From 75746943be412a7197bdf7be0550273d925e22db Mon Sep 17 00:00:00 2001 From: Christos Karamolegkos Date: Tue, 28 Jun 2022 17:51:06 +0300 Subject: [PATCH 01/31] Update README.md to include Go Skype Bridge Update README.md to include Go Skype Bridge, added in #1877 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 26f10940..1d58eed0 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-mx-puppet-skype.md](docs/configuring-playbook-bridge-mx-puppet-skype.md) for setup documentation +- (optional) the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for bridging your Matrix server to [Skype](https://www.skype.com) - see [docs/configuring-playbook-bridge-go-skype-bridge.md](docs/configuring-playbook-bridge-go-skype-bridge.md) for setup documentation + - (optional) the [mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) for bridging your Matrix server to [Slack](https://slack.com) - see [docs/configuring-playbook-bridge-mx-puppet-slack.md](docs/configuring-playbook-bridge-mx-puppet-slack.md) for setup documentation - (optional) the [mx-puppet-instagram](https://github.com/Sorunome/mx-puppet-instagram) bridge for Instagram-DMs ([Instagram](https://www.instagram.com/)) - see [docs/configuring-playbook-bridge-mx-puppet-instagram.md](docs/configuring-playbook-bridge-mx-puppet-instagram.md) for setup documentation From c614b61e01e1ec1de5b86cd265b3b36e9c5b3b4d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 28 Jun 2022 17:53:57 +0300 Subject: [PATCH 02/31] Fix mautrix-signal permissions configuration Fixup for https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index ad0752e3..61f8695d 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -99,6 +99,9 @@ matrix_mautrix_signal_relaybot_enabled: false matrix_mautrix_signal_bridge_permissions: | '*': relay '{{ matrix_mautrix_signal_homeserver_domain }}': user + {% if matrix_admin %} + "{{ matrix_admin }}": admin + {% endif %} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 53aa550d..c5fbba8e 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,11 +223,8 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: + permissions: {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any From c15bf2e0194e63f30df700b2465960d91120f811 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 29 Jun 2022 08:42:13 +0300 Subject: [PATCH 03/31] Upgrade Grafana (9.0.1 -> 9.0.2) --- roles/matrix-grafana/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index 618eaef7..7765ae48 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -4,7 +4,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.1 +matrix_grafana_version: 9.0.2 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" From 523a7b4a6e428eb21efb343463d576152ade1cc9 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 28 Jun 2022 23:38:08 -0800 Subject: [PATCH 04/31] Update configuring-playbook-own-webserver.md Adding a bit on how to bind the synapse ports if the webserver isn't in the same docker network, or on a different machine. --- docs/configuring-playbook-own-webserver.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index c7e56f14..155b5995 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -57,6 +57,14 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. +If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) +'''yaml +# Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. +matrix_synapse_container_client_api_host_bind_port: '' +matrix_synapse_container_federation_api_plain_host_bind_port: '' +''' + + ### Using your own external Apache webserver From 6a99b3d5323a25b3f9a289b2b0d90675ff1d180b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jun 2022 15:09:29 +0000 Subject: [PATCH 05/31] Fix Hydrogen self check Thanks to Julian for pointing this out --- roles/matrix-client-hydrogen/tasks/main.yml | 7 +++++++ roles/matrix-client-hydrogen/tasks/self_check.yml | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/matrix-client-hydrogen/tasks/main.yml b/roles/matrix-client-hydrogen/tasks/main.yml index 13d157cc..d027fe66 100644 --- a/roles/matrix-client-hydrogen/tasks/main.yml +++ b/roles/matrix-client-hydrogen/tasks/main.yml @@ -21,3 +21,10 @@ tags: - setup-all - setup-client-hydrogen + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_client_hydrogen_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-client-hydrogen/tasks/self_check.yml b/roles/matrix-client-hydrogen/tasks/self_check.yml index 28af9c78..0c664231 100644 --- a/roles/matrix-client-hydrogen/tasks/self_check.yml +++ b/roles/matrix-client-hydrogen/tasks/self_check.yml @@ -1,7 +1,7 @@ --- - set_fact: - matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}" + matrix_client_hydrogen_url_endpoint_public: "https://{{ matrix_server_fqn_hydrogen }}/config.json" - name: Check Hydrogen uri: From 9cf2b37352f940bdfeb4208be88d67c5b245ee62 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 00:43:01 -0800 Subject: [PATCH 06/31] Update configuring-playbook-bridge-mautrix-instagram.md Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin. --- ...uring-playbook-bridge-mautrix-instagram.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 38d107d0..08b35d1d 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -7,6 +7,27 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/instagram/i ```yaml matrix_mautrix_instagram_enabled: true ``` +There are some additional things you may wish to configure about the bridge before you continue. + +Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + encryption: + allow: true + default: true +``` + +If you would like to be able to administrate the bridge from your account it can be configured like this: +```yaml +matrix_mautrix_instagram_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:YOUR_DOMAIN': admin +``` + +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. + ## Usage From 3fbff1a78909170426ce15ad9b81a3fdc5b3b9e7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 11:57:01 +0300 Subject: [PATCH 07/31] Mention matrix_admin Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1899 --- docs/configuring-playbook-bridge-mautrix-instagram.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-instagram.md b/docs/configuring-playbook-bridge-mautrix-instagram.md index 08b35d1d..cbfdcb0b 100644 --- a/docs/configuring-playbook-bridge-mautrix-instagram.md +++ b/docs/configuring-playbook-bridge-mautrix-instagram.md @@ -20,13 +20,18 @@ matrix_mautrix_instagram_configuration_extension_yaml: | If you would like to be able to administrate the bridge from your account it can be configured like this: ```yaml +# The easy way. The specified Matrix user ID will be made an admin of all bridges +matrix_admin: "@YOUR_USERNAME:{{ matrix_domain }}" + +# OR: +# The more verbose way. Applies to this bridge only. You may define multiple Matrix users as admins. matrix_mautrix_instagram_configuration_extension_yaml: | bridge: permissions: '@YOUR_USERNAME:YOUR_DOMAIN': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-instagram/defaults/main.yml` to find other things you would like to configure. ## Usage From 95ca182ab50bc3cf04e56d7ae1cc57cb49e59265 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 30 Jun 2022 12:08:37 +0300 Subject: [PATCH 08/31] Remove outdated logging configuration from Dimension Related to https://github.com/turt2live/matrix-dimension/commit/123a45bb217126875a5a9aaabbe22c5f8f66727a Provoked by https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1879 Not sure how bot-sdk's logging level can be adjusted. Seems like Dimension now hardcodes `LogService.setLevel(LogLevel.DEBUG);` in its startup code. --- roles/matrix-dimension/templates/config.yaml.j2 | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/roles/matrix-dimension/templates/config.yaml.j2 b/roles/matrix-dimension/templates/config.yaml.j2 index 39721d71..592c65ac 100644 --- a/roles/matrix-dimension/templates/config.yaml.j2 +++ b/roles/matrix-dimension/templates/config.yaml.j2 @@ -73,13 +73,3 @@ dimension: # This is where Dimension is accessible from clients. Be sure to set this # to your own Dimension instance. publicUrl: "https://{{ matrix_server_fqn_dimension }}" - -# Settings for controlling how logging works -logging: - file: /dev/null - console: true - consoleLevel: verbose - fileLevel: info - rotate: - size: 52428800 # bytes, default is 50mb - count: 5 From 60c14c3550b41174dae723048b48ac011541cc45 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 03:46:24 -0800 Subject: [PATCH 09/31] Update configuring-playbook-own-webserver.md Fixing code block formatting --- docs/configuring-playbook-own-webserver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-own-webserver.md b/docs/configuring-playbook-own-webserver.md index 155b5995..76fa2d8b 100644 --- a/docs/configuring-playbook-own-webserver.md +++ b/docs/configuring-playbook-own-webserver.md @@ -58,11 +58,11 @@ matrix_nginx_proxy_ssl_protocols: "TLSv1.2" If you are experiencing issues, try updating to a newer version of Nginx. As a data point in May 2021 a user reported that Nginx 1.14.2 was not working for them. They were getting errors about socket leaks. Updating to Nginx 1.19 fixed their issue. If you are not going to be running your webserver on the same docker network, or the same machine as matrix, these variables can be set to bind synapse to an exposed port. [Keep in mind that there are some security concerns if you simply proxy everything to it](https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md#synapse-administration-endpoints) -'''yaml +```yaml # Takes an ":" or "" value (e.g. "127.0.0.1:8048" or "192.168.1.3:80"), or empty string to not expose. matrix_synapse_container_client_api_host_bind_port: '' matrix_synapse_container_federation_api_plain_host_bind_port: '' -''' +``` From 84346cae9cb4f2633a3acee3b1425900cc32fa67 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Thu, 30 Jun 2022 21:28:38 -0800 Subject: [PATCH 10/31] Update configuring-playbook-bridge-mautrix-facebook.md Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml --- ...nfiguring-playbook-bridge-mautrix-facebook.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index bb8d1430..926c6f02 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -24,10 +24,22 @@ If you would like to be able to administrate the bridge from your account it can matrix_mautrix_facebook_configuration_extension_yaml: | bridge: permissions: - '@YOUR_USERNAME:YOUR_DOMAIN': admin + '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` to find other things you would like to configure. +Using both would look like + +```yaml +matrix_mautrix_facebook_configuration_extension_yaml: | + bridge: + permissions: + '@YOUR_USERNAME:{{ matrix_domain }}': admin + encryption: + allow: true + default: true +``` + +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. ## Set up Double Puppeting From 4ca0d23b813e1f8f6123bd9cd5db233869f5e8be Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 08:42:23 +0300 Subject: [PATCH 11/31] FIx code blocks --- docs/configuring-playbook-bridge-mautrix-facebook.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-mautrix-facebook.md b/docs/configuring-playbook-bridge-mautrix-facebook.md index 926c6f02..4429f004 100644 --- a/docs/configuring-playbook-bridge-mautrix-facebook.md +++ b/docs/configuring-playbook-bridge-mautrix-facebook.md @@ -39,7 +39,7 @@ matrix_mautrix_facebook_configuration_extension_yaml: | default: true ``` -You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and 'roles/matrix-bridge-mautrix-facebook/defaults/main.yml' to find other things you would like to configure. +You may wish to look at `roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2` and `roles/matrix-bridge-mautrix-facebook/defaults/main.yml` to find other things you would like to configure. ## Set up Double Puppeting From 02cc201f14afb6480b55d86eac918474db0875e7 Mon Sep 17 00:00:00 2001 From: freiit Date: Fri, 1 Jul 2022 12:28:10 +0200 Subject: [PATCH 12/31] Add configuration instruction for AWS CloundFront --- docs/configuring-well-known.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-well-known.md b/docs/configuring-well-known.md index 9a519343..36e53996 100644 --- a/docs/configuring-well-known.md +++ b/docs/configuring-well-known.md @@ -168,6 +168,11 @@ backend matrix-backend /.well-known/matrix/* https://matrix.DOMAIN/.well-known/matrix/:splat 200! ``` +**For AWS CloudFront** + + 1. Add a custom origin with matrix. to your distribution + 1. Add two behaviors, one for `.well-known/matrix/client` and one for `.well-known/matrix/server` and point them to your new origin. + Make sure to: - **replace `DOMAIN`** in the server configuration with your actual domain name From 06e51b06f1b6d442a78d0a3343df521d75637596 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 03:22:02 -0800 Subject: [PATCH 13/31] Adding logging variable for facebook and setting it's default (#1909) Co-authored-by: ThellraAK Co-authored-by: Slavi Pantaleev --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index d1469863..06bde727 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -128,3 +128,6 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" + +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: DEBUG diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 2555e985..f1d59b1a 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -253,11 +253,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_facebook_logging_level|to_json }} handlers: [console] From 71006393e0a2c9e62213f8849eed7349c4f3bc94 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:31:28 +0300 Subject: [PATCH 14/31] Default mautrix-facebook to WARNING loggers by default Overlooked in https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 06bde727..778f31fc 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -130,4 +130,4 @@ matrix_mautrix_facebook_registration_yaml: | matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" # Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: DEBUG +matrix_mautrix_facebook_logging_level: WARNING From a6a5f79a6fe5509fd1dd620079b61b9dd9011b14 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 1 Jul 2022 14:32:42 +0300 Subject: [PATCH 15/31] Relocate matrix_mautrix_facebook_logging_level in defaults/main.yml Improvement to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1909 --- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 778f31fc..5acc1ec7 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -89,6 +89,9 @@ matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_facebook_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -128,6 +131,3 @@ matrix_mautrix_facebook_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_facebook_registration: "{{ matrix_mautrix_facebook_registration_yaml|from_yaml }}" - -# Specifies the default log level for all bridge loggers. -matrix_mautrix_facebook_logging_level: WARNING From 1c8f21c738d33e17da277cdbac7e3710d568fbd8 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 1 Jul 2022 04:05:28 -0800 Subject: [PATCH 16/31] Adding logging configuration and default to the rest of the mautrixes that don't have them --- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 12 ++++++------ roles/matrix-bridge-mautrix-signal/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- .../matrix-bridge-mautrix-telegram/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 8 ++++---- .../matrix-bridge-mautrix-twitter/defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 6 +++--- 12 files changed, 42 insertions(+), 24 deletions(-) diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index dd5b8368..d0d90614 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -78,6 +78,9 @@ matrix_mautrix_googlechat_login_shared_secret: '' matrix_mautrix_googlechat_appservice_bot_username: googlechatbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_googlechat_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index db4394b7..864e3e1b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -141,11 +141,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_googlechat_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 911c81c6..f4f67a58 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -75,6 +75,9 @@ matrix_mautrix_hangouts_login_shared_secret: '' matrix_mautrix_hangouts_appservice_bot_username: hangoutsbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_hangouts_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 07f5b2d7..d207681e 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -138,11 +138,11 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} hangups: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_hangouts_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index 4ae2d374..a227b085 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -68,6 +68,9 @@ matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true +# Specifies the default log level for all bridge loggers. +matrix_mautrix_instagram_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 994a39a7..99ceee0e 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -135,7 +135,7 @@ bridge: # Whether or not the bridge should backfill chats when reconnecting. resync: true # Should even disconnected users be reconnected? - always: false + always: false # End-to-bridge encryption support options. These require matrix-nio to be installed with pip # and login_shared_secret to be configured in order to get a device for the bridge bot. # @@ -219,13 +219,13 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} mauigpapi: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_instagram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 61f8695d..d35e12af 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -57,6 +57,9 @@ matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_appservice_bot_username: signalbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_signal_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_signal_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index c5fbba8e..0044a0fc 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -266,9 +266,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_signal_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 65a446e0..4708266a 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -43,6 +43,9 @@ matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fq matrix_mautrix_telegram_appservice_bot_username: telegrambot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_telegram_logging_level: WARNING + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_mautrix_telegram_federate_rooms: true diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 20055ab7..276bd461 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -404,11 +404,11 @@ logging: formatter: precise loggers: mau: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} telethon: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_telegram_logging_level|to_json }} handlers: [console] diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b2e292ff..b32f57ef 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -66,6 +66,9 @@ matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitt matrix_mautrix_twitter_appservice_bot_username: twitterbot +# Specifies the default log level for all bridge loggers. +matrix_mautrix_twitter_logging_level: WARNING + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index 6b32d47b..f9bc8941 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -198,9 +198,9 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} root: - level: WARNING + level: {{ matrix_mautrix_twitter_logging_level|to_json }} handlers: [console] From c3f85ae827af0e942b5e9dc68e30649316050de4 Mon Sep 17 00:00:00 2001 From: Kabir Kwatra Date: Fri, 1 Jul 2022 07:56:09 -0700 Subject: [PATCH 17/31] feat(jitsi+arm64): Enable Jitsi on arm64 fixes spantaleev/matrix-docker-ansible-deploy#1889 Support for arm64 images tracked in jitsi/docker-jitsi-meet#1214 and added in jitsi/docker-jitsi-meet#1269 --- roles/matrix-jitsi/defaults/main.yml | 2 +- roles/matrix-jitsi/tasks/init.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index c3268267..70dc035d 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -70,7 +70,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7001 +matrix_jitsi_version: stable-7439-2 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-jitsi/tasks/init.yml b/roles/matrix-jitsi/tasks/init.yml index c4ed61a6..58567d92 100644 --- a/roles/matrix-jitsi/tasks/init.yml +++ b/roles/matrix-jitsi/tasks/init.yml @@ -7,4 +7,4 @@ - name: Fail if on an unsupported architecture fail: msg: "Jitsi only supports the amd64 architecture right now. See https://github.com/jitsi/docker-jitsi-meet/issues/1069 and https://github.com/jitsi/docker-jitsi-meet/issues/1214" - when: matrix_jitsi_enabled|bool and matrix_architecture != 'amd64' + when: matrix_jitsi_enabled|bool and matrix_architecture not in ['amd64', 'arm64'] From 2e4fad61944a7d2f5082c9f4e19e23cf30c23f67 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 2 Jul 2022 15:02:35 +0300 Subject: [PATCH 18/31] Use 127.0.0.1 instead of localhost for federation API when nginx disabled `localhost` may resolve to `::1` on some IPv6-enabled systems, which will not work, because we only potentially expose container ports on `127.0.0.1` when nginx is disabled (`matrix_nginx_proxy_enabled: false`), not on `::1`. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1914 --- group_vars/matrix_servers | 2 +- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 394e26dc..8d392276 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1578,7 +1578,7 @@ matrix_nginx_proxy_proxy_synapse_enabled: "{{ matrix_synapse_enabled }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container: "matrix-synapse:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container: "127.0.0.1:{{ matrix_synapse_container_client_api_port }}" matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container: "matrix-synapse:{{matrix_synapse_container_federation_api_plain_port|string}}" -matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "localhost:{{matrix_synapse_container_federation_api_plain_port|string}}" +matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container: "127.0.0.1:{{matrix_synapse_container_federation_api_plain_port|string}}" matrix_nginx_proxy_proxy_dendrite_enabled: "{{ matrix_dendrite_enabled }}" matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: "matrix-dendrite:{{ matrix_dendrite_http_bind_port|string }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index f19eb4ab..195b16fd 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -311,7 +311,7 @@ matrix_nginx_proxy_proxy_matrix_client_redirect_root_uri_to_domain: "" # Controls whether proxying for the Matrix Federation API should be done. matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-nginx-proxy:12088" -matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "localhost:12088" +matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:12088" matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb: "{{ (matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb | int) * 3 }}" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/fullchain.pem" matrix_nginx_proxy_proxy_matrix_federation_api_ssl_certificate_key: "{{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_matrix_hostname }}/privkey.pem" From ec9f8e29319e6150eb6daa6417fa1afab7078b70 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Tue, 21 Jun 2022 14:31:21 +0100 Subject: [PATCH 19/31] Add a role to install 'ntfy' push-notification server. This commit adds a 'matrix-ntfy' role that runs Ntfy server in Docker with simple configuration, and plumbing to add the role to the playbook. TODO: documentation, self-check, database persistence. --- group_vars/matrix_servers | 19 ++++ roles/matrix-base/defaults/main.yml | 3 + roles/matrix-nginx-proxy/defaults/main.yml | 7 ++ .../tasks/setup_nginx_proxy.yml | 13 +++ .../nginx/conf.d/matrix-ntfy.conf.j2 | 100 ++++++++++++++++++ roles/matrix-ntfy/README.md | 40 +++++++ roles/matrix-ntfy/defaults/main.yml | 16 +++ roles/matrix-ntfy/tasks/init.yml | 5 + roles/matrix-ntfy/tasks/main.yml | 10 ++ roles/matrix-ntfy/tasks/setup.yml | 58 ++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 37 +++++++ setup.yml | 1 + 12 files changed, 309 insertions(+) create mode 100644 roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 create mode 100644 roles/matrix-ntfy/README.md create mode 100644 roles/matrix-ntfy/defaults/main.yml create mode 100644 roles/matrix-ntfy/tasks/init.yml create mode 100644 roles/matrix-ntfy/tasks/main.yml create mode 100644 roles/matrix-ntfy/tasks/setup.yml create mode 100644 roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d392276..1c30405d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1552,6 +1552,7 @@ matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ matrix_jitsi_enabled }}" matrix_nginx_proxy_proxy_grafana_enabled: "{{ matrix_grafana_enabled }}" matrix_nginx_proxy_proxy_sygnal_enabled: "{{ matrix_sygnal_enabled }}" +matrix_nginx_proxy_proxy_ntfy_enabled: "{{ matrix_ntfy_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: "{{ matrix_corporal_enabled and matrix_corporal_http_api_enabled }}" matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" @@ -1634,6 +1635,8 @@ matrix_nginx_proxy_systemd_wanted_services_list: | + (['matrix-sygnal.service'] if matrix_sygnal_enabled else []) + + (['matrix-ntfy.service'] if matrix_ntfy_enabled else []) + + (['matrix-jitsi.service'] if matrix_jitsi_enabled else []) + (['matrix-bot-go-neb.service'] if matrix_bot_go_neb_enabled else []) @@ -1667,6 +1670,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_ntfy] if matrix_ntfy_enabled else []) + + ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) + matrix_ssl_additional_domains_to_obtain_certificates_for @@ -1960,6 +1965,20 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable # ###################################################################### +###################################################################### +# +# matrix-ntfy +# +###################################################################### + +matrix_ntfy_enabled: false + +###################################################################### +# +# /matrix-ntfy +# +###################################################################### + ###################################################################### # # matrix-redis diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index 6b717f80..9b6d45f8 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -59,6 +59,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the ntfy push notification service. +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" + matrix_federation_public_port: 8448 # The architecture that your server runs. diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 195b16fd..f9b7a019 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -192,6 +192,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the ntfy domain should be done. +matrix_nginx_proxy_proxy_ntfy_enabled: false +matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" + # Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) # If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. # This is only useful when an external Prometheus will be collecting metrics. @@ -365,6 +369,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). +matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 0da9e52c..70541fdc 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -138,6 +138,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_sygnal_enabled|bool +- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists + template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_ntfy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -288,6 +295,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool" +- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted + file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool" + - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 new file mode 100644 index 00000000..39818c1a --- /dev/null +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -0,0 +1,100 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options DENY; + +{% for configuration_block in matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks %} + {{- configuration_block }} +{% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-ntfy:80"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:80; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; + proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + listen [::]:{{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_ntfy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != '' %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_ntfy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md new file mode 100644 index 00000000..8b4f760a --- /dev/null +++ b/roles/matrix-ntfy/README.md @@ -0,0 +1,40 @@ +# A role to install the [ntfy](https://ntfy.sh) push-notification server. + +The ntfy server and clients implement self-hosted support push notifications +from Matrix (and other) servers to Android (and other) clients, using the +[UnifiedPush](https://unifiedpush.org) standard. + +This role installs ntfy server in Docker. It is intended to support push +notifications, via UnifiedPush, from the Matrix and Matrix-related services +that are installed alongside it to any clients that support UnifiedPush. + +This role is not intended to support other features of the ntfy server and +clients. + + +# Using the ntfy role + +Configure the role by adding settings in your Ansible inventory. + +The only required setting is to enable ntfy: + + matrix_ntfy_enabled: true + +The default domain for ntfy is `ntfy.`. This can be changed +with the `matrix_server_fqn_ntfy` variable: + + matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" + +Other ntfy settings can be configured by adding extra arguments to the +docker run command, e.g.: + + matrix_ntfy_container_extra_arguments: + - '--env=NTFY_LOG_LEVEL=DEBUG' + + +# TODO + +- Documentation. +- Self-check. +- Mount the ntfy database to disk so subscriptions persist across restarts. +- Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml new file mode 100644 index 00000000..19e8af8f --- /dev/null +++ b/roles/matrix-ntfy/defaults/main.yml @@ -0,0 +1,16 @@ +--- +matrix_ntfy_enabled: true + +matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" + +matrix_ntfy_version: v1.27.2 +matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" +matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" + +# Controls whether the container exposes its HTTP port (tcp/8080 in the container). +# +# Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. +matrix_ntfy_container_http_host_bind_port: '' + +# A list of extra arguments to pass to the container +matrix_ntfy_container_extra_arguments: [] diff --git a/roles/matrix-ntfy/tasks/init.yml b/roles/matrix-ntfy/tasks/init.yml new file mode 100644 index 00000000..e2622655 --- /dev/null +++ b/roles/matrix-ntfy/tasks/init.yml @@ -0,0 +1,5 @@ +--- + +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-ntfy.service'] }}" + when: matrix_ntfy_enabled|bool diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml new file mode 100644 index 00000000..3f3975f5 --- /dev/null +++ b/roles/matrix-ntfy/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup.yml" + tags: + - setup-all + - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml new file mode 100644 index 00000000..c06195ec --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -0,0 +1,58 @@ +--- +# +# Tasks related to setting up matrix-ntfy +# + +- name: Ensure matrix-ntfy image is pulled + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" + when: "matrix_ntfy_enabled|bool" + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-ntfy.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" + mode: 0644 + register: matrix_ntfy_systemd_service_result + when: matrix_ntfy_enabled|bool + +- name: Ensure systemd reloaded after matrix-ntfy.service installation + service: + daemon_reload: true + when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" + +# +# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) +# + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 new file mode 100644 index 00000000..85d03277 --- /dev/null +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -0,0 +1,37 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=matrix-ntfy +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + {% for arg in matrix_ntfy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + --network={{ matrix_docker_network }} \ + {% if matrix_ntfy_container_http_host_bind_port %} + -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ + {% endif %} + --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + {{ matrix_ntfy_docker_image }} \ + serve --behind-proxy + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-ntfy + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 27aac7a7..c99da4d1 100755 --- a/setup.yml +++ b/setup.yml @@ -60,6 +60,7 @@ - matrix-etherpad - matrix-email2matrix - matrix-sygnal + - matrix-ntfy - matrix-nginx-proxy - matrix-coturn - matrix-aux From 2a516a16fbfd71339609df855ac48dc44cfd8af3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Fri, 24 Jun 2022 22:20:51 +0100 Subject: [PATCH 20/31] matrix-ntfy: enable WebSocket proxying --- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 39818c1a..e095e721 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -27,6 +27,8 @@ {# Generic configuration for use outside of our container setup #} proxy_pass http://127.0.0.1:80; {% endif %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 85b12b74a75d2e4360948843325238edac16cffd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 27 Jun 2022 22:20:02 +0100 Subject: [PATCH 21/31] matrix-ntfy: documentation --- docs/configuring-dns.md | 3 + docs/configuring-playbook-ntfy.md | 62 +++++++++++++++++++ docs/configuring-playbook-ssl-certificates.md | 1 + docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + roles/matrix-ntfy/README.md | 35 ----------- roles/matrix-ntfy/defaults/main.yml | 2 +- 7 files changed, 71 insertions(+), 36 deletions(-) create mode 100644 docs/configuring-playbook-ntfy.md diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index 666f8a63..aec3c253 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -36,6 +36,7 @@ If you are using Cloudflare DNS, make sure to disable the proxy and set all reco | CNAME | `stats` | - | - | - | `matrix.` | | CNAME | `goneb` | - | - | - | `matrix.` | | CNAME | `sygnal` | - | - | - | `matrix.` | +| CNAME | `ntfy` | - | - | - | `matrix.` | | CNAME | `hydrogen` | - | - | - | `matrix.` | | CNAME | `cinny` | - | - | - | `matrix.` | | CNAME | `buscarron` | - | - | - | `matrix.` | @@ -57,6 +58,8 @@ The `goneb.` subdomain may be necessary, because this playbook coul The `sygnal.` subdomain may be necessary, because this playbook could install the [Sygnal](https://github.com/matrix-org/sygnal) push gateway. The installation of Sygnal is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Sygnal guide](configuring-playbook-sygnal.md). If you do not wish to set up Sygnal (you probably don't, unless you're also developing/building your own Matrix apps), feel free to skip the `sygnal.` DNS record. +The `ntfy.` subdomain may be necessary, because this playbook could install the [ntfy](https://ntfy.sh/) UnifiedPush-compatible push notifications server. The installation of ntfy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring ntfy guide](configuring-playbook-ntfy.md). If you do not wish to set up ntfy, feel free to skip the `ntfy.` DNS record. + The `hydrogen.` subdomain may be necessary, because this playbook could install the [Hydrogen](https://github.com/vector-im/hydrogen-web) web client. The installation of Hydrogen is disabled by default, it is not a core required component. To learn how to install it, see our [configuring Hydrogen guide](configuring-playbook-client-hydrogen.md). If you do not wish to set up Hydrogen, feel free to skip the `hydrogen.` DNS record. The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md new file mode 100644 index 00000000..03684b9c --- /dev/null +++ b/docs/configuring-playbook-ntfy.md @@ -0,0 +1,62 @@ +# Setting up ntfy (optional) + +The playbook can install and configure the [ntfy](https://ntfy.sh/) push notifications server for you. + +Using the [UnifiedPush](https://unifiedpush.org) standard, ntfy enables self-hosted (Google-free) push notifications from Matrix (and other) servers to UnifiedPush-compatible matrix compatible client apps running on Android and other devices. + +This role is intended to support UnifiedPush notifications for use with the Matrix and Matrix-related services that this playbook installs. This role is not intended to support all of ntfy's other features. + +**Note**: In contrast to push notifications using Google's FCM or Apple's APNs, the use of UnifiedPush allows each end-user to choose the push notification server that they prefer. As a consequence, deploying this ntfy server does not by itself ensure any particular user or device or client app will use it. + + +## Adjusting the playbook configuration + +Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs): + +```yaml +# Enabling it is the only required setting +matrix_ntfy_enabled: true + +# Some other options +matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" +matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +``` + +For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. + +For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). + + +## Installing + +Don't forget to add `ntfy.` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook. + +After configuring the playbook, run the [installation](installing.md) command again: + +``` +ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start +``` + + +## Usage + +To make use of your ntfy installation, on Android for example, first you need to install the `ntfy` client app and configure it to point to your ntfy server, such as `https://ntfy.DOMAIN`. That is the only thing you need to do in the ntfy client app. (It has many other features, but for our purposes you can ignore them.) + +Then any UnifiedPush-enabled matrix app on that device will discover it and tell your matrix server to use your ntfy server to send push notifications to that matrix app. + +If the matrix app asks, "Choose a distributor: FCM Fallback or ntfy", then choose "ntfy". + +If the matrix app doesn't seem to pick it up, try restarting it and try the Troubleshooting section below. + + +## Troubleshooting + +First check that the matrix client app you are using supports UnifiedPush. There may well be different variants of the app. + +Set the ntfy server's log level to 'DEBUG', as shown in the example settings above, and watch the server's logs with `sudo journalctl -fu matrix-ntfy`. + +To check if UnifiedPush is correctly configured on the client device, look at "Settings -> Notifications -> Notification Targets" in Element-Android or SchildiChat, or "Settings -> Notifications -> Devices" in FluffyChat. There should be one entry for each matrix client app that has enabled push notifications, and when that client is using UnifiedPush you should see a URL that begins with your ntfy server's URL. In Element-Android or SchildiChat, two URLs are shown: "push\_key" and "Url", and both should begin with your ntfy server's URL. + +If it is not working, useful tools are "Settings -> Notifications -> Re-register push distributor" and "Settings -> Notifications -> Troubleshoot Notifications" in SchildiChat (possibly also Element-Android). In particular the "Endpoint/FCM" step of that troubleshooter should display your ntfy server's URL that it has discovered from the ntfy client app. + +The simple [UnifiedPush troubleshooting](https://unifiedpush.org/users/troubleshooting/) app [UP-Example](https://f-droid.org/en/packages/org.unifiedpush.example/) can be used to manually test UnifiedPush registration and operation on an Android device. diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index eae584e7..30a8f0b8 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -74,6 +74,7 @@ By default, it obtains certificates for: - possibly for `jitsi.`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). - possibly for `stats.`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md). - possibly for `sygnal.`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md). +- possibly for `ntfy.`, if you have explicitly [set up ntfy](configuring-playbook-ntfy.md). - possibly for your base domain (``), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 3bfb01bd..f71a23f5 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -168,3 +168,5 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Other specialized services - [Setting up the Sygnal push gateway](configuring-playbook-sygnal.md) (optional) + +- [Setting up the ntfy push notifications server](configuring-playbook-ntfy.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index bf5885e0..25005d5a 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -109,3 +109,5 @@ These services are not part of our default installation, but can be enabled by [ - [grafana/grafana](https://hub.docker.com/r/grafana/grafana/) - [Grafana](https://github.com/grafana/grafana/) is a graphing tool that works well with the above two images. Our playbook also adds two dashboards for [Synapse](https://github.com/matrix-org/synapse/tree/master/contrib/grafana) and [Node Exporter](https://github.com/rfrail3/grafana-dashboards) - [matrixdotorg/sygnal](https://hub.docker.com/r/matrixdotorg/sygnal/) - [Sygnal](https://github.com/matrix-org/sygnal) is a reference Push Gateway for Matrix + +- [binwiederhier/ntfy](https://hub.docker.com/r/binwiederhier/ntfy/) - [ntfy](https://ntfy.sh/) is a self-hosted, UnifiedPush-compatible push notifications server diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 8b4f760a..2a5301f7 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,40 +1,5 @@ -# A role to install the [ntfy](https://ntfy.sh) push-notification server. - -The ntfy server and clients implement self-hosted support push notifications -from Matrix (and other) servers to Android (and other) clients, using the -[UnifiedPush](https://unifiedpush.org) standard. - -This role installs ntfy server in Docker. It is intended to support push -notifications, via UnifiedPush, from the Matrix and Matrix-related services -that are installed alongside it to any clients that support UnifiedPush. - -This role is not intended to support other features of the ntfy server and -clients. - - -# Using the ntfy role - -Configure the role by adding settings in your Ansible inventory. - -The only required setting is to enable ntfy: - - matrix_ntfy_enabled: true - -The default domain for ntfy is `ntfy.`. This can be changed -with the `matrix_server_fqn_ntfy` variable: - - matrix_server_fqn_ntfy: "my-ntfy.{{ matrix_domain }}" - -Other ntfy settings can be configured by adding extra arguments to the -docker run command, e.g.: - - matrix_ntfy_container_extra_arguments: - - '--env=NTFY_LOG_LEVEL=DEBUG' - - # TODO -- Documentation. - Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 19e8af8f..2df79674 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -12,5 +12,5 @@ matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':lat # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. matrix_ntfy_container_http_host_bind_port: '' -# A list of extra arguments to pass to the container +# A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] From 763586e878fbf78b07ea3ef0fa31199bab0e4235 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Wed, 29 Jun 2022 10:48:40 +0100 Subject: [PATCH 22/31] matrix-ntfy: add self-check --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/main.yml | 7 +++++++ roles/matrix-ntfy/tasks/self_check.yml | 25 +++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-ntfy/tasks/self_check.yml diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 2a5301f7..41f83f66 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,5 +1,4 @@ # TODO -- Self-check. - Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 2df79674..916591e7 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -14,3 +14,6 @@ matrix_ntfy_container_http_host_bind_port: '' # A list of extra arguments to pass to the container (`docker run` command) matrix_ntfy_container_extra_arguments: [] + +# Controls whether the self-check feature should validate SSL certificates. +matrix_ntfy_self_check_validate_certificates: true diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index 3f3975f5..b2abac66 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -8,3 +8,10 @@ tags: - setup-all - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/self_check.yml" + delegate_to: 127.0.0.1 + become: false + when: "run_self_check|bool and matrix_ntfy_enabled|bool" + tags: + - self-check diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml new file mode 100644 index 00000000..324a2d95 --- /dev/null +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -0,0 +1,25 @@ +--- + +# Query an arbitrary ntfy topic using ntfy's UnifiedPush topic name syntax. +# Expect an empty response (because we query 'since=1s'). + +- set_fact: + matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + +- name: Check ntfy + uri: + url: "{{ matrix_ntfy_url_endpoint_public }}" + follow_redirects: none + validate_certs: "{{ matrix_ntfy_self_check_validate_certificates }}" + register: matrix_ntfy_self_check_result + check_mode: false + ignore_errors: true + +- name: Fail if ntfy not working + fail: + msg: "Failed checking ntfy is up at `{{ matrix_server_fqn_ntfy }}` (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`). Is ntfy running? Is port 443 open in your firewall? Full error: {{ matrix_ntfy_self_check_result }}" + when: "matrix_ntfy_self_check_result.failed" + +- name: Report working ntfy + debug: + msg: "ntfy at `{{ matrix_server_fqn_ntfy }}` is working (checked endpoint: `{{ matrix_ntfy_url_endpoint_public }}`)" From 3866fff5a830d75575ae959dd28a2374ffad31b1 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:35:53 +0100 Subject: [PATCH 23/31] matrix-ntfy: persist cache on disk --- roles/matrix-ntfy/README.md | 1 - roles/matrix-ntfy/defaults/main.yml | 1 + roles/matrix-ntfy/tasks/setup.yml | 11 +++++++++++ .../templates/systemd/matrix-ntfy.service.j2 | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md index 41f83f66..26da0a42 100644 --- a/roles/matrix-ntfy/README.md +++ b/roles/matrix-ntfy/README.md @@ -1,4 +1,3 @@ # TODO -- Mount the ntfy database to disk so subscriptions persist across restarts. - Authentication? diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 916591e7..5dff2ec3 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup.yml index c06195ec..9a2c1559 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup.yml @@ -15,6 +15,17 @@ delay: "{{ matrix_container_retries_delay }}" until: result is not failed +- name: Ensure matrix-ntfy paths exists + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_data_path }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 85d03277..78963a08 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,6 +23,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ + --env NTFY_CACHE_FILE=/data/cache.db \ --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From 408e2e9b4ee97802422a67405f28a3ac14c271cd Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Sat, 2 Jul 2022 17:37:45 +0100 Subject: [PATCH 24/31] matrix-ntfy: remove almost-empty README.md --- roles/matrix-ntfy/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 roles/matrix-ntfy/README.md diff --git a/roles/matrix-ntfy/README.md b/roles/matrix-ntfy/README.md deleted file mode 100644 index 26da0a42..00000000 --- a/roles/matrix-ntfy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# TODO - -- Authentication? From efe1f21f05c483aa785a707eea454ecaed4c8daf Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 14:51:55 +0100 Subject: [PATCH 25/31] matrix-ntfy: fix and separate out uninstall tasks --- roles/matrix-ntfy/tasks/main.yml | 9 ++++- .../tasks/{setup.yml => setup_install.yml} | 36 +------------------ roles/matrix-ntfy/tasks/setup_uninstall.yml | 36 +++++++++++++++++++ 3 files changed, 45 insertions(+), 36 deletions(-) rename roles/matrix-ntfy/tasks/{setup.yml => setup_install.yml} (53%) create mode 100644 roles/matrix-ntfy/tasks/setup_uninstall.yml diff --git a/roles/matrix-ntfy/tasks/main.yml b/roles/matrix-ntfy/tasks/main.yml index b2abac66..5dd0d172 100644 --- a/roles/matrix-ntfy/tasks/main.yml +++ b/roles/matrix-ntfy/tasks/main.yml @@ -4,7 +4,14 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/setup.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_ntfy_enabled|bool" + tags: + - setup-all + - setup-ntfy + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_ntfy_enabled|bool" tags: - setup-all - setup-ntfy diff --git a/roles/matrix-ntfy/tasks/setup.yml b/roles/matrix-ntfy/tasks/setup_install.yml similarity index 53% rename from roles/matrix-ntfy/tasks/setup.yml rename to roles/matrix-ntfy/tasks/setup_install.yml index 9a2c1559..b674d320 100644 --- a/roles/matrix-ntfy/tasks/setup.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -1,7 +1,4 @@ --- -# -# Tasks related to setting up matrix-ntfy -# - name: Ensure matrix-ntfy image is pulled docker_image: @@ -9,7 +6,6 @@ source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" force_source: "{{ matrix_ntfy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ntfy_docker_image_force_pull }}" - when: "matrix_ntfy_enabled|bool" register: result retries: "{{ matrix_container_retries_count }}" delay: "{{ matrix_container_retries_delay }}" @@ -32,38 +28,8 @@ dest: "{{ matrix_systemd_path }}/matrix-ntfy.service" mode: 0644 register: matrix_ntfy_systemd_service_result - when: matrix_ntfy_enabled|bool - name: Ensure systemd reloaded after matrix-ntfy.service installation service: daemon_reload: true - when: "matrix_ntfy_enabled|bool and matrix_ntfy_systemd_service_result.changed" - -# -# Tasks related to getting rid of matrix-ntfy (if it was previously enabled) -# - -- name: Check existence of matrix-ntfy service - stat: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - register: matrix_ntfy_service_stat - -- name: Ensure matrix-ntfy is stopped - service: - name: matrix-ntfy - state: stopped - enabled: false - daemon_reload: true - register: stopping_result - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure matrix-ntfy.service doesn't exist - file: - path: "{{ matrix_systemd_path }}/matrix-ntfy.service" - state: absent - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-ntfy.service removal - service: - daemon_reload: true - when: "not matrix_ntfy_enabled|bool and matrix_ntfy_service_stat.stat.exists" + when: "matrix_ntfy_systemd_service_result.changed" diff --git a/roles/matrix-ntfy/tasks/setup_uninstall.yml b/roles/matrix-ntfy/tasks/setup_uninstall.yml new file mode 100644 index 00000000..e63caa9a --- /dev/null +++ b/roles/matrix-ntfy/tasks/setup_uninstall.yml @@ -0,0 +1,36 @@ +--- + +- name: Check existence of matrix-ntfy service + stat: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + register: matrix_ntfy_service_stat + +- name: Ensure matrix-ntfy is stopped + service: + name: matrix-ntfy + state: stopped + enabled: false + daemon_reload: true + register: stopping_result + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-ntfy.service" + state: absent + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-ntfy.service removal + service: + daemon_reload: true + when: "matrix_ntfy_service_stat.stat.exists" + +- name: Ensure matrix-ntfy path doesn't exist + file: + path: "{{ matrix_ntfy_base_path }}" + state: absent + +- name: Ensure ntfy Docker image doesn't exist + docker_image: + name: "{{ matrix_ntfy_docker_image }}" + state: absent From e119512c5928ded244ef629fbf8ef37f7694c4b3 Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 15:27:23 +0100 Subject: [PATCH 26/31] matrix-ntfy: add variable 'matrix_ntfy_base_url' --- roles/matrix-ntfy/defaults/main.yml | 3 +++ roles/matrix-ntfy/tasks/self_check.yml | 2 +- roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 5dff2ec3..6c540beb 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -8,6 +8,9 @@ matrix_ntfy_version: v1.27.2 matrix_ntfy_docker_image: "{{ matrix_container_global_registry_prefix }}binwiederhier/ntfy:{{ matrix_ntfy_version }}" matrix_ntfy_docker_image_force_pull: "{{ matrix_ntfy_docker_image.endswith(':latest') }}" +# Public facing base URL of the ntfy service +matrix_ntfy_base_url: "https://{{ matrix_server_fqn_ntfy }}" + # Controls whether the container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:8768"), or empty string to not expose. diff --git a/roles/matrix-ntfy/tasks/self_check.yml b/roles/matrix-ntfy/tasks/self_check.yml index 324a2d95..e9104734 100644 --- a/roles/matrix-ntfy/tasks/self_check.yml +++ b/roles/matrix-ntfy/tasks/self_check.yml @@ -4,7 +4,7 @@ # Expect an empty response (because we query 'since=1s'). - set_fact: - matrix_ntfy_url_endpoint_public: "https://{{ matrix_server_fqn_ntfy }}/upSELFCHECK123/json?poll=1&since=1s" + matrix_ntfy_url_endpoint_public: "{{ matrix_ntfy_base_url }}/upSELFCHECK123/json?poll=1&since=1s" - name: Check ntfy uri: diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 78963a08..5bb28470 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -25,7 +25,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% endif %} --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL=https://{{ matrix_server_fqn_ntfy }} \ + --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ serve --behind-proxy From e60d20dc6a6ca11efb58ba8993e307e0912a164e Mon Sep 17 00:00:00 2001 From: Julian Foad Date: Mon, 4 Jul 2022 21:30:29 +0100 Subject: [PATCH 27/31] matrix-ntfy: store settings in a config file --- docs/configuring-playbook-ntfy.md | 5 ++-- roles/matrix-ntfy/defaults/main.yml | 23 +++++++++++++++++++ roles/matrix-ntfy/tasks/setup_install.yml | 9 ++++++++ .../matrix-ntfy/templates/ntfy/server.yml.j2 | 3 +++ .../templates/systemd/matrix-ntfy.service.j2 | 5 ++-- 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 roles/matrix-ntfy/templates/ntfy/server.yml.j2 diff --git a/docs/configuring-playbook-ntfy.md b/docs/configuring-playbook-ntfy.md index 03684b9c..56c859f3 100644 --- a/docs/configuring-playbook-ntfy.md +++ b/docs/configuring-playbook-ntfy.md @@ -19,12 +19,13 @@ matrix_ntfy_enabled: true # Some other options matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" -matrix_ntfy_container_extra_arguments: [ '--env=NTFY_LOG_LEVEL=DEBUG' ] +matrix_ntfy_configuration_extension_yaml: | + log_level: DEBUG ``` For a more complete list of variables that you could override, see `roles/matrix-ntfy/defaults/main.yml`. -For a complete list of ntfy config options that you could put in `matrix_ntfy_container_extra_arguments`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). +For a complete list of ntfy config options that you could put in `matrix_ntfy_configuration_extension_yaml`, see the [ntfy config documentation](https://ntfy.sh/docs/config/#config-options). ## Installing diff --git a/roles/matrix-ntfy/defaults/main.yml b/roles/matrix-ntfy/defaults/main.yml index 6c540beb..4f0e2e55 100644 --- a/roles/matrix-ntfy/defaults/main.yml +++ b/roles/matrix-ntfy/defaults/main.yml @@ -2,6 +2,7 @@ matrix_ntfy_enabled: true matrix_ntfy_base_path: "{{ matrix_base_data_path }}/ntfy" +matrix_ntfy_config_dir_path: "{{ matrix_ntfy_base_path }}/config" matrix_ntfy_data_path: "{{ matrix_ntfy_base_path }}/data" matrix_ntfy_version: v1.27.2 @@ -21,3 +22,25 @@ matrix_ntfy_container_extra_arguments: [] # Controls whether the self-check feature should validate SSL certificates. matrix_ntfy_self_check_validate_certificates: true + +# Default ntfy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_ntfy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_ntfy_configuration_yaml: "{{ lookup('template', 'templates/ntfy/server.yml.j2') }}" + +matrix_ntfy_configuration_extension_yaml: | + # Your custom YAML configuration for ntfy goes here. + # This configuration extends the default starting configuration (`matrix_ntfy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_ntfy_configuration_yaml`. + +matrix_ntfy_configuration_extension: "{{ matrix_ntfy_configuration_extension_yaml|from_yaml if matrix_ntfy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final ntfy configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_ntfy_configuration_yaml`. +matrix_ntfy_configuration: "{{ matrix_ntfy_configuration_yaml|from_yaml|combine(matrix_ntfy_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-ntfy/tasks/setup_install.yml b/roles/matrix-ntfy/tasks/setup_install.yml index b674d320..461d3176 100644 --- a/roles/matrix-ntfy/tasks/setup_install.yml +++ b/roles/matrix-ntfy/tasks/setup_install.yml @@ -20,8 +20,17 @@ group: "{{ matrix_user_groupname }}" with_items: - "{{ matrix_ntfy_base_path }}" + - "{{ matrix_ntfy_config_dir_path }}" - "{{ matrix_ntfy_data_path }}" +- name: Ensure matrix-ntfy config installed + copy: + content: "{{ matrix_ntfy_configuration|to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_ntfy_config_dir_path }}/server.yml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + - name: Ensure matrix-ntfy.service installed template: src: "{{ role_path }}/templates/systemd/matrix-ntfy.service.j2" diff --git a/roles/matrix-ntfy/templates/ntfy/server.yml.j2 b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 new file mode 100644 index 00000000..4cafcd62 --- /dev/null +++ b/roles/matrix-ntfy/templates/ntfy/server.yml.j2 @@ -0,0 +1,3 @@ +base_url: {{ matrix_ntfy_base_url }} +behind_proxy: true +cache_file: /data/cache.db diff --git a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 index 5bb28470..da292e5c 100644 --- a/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 +++ b/roles/matrix-ntfy/templates/systemd/matrix-ntfy.service.j2 @@ -23,11 +23,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ntfy \ {% if matrix_ntfy_container_http_host_bind_port %} -p {{ matrix_ntfy_container_http_host_bind_port }}:80 \ {% endif %} + --mount type=bind,src={{ matrix_ntfy_config_dir_path }},dst=/etc/ntfy,ro \ --mount type=bind,src={{ matrix_ntfy_data_path }},dst=/data \ - --env NTFY_CACHE_FILE=/data/cache.db \ - --env NTFY_BASE_URL={{ matrix_ntfy_base_url }} \ {{ matrix_ntfy_docker_image }} \ - serve --behind-proxy + serve ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-ntfy 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-ntfy 2>/dev/null || true' From 097c23c0b626b4e75e3096b4dcd5ae977141a038 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Mon, 4 Jul 2022 22:53:43 +0200 Subject: [PATCH 28/31] bots: make command_prefix configurable --- roles/matrix-bot-matrix-reminder-bot/defaults/main.yml | 2 ++ roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-beeper-linkedin/defaults/main.yml | 2 ++ roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-go-skype-bridge/defaults/main.yml | 2 ++ roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-facebook/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-googlechat/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-hangouts/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-instagram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-signal/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-telegram/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-twitter/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 | 2 +- roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 ++ roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 | 2 +- 22 files changed, 33 insertions(+), 11 deletions(-) diff --git a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml index 76b153e7..0fdf8a41 100644 --- a/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml +++ b/roles/matrix-bot-matrix-reminder-bot/defaults/main.yml @@ -17,6 +17,8 @@ matrix_bot_matrix_reminder_bot_config_path: "{{ matrix_bot_matrix_reminder_bot_b matrix_bot_matrix_reminder_bot_data_path: "{{ matrix_bot_matrix_reminder_bot_base_path }}/data" matrix_bot_matrix_reminder_bot_data_store_path: "{{ matrix_bot_matrix_reminder_bot_data_path }}/store" +matrix_bot_matrix_reminder_bot_command_prefix: "!" + # A list of extra arguments to pass to the container matrix_bot_matrix_reminder_bot_container_extra_arguments: [] diff --git a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 index 59643958..338bffba 100644 --- a/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 +++ b/roles/matrix-bot-matrix-reminder-bot/templates/config.yaml.j2 @@ -1,5 +1,5 @@ # The string to prefix bot commands with -command_prefix: "!" +command_prefix: "{{ matrix_bot_matrix_reminder_bot_command_prefix }}" # Options for connecting to the bot's Matrix account matrix: diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index 5b84643c..514cfb14 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -27,6 +27,8 @@ matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" matrix_beeper_linkedin_bridge_presence: true +matrix_beeper_linkedin_command_prefix: "!li" + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index 6b33ffea..e0729549 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -226,7 +226,7 @@ bridge: # The prefix for commands. Only required in non-management rooms. - command_prefix: "!li" + command_prefix: "{{ matrix_beeper_linkedin_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index 95213a00..b6b4db34 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -36,6 +36,8 @@ matrix_go_skype_bridge_homeserver_token: '' matrix_go_skype_bridge_appservice_bot_username: skypebridgebot +matrix_go_skype_bridge_command_prefix: "!skype" + # Whether or not created rooms should have federation enabled. # If false, created portal rooms will never be federated. matrix_go_skype_bridge_federate_rooms: true diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 6f7277fe..56e37f84 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -165,7 +165,7 @@ bridge: allow_user_invite: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_go_skype_bridge_command_prefix }}" # End-to-bridge encryption support options. This requires login_shared_secret to be configured # in order to get a device for the bridge bot. diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 5acc1ec7..22d7fda6 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -17,6 +17,8 @@ matrix_mautrix_facebook_config_path: "{{ matrix_mautrix_facebook_base_path }}/co matrix_mautrix_facebook_data_path: "{{ matrix_mautrix_facebook_base_path }}/data" matrix_mautrix_facebook_docker_src_files_path: "{{ matrix_mautrix_facebook_base_path }}/docker-src" +matrix_mautrix_facebook_command_prefix: "!fb" + # Whether or not the public-facing endpoints should be enabled (web-based login) matrix_mautrix_facebook_appservice_public_enabled: true diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index f1d59b1a..4b27e66a 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -86,7 +86,7 @@ bridge: - first_name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!fb" + command_prefix: "{{ matrix_mautrix_facebook_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index d0d90614..2077d210 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_googlechat_homeserver_address: "{{ matrix_homeserver_container_ur matrix_mautrix_googlechat_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_googlechat_appservice_address: 'http://matrix-mautrix-googlechat:8080' +matrix_mautrix_googlechat_command_prefix: "!gc" + # Controls whether the matrix-mautrix-googlechat container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index 864e3e1b..ad86219c 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_googlechat_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index f4f67a58..31fec100 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -24,6 +24,8 @@ matrix_mautrix_hangouts_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_hangouts_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080' +matrix_mautrix_hangouts_command_prefix: "!HO" + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index d207681e..6dca06ff 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -62,7 +62,7 @@ bridge: - name # The prefix for commands. Only required in non-management rooms. - command_prefix: "!HO" + command_prefix: "{{ matrix_mautrix_hangouts_command_prefix }}" # Number of chats to sync (and create portals for) on startup/login. # Maximum 20, set 0 to disable automatic syncing. diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index a227b085..79ff1bf0 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_instagram_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_instagram_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29330' +matrix_mautrix_instagram_command_prefix: "!ig" + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 99ceee0e..11b1d997 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -176,7 +176,7 @@ bridge: unimportant_bridge_notices: true # The prefix for commands. Only required in non-management rooms. - command_prefix: "!ig" + command_prefix: "{{ matrix_mautrix_instagram_command_prefix }}" # Permissions for using the bridge. # Permitted values: # user - Use the bridge with puppeting. diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index d35e12af..4375c422 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -30,6 +30,8 @@ matrix_mautrix_signal_homeserver_address: '' matrix_mautrix_signal_homeserver_domain: '' matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' +matrix_mautrix_signal_command_prefix: "!signal" + # Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9006"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index 0044a0fc..f0644ee2 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -197,7 +197,7 @@ bridge: shared_secret: generate # The prefix for commands. Only required in non-management rooms. - command_prefix: "!signal" + command_prefix: "{{ matrix_mautrix_signal_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 4708266a..e3ee2fe9 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram matrix_mautrix_telegram_config_path: "{{ matrix_mautrix_telegram_base_path }}/config" matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data" +matrix_mautrix_telegram_command_prefix: "!tg" + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 276bd461..19bacbde 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -276,7 +276,7 @@ bridge: list: [] # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tg" + command_prefix: "{{ matrix_mautrix_telegram_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index b32f57ef..291bd6a5 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -22,6 +22,8 @@ matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url } matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' +matrix_mautrix_twitter_command_prefix: "!tw" + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index f9bc8941..b59864f1 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -163,7 +163,7 @@ bridge: resend_bridge_info: false # The prefix for commands. Only required in non-management rooms. - command_prefix: "!tw" + command_prefix: "{{ matrix_mautrix_twitter_command_prefix }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e95eeb7..ef5d1065 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -23,6 +23,8 @@ matrix_mautrix_whatsapp_homeserver_address: "{{ matrix_homeserver_container_url matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" +matrix_mautrix_whatsapp_command_prefix: "!wa" + # A list of extra arguments to pass to the container matrix_mautrix_whatsapp_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index b9862e94..544e10ad 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -139,7 +139,7 @@ bridge: federate_rooms: {{ matrix_mautrix_whatsapp_federate_rooms|to_json }} # The prefix for commands. Only required in non-management rooms. - command_prefix: "!wa" + command_prefix: "{{ matrix_mautrix_whatsapp_command_prefix }}" # Messages sent upon joining a management room. # Markdown is supported. The defaults are listed below. From 5a0e977df84064d6c91b9fa308f5df6d6e1f7187 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 5 Jul 2022 09:46:26 +0300 Subject: [PATCH 29/31] Announce ntfy role --- CHANGELOG.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2779b369..65e57a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2022-07-05 + +## Ntfy push notifications support + +Thanks to [Julian Foad](https://matrix.to/#/@julian:foad.me.uk), the playbook can now install a [ntfy](https://ntfy.sh/) push notifications server for you. + +See our [Setting up the ntfy push notifications server](docs/configuring-playbook-ntfy.md) documentation to get started. + + # 2022-06-23 ## (Potential Backward Compatibility Break) Changes around metrics collection @@ -26,7 +35,7 @@ 3. If Synapse metrics are exposed, they will be made available at `https://matrix.DOMAIN/metrics/synapse/main-process` or `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (when workers are enabled), not at `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-.../metrics` 4. The playbook still generates an `external_prometheus.yml.example` sample file for scraping Synapse from Prometheus as described in [Collecting Synapse worker metrics to an external Prometheus server](docs/configuring-playbook-prometheus-grafana.md#collecting-synapse-worker-metrics-to-an-external-prometheus-server), but it's now saved under `/matrix/synapse` (not `/matrix`). -**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. +**If you where already using a external Prometheus server** before this change, and you gave a hashed version of the password as a variable, the playbook will now take care of hashing the password for you. Thus, you need to provide the non-hashed version now. # 2022-06-13 From 95fd21552118093585fa9284801aa14d30be439b Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:11:52 +0000 Subject: [PATCH 30/31] Update element 1.10.15 -> 1.11.0 --- roles/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 083621f2..aacc2f11 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.10.15 +matrix_client_element_version: v1.11.0 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From fe347c85d9a4f6396c391a92ba0e181610a58321 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 5 Jul 2022 15:20:48 +0000 Subject: [PATCH 31/31] Update Synapse 1.61.1 -> 1.62.0 --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 43ee9e57..1925ffc2 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.61.1 +matrix_synapse_version: v1.62.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"