|
||||||
|
@ -20,13 +23,31 @@
|
||||||
mode: 0640
|
mode: 0640
|
||||||
when: matrix_mailer_enabled|bool
|
when: matrix_mailer_enabled|bool
|
||||||
|
|
||||||
- name: Ensure mailer image is pulled
|
- name: Ensure exim-relay repository is present on self-build
|
||||||
|
git:
|
||||||
|
repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
|
||||||
|
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||||
|
version: "{{ matrix_mailer_container_image_self_build_version }}"
|
||||||
|
force: "yes"
|
||||||
|
when: "matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure exim-relay Docker image is built
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_mailer_docker_image }}"
|
||||||
|
source: build
|
||||||
|
build:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||||
|
pull: yes
|
||||||
|
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
|
- name: Ensure exim-relay image is pulled
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ matrix_mailer_docker_image }}"
|
name: "{{ matrix_mailer_docker_image }}"
|
||||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||||
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
|
||||||
when: matrix_mailer_enabled|bool
|
when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-mailer.service installed
|
- name: Ensure matrix-mailer.service installed
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-mailer
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-mailer
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_mailer_docker_image }}
|
{{ matrix_mailer_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-mailer
|
SyslogIdentifier=matrix-mailer
|
||||||
|
|
|
@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
|
||||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||||
# that is frequently out of date.
|
# that is frequently out of date.
|
||||||
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
|
matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
|
||||||
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||||
|
@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
||||||
|
|
||||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||||
matrix_ssl_lets_encrypt_staging: false
|
matrix_ssl_lets_encrypt_staging: false
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0"
|
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
|
||||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||||
matrix_ssl_lets_encrypt_support_email: ~
|
matrix_ssl_lets_encrypt_support_email: ~
|
||||||
|
|
|
@ -84,7 +84,7 @@
|
||||||
hour: "5"
|
hour: "5"
|
||||||
minute: "20"
|
minute: "20"
|
||||||
day: "*"
|
day: "*"
|
||||||
job: /bin/systemctl reload matrix-nginx-proxy.service
|
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
|
||||||
when: matrix_nginx_proxy_enabled|bool
|
when: matrix_nginx_proxy_enabled|bool
|
||||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
# We suppress the error, as we'll try another method below.
|
# We suppress the error, as we'll try another method below.
|
||||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
|
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run
|
{{ matrix_host_command_docker }} run
|
||||||
--rm
|
--rm
|
||||||
--name=matrix-certbot
|
--name=matrix-certbot
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
|
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
|
||||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
|
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
|
||||||
shell: >-
|
shell: >-
|
||||||
/usr/bin/docker run
|
{{ matrix_host_command_docker }} run
|
||||||
--rm
|
--rm
|
||||||
--name=matrix-certbot
|
--name=matrix-certbot
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
|
|
|
@ -150,7 +150,7 @@
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
location /_synapse/admin {
|
location /_synapse {
|
||||||
{% if matrix_nginx_proxy_enabled %}
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
resolver 127.0.0.11 valid=5s;
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
|
|
@ -11,10 +11,10 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_nginx_proxy_docker_image }}
|
{{ matrix_nginx_proxy_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||||
ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||||
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-nginx-proxy
|
SyslogIdentifier=matrix-nginx-proxy
|
||||||
|
|
|
@ -8,10 +8,10 @@ matrix_postgres_db_name: ""
|
||||||
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
|
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
|
||||||
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
|
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
|
||||||
|
|
||||||
matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine"
|
matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine"
|
||||||
matrix_postgres_docker_image_v10: "postgres:10.12-alpine"
|
matrix_postgres_docker_image_v10: "postgres:10.13-alpine"
|
||||||
matrix_postgres_docker_image_v11: "postgres:11.7-alpine"
|
matrix_postgres_docker_image_v11: "postgres:11.8-alpine"
|
||||||
matrix_postgres_docker_image_v12: "postgres:12.2-alpine"
|
matrix_postgres_docker_image_v12: "postgres:12.3-alpine"
|
||||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
|
||||||
|
|
||||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||||
|
|
|
@ -63,7 +63,7 @@
|
||||||
- name: Generate Postgres database import command
|
- name: Generate Postgres database import command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_import_command: >-
|
matrix_postgres_import_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -79,6 +79,7 @@
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
--entrypoint=python
|
--entrypoint=python
|
||||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||||
|
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
|
||||||
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
||||||
{{ matrix_synapse_docker_image }}
|
{{ matrix_synapse_docker_image }}
|
||||||
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
||||||
|
|
|
@ -66,7 +66,7 @@
|
||||||
- name: Generate Postgres database synapse-janitor command
|
- name: Generate Postgres database synapse-janitor command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_synapse_janitor_command: >-
|
matrix_postgres_synapse_janitor_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-janitor
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
- name: Generate Postgres database vacuum command
|
- name: Generate Postgres database vacuum command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_vacuum_command: >-
|
matrix_postgres_vacuum_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -79,7 +79,7 @@
|
||||||
# we need to remove these from the dump, or we'll get errors saying these already exist.
|
# we need to remove these from the dump, or we'll get errors saying these already exist.
|
||||||
- name: Perform Postgres database dump
|
- name: Perform Postgres database dump
|
||||||
command: >-
|
command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-dump
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||||
|
@ -123,7 +123,7 @@
|
||||||
- name: Generate Postgres database import command
|
- name: Generate Postgres database import command
|
||||||
set_fact:
|
set_fact:
|
||||||
matrix_postgres_import_command: >-
|
matrix_postgres_import_command: >-
|
||||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
--cap-drop=ALL
|
--cap-drop=ALL
|
||||||
--network={{ matrix_docker_network }}
|
--network={{ matrix_docker_network }}
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker stop matrix-postgres
|
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-postgres
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_postgres_docker_image_to_use }}
|
{{ matrix_postgres_docker_image_to_use }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker stop matrix-postgres
|
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||||
ExecStop=-/usr/bin/docker rm matrix-postgres
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-postgres
|
SyslogIdentifier=matrix-postgres
|
||||||
|
|
|
@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
|
||||||
|
|
||||||
matrix_riot_web_container_image_self_build: false
|
matrix_riot_web_container_image_self_build: false
|
||||||
|
|
||||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1"
|
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4"
|
||||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||||
|
|
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-riot-web
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-riot-web
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||||
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
-v /dev/null:/etc/nginx/conf.d/default.conf:ro \
|
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
||||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
||||||
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
||||||
|
@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ matrix_riot_web_docker_image }}
|
{{ matrix_riot_web_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-riot-web
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||||
ExecStop=-/usr/bin/docker rm matrix-riot-web
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-riot-web
|
SyslogIdentifier=matrix-riot-web
|
||||||
|
|
|
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
|
||||||
|
|
||||||
matrix_synapse_container_image_self_build: false
|
matrix_synapse_container_image_self_build: false
|
||||||
|
|
||||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0"
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||||
|
@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true
|
||||||
# Controls the number of events that Synapse caches in memory.
|
# Controls the number of events that Synapse caches in memory.
|
||||||
matrix_synapse_event_cache_size: "100K"
|
matrix_synapse_event_cache_size: "100K"
|
||||||
|
|
||||||
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
# Controls cache sizes for Synapse.
|
||||||
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
||||||
# To learn more, see:
|
# To learn more, see:
|
||||||
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
||||||
# - https://github.com/matrix-org/synapse/issues/3939
|
# - https://github.com/matrix-org/synapse/issues/3939
|
||||||
matrix_synapse_cache_factor: 0.5
|
matrix_synapse_caches_global_factor: 0.5
|
||||||
|
|
||||||
# Controls whether Synapse will federate at all.
|
# Controls whether Synapse will federate at all.
|
||||||
# Disable this to completely isolate your server from the rest of the Matrix network.
|
# Disable this to completely isolate your server from the rest of the Matrix network.
|
||||||
|
@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
|
||||||
# Enable this to activate the Shared Secret Auth password provider module.
|
# Enable this to activate the Shared Secret Auth password provider module.
|
||||||
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
|
||||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
||||||
|
|
||||||
# Enable this to activate LDAP password provider
|
# Enable this to activate LDAP password provider
|
||||||
|
@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5"
|
||||||
#
|
#
|
||||||
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
||||||
# If not, you can also control its value manually.
|
# If not, you can also control its value manually.
|
||||||
matrix_synapse_spam_checker: ~
|
matrix_synapse_spam_checker: []
|
||||||
|
|
||||||
matrix_synapse_trusted_key_servers:
|
matrix_synapse_trusted_key_servers:
|
||||||
- server_name: "matrix.org"
|
- server_name: "matrix.org"
|
||||||
|
|
|
@ -38,10 +38,15 @@
|
||||||
become_user: "{{ matrix_user_username }}"
|
become_user: "{{ matrix_user_username }}"
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_synapse_spam_checker:
|
matrix_synapse_spam_checker: >
|
||||||
module: "synapse_simple_antispam.AntiSpamInvites"
|
{{ matrix_synapse_spam_checker }}
|
||||||
config:
|
+
|
||||||
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
|
[{
|
||||||
|
"module": "synapse_simple_antispam.AntiSpamInvites",
|
||||||
|
"config": {
|
||||||
|
"blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
|
||||||
|
}
|
||||||
|
}]
|
||||||
|
|
||||||
matrix_synapse_container_extra_arguments: >
|
matrix_synapse_container_extra_arguments: >
|
||||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
- name: Fail if Matrix Federation API not working
|
- name: Fail if Matrix Federation API not working
|
||||||
fail:
|
fail:
|
||||||
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||||
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
|
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
|
||||||
|
|
||||||
- name: Fail if Matrix Federation API unexpectedly enabled
|
- name: Fail if Matrix Federation API unexpectedly enabled
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
when: "start_result.changed or postgres_start_result.changed"
|
when: "start_result.changed or postgres_start_result.changed"
|
||||||
|
|
||||||
- name: Generate password hash
|
- name: Generate password hash
|
||||||
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
||||||
register: password_hash
|
register: password_hash
|
||||||
|
|
||||||
- name: Update user password hash
|
- name: Update user password hash
|
||||||
|
|
|
@ -31,3 +31,4 @@
|
||||||
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||||
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
||||||
|
- {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}
|
||||||
|
|
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill %n
|
ExecStartPre=-{{ matrix_host_command_docker }} kill %n
|
||||||
ExecStartPre=-/usr/bin/docker rm %n
|
ExecStartPre=-{{ matrix_host_command_docker }} rm %n
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name %n \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
-v /etc/passwd:/etc/passwd:ro \
|
-v /etc/passwd:/etc/passwd:ro \
|
||||||
|
@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \
|
||||||
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
|
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
|
||||||
|
|
||||||
TimeoutStartSec=5min
|
TimeoutStartSec=5min
|
||||||
ExecStop=-/usr/bin/docker stop %n
|
ExecStop=-{{ matrix_host_command_docker }} stop %n
|
||||||
ExecStop=-/usr/bin/docker kill %n
|
ExecStop=-{{ matrix_host_command_docker }} kill %n
|
||||||
ExecStop=-/usr/bin/docker rm %n
|
ExecStop=-{{ matrix_host_command_docker }} rm %n
|
||||||
ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }}
|
ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }}
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
SyslogIdentifier=matrix-goofys
|
SyslogIdentifier=matrix-goofys
|
||||||
|
|
|
@ -320,22 +320,27 @@ listeners:
|
||||||
# Used by phonehome stats to group together related servers.
|
# Used by phonehome stats to group together related servers.
|
||||||
#server_context: context
|
#server_context: context
|
||||||
|
|
||||||
# Resource-constrained homeserver Settings
|
# Resource-constrained homeserver settings
|
||||||
#
|
#
|
||||||
# If limit_remote_rooms.enabled is True, the room complexity will be
|
# When this is enabled, the room "complexity" will be checked before a user
|
||||||
# checked before a user joins a new remote room. If it is above
|
# joins a new remote room. If it is above the complexity limit, the server will
|
||||||
# limit_remote_rooms.complexity, it will disallow joining or
|
# disallow joining, or will instantly leave.
|
||||||
# instantly leave.
|
|
||||||
#
|
#
|
||||||
# limit_remote_rooms.complexity_error can be set to customise the text
|
# Room complexity is an arbitrary measure based on factors such as the number of
|
||||||
# displayed to the user when a room above the complexity threshold has
|
# users in the room.
|
||||||
# its join cancelled.
|
|
||||||
#
|
#
|
||||||
# Uncomment the below lines to enable:
|
limit_remote_rooms:
|
||||||
#limit_remote_rooms:
|
# Uncomment to enable room complexity checking.
|
||||||
# enabled: True
|
#
|
||||||
# complexity: 1.0
|
#enabled: true
|
||||||
# complexity_error: "This room is too complex."
|
|
||||||
|
# the limit above which rooms cannot be joined. The default is 1.0.
|
||||||
|
#
|
||||||
|
#complexity: 0.5
|
||||||
|
|
||||||
|
# override the error which is returned when the room is too complex.
|
||||||
|
#
|
||||||
|
#complexity_error: "This room is too complex."
|
||||||
|
|
||||||
# Whether to require a user to be in the room to add an alias to it.
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
# Defaults to 'true'.
|
# Defaults to 'true'.
|
||||||
|
@ -605,6 +610,50 @@ acme:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Caching ##
|
||||||
|
|
||||||
|
# Caching can be configured through the following options.
|
||||||
|
#
|
||||||
|
# A cache 'factor' is a multiplier that can be applied to each of
|
||||||
|
# Synapse's caches in order to increase or decrease the maximum
|
||||||
|
# number of entries that can be stored.
|
||||||
|
|
||||||
|
# The number of events to cache in memory. Not affected by
|
||||||
|
# caches.global_factor.
|
||||||
|
#
|
||||||
|
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
||||||
|
|
||||||
|
caches:
|
||||||
|
# Controls the global cache factor, which is the default cache factor
|
||||||
|
# for all caches if a specific factor for that cache is not otherwise
|
||||||
|
# set.
|
||||||
|
#
|
||||||
|
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
|
||||||
|
# variable. Setting by environment variable takes priority over
|
||||||
|
# setting through the config file.
|
||||||
|
#
|
||||||
|
# Defaults to 0.5, which will half the size of all caches.
|
||||||
|
#
|
||||||
|
global_factor: {{ matrix_synapse_caches_global_factor }}
|
||||||
|
|
||||||
|
# A dictionary of cache name to cache factor for that individual
|
||||||
|
# cache. Overrides the global cache factor for a given cache.
|
||||||
|
#
|
||||||
|
# These can also be set through environment variables comprised
|
||||||
|
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
|
||||||
|
# letters and underscores. Setting by environment variable
|
||||||
|
# takes priority over setting through the config file.
|
||||||
|
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
|
||||||
|
#
|
||||||
|
# Some caches have '*' and other characters that are not
|
||||||
|
# alphanumeric or underscores. These caches can be named with or
|
||||||
|
# without the special characters stripped. For example, to specify
|
||||||
|
# the cache factor for `*stateGroupCache*` via an environment
|
||||||
|
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
|
||||||
|
#
|
||||||
|
per_cache_factors:
|
||||||
|
#get_users_who_share_room_with_user: 2.0
|
||||||
|
|
||||||
## Database ##
|
## Database ##
|
||||||
|
|
||||||
database:
|
database:
|
||||||
|
@ -618,10 +667,6 @@ database:
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
cp_max: 10
|
cp_max: 10
|
||||||
|
|
||||||
# Number of events to cache in memory.
|
|
||||||
#
|
|
||||||
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
|
||||||
|
|
||||||
|
|
||||||
## Logging ##
|
## Logging ##
|
||||||
|
|
||||||
|
@ -884,25 +929,28 @@ url_preview_accept_language:
|
||||||
|
|
||||||
|
|
||||||
## Captcha ##
|
## Captcha ##
|
||||||
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA public key.
|
# This homeserver's ReCAPTCHA public key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
||||||
|
|
||||||
# This homeserver's ReCAPTCHA private key.
|
# This homeserver's ReCAPTCHA private key. Must be specified if
|
||||||
|
# enable_registration_captcha is enabled.
|
||||||
#
|
#
|
||||||
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
||||||
|
|
||||||
# Enables ReCaptcha checks when registering, preventing signup
|
# Uncomment to enable ReCaptcha checks when registering, preventing signup
|
||||||
# unless a captcha is answered. Requires a valid ReCaptcha
|
# unless a captcha is answered. Requires a valid ReCaptcha
|
||||||
# public/private key.
|
# public/private key. Defaults to 'false'.
|
||||||
#
|
#
|
||||||
#enable_registration_captcha: false
|
#enable_registration_captcha: true
|
||||||
|
|
||||||
# The API endpoint to use for verifying m.login.recaptcha responses.
|
# The API endpoint to use for verifying m.login.recaptcha responses.
|
||||||
|
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
|
||||||
#
|
#
|
||||||
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
|
#recaptcha_siteverify_api: "https://my.recaptcha.site"
|
||||||
|
|
||||||
|
|
||||||
## TURN ##
|
## TURN ##
|
||||||
|
@ -1151,6 +1199,13 @@ auto_join_rooms:
|
||||||
#
|
#
|
||||||
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
|
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
|
||||||
|
|
||||||
|
# When auto_join_rooms is specified, setting this flag to false prevents
|
||||||
|
# guest accounts from being automatically joined to the rooms.
|
||||||
|
#
|
||||||
|
# Defaults to true.
|
||||||
|
#
|
||||||
|
#auto_join_rooms_for_guests: false
|
||||||
|
|
||||||
|
|
||||||
## Metrics ###
|
## Metrics ###
|
||||||
|
|
||||||
|
@ -1182,6 +1237,7 @@ metrics_flags:
|
||||||
#known_servers: true
|
#known_servers: true
|
||||||
|
|
||||||
# Whether or not to report anonymized homeserver usage statistics.
|
# Whether or not to report anonymized homeserver usage statistics.
|
||||||
|
#
|
||||||
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
||||||
|
|
||||||
# The endpoint to report the anonymized homeserver usage statistics to.
|
# The endpoint to report the anonymized homeserver usage statistics to.
|
||||||
|
@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
|
||||||
#key_server_signing_keys_path: "key_server_signing_keys.key"
|
#key_server_signing_keys_path: "key_server_signing_keys.key"
|
||||||
|
|
||||||
|
|
||||||
|
## Single sign-on integration ##
|
||||||
|
|
||||||
# Enable SAML2 for registration and login. Uses pysaml2.
|
# Enable SAML2 for registration and login. Uses pysaml2.
|
||||||
#
|
#
|
||||||
# At least one of `sp_config` or `config_path` must be set in this section to
|
# At least one of `sp_config` or `config_path` must be set in this section to
|
||||||
|
@ -1440,7 +1498,13 @@ saml2_config:
|
||||||
# * HTML page to display to users if something goes wrong during the
|
# * HTML page to display to users if something goes wrong during the
|
||||||
# authentication process: 'saml_error.html'.
|
# authentication process: 'saml_error.html'.
|
||||||
#
|
#
|
||||||
# This template doesn't currently need any variable to render.
|
# When rendering, this template is given the following variables:
|
||||||
|
# * code: an HTML error code corresponding to the error that is being
|
||||||
|
# returned (typically 400 or 500)
|
||||||
|
#
|
||||||
|
# * msg: a textual message describing the error.
|
||||||
|
#
|
||||||
|
# The variables will automatically be HTML-escaped.
|
||||||
#
|
#
|
||||||
# You can see the default templates at:
|
# You can see the default templates at:
|
||||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
@ -1448,6 +1512,121 @@ saml2_config:
|
||||||
#template_dir: "res/templates"
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
|
# OpenID Connect integration. The following settings can be used to make Synapse
|
||||||
|
# use an OpenID Connect Provider for authentication, instead of its internal
|
||||||
|
# password database.
|
||||||
|
#
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/master/openid.md.
|
||||||
|
#
|
||||||
|
oidc_config:
|
||||||
|
# Uncomment the following to enable authorization against an OpenID Connect
|
||||||
|
# server. Defaults to false.
|
||||||
|
#
|
||||||
|
#enabled: true
|
||||||
|
|
||||||
|
# Uncomment the following to disable use of the OIDC discovery mechanism to
|
||||||
|
# discover endpoints. Defaults to true.
|
||||||
|
#
|
||||||
|
#discover: false
|
||||||
|
|
||||||
|
# the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
|
||||||
|
# discover the provider's endpoints.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#issuer: "https://accounts.example.com/"
|
||||||
|
|
||||||
|
# oauth2 client id to use.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#client_id: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# oauth2 client secret to use.
|
||||||
|
#
|
||||||
|
# Required if 'enabled' is true.
|
||||||
|
#
|
||||||
|
#client_secret: "provided-by-your-issuer"
|
||||||
|
|
||||||
|
# auth method to use when exchanging the token.
|
||||||
|
# Valid values are 'client_secret_basic' (default), 'client_secret_post' and
|
||||||
|
# 'none'.
|
||||||
|
#
|
||||||
|
#client_auth_method: client_secret_post
|
||||||
|
|
||||||
|
# list of scopes to request. This should normally include the "openid" scope.
|
||||||
|
# Defaults to ["openid"].
|
||||||
|
#
|
||||||
|
#scopes: ["openid", "profile"]
|
||||||
|
|
||||||
|
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
|
||||||
|
|
||||||
|
# the oauth2 token endpoint. Required if provider discovery is disabled.
|
||||||
|
#
|
||||||
|
#token_endpoint: "https://accounts.example.com/oauth2/token"
|
||||||
|
|
||||||
|
# the OIDC userinfo endpoint. Required if discovery is disabled and the
|
||||||
|
# "openid" scope is not requested.
|
||||||
|
#
|
||||||
|
#userinfo_endpoint: "https://accounts.example.com/userinfo"
|
||||||
|
|
||||||
|
# URI where to fetch the JWKS. Required if discovery is disabled and the
|
||||||
|
# "openid" scope is used.
|
||||||
|
#
|
||||||
|
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
|
||||||
|
|
||||||
|
# Uncomment to skip metadata verification. Defaults to false.
|
||||||
|
#
|
||||||
|
# Use this if you are connecting to a provider that is not OpenID Connect
|
||||||
|
# compliant.
|
||||||
|
# Avoid this in production.
|
||||||
|
#
|
||||||
|
#skip_verification: true
|
||||||
|
|
||||||
|
# An external module can be provided here as a custom solution to mapping
|
||||||
|
# attributes returned from a OIDC provider onto a matrix user.
|
||||||
|
#
|
||||||
|
user_mapping_provider:
|
||||||
|
# The custom module's class. Uncomment to use a custom module.
|
||||||
|
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
|
||||||
|
#
|
||||||
|
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
|
||||||
|
# for information on implementing a custom mapping provider.
|
||||||
|
#
|
||||||
|
#module: mapping_provider.OidcMappingProvider
|
||||||
|
|
||||||
|
# Custom configuration values for the module. This section will be passed as
|
||||||
|
# a Python dictionary to the user mapping provider module's `parse_config`
|
||||||
|
# method.
|
||||||
|
#
|
||||||
|
# The examples below are intended for the default provider: they should be
|
||||||
|
# changed if using a custom provider.
|
||||||
|
#
|
||||||
|
config:
|
||||||
|
# name of the claim containing a unique identifier for the user.
|
||||||
|
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
|
||||||
|
#
|
||||||
|
#subject_claim: "sub"
|
||||||
|
|
||||||
|
# Jinja2 template for the localpart of the MXID.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given the following variables:
|
||||||
|
# * user: The claims returned by the UserInfo Endpoint and/or in the ID
|
||||||
|
# Token
|
||||||
|
#
|
||||||
|
# This must be configured if using the default mapping provider.
|
||||||
|
#
|
||||||
|
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
||||||
|
|
||||||
|
# Jinja2 template for the display name to set on first login.
|
||||||
|
#
|
||||||
|
# If unset, no displayname will be set.
|
||||||
|
#
|
||||||
|
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable CAS for registration and login.
|
# Enable CAS for registration and login.
|
||||||
#
|
#
|
||||||
|
@ -1455,10 +1634,97 @@ saml2_config:
|
||||||
# enabled: true
|
# enabled: true
|
||||||
# server_url: "https://cas-server.com"
|
# server_url: "https://cas-server.com"
|
||||||
# service_url: "https://homeserver.domain.com:8448"
|
# service_url: "https://homeserver.domain.com:8448"
|
||||||
|
# #displayname_attribute: name
|
||||||
# #required_attributes:
|
# #required_attributes:
|
||||||
# # name: value
|
# # name: value
|
||||||
|
|
||||||
|
|
||||||
|
# Additional settings to use with single-sign on systems such as OpenID Connect,
|
||||||
|
# SAML2 and CAS.
|
||||||
|
#
|
||||||
|
sso:
|
||||||
|
# A list of client URLs which are whitelisted so that the user does not
|
||||||
|
# have to confirm giving access to their account to the URL. Any client
|
||||||
|
# whose URL starts with an entry in the following list will not be subject
|
||||||
|
# to an additional confirmation step after the SSO login is completed.
|
||||||
|
#
|
||||||
|
# WARNING: An entry such as "https://my.client" is insecure, because it
|
||||||
|
# will also match "https://my.client.evil.site", exposing your users to
|
||||||
|
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||||
|
# hostname: "https://my.client/".
|
||||||
|
#
|
||||||
|
# If public_baseurl is set, then the login fallback page (used by clients
|
||||||
|
# that don't natively support the required login flows) is whitelisted in
|
||||||
|
# addition to any URLs in this list.
|
||||||
|
#
|
||||||
|
# By default, this list is empty.
|
||||||
|
#
|
||||||
|
#client_whitelist:
|
||||||
|
# - https://riot.im/develop
|
||||||
|
# - https://my.custom.client/
|
||||||
|
|
||||||
|
# Directory in which Synapse will try to find the template files below.
|
||||||
|
# If not set, default templates from within the Synapse package will be used.
|
||||||
|
#
|
||||||
|
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||||
|
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||||
|
# below are in the directory.
|
||||||
|
#
|
||||||
|
# Synapse will look for the following templates in this directory:
|
||||||
|
#
|
||||||
|
# * HTML page for a confirmation step before redirecting back to the client
|
||||||
|
# with the login token: 'sso_redirect_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given three variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * display_url: the same as `redirect_url`, but with the query
|
||||||
|
# parameters stripped. The intention is to have a
|
||||||
|
# human-readable URL to show to users, not to use it as
|
||||||
|
# the final address to redirect to. Needs manual escaping
|
||||||
|
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * server_name: the homeserver's name.
|
||||||
|
#
|
||||||
|
# * HTML page which notifies the user that they are authenticating to confirm
|
||||||
|
# an operation on their account during the user interactive authentication
|
||||||
|
# process: 'sso_auth_confirm.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given the following variables:
|
||||||
|
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||||
|
# manual escaping (see
|
||||||
|
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||||
|
#
|
||||||
|
# * description: the operation which the user is being asked to confirm
|
||||||
|
#
|
||||||
|
# * HTML page shown after a successful user interactive authentication session:
|
||||||
|
# 'sso_auth_success.html'.
|
||||||
|
#
|
||||||
|
# Note that this page must include the JavaScript which notifies of a successful authentication
|
||||||
|
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
|
||||||
|
# attempts to login: 'sso_account_deactivated.html'.
|
||||||
|
#
|
||||||
|
# This template has no additional variables.
|
||||||
|
#
|
||||||
|
# * HTML page to display to users if something goes wrong during the
|
||||||
|
# OpenID Connect authentication process: 'sso_error.html'.
|
||||||
|
#
|
||||||
|
# When rendering, this template is given two variables:
|
||||||
|
# * error: the technical name of the error
|
||||||
|
# * error_description: a human-readable message for the error
|
||||||
|
#
|
||||||
|
# You can see the default templates at:
|
||||||
|
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||||
|
#
|
||||||
|
#template_dir: "res/templates"
|
||||||
|
|
||||||
|
|
||||||
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
||||||
#
|
#
|
||||||
#jwt_config:
|
#jwt_config:
|
||||||
|
@ -1501,8 +1767,8 @@ email:
|
||||||
# Username/password for authentication to the SMTP server. By default, no
|
# Username/password for authentication to the SMTP server. By default, no
|
||||||
# authentication is attempted.
|
# authentication is attempted.
|
||||||
#
|
#
|
||||||
# smtp_user: "exampleusername"
|
#smtp_user: "exampleusername"
|
||||||
# smtp_pass: "examplepassword"
|
#smtp_pass: "examplepassword"
|
||||||
|
|
||||||
# Uncomment the following to require TLS transport security for SMTP.
|
# Uncomment the following to require TLS transport security for SMTP.
|
||||||
# By default, Synapse will connect over plain text, and will then switch to
|
# By default, Synapse will connect over plain text, and will then switch to
|
||||||
|
@ -1681,10 +1947,17 @@ push:
|
||||||
include_content: {{ matrix_synapse_push_include_content|to_json }}
|
include_content: {{ matrix_synapse_push_include_content|to_json }}
|
||||||
|
|
||||||
|
|
||||||
#spam_checker:
|
# Spam checkers are third-party modules that can block specific actions
|
||||||
# module: "my_custom_project.SuperSpamChecker"
|
# of local users, such as creating rooms and registering undesirable
|
||||||
# config:
|
# usernames, as well as remote users by redacting incoming events.
|
||||||
# example_option: 'things'
|
#
|
||||||
|
# spam_checker:
|
||||||
|
#- module: "my_custom_project.SuperSpamChecker"
|
||||||
|
# config:
|
||||||
|
# example_option: 'things'
|
||||||
|
#- module: "some_other_project.BadEventStopper"
|
||||||
|
# config:
|
||||||
|
# example_stop_events_from: ['@bad:example.com']
|
||||||
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
|
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
|
||||||
|
|
||||||
# Uncomment to allow non-server-admin users to create groups on this server
|
# Uncomment to allow non-server-admin users to create groups on this server
|
||||||
|
|
|
@ -11,16 +11,16 @@ Wants={{ service }}
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-synapse
|
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-synapse
|
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse
|
||||||
{% if matrix_s3_media_store_enabled %}
|
{% if matrix_s3_media_store_enabled %}
|
||||||
# Allow for some time before starting, so that media store can mount.
|
# Allow for some time before starting, so that media store can mount.
|
||||||
# Mounting can happen later too, but if we start writing,
|
# Mounting can happen later too, but if we start writing,
|
||||||
# we'd write files to the local filesystem and fusermount will complain.
|
# we'd write files to the local filesystem and fusermount will complain.
|
||||||
ExecStartPre=/bin/sleep 3
|
ExecStartPre={{ matrix_host_command_sleep }} 3
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
||||||
--log-driver=none \
|
--log-driver=none \
|
||||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
--cap-drop=ALL \
|
--cap-drop=ALL \
|
||||||
|
@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||||
--read-only \
|
--read-only \
|
||||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
|
|
||||||
{% if matrix_synapse_container_client_api_host_bind_port %}
|
{% if matrix_synapse_container_client_api_host_bind_port %}
|
||||||
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
|
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -55,9 +54,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||||
{{ matrix_synapse_docker_image }} \
|
{{ matrix_synapse_docker_image }} \
|
||||||
-m synapse.app.homeserver -c /data/homeserver.yaml
|
-m synapse.app.homeserver -c /data/homeserver.yaml
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-synapse
|
ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse
|
||||||
ExecStop=-/usr/bin/docker rm matrix-synapse
|
ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse
|
||||||
ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1
|
ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
SyslogIdentifier=matrix-synapse
|
SyslogIdentifier=matrix-synapse
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
||||||
|
|
||||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
||||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
|
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
|
||||||
|
|
||||||
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
||||||
matrix_synapse_role_executed: false
|
matrix_synapse_role_executed: false
|
||||||
|
|
Loading…
Reference in a new issue