Move mautrix telegram and whatsapp into separate roles

The goal is to move each bridge into its own separate role.
This commit starts off the work on this with 2 bridges:
- mautrix-telegram
- mautrix-whatsapp

Each bridge's role (including these 2) is meant to:

- depend only on the matrix-base role

- integrate nicely with the matrix-synapse role (if available)

- integrate nicely with the matrix-nginx-proxy role (if available and if
required). mautrix-telegram bridge benefits from integrating with
it.

- not break if matrix-synapse or matrix-nginx-proxy are not used at all

This has been provoked by #174 (Github Issue).

group_vars/matrix-servers

@@ -48,6 +48,43 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_
 ######################################################################
 
 
+######################################################################
+#
+# matrix-bridge-mautrix-telegram
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_telegram_enabled: false
+
+matrix_mautrix_telegram_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']
+
+matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-telegram
+#
+######################################################################
+
+
+######################################################################
+#
+# matrix-bridge-mautrix-whatsapp
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_whatsapp_enabled: false
+
+matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service', 'matrix-synapse.service']
+
+######################################################################
+#
+# /matrix-bridge-mautrix-whatsapp
+#
+######################################################################
+
 
 ######################################################################
 #

roles/matrix-bridge-mautrix-telegram/defaults/main.yml

@@ -0,0 +1,34 @@
+# mautrix-telegram is a Matrix <-> Telegram bridge
+# See: https://github.com/tulir/mautrix-telegram
+
+matrix_mautrix_telegram_enabled: true
+
+matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1"
+
+matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
+
+# Get your own API keys at https://my.telegram.org/apps
+matrix_mautrix_telegram_api_id: ''
+matrix_mautrix_telegram_api_hash: ''
+
+# Mautrix telegram public endpoint to log in to telegram
+# Use an uuid so it's not easily discoverable.
+# Example: /741a0483-ba17-4682-9900-30bd7269f1cc
+matrix_mautrix_telegram_public_endpoint: ''
+
+matrix_mautrix_telegram_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}'
+matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}'
+matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080'
+matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}'
+
+# Set this to a port number to expose on the host when not using matrix-nginx-proxy
+matrix_mautrix_telegram_container_exposed_port_number: ~
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_telegram_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-telegram.service depends on.
+matrix_mautrix_telegram_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-telegram.service wants
+matrix_mautrix_telegram_systemd_wanted_services_list: []

roles/matrix-bridge-mautrix-telegram/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}"
-  when: matrix_mautrix_telegram_enabled
+  when: "matrix_mautrix_telegram_enabled"

roles/matrix-bridge-mautrix-telegram/tasks/main.yml

@@ -0,0 +1,21 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
+  when: "run_setup and matrix_mautrix_telegram_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram
+
+- import_tasks: "{{ role_path }}/tasks/setup-install.yml"
+  when: "run_setup and matrix_mautrix_telegram_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram
+
+- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml"
+  when: "run_setup and not matrix_mautrix_telegram_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-telegram

roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml

@@ -1,33 +1,38 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Telegram image is pulled
   docker_image:
     name: "{{ matrix_mautrix_telegram_docker_image }}"
-  when: "matrix_mautrix_telegram_enabled"
 
-- name: Ensure Mautrix Telegram configuration path exists
+- name: Ensure Mautrix Telegram base directory exists
   file:
     path: "{{ matrix_mautrix_telegram_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Check if a mautrix-telegram configuration file exists
   stat:
     path: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
   register: mautrix_telegram_config_file_stat
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Ensure Matrix Mautrix telegram config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2"
+    src: "{{ role_path }}/templates/config.yaml.j2"
     dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_config_file_stat.stat.exists"
+  when: "not mautrix_telegram_config_file_stat.stat.exists"
 
 - name: (Migration) Fix up old configuration
   lineinfile:
@@ -38,26 +43,24 @@
   with_items:
     - {'regexp': '^(\s+)filename: \./mautrix-telegram.log', 'line': '\1filename: /data/mautrix-telegram.log'}
     - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-telegram.db'}
-  when: "matrix_mautrix_telegram_enabled and mautrix_telegram_config_file_stat.stat.exists"
+  when: "mautrix_telegram_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-telegram.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-telegram.service"
     mode: 0644
   register: matrix_mautrix_telegram_systemd_service_result
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_systemd_service_result.changed"
+  when: "matrix_mautrix_telegram_systemd_service_result.changed"
 
 - name: Check if a mautrix-telegram registration file exists
   stat:
     path: "{{ matrix_mautrix_telegram_base_path }}/registration.yaml"
   register: mautrix_telegram_registration_file_stat
-  when: "matrix_mautrix_telegram_enabled"
 
 - name: Generate matrix-mautrix-telegram registration.yaml if it doesn't exist
   shell:
@@ -70,25 +73,22 @@
       -v {{ matrix_mautrix_telegram_base_path }}:/data:z
       {{ matrix_mautrix_telegram_docker_image }}
       python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_registration_file_stat.stat.exists"
+  when: "not mautrix_telegram_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
-  when: "matrix_mautrix_telegram_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_telegram_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json  }}
-  when: "matrix_mautrix_telegram_enabled"
 
 - block:
   - name: Fail if matrix-nginx-proxy role already executed
@@ -97,7 +97,7 @@
         Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy,
         but it's pointless since the matrix-nginx-proxy role had already executed.
         To fix this, please change the order of roles in your plabook,
-        so that the matrix-nginx-proxy role would run after the matrix-synapse role.
+        so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role.
     when: "matrix_nginx_proxy_role_executed"
 
   - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy
@@ -124,7 +124,7 @@
           [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
         }}
 
-  when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled|default(False)"
+  when: "matrix_nginx_proxy_enabled|default(False)"
   tags:
    - always
 
@@ -135,14 +135,4 @@
       reverse proxy.
       Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
       URL endpoint to the matrix-mautrix-telegram container.
-  when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled is not defined"
+  when: "matrix_nginx_proxy_enabled is not defined"
-
-#
-# Tasks related to getting rid of matrix-mautrix-telegram (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-telegram.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
-    state: absent
-  when: "not matrix_mautrix_telegram_enabled"

roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ensure matrix-mautrix-telegram.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-telegram.service"
+    state: absent

roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Fail if required settings not defined
+  fail:
+    msg: >-
+      You need to define a required configuration setting (`{{ item }}`).
+  when: "vars[item] == ''"
+  with_items:
+    - "matrix_mautrix_telegram_api_id"
+    - "matrix_mautrix_telegram_api_hash"
+    - "matrix_mautrix_telegram_public_endpoint"

roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2

@@ -2,9 +2,9 @@
 # Homeserver details
 homeserver:
     # The address that this appservice can use to connect to the homeserver.
-    address: https://{{ matrix_server_fqn_matrix }}
+    address: {{ matrix_mautrix_telegram_homeserver_address }}
     # The domain of the homeserver (for MXIDs, etc).
-    domain: {{ matrix_domain }}
+    domain: {{ matrix_mautrix_telegram_homeserver_domain }}
     # Whether or not to verify the SSL certificate of the homeserver.
     # Only applies if address starts with https://
     verify_ssl: true
@@ -13,7 +13,7 @@ homeserver:
 # Changing these values requires regeneration of the registration.
 appservice:
     # The address that the homeserver can use to connect to this appservice.
-    address: http://matrix-mautrix-telegram:8080
+    address: {{ matrix_mautrix_telegram_appservice_address }}
 
     # The hostname and port where this appservice should listen.
     hostname: 0.0.0.0
@@ -39,7 +39,7 @@ appservice:
         prefix: {{ matrix_mautrix_telegram_public_endpoint }}
         # The base URL where the public-facing endpoints are available. The prefix is not added
         # implicitly.
-        external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}
+        external: {{ matrix_mautrix_telegram_appservice_public_external }}
 
     # Provisioning API part of the web server for automated portal creation and fetching information.
     # Used by things like Dimension (https://dimension.t2bot.io/).
@@ -207,7 +207,7 @@ bridge:
     #   domain - All users on that homeserver
     #     mxid - Specific user
     permissions:
-        '{{ matrix_domain }}': full
+        '{{ matrix_mautrix_telegram_homeserver_domain }}': full
 
     # Options related to the message relay Telegram bot.
     relaybot:

roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2

@@ -1,10 +1,13 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Telegram server
-After=docker.service
+{% for service in matrix_mautrix_telegram_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_mautrix_telegram_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
@@ -17,6 +20,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
 			-v {{ matrix_mautrix_telegram_base_path }}:/data:z \
 			{{ matrix_mautrix_telegram_docker_image }} \
 			alembic -x config=/data/config.yaml upgrade head
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -26,8 +30,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
 			-p 127.0.0.1:{{ matrix_mautrix_telegram_container_exposed_port_number }}:8080 \
 			{% endif %}
 			-v {{ matrix_mautrix_telegram_base_path }}:/data:z \
+			{% for arg in matrix_mautrix_telegram_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_telegram_docker_image }} \
 			python3 -m mautrix_telegram -c /data/config.yaml
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
 ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
 Restart=always

roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml

@@ -0,0 +1,21 @@
+# mautrix-whatsapp is a Matrix <-> Whatsapp bridge
+# See: https://github.com/tulir/mautrix-whatsapp
+
+matrix_mautrix_whatsapp_enabled: true
+
+matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
+
+matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
+
+matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}"
+matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
+matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
+
+# A list of extra arguments to pass to the container
+matrix_mautrix_whatsapp_container_extra_arguments: []
+
+# List of systemd services that matrix-mautrix-whatsapp.service depends on.
+matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service']
+
+# List of systemd services that matrix-mautrix-whatsapp.service wants
+matrix_mautrix_whatsapp_systemd_wanted_services_list: []

roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}"
-  when: matrix_mautrix_whatsapp_enabled
+  when: "matrix_mautrix_whatsapp_enabled"

roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml

@@ -0,0 +1,15 @@
+- import_tasks: "{{ role_path }}/tasks/init.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/setup-install.yml"
+  when: "run_setup and matrix_mautrix_whatsapp_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-whatsapp
+
+- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml"
+  when: "run_setup and not matrix_mautrix_whatsapp_enabled"
+  tags:
+    - setup-all
+    - setup-mautrix-whatsapp

roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml

@@ -1,52 +1,55 @@
 ---
 
+# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
+# We don't want to fail in such cases.
+- name: Fail if matrix-synapse role already executed
+  fail:
+    msg: >-
+      The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role.
+  when: "matrix_synapse_role_executed|default(False)"
+
 - name: Ensure Mautrix Whatsapp image is pulled
   docker_image:
     name: "{{ matrix_mautrix_whatsapp_docker_image }}"
-  when: "matrix_mautrix_whatsapp_enabled"
 
-- name: Ensure Mautrix Whatsapp configuration path exists
+- name: Ensure Mautrix Whatsapp base directory exists
   file:
     path: "{{ matrix_mautrix_whatsapp_base_path }}"
     state: directory
     mode: 0750
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Check if a mautrix-whatsapp configuration file exists
   stat:
     path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
   register: mautrix_whatsapp_config_file_stat
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Ensure Matrix Mautrix whatsapp config installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-whatsapp/config.yaml.j2"
+    src: "{{ role_path }}/templates//config.yaml.j2"
     dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
     mode: 0644
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
-  when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_config_file_stat.stat.exists"
+  when: "not mautrix_whatsapp_config_file_stat.stat.exists"
 
 - name: Ensure matrix-mautrix-whatsapp.service installed
   template:
-    src: "{{ role_path }}/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2"
+    src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2"
     dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
     mode: 0644
   register: matrix_mautrix_whatsapp_systemd_service_result
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation
   service:
     daemon_reload: yes
-  when: "matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_systemd_service_result.changed"
+  when: "matrix_mautrix_whatsapp_systemd_service_result.changed"
 
 - name: Check if a mautrix-whatsapp registration file exists
   stat:
     path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml"
   register: mautrix_whatsapp_registration_file_stat
-  when: "matrix_mautrix_whatsapp_enabled"
 
 - name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist
   shell:
@@ -59,32 +62,19 @@
       -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z
       {{ matrix_mautrix_whatsapp_docker_image }}
       /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
-  when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_registration_file_stat.stat.exists"
+  when: "not mautrix_whatsapp_registration_file_stat.stat.exists"
 
 - set_fact:
     matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
-  when: "matrix_mautrix_whatsapp_enabled"
 
+# If the matrix-synapse role is not used, these variables may not exist.
 - set_fact:
     matrix_synapse_container_additional_volumes: >
-      {{ matrix_synapse_container_additional_volumes }}
+      {{ matrix_synapse_container_additional_volumes|default([]) }}
       +
       {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
-  when: "matrix_mautrix_whatsapp_enabled"
 
-- set_fact:
     matrix_synapse_app_service_config_files: >
-      {{ matrix_synapse_app_service_config_files }}
+      {{ matrix_synapse_app_service_config_files|default([]) }}
       +
       {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json  }}
-  when: "matrix_mautrix_whatsapp_enabled"
-
-#
-# Tasks related to getting rid of matrix-mautrix-whatsapp (if it was previously enabled)
-#
-
-- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
-  file:
-    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
-    state: absent
-  when: "not matrix_mautrix_whatsapp_enabled"

roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
+  file:
+    path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
+    state: absent

roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2

@@ -2,15 +2,15 @@
 # Homeserver details.
 homeserver:
   # The address that this appservice can use to connect to the homeserver.
-  address: https://{{ matrix_server_fqn_matrix }}
+  address: {{ matrix_mautrix_whatsapp_homeserver_address }}
   # The domain of the homeserver (for MXIDs, etc).
-  domain: {{ matrix_domain }}
+  domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
 
 # Application service host/registration related details.
 # Changing these values requires regeneration of the registration.
 appservice:
   # The address that the homeserver can use to connect to this appservice.
-  address: http://matrix-mautrix-whatsapp:8080
+  address: {{ matrix_mautrix_whatsapp_appservice_address }}
 
   # The hostname and port where this appservice should listen.
   hostname: 0.0.0.0
@@ -68,7 +68,7 @@ bridge:
   #   domain - All users on that homeserver
   #     mxid - Specific user
   permissions:
-    '{{ matrix_domain }}': user
+    '{{ matrix_mautrix_whatsapp_homeserver_domain }}': user
 
 # Logging config.
 logging:

roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2

@@ -1,15 +1,19 @@
 #jinja2: lstrip_blocks: "True"
 [Unit]
 Description=Matrix Mautrix Whatsapp server
-After=docker.service
+{% for service in matrix_mautrix_whatsapp_systemd_required_services_list %}
-Requires=docker.service
+Requires={{ service }}
-Requires=matrix-synapse.service
+After={{ service }}
-After=matrix-synapse.service
+{% endfor %}
+{% for service in matrix_mautrix_whatsapp_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
 
 [Service]
 Type=simple
 ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
 ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
+
 ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
 			--log-driver=none \
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
@@ -17,8 +21,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
 			--network={{ matrix_docker_network }} \
 			-v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \
 			--workdir=/data \
+			{% for arg in matrix_mautrix_whatsapp_container_extra_arguments %}
+			{{ arg }} \
+			{% endfor %}
 			{{ matrix_mautrix_whatsapp_docker_image }} \
 			/usr/bin/mautrix-whatsapp
+
 ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
 ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
 Restart=always

roles/matrix-corporal/tasks/init.yml

@@ -1,3 +1,3 @@
 - set_fact:
     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}"
-  when: "matrix_corporal_enabled"
+  when: "matrix_corporal_enabled"

roles/matrix-synapse/defaults/main.yml

@@ -1,3 +1,8 @@
+# Synapse is a Matrix homeserver
+# See: https://github.com/matrix-org/synapse
+
+matrix_synapse_enabled: true
+
 matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2"
 
 matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@@ -239,31 +244,6 @@ matrix_s3_media_store_region: "eu-central-1"
 # Controls whether the self-check feature should validate SSL certificates.
 matrix_synapse_self_check_validate_certificates: true
 
-# Matrix mautrix is a Matrix <-> Telegram bridge
-# Enable telegram bridge
-matrix_mautrix_telegram_enabled: false
-
-matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1"
-
-matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
-
-# Get your own API keys at https://my.telegram.org/apps
-matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID
-matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH
-# Mautrix telegram public endpoint to log in to telegram
-# Use an uuid so it's not easily discoverable
-matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}"
-# Set this to a port number to expose on the host when not using the nginx proxy
-matrix_mautrix_telegram_container_exposed_port_number: ~
-
-# Matrix mautrix is a Matrix <-> Whatsapp bridge
-# Enable whatsapp bridge
-matrix_mautrix_whatsapp_enabled: false
-
-matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
-
-matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
-
 # Matrix mautrix is a Matrix <-> Facebook bridge
 # Enable facebook bridge
 matrix_mautrix_facebook_enabled: false

roles/matrix-synapse/tasks/ext/init.yml

@@ -1,9 +1,5 @@
 ---
 
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/init.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
-
 - import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml"
 
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"

roles/matrix-synapse/tasks/ext/setup.yml

@@ -6,10 +6,6 @@
 
 - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
 
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/setup.yml"
-
-- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml"
-
 - import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml"
 
 - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml"

roles/matrix-synapse/tasks/main.yml

@@ -41,4 +41,10 @@
 - import_tasks: "{{ role_path }}/tasks/update_user_password.yml"
   when: run_update_user_password
   tags:
-    - update-user-password
+    - update-user-password
+
+- name: Mark matrix-synapse role as executed
+  set_fact:
+    matrix_synapse_role_executed: true
+  tags:
+   - always

roles/matrix-synapse/vars/main.yml

@@ -4,3 +4,6 @@ matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
 
 matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
 matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
+
+# Tells whether this role had executed or not. Toggled to `true` during runtime.
+matrix_synapse_role_executed: false

setup.yml

@@ -8,6 +8,8 @@
     - matrix-mailer
     - matrix-postgres
     - matrix-corporal
+    - matrix-bridge-mautrix-telegram
+    - matrix-bridge-mautrix-whatsapp
     - matrix-synapse
     - matrix-riot-web
     - matrix-mxisd