Merge branch 'master' into pub.solar
This commit is contained in:
commit
c19ba7008d
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -1,3 +1,12 @@
|
|||
# 2022-07-05
|
||||
|
||||
## Ntfy push notifications support
|
||||
|
||||
Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you.
|
||||
|
||||
See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started.
|
||||
|
||||
|
||||
# 2022-06-23
|
||||
|
||||
## (Potential Backward Compatibility Break) Changes around metrics collection
|
||||
|
@ -26,7 +35,7 @@
|
|||
3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics`
|
||||
4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`).
|
||||
|
||||
**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now.
|
||||
**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now.
|
||||
|
||||
# 2022-06-13
|
||||
|
||||
|
|
|
@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve
|
|||
|
||||
- (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation
|
||||
|
||||
- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation
|
||||
|
||||
- (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation
|
||||
|
|
|
@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco
|
|||
| CNAME | `stats` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `goneb` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `sygnal` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `ntfy` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `hydrogen` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `cinny` | - | - | - | `matrix.<your-domain>` |
|
||||
| CNAME | `buscarron` | - | - | - | `matrix.<your-domain>` |
|
||||
|
@ -57,6 +58,8 @@ The `goneb.<your-domain>` subdomain may be necessary, because this playbook coul
|
|||
|
||||
The `sygnal.<your-domain>` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.<your-domain>` DNS record.
|
||||
|
||||
The `ntfy.<your-domain>` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.<your-domain>` DNS record.
|
||||
|
||||
The `hydrogen.<your-domain>` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.<your-domain>` DNS record.
|
||||
|
||||
The `cinny.<your-domain>` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.<your-domain>` DNS record.
|
||||
|
|
|
@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can
|
|||
matrix_mautrix_facebook_configuration_extension_yaml: |
|
||||
bridge:
|
||||
permissions:
|
||||
'@YOUR_USERNAME:YOUR_DOMAIN': admin
|
||||
'@YOUR_USERNAME:{{ matrix_domain }}': admin
|
||||
```
|
||||
|
||||
You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure.
|
||||
Using both would look like
|
||||
|
||||
```yaml
|
||||
matrix_mautrix_facebook_configuration_extension_yaml: |
|
||||
bridge:
|
||||
permissions:
|
||||
'@YOUR_USERNAME:{{ matrix_domain }}': admin
|
||||
encryption:
|
||||
allow: true
|
||||
default: true
|
||||
```
|
||||
|
||||
You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure.
|
||||
|
||||
|
||||
## Set up Double Puppeting
|
||||
|
|
|
@ -7,6 +7,32 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i
|
|||
```yaml
|
||||
matrix_mautrix_instagram_enabled: true
|
||||
```
|
||||
There are some additional things you may wish to configure about the bridge before you continue.
|
||||
|
||||
Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file:
|
||||
```yaml
|
||||
matrix_mautrix_instagram_configuration_extension_yaml: |
|
||||
bridge:
|
||||
encryption:
|
||||
allow: true
|
||||
default: true
|
||||
```
|
||||
|
||||
If you would like to be able to administrate the bridge from your account it can be configured like this:
|
||||
```yaml
|
||||
# The easy way. The specified Matrix user ID will be made an admin of all bridges
|
||||
matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}"
|
||||
|
||||
# OR:
|
||||
# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins.
|
||||
matrix_mautrix_instagram_configuration_extension_yaml: |
|
||||
bridge:
|
||||
permissions:
|
||||
'@YOUR_USERNAME:YOUR_DOMAIN': admin
|
||||
```
|
||||
|
||||
You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure.
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
|
|
63
docs/configuring-playbook-ntfy.md
Normal file
63
docs/configuring-playbook-ntfy.md
Normal file
|
@ -0,0 +1,63 @@
|
|||
# Setting up ntfy (optional)
|
||||
|
||||
The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you.
|
||||
|
||||
Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices.
|
||||
|
||||
This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features.
|
||||
|
||||
**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it.
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
# Enabling it is the only required setting
|
||||
matrix_ntfy_enabled: true
|
||||
|
||||
# Some other options
|
||||
matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
|
||||
matrix_ntfy_configuration_extension_yaml: |
|
||||
log_level: DEBUG
|
||||
```
|
||||
|
||||
For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`.
|
||||
|
||||
For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options).
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `ntfy.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.)
|
||||
|
||||
Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app.
|
||||
|
||||
If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy".
|
||||
|
||||
If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below.
|
||||
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app.
|
||||
|
||||
Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`.
|
||||
|
||||
To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL.
|
||||
|
||||
If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app.
|
||||
|
||||
The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device.
|
|
@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2"
|
|||
|
||||
If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue.
|
||||
|
||||
If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints)
|
||||
```yaml
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose.
|
||||
matrix_synapse_container_client_api_host_bind_port: ''
|
||||
matrix_synapse_container_federation_api_plain_host_bind_port: ''
|
||||
```
|
||||
|
||||
|
||||
|
||||
### Using your own external Apache webserver
|
||||
|
||||
|
|
|
@ -74,6 +74,7 @@ By default, it obtains certificates for:
|
|||
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
||||
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
|
||||
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
|
||||
- possibly for `ntfy.<your-domain>`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md).
|
||||
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||
|
||||
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
||||
|
|
|
@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
### Other specialized services
|
||||
|
||||
- [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional)
|
||||
|
||||
- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional)
|
||||
|
|
|
@ -168,6 +168,11 @@ backend matrix-backend
|
|||
/.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200!
|
||||
```
|
||||
|
||||
**For AWS CloudFront**
|
||||
|
||||
1. Add a custom origin with matrix.<your-domain> to your distribution
|
||||
1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin.
|
||||
|
||||
Make sure to:
|
||||
|
||||
- **replace `DOMAIN`** in the server configuration with your actual domain name
|
||||
|
|
|
@ -109,3 +109,5 @@ These services are not part of our default installation, but can be enabled by [
|
|||
- [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards)
|
||||
|
||||
- [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix
|
||||
|
||||
- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server
|
||||
|
|
|
@ -1552,6 +1552,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}"
|
|||
matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}"
|
||||
matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}"
|
||||
matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}"
|
||||
matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}"
|
||||
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}"
|
||||
matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081"
|
||||
|
@ -1578,7 +1579,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}"
|
|||
matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}"
|
||||
matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}"
|
||||
|
||||
matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}"
|
||||
matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}"
|
||||
|
@ -1634,6 +1635,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: |
|
|||
+
|
||||
(['matrix-sygnal.service'] if matrix_sygnal_enabled else [])
|
||||
+
|
||||
(['matrix-ntfy.service'] if matrix_ntfy_enabled else [])
|
||||
+
|
||||
(['matrix-jitsi.service'] if matrix_jitsi_enabled else [])
|
||||
+
|
||||
(['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else [])
|
||||
|
@ -1667,6 +1670,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
|||
+
|
||||
([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else [])
|
||||
+
|
||||
([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else [])
|
||||
+
|
||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
+
|
||||
matrix_ssl_additional_domains_to_obtain_certificates_for
|
||||
|
@ -1960,6 +1965,20 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable
|
|||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-ntfy
|
||||
#
|
||||
######################################################################
|
||||
|
||||
matrix_ntfy_enabled: false
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-ntfy
|
||||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-redis
|
||||
|
|
|
@ -59,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}"
|
|||
# This is where you access the Sygnal push gateway.
|
||||
matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}"
|
||||
|
||||
# This is where you access the ntfy push notification service.
|
||||
matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}"
|
||||
|
||||
matrix_federation_public_port: 8448
|
||||
|
||||
# The architecture that your server runs.
|
||||
|
|
|
@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b
|
|||
matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data"
|
||||
matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store"
|
||||
|
||||
matrix_bot_matrix_reminder_bot_command_prefix: "!"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_bot_matrix_reminder_bot_container_extra_arguments: []
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# The string to prefix bot commands with
|
||||
command_prefix: "!"
|
||||
command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}"
|
||||
|
||||
# Options for connecting to the bot's Matrix account
|
||||
matrix:
|
||||
|
|
|
@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319"
|
|||
|
||||
matrix_beeper_linkedin_bridge_presence: true
|
||||
|
||||
matrix_beeper_linkedin_command_prefix: "!li"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_beeper_linkedin_container_extra_arguments: []
|
||||
|
||||
|
|
|
@ -226,7 +226,7 @@ bridge:
|
|||
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!li"
|
||||
command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
|
|
|
@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: ''
|
|||
|
||||
matrix_go_skype_bridge_appservice_bot_username: skypebridgebot
|
||||
|
||||
matrix_go_skype_bridge_command_prefix: "!skype"
|
||||
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
matrix_go_skype_bridge_federate_rooms: true
|
||||
|
|
|
@ -165,7 +165,7 @@ bridge:
|
|||
allow_user_invite: false
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}"
|
||||
|
||||
# End-to-bridge encryption support options. This requires login_shared_secret to be configured
|
||||
# in order to get a device for the bridge bot.
|
||||
|
|
|
@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co
|
|||
matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data"
|
||||
matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src"
|
||||
|
||||
matrix_mautrix_facebook_command_prefix: "!fb"
|
||||
|
||||
# Whether or not the public-facing endpoints should be enabled (web-based login)
|
||||
matrix_mautrix_facebook_appservice_public_enabled: true
|
||||
|
||||
|
@ -89,6 +91,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot
|
|||
|
||||
matrix_mautrix_facebook_bridge_presence: true
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_facebook_logging_level: WARNING
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
|
|
@ -86,7 +86,7 @@ bridge:
|
|||
- first_name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!fb"
|
||||
command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Set 0 to disable automatic syncing.
|
||||
|
@ -253,11 +253,11 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_facebook_logging_level|to_json }}
|
||||
paho:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_facebook_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_facebook_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_facebook_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur
|
|||
matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080'
|
||||
|
||||
matrix_mautrix_googlechat_command_prefix: "!gc"
|
||||
|
||||
# Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
|
||||
|
@ -78,6 +80,9 @@ matrix_mautrix_googlechat_login_shared_secret: ''
|
|||
|
||||
matrix_mautrix_googlechat_appservice_bot_username: googlechatbot
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_googlechat_logging_level: WARNING
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
|
|
@ -62,7 +62,7 @@ bridge:
|
|||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!HO"
|
||||
command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
|
@ -141,11 +141,11 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
|
||||
hangups:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_googlechat_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url
|
|||
matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080'
|
||||
|
||||
matrix_mautrix_hangouts_command_prefix: "!HO"
|
||||
|
||||
# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.
|
||||
|
@ -75,6 +77,9 @@ matrix_mautrix_hangouts_login_shared_secret: ''
|
|||
|
||||
matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_hangouts_logging_level: WARNING
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
|
|
@ -62,7 +62,7 @@ bridge:
|
|||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!HO"
|
||||
command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
|
@ -138,11 +138,11 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
|
||||
hangups:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_hangouts_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url
|
|||
matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330'
|
||||
|
||||
matrix_mautrix_instagram_command_prefix: "!ig"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mautrix_instagram_container_extra_arguments: []
|
||||
|
||||
|
@ -68,6 +70,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot
|
|||
|
||||
matrix_mautrix_instagram_bridge_presence: true
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_instagram_logging_level: WARNING
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
|
|
@ -135,7 +135,7 @@ bridge:
|
|||
# Whether or not the bridge should backfill chats when reconnecting.
|
||||
resync: true
|
||||
# Should even disconnected users be reconnected?
|
||||
always: false
|
||||
always: false
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
|
@ -176,7 +176,7 @@ bridge:
|
|||
unimportant_bridge_notices: true
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!ig"
|
||||
command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}"
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Use the bridge with puppeting.
|
||||
|
@ -219,13 +219,13 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_instagram_logging_level|to_json }}
|
||||
mauigpapi:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_instagram_logging_level|to_json }}
|
||||
paho:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_instagram_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_instagram_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_instagram_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: ''
|
|||
matrix_mautrix_signal_homeserver_domain: ''
|
||||
matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328'
|
||||
|
||||
matrix_mautrix_signal_command_prefix: "!signal"
|
||||
|
||||
# Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose.
|
||||
|
@ -57,6 +59,9 @@ matrix_mautrix_signal_homeserver_token: ''
|
|||
|
||||
matrix_mautrix_signal_appservice_bot_username: signalbot
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_signal_logging_level: WARNING
|
||||
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
matrix_mautrix_signal_federate_rooms: true
|
||||
|
@ -99,6 +104,9 @@ matrix_mautrix_signal_relaybot_enabled: false
|
|||
matrix_mautrix_signal_bridge_permissions: |
|
||||
'*': relay
|
||||
'{{ matrix_mautrix_signal_homeserver_domain }}': user
|
||||
{% if matrix_admin %}
|
||||
"{{ matrix_admin }}": admin
|
||||
{% endif %}
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
|
|
|
@ -197,7 +197,7 @@ bridge:
|
|||
shared_secret: generate
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!signal"
|
||||
command_prefix: "{{ matrix_mautrix_signal_command_prefix }}"
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
|
@ -223,11 +223,8 @@ bridge:
|
|||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
permissions:
|
||||
{{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
|
||||
{% if matrix_admin %}
|
||||
"{{ matrix_admin }}": admin
|
||||
{% endif %}
|
||||
|
||||
relay:
|
||||
# Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
|
||||
|
@ -269,9 +266,9 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_signal_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_signal_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_signal_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram
|
|||
matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config"
|
||||
matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data"
|
||||
|
||||
matrix_mautrix_telegram_command_prefix: "!tg"
|
||||
|
||||
# Get your own API keys at https://my.telegram.org/apps
|
||||
matrix_mautrix_telegram_api_id: ''
|
||||
matrix_mautrix_telegram_api_hash: ''
|
||||
|
@ -43,6 +45,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq
|
|||
|
||||
matrix_mautrix_telegram_appservice_bot_username: telegrambot
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_telegram_logging_level: WARNING
|
||||
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
matrix_mautrix_telegram_federate_rooms: true
|
||||
|
|
|
@ -276,7 +276,7 @@ bridge:
|
|||
list: []
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!tg"
|
||||
command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
|
@ -404,11 +404,11 @@ logging:
|
|||
formatter: precise
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_telegram_logging_level|to_json }}
|
||||
telethon:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_telegram_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_telegram_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_telegram_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url }
|
|||
matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
|
||||
|
||||
matrix_mautrix_twitter_command_prefix: "!tw"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mautrix_twitter_container_extra_arguments: []
|
||||
|
||||
|
@ -66,6 +68,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt
|
|||
|
||||
matrix_mautrix_twitter_appservice_bot_username: twitterbot
|
||||
|
||||
# Specifies the default log level for all bridge loggers.
|
||||
matrix_mautrix_twitter_logging_level: WARNING
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
|
|
@ -163,7 +163,7 @@ bridge:
|
|||
resend_bridge_info: false
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!tw"
|
||||
command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
|
@ -198,9 +198,9 @@ logging:
|
|||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_twitter_logging_level|to_json }}
|
||||
aiohttp:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_twitter_logging_level|to_json }}
|
||||
root:
|
||||
level: WARNING
|
||||
level: {{ matrix_mautrix_twitter_logging_level|to_json }}
|
||||
handlers: [console]
|
||||
|
|
|
@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url
|
|||
matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}"
|
||||
matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080"
|
||||
|
||||
matrix_mautrix_whatsapp_command_prefix: "!wa"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mautrix_whatsapp_container_extra_arguments: []
|
||||
|
||||
|
|
|
@ -139,7 +139,7 @@ bridge:
|
|||
federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }}
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}"
|
||||
|
||||
# Messages sent upon joining a management room.
|
||||
# Markdown is supported. The defaults are listed below.
|
||||
|
|
|
@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
|
|||
# - https://github.com/vector-im/element-web/issues/19544
|
||||
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
|
||||
|
||||
matrix_client_element_version: v1.10.15
|
||||
matrix_client_element_version: v1.11.0
|
||||
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
|
||||
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
|
||||
|
|
|
@ -21,3 +21,10 @@
|
|||
tags:
|
||||
- setup-all
|
||||
- setup-client-hydrogen
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool"
|
||||
tags:
|
||||
- self-check
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}"
|
||||
matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json"
|
||||
|
||||
- name: Check Hydrogen
|
||||
uri:
|
||||
|
|
|
@ -73,13 +73,3 @@ dimension:
|
|||
# This is where Dimension is accessible from clients. Be sure to set this
|
||||
# to your own Dimension instance.
|
||||
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
||||
|
||||
# Settings for controlling how logging works
|
||||
logging:
|
||||
file: /dev/null
|
||||
console: true
|
||||
consoleLevel: verbose
|
||||
fileLevel: info
|
||||
rotate:
|
||||
size: 52428800 # bytes, default is 50mb
|
||||
count: 5
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
matrix_grafana_enabled: false
|
||||
|
||||
matrix_grafana_version: 9.0.1
|
||||
matrix_grafana_version: 9.0.2
|
||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
|
@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: ''
|
|||
|
||||
matrix_jitsi_enable_lobby: false
|
||||
|
||||
matrix_jitsi_version: stable-7001
|
||||
matrix_jitsi_version: stable-7439-2
|
||||
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
|
||||
|
||||
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
|
||||
|
|
|
@ -7,4 +7,4 @@
|
|||
- name: Fail if on an unsupported architecture
|
||||
fail:
|
||||
msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214"
|
||||
when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64'
|
||||
when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64']
|
||||
|
|
|
@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}"
|
|||
matrix_nginx_proxy_proxy_sygnal_enabled: false
|
||||
matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}"
|
||||
|
||||
# Controls whether proxying the ntfy domain should be done.
|
||||
matrix_nginx_proxy_proxy_ntfy_enabled: false
|
||||
matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}"
|
||||
|
||||
# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain)
|
||||
# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly.
|
||||
# This is only useful when an external Prometheus will be collecting metrics.
|
||||
|
@ -311,7 +315,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: ""
|
|||
# Controls whether proxying for the Matrix Federation API should be done.
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem"
|
||||
|
@ -365,6 +369,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: []
|
|||
# A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf).
|
||||
matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf).
|
||||
matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: []
|
||||
|
||||
# A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf).
|
||||
matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: []
|
||||
|
||||
|
|
|
@ -138,6 +138,13 @@
|
|||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_sygnal_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_ntfy_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
||||
|
@ -288,6 +295,12 @@
|
|||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
|
||||
{% macro render_vhost_directives() %}
|
||||
gzip on;
|
||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||
|
||||
{% if matrix_nginx_proxy_hsts_preload_enabled %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
{% else %}
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
{% endif %}
|
||||
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options DENY;
|
||||
|
||||
{% for configuration_block in matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks %}
|
||||
{{- configuration_block }}
|
||||
{% endfor %}
|
||||
|
||||
location / {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-ntfy:80";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:80;
|
||||
{% endif %}
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||
}
|
||||
{% endmacro %}
|
||||
|
||||
server {
|
||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
location /.well-known/acme-challenge {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-certbot:8080";
|
||||
proxy_pass http://$backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$http_host$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
{{ render_vhost_directives() }}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if matrix_nginx_proxy_https_enabled %}
|
||||
server {
|
||||
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
|
||||
|
||||
server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }};
|
||||
|
||||
server_tokens off;
|
||||
root /dev/null;
|
||||
|
||||
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/fullchain.pem;
|
||||
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/privkey.pem;
|
||||
|
||||
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
|
||||
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
|
||||
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
|
||||
{% endif %}
|
||||
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
|
||||
|
||||
{% if matrix_nginx_proxy_ocsp_stapling_enabled %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_nginx_proxy_ssl_session_tickets_off %}
|
||||
ssl_session_tickets off;
|
||||
{% endif %}
|
||||
ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }};
|
||||
ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }};
|
||||
|
||||
{{ render_vhost_directives() }}
|
||||
}
|
||||
{% endif %}
|
46
roles/matrix-ntfy/defaults/main.yml
Normal file
46
roles/matrix-ntfy/defaults/main.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
matrix_ntfy_enabled: true
|
||||
|
||||
matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy"
|
||||
matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config"
|
||||
matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data"
|
||||
|
||||
matrix_ntfy_version: v1.27.2
|
||||
matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}"
|
||||
matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}"
|
||||
|
||||
# Public facing base URL of the ntfy service
|
||||
matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}"
|
||||
|
||||
# Controls whether the container exposes its HTTP port (tcp/8080 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8768"), or empty string to not expose.
|
||||
matrix_ntfy_container_http_host_bind_port: ''
|
||||
|
||||
# A list of extra arguments to pass to the container (`docker run` command)
|
||||
matrix_ntfy_container_extra_arguments: []
|
||||
|
||||
# Controls whether the self-check feature should validate SSL certificates.
|
||||
matrix_ntfy_self_check_validate_certificates: true
|
||||
|
||||
# Default ntfy configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}"
|
||||
|
||||
matrix_ntfy_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for ntfy goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_ntfy_configuration_yaml`.
|
||||
|
||||
matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final ntfy configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`.
|
||||
matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}"
|
5
roles/matrix-ntfy/tasks/init.yml
Normal file
5
roles/matrix-ntfy/tasks/init.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}"
|
||||
when: matrix_ntfy_enabled|bool
|
24
roles/matrix-ntfy/tasks/main.yml
Normal file
24
roles/matrix-ntfy/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_ntfy_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-ntfy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_ntfy_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-ntfy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: "run_self_check|bool and matrix_ntfy_enabled|bool"
|
||||
tags:
|
||||
- self-check
|
25
roles/matrix-ntfy/tasks/self_check.yml
Normal file
25
roles/matrix-ntfy/tasks/self_check.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
|
||||
# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax.
|
||||
# Expect an empty response (because we query 'since=1s').
|
||||
|
||||
- set_fact:
|
||||
matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s"
|
||||
|
||||
- name: Check ntfy
|
||||
uri:
|
||||
url: "{{ matrix_ntfy_url_endpoint_public }}"
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}"
|
||||
register: matrix_ntfy_self_check_result
|
||||
check_mode: false
|
||||
ignore_errors: true
|
||||
|
||||
- name: Fail if ntfy not working
|
||||
fail:
|
||||
msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}"
|
||||
when: "matrix_ntfy_self_check_result.failed"
|
||||
|
||||
- name: Report working ntfy
|
||||
debug:
|
||||
msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)"
|
44
roles/matrix-ntfy/tasks/setup_install.yml
Normal file
44
roles/matrix-ntfy/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
|
||||
- name: Ensure matrix-ntfy image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ntfy_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}"
|
||||
register: result
|
||||
retries: "{{ matrix_container_retries_count }}"
|
||||
delay: "{{ matrix_container_retries_delay }}"
|
||||
until: result is not failed
|
||||
|
||||
- name: Ensure matrix-ntfy paths exists
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_ntfy_base_path }}"
|
||||
- "{{ matrix_ntfy_config_dir_path }}"
|
||||
- "{{ matrix_ntfy_data_path }}"
|
||||
|
||||
- name: Ensure matrix-ntfy config installed
|
||||
copy:
|
||||
content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}"
|
||||
dest: "{{ matrix_ntfy_config_dir_path }}/server.yml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-ntfy.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-ntfy.service"
|
||||
mode: 0644
|
||||
register: matrix_ntfy_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-ntfy.service installation
|
||||
service:
|
||||
daemon_reload: true
|
||||
when: "matrix_ntfy_systemd_service_result.changed"
|
36
roles/matrix-ntfy/tasks/setup_uninstall.yml
Normal file
36
roles/matrix-ntfy/tasks/setup_uninstall.yml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-ntfy service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-ntfy.service"
|
||||
register: matrix_ntfy_service_stat
|
||||
|
||||
- name: Ensure matrix-ntfy is stopped
|
||||
service:
|
||||
name: matrix-ntfy
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
register: stopping_result
|
||||
when: "matrix_ntfy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-ntfy.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-ntfy.service"
|
||||
state: absent
|
||||
when: "matrix_ntfy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-ntfy.service removal
|
||||
service:
|
||||
daemon_reload: true
|
||||
when: "matrix_ntfy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-ntfy path doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_ntfy_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure ntfy Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_ntfy_docker_image }}"
|
||||
state: absent
|
3
roles/matrix-ntfy/templates/ntfy/server.yml.j2
Normal file
3
roles/matrix-ntfy/templates/ntfy/server.yml.j2
Normal file
|
@ -0,0 +1,3 @@
|
|||
base_url: {{ matrix_ntfy_base_url }}
|
||||
behind_proxy: true
|
||||
cache_file: /data/cache.db
|
38
roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
Normal file
38
roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2
Normal file
|
@ -0,0 +1,38 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=matrix-ntfy
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
{% for arg in matrix_ntfy_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_ntfy_container_http_host_bind_port %}
|
||||
-p {{ matrix_ntfy_container_http_host_bind_port }}:80 \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \
|
||||
--mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \
|
||||
{{ matrix_ntfy_docker_image }} \
|
||||
serve
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-ntfy
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
|
|||
|
||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_synapse_version: v1.61.1
|
||||
matrix_synapse_version: v1.62.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
|
|
Loading…
Reference in a new issue