diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a12639f..62deb9bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +# 2022-07-29 + +## mautrix-discord support + +Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started. + +**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases). + + +# 2022-07-27 + +## matrix-appservice-kakaotalk support + +The playbook now supports bridging to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) via [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) - a bridge based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. Thanks to [hnarjis](https://github.com/hnarjis) for helping us add support for this! + +See our [Setting up Appservice Kakaotalk bridging](docs/configuring-playbook-bridge-appservice-kakaotalk.md) documentation to get started. + + # 2022-07-20 ## maubot support diff --git a/README.md b/README.md index 47f67f4e..e30f9b54 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Using this playbook, you can get the following services configured on your serve - (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation -- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation +- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation - (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation diff --git a/docs/configuring-playbook-bot-maubot.md b/docs/configuring-playbook-bot-maubot.md index d74cfb2f..d5990a11 100644 --- a/docs/configuring-playbook-bot-maubot.md +++ b/docs/configuring-playbook-bot-maubot.md @@ -61,10 +61,3 @@ You can expand "Access token" to copy it. ![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png) **IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token. - - - - - - - diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index e25686bf..d37724c0 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,6 +1,8 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +- For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. @@ -61,7 +63,7 @@ To get started with Portal Bridging: 1. To invite the bot to Discord, retrieve the invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`). You need to peek at the file on the server via SSH, etc., because it's not available via HTTP(S). 2. Room addresses follow this syntax: `#_discord__`. You can easily find the guild and channel IDs by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discord.com/channels//`. -3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. +3. Once you have figured out the appropriate room address, you can join by doing `/join #_discord__` in your Matrix client. ## Getting Administrator access in a portal bridged room diff --git a/docs/configuring-playbook-bridge-appservice-kakaotalk.md b/docs/configuring-playbook-bridge-appservice-kakaotalk.md new file mode 100644 index 00000000..9ea7a3d1 --- /dev/null +++ b/docs/configuring-playbook-bridge-appservice-kakaotalk.md @@ -0,0 +1,68 @@ +# Setting up Appservice Kakaotalk (optional) + +The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. + +See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you. + + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_appservice_kakaotalk_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the Kakaotalk bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). + +Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password. + +After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. diff --git a/docs/configuring-playbook-bridge-mautrix-discord.md b/docs/configuring-playbook-bridge-mautrix-discord.md new file mode 100644 index 00000000..517fd9b4 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-discord.md @@ -0,0 +1,87 @@ +# Setting up Mautrix Discord (optional) + +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. +The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend. + +The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you. + + +## Prerequisites + +For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**. + +You can delete the Discord app after the authentication process. + +If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible. + + +## Installing + +To enable the bridge, add this to your `vars.yml` file: + +```yaml +matrix_mautrix_discord_enabled: true +``` + +You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation. + +After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start` + +To make use of the bridge, see [Usage](#usage) below. + + +### Additional configuration + +There are some additional things you may wish to configure about the bridge. + +Take a look at: + +- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file +- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable + + +### Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +#### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +#### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. You can use the following command: + +``` +curl \ +--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Discord", "initial_device_display_name": "Mautrix-Discord"}' \ +https://matrix.DOMAIN/_matrix/client/r0/login +``` + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). +2. Send a `login` command +3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app. +4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..." +5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to +6. Some Direct Messages from Discord should start syncing automatically +7. If you'd like to bridge guilds: +- send `guilds status` to see the list of guilds +- for each guild that you'd like bridged, send `guilds bridge GUILD_ID --entire` +8. You may wish to uninstall the Discord app from your phone now. It's not needed for the bridge to function. diff --git a/docs/configuring-playbook-bridge-mx-puppet-discord.md b/docs/configuring-playbook-bridge-mx-puppet-discord.md index 2be7f206..c266f843 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-discord.md +++ b/docs/configuring-playbook-bridge-mx-puppet-discord.md @@ -1,6 +1,8 @@ # Setting up MX Puppet Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing. +- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you. diff --git a/docs/configuring-playbook-bridge-mx-puppet-groupme.md b/docs/configuring-playbook-bridge-mx-puppet-groupme.md index 2f0eda19..4d03d5d9 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-groupme.md +++ b/docs/configuring-playbook-bridge-mx-puppet-groupme.md @@ -1,7 +1,7 @@ # Setting up MX Puppet GroupMe (optional) The playbook can install and configure -[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you. +[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you. See the project page to learn what it does and why it might be useful to you. diff --git a/docs/configuring-playbook-synapse-admin.md b/docs/configuring-playbook-synapse-admin.md index 68d70305..ad1bda02 100644 --- a/docs/configuring-playbook-synapse-admin.md +++ b/docs/configuring-playbook-synapse-admin.md @@ -62,3 +62,15 @@ matrix_synapse_admin_container_extra_arguments: # The Synapse Admin container uses port 80 by default - '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"' ``` + +### Sample configuration for running behind Caddy v2 + +Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`). + +```caddy +# This is a basic configuration that will function the same as the default nginx proxy - exposing the synapse-admin panel to matrix.YOURSERVER.com/synapse-admin/ + handle_path /synapse-admin* { + reverse_proxy localhost:8766 { + } + } +``` diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 88f81607..1c03a9b5 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -18,6 +18,7 @@ You can then follow these steps inside the playbook directory: 1. edit the inventory hosts file (`inventory/hosts`) to your liking +1. (optional, advanced) to run Ansible against multiple servers with different `sudo` credentials, you can copy the sample inventory hosts yaml file for each of your hosts: (`cp examples/host.yml inventory/my_host1.yml` …) and use the [`ansible-all-hosts.sh`](../inventory/scripts/ansible-all-hosts.sh) script [in the installation step](installing.md). For a basic Matrix installation, that's all you need. For a more custom setup, see the [Other configuration options](#other-configuration-options) below. @@ -51,7 +52,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional) -- [Configure Nginx (optional, advanced)](configuring-playbook-nginx.md) (optional, advanced) +- [Configure Nginx](configuring-playbook-nginx.md) (optional, advanced) - [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced) @@ -92,6 +93,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Bridging other networks +- [Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md) (optional) + - [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional) - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) @@ -110,14 +113,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) -- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) - - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) - [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional) +- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional) + +- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) + - [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional) - ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) diff --git a/docs/container-images.md b/docs/container-images.md index dcc36973..5f0ed0e0 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -76,7 +76,7 @@ These services are not part of our default installation, but can be enabled by [ - [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional) -- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) +- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional) - [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional) diff --git a/examples/host.yml b/examples/host.yml new file mode 100644 index 00000000..e9ba2810 --- /dev/null +++ b/examples/host.yml @@ -0,0 +1,11 @@ +--- + +# This is a host file for usage with the `ansible-all-hosts.sh` script, +# which runs Ansible against a bunch of hosts, each with its own `sudo` password. +matrix_servers: + hosts: + matrix.: + ansible_host: + ansible_ssh_user: + become: true + become_user: root diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index ea17edb4..94a6e766 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -213,6 +213,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen # ###################################################################### +###################################################################### +# +# matrix-bridge-appservice-kakaotalk +# +###################################################################### + +# We don't enable bridges by default. +matrix_appservice_kakaotalk_enabled: false + +matrix_appservice_kakaotalk_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-appservice-kakaotalk-node.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + }} + +matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}" + +matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-appservice-kakaotalk +# +###################################################################### + ###################################################################### # @@ -261,7 +298,7 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge # We don't enable bridges by default. matrix_go_skype_bridge_enabled: false -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_go_skype_bridge_systemd_required_services_list: | {{ @@ -624,6 +661,44 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_discord_enabled: false + +matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + (['matrix-postgres.service'] if matrix_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}" + +matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}" + +matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# Postgres is the default, except if not using `matrix_postgres` (internal postgres) +matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" +matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-discord +# +###################################################################### + ###################################################################### # # matrix-sms-bridge @@ -1050,6 +1125,8 @@ matrix_bot_maubot_registration_shared_secret: |- }[matrix_homeserver_implementation] }} +matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}" + # Postgres is the default, except if not using `matrix_postgres` (internal postgres) matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}" @@ -1811,6 +1888,12 @@ matrix_postgres_additional_databases: | 'password': matrix_appservice_irc_database_password, }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_appservice_kakaotalk_database_name, + 'username': matrix_appservice_kakaotalk_database_username, + 'password': matrix_appservice_kakaotalk_database_password, + }] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_beeper_linkedin_database_name, 'username': matrix_beeper_linkedin_database_username, @@ -1871,6 +1954,12 @@ matrix_postgres_additional_databases: | 'password': matrix_mautrix_whatsapp_database_password, }] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else []) + + ([{ + 'name': matrix_mautrix_discord_database_name, + 'username': matrix_mautrix_discord_database_username, + 'password': matrix_mautrix_discord_database_password, + }] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mx_puppet_slack_database_name, 'username': matrix_mx_puppet_slack_database_username, @@ -2007,7 +2096,7 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}" # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_client_element_enabled: true -matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -2075,7 +2164,7 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl matrix_client_cinny_enabled: false -matrix_client_cinny_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Cinny over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose diff --git a/inventory/scripts/ansible-all-hosts.sh b/inventory/scripts/ansible-all-hosts.sh new file mode 100755 index 00000000..3b611ab3 --- /dev/null +++ b/inventory/scripts/ansible-all-hosts.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# +# Run the playbook on multiple hosts with different credentials with this script +# It defaults to ansible tags "setup-all,start". You can pass alternative tags +# to this script as arguments, e.g. +# +# ./inventory/scripts/ansible-all-hosts.sh self-check +# + +# set playbook root path +root=$(dirname "$(readlink -f "$0")")/../.. + +# set default tags or get from first argument if any +tags="${1:-setup-all,start}" + +# init password array +declare -A pws + +# capture passwords for all hosts +for host in "$root"/inventory/*.yml; do + read -rp "sudo password for $(basename "$host"): " -s pw + pws[$host]="$pw" + echo +done + +# run ansible on all captured passwords/hosts +for host in "${!pws[@]}"; do + ansible-playbook "$root"/setup.yml \ + --inventory-file "$host" \ + --extra-vars "ansible_become_pass=${pws[$host]}" \ + --tags="$tags" +done diff --git a/inventory/scripts/jitsi-generate-passwords.sh b/inventory/scripts/jitsi-generate-passwords.sh index c48a0c2d..f24a3fba 100755 --- a/inventory/scripts/jitsi-generate-passwords.sh +++ b/inventory/scripts/jitsi-generate-passwords.sh @@ -18,7 +18,7 @@ JIBRI_XMPP_PASSWORD=$(generatePassword) echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:" echo "" -echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD -echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD -echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD -echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD +echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD" +echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD" +echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD" +echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD" diff --git a/roles/matrix-backup-borg/tasks/setup_install.yml b/roles/matrix-backup-borg/tasks/setup_install.yml index cc9816fa..e3401a13 100644 --- a/roles/matrix-backup-borg/tasks/setup_install.yml +++ b/roles/matrix-backup-borg/tasks/setup_install.yml @@ -1,6 +1,13 @@ --- - block: + - name: Fail with matrix_backup_borg_version advice if Postgres not enabled + ansible.builtin.fail: + msg: >- + You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen. + Consider setting `matrix_backup_borg_version` to your Postgres version manually. + when: not matrix_postgres_enabled + - ansible.builtin.import_role: name: matrix-postgres tasks_from: detect_existing_postgres_version diff --git a/roles/matrix-bot-honoroit/defaults/main.yml b/roles/matrix-bot-honoroit/defaults/main.yml index bbb6ecd3..fe0b0981 100644 --- a/roles/matrix-bot-honoroit/defaults/main.yml +++ b/roles/matrix-bot-honoroit/defaults/main.yml @@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.10 +matrix_bot_honoroit_version: v0.9.12 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" @@ -91,6 +91,12 @@ matrix_bot_honoroit_noencryption: false # Max items in cache matrix_bot_honoroit_cachesize: '' +# List of ignored room IDs +matrix_bot_honoroit_ignoredrooms: [] + +# Ignore messages outside of threads +matrix_bot_honoroit_ignorenothread: false + # Text prefix: open matrix_bot_honoroit_text_prefix_open: '' diff --git a/roles/matrix-bot-honoroit/templates/env.j2 b/roles/matrix-bot-honoroit/templates/env.j2 index c5f2025b..c8d10c6a 100644 --- a/roles/matrix-bot-honoroit/templates/env.j2 +++ b/roles/matrix-bot-honoroit/templates/env.j2 @@ -9,6 +9,8 @@ HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }} HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }} HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }} HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }} +HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }} +HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }} HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }} HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }} HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }} diff --git a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 index 938901ea..49bbcb87 100644 --- a/roles/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -27,6 +27,9 @@ plugin_directories: # Configuration for storing plugin databases plugin_databases: + # Some plugins still require sqlite, so configure a path here. + # postgres will be used if supported. + sqlite: /data/dbs postgres: default server: diff --git a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 index 2773c69d..a9e03986 100644 --- a/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 +++ b/roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2 @@ -28,10 +28,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \ {% endfor %} --network={{ matrix_docker_network }} \ {% if matrix_bot_maubot_management_interface_http_bind_port %} - -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} + -p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} \ {% endif %} {{ matrix_bot_maubot_docker_image }} \ - python3 -m maubot -c /config/config.yaml + python3 -m maubot -c /config/config.yaml --no-update ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' diff --git a/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml new file mode 100644 index 00000000..f27f75c5 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -0,0 +1,200 @@ +--- +# matrix-appservice-kakaotalk is a Matrix <-> Kakaotalk bridge +# Project source code URL: https://src.miscworks.net/fair/matrix-appservice-kakaotalk/ + +matrix_appservice_kakaotalk_enabled: true + +# No images are published for neither of the container images (appservice or node), so we're self-building everything. +matrix_appservice_kakaotalk_container_image_self_build: true +# matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/fair/matrix-appservice-kakaotalk.git" +# +# hnarjis' fork is used instead of upstream (fair's), because upstream is currently broken. +# The following error happens when chatting up the bot without this fix: +# [2022-07-25 09:04:53,784] [ERROR@mau.as] Exception in Matrix event handler +# Traceback (most recent call last): +# File "/usr/lib/python3.9/site-packages/mautrix/appservice/as_handler.py", line 239, in try_handle +# await handler_func(event) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 820, in int_handle_event +# await self.int_handle_invite(evt) +# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 441, in int_handle_invite +# inviter = await self.bridge.get_user(evt.sender) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/__main__.py", line 112, in get_user +# return await User.get_by_mxid(user_id, create=create) +# File "/usr/lib/python3.9/site-packages/mautrix/util/async_getter_lock.py", line 60, in wrapper +# return await fn(cls, *args, **kwargs) +# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/user.py", line 227, in get_by_mxid +# user = cls(mxid) +# TypeError: __init__() missing 2 required positional arguments: 'force_login' and 'was_connected' +matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/hnarjis/matrix-appservice-kakaotalk.git" +matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}" + +matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}" +matrix_appservice_kakaotalk_node_docker_image_prefix: "localhost/" +matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e +matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_name_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}" +matrix_appservice_kakaotalk_docker_image_name_prefix: "localhost/" +matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}" + +matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk" +matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config" +matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data" +matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src" + +matrix_appservice_kakaotalk_command_prefix: "!kt" + +matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}' +matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115' + + +# A list of extra arguments to pass to the appservice-kakaotalk container +matrix_appservice_kakaotalk_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk.service depends on. +matrix_appservice_kakaotalk_systemd_required_services_list: ['docker.service', 'matrix-appservice-kakaotalk-node.service'] + +# List of systemd services that matrix-appservice-kakaotalk.service wants +matrix_appservice_kakaotalk_systemd_wanted_services_list: [] + + +# A list of extra arguments to pass to the appservice-kakaotalk-node container +matrix_appservice_kakaotalk_node_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-kakaotalk-node.service depends on. +matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-kakaotalk-node.service wants +matrix_appservice_kakaotalk_node_systemd_wanted_services_list: [] + + +matrix_appservice_kakaotalk_appservice_token: '' +matrix_appservice_kakaotalk_homeserver_token: '' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_appservice_kakaotalk_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite: +# - change the engine (`matrix_appservice_kakaotalk_database_engine: 'sqlite'`) +# To use Postgres: +# - adjust your database credentials via the `matrix_appservice_kakaotalk_database_*` variables +matrix_appservice_kakaotalk_database_engine: 'postgres' + +matrix_appservice_kakaotalk_sqlite_database_path_local: "{{ matrix_appservice_kakaotalk_data_path }}/appservice-kakaotalk.db" +matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice-kakaotalk.db" + +matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk' +matrix_appservice_kakaotalk_database_password: 'some-password' +matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres' +matrix_appservice_kakaotalk_database_port: 5432 +matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk' + +matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}' + +matrix_appservice_kakaotalk_appservice_database: "{{ + { + 'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container), + 'postgres': matrix_appservice_kakaotalk_database_connection_string, + }[matrix_appservice_kakaotalk_database_engine] +}}" + + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +# Also see: matrix_appservice_kakaotalk_bridge_login_shared_secret_map +matrix_appservice_kakaotalk_login_shared_secret: '' + +matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}" + +matrix_appservice_kakaotalk_bridge_permissions: | + {{ + {matrix_appservice_kakaotalk_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot +matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_' + +# End-to-bridge encryption configuration +matrix_appservice_kakaotalk_bridge_encryption_allow: false +matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}" + +# Specifies the default log level for all bridge loggers. +matrix_appservice_kakaotalk_logging_level: WARNING + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_appservice_kakaotalk_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_appservice_kakaotalk_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_kakaotalk_configuration_yaml`. + +matrix_appservice_kakaotalk_configuration_extension: "{{ matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml if matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_configuration_yaml`. +matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_configuration_yaml | from_yaml | combine(matrix_appservice_kakaotalk_configuration_extension, recursive=True) }}" + + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_node_configuration_extension_yaml`) +# or completely replace this variable with your own template. +# +# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict. +# This is unlike what it does when looking up YAML template files (no automatic parsing there). +matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}" + +# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`. +# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`). +# +# You can override individual variables from the default configuration, or introduce new ones. +# +# If you need something more special, you can take full control by +# completely redefining `matrix_appservice_kakaotalk_node_configuration_default`. +# +# Example configuration extension follows: +# +# matrix_appservice_kakaotalk_node_configuration_extension_json: | +# { +# "register_timeout": 5000 +# } +matrix_appservice_kakaotalk_node_configuration_extension_json: '{}' + +matrix_appservice_kakaotalk_node_configuration_extension: "{{ matrix_appservice_kakaotalk_node_configuration_extension_json | from_json if matrix_appservice_kakaotalk_node_configuration_extension_json | from_json is mapping else {} }}" + +# Holds the final appservice-kakaotalk-node configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_node_configuration_default`. +matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_node_configuration_default | combine(matrix_appservice_kakaotalk_node_configuration_extension, recursive=True) }}" + + +matrix_appservice_kakaotalk_registration_yaml: | + id: appservice-kakaotalk + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} + namespaces: + users: + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + - exclusive: true + regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$' + url: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} + sender_localpart: _appservice_kakaotalk + rate_limited: false + +matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}" diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml new file mode 100644 index 00000000..c2679b35 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml @@ -0,0 +1,28 @@ +--- +# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 +# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 +- name: Fail if trying to self-build on Ansible < 2.8 + ansible.builtin.fail: + msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md" + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled" + +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}" + when: matrix_appservice_kakaotalk_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files | default([]) + + + ["/matrix-appservice-kakaotalk-registration.yaml"] + }} + when: matrix_appservice_kakaotalk_enabled | bool diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml new file mode 100644 index 00000000..dfb286f2 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool" + tags: + - setup-all + - setup-appservice-kakaotalk diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml new file mode 100644 index 00000000..def73c59 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml @@ -0,0 +1,125 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- name: Ensure matrix-appservice-kakaotalk image is pulled + docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk-node image is pulled + docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}" + when: not matrix_appservice_kakaotalk_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure matrix-appservice-kakaotalk paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true} + - {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure matrix-appservice-kakaotalk repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}" + dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_appservice_kakaotalk_git_pull_results + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node Docker image is built + docker_image: + name: "{{ matrix_appservice_kakaotalk_node_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk Docker image is built + docker_image: + name: "{{ matrix_appservice_kakaotalk_docker_image }}" + source: build + force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}" + pull: true + when: "matrix_appservice_kakaotalk_container_image_self_build | bool" + +- name: Ensure matrix-appservice-kakaotalk-node config.json installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-appservice-kakaotalk-node.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + mode: 0644 + register: matrix_appservice_kakaotalk_node_systemd_service_result + +- name: Ensure matrix-appservice-kakaotalk.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + mode: 0644 + register: matrix_appservice_kakaotalk_systemd_service_result + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation + ansible.builtin.service: + daemon_reload: true + when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml new file mode 100644 index 00000000..fb11c383 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml @@ -0,0 +1,41 @@ +--- + +- name: Check existence of matrix-appservice-kakaotalk service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + register: matrix_appservice_kakaotalk_service_stat + +- name: Ensure matrix-appservice-kakaotalk is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Check existence of matrix-appservice-kakaotalk-node service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + register: matrix_appservice_kakaotalk_node_service_stat + +- name: Ensure matrix-appservice-kakaotalk-node is stopped + ansible.builtin.service: + name: matrix-appservice-kakaotalk-node + state: stopped + enabled: false + daemon_reload: true + when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists" + +- name: Ensure matrix-appservice-kakaotalk.service files don't exist + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service" + - "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service" + when: "matrix_appservice_kakaotalk_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml new file mode 100644 index 00000000..4f838e7a --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_appservice_kakaotalk_appservice_token" + - "matrix_appservice_kakaotalk_homeserver_token" diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 new file mode 100644 index 00000000..1bb87cb4 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -0,0 +1,276 @@ +# Homeserver details +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_appservice_kakaotalk_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_appservice_kakaotalk_homeserver_domain | to_json }} + # Whether or not to verify the SSL certificate of the homeserver. + # Only applies if address starts with https:// + verify_ssl: true + # Whether or not the homeserver supports asmux-specific endpoints, + # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically + # updating m.direct. + asmux: false + # Number of retries for all HTTP requests if the homeserver isn't reachable. + http_retry_count: 4 + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's MQTT connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Whether asynchronous uploads via MSC2246 should be enabled for media. + # Requires a media repo that supports MSC2246. + async_media: false + +# Application service host/registration related details +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_appservice_kakaotalk_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 11115 + # The maximum body size of appservice API requests (from the homeserver) in mebibytes + # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s + max_body_size: 1 + + # The full URI to the database. SQLite and Postgres are supported. + # Format examples: + # SQLite: sqlite:///filename.db + # Postgres: postgres://username:password@hostname/dbname + database: {{ matrix_appservice_kakaotalk_appservice_database | to_json }} + # Additional arguments for asyncpg.create_pool() or sqlite3.connect() + # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool + # https://docs.python.org/3/library/sqlite3.html#sqlite3.connect + # For sqlite, min_size is used as the connection thread pool size and max_size is ignored. + database_opts: + min_size: 5 + max_size: 10 + + # The unique ID of this appservice. + id: appservice-kakaotalk + # Username of the appservice bot. + bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username | to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + bot_displayname: KakaoTalk bridge bot + bot_avatar: + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + # You should disable bridge -> sync_with_custom_puppets when this is enabled. + ephemeral_events: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }} + hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }} + +# Prometheus telemetry config. Requires prometheus-client to be installed. +metrics: + enabled: false + listen_port: 8000 + +# Manhole config. +manhole: + # Whether or not opening the manhole is allowed. + enabled: false + # The path for the unix socket. + path: /var/tmp/matrix-appservice-kakaotalk.manhole + # The list of UIDs who can be added to the whitelist. + # If empty, any UIDs can be specified in the open-manhole command. + whitelist: + - 0 + +# Config for things that are directly sent to KakaoTalk. +kakaotalk: + device_name: "KakaoTalk Bridge" + +# Bridge config +bridge: + # Localpart template of MXIDs for KakaoTalk users. + # {userid} is replaced with the user ID of the KakaoTalk user. + username_template: "{{ matrix_appservice_kakaotalk_user_prefix }}{userid}" + # Displayname template for KakaoTalk users. + # {displayname} is replaced with the display name of the KakaoTalk user. + displayname_template: "{displayname} (KT)" + + # The prefix for commands. Only required in non-management rooms. + command_prefix: {{ matrix_appservice_kakaotalk_command_prefix | to_json }} + + # Number of chats to sync (and create portals for) on startup/login. + # Set to 0 to disable automatic syncing, or -1 to sync as much as possible. + initial_chat_sync: 20 + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when the user sends a message from another client. + invite_own_puppet_to_pm: false + # Whether or not to use /sync to get presence, read receipts and typing notifications + # when double puppeting is enabled + sync_with_custom_puppets: true + # Whether or not to update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, custom puppets will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + # If using this for other servers than the bridge's server, + # you must also set the URL in the double_puppet_server_map. + login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map | to_json }} + # Whether or not to update avatars when syncing all contacts at startup. + update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_appservice_kakaotalk_bridge_encryption_allow | to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_appservice_kakaotalk_bridge_encryption_default| to_json }} + # Options for automatic key sharing. + key_sharing: + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow: false + # Require the requesting device to have a valid cross-signing signature? + # This doesn't require that the bridge has verified the device, only that the user has verified it. + # Not yet implemented. + require_cross_signing: false + # Require devices to be verified by the bridge? + # Verification by the bridge is not yet implemented. + require_verification: true + # Whether or not the bridge should send a read receipt from the bridge bot when a message has + # been sent to KakaoTalk. + delivery_receipts: false + # Whether to allow inviting arbitrary mxids to portal rooms + allow_invites: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms | to_json }} + # Settings for backfilling messages from KakaoTalk. + backfill: + # Whether or not the KakaoTalk users of logged in Matrix users should be + # invited to private chats when backfilling history from KakaoTalk. This is + # usually needed to prevent rate limits and to allow timestamp massaging. + invite_own_puppet: true + # Maximum number of messages to backfill initially. + # Set to 0 to disable backfilling when creating portal, or -1 to backfill as much as possible. + initial_limit: 0 + # Maximum number of messages to backfill if messages were missed while + # the bridge was disconnected. + # Set to 0 to disable backfilling missed messages, or -1 to backfill as much as possible. + missed_limit: 1000 + # If using double puppeting, should notifications be disabled + # while the initial backfill is in progress? + disable_notifications: false + # The number of seconds that a disconnection can last without triggering an automatic re-sync + # and missed message backfilling when reconnecting. + # Set to 0 to always re-sync, or -1 to never re-sync automatically. + resync_max_disconnected_time: 5 + # Should users remain logged in after being disconnected from chatroom updates? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + remain_logged_in_on_disconnect: true + # May the bridge restore user logins with session tokens instead of requiring a password? + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + # Note that password-based login will be tried first for users who have saved their password. + allow_token_relogin: true + # Should the bridge connect users to chatroom updates after a token-based login? + # This will disconnect any KakaoTalk PC/bridge sessions that were started since the last connection. + # This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk. + reconnect_on_token_relogin: true + # Should the bridge do a resync for connected users on startup? + sync_on_startup: true + # Whether or not temporary disconnections should send notices to the notice room. + # If this is false, disconnections will never send messages and connections will only send + # messages if it was disconnected for more than resync_max_disconnected_time seconds. + temporary_disconnect_notices: true + # Disable bridge notices entirely + disable_bridge_notices: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, + # except if the config file is not writable. + resend_bridge_info: false + # Whether or not mute status and tags should only be bridged when the portal room is created. + tag_only_on_create: true + # If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or + # other configuration. This may be useful if you don't want to use the default proxy for large files. + sandbox_media_download: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Allowed to be relayed through the bridge, no access to commands. + # user - Use the bridge with puppeting. + # admin - Use and administrate the bridge. + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_appservice_kakaotalk_bridge_permissions | to_json }} + + relay: + # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: false + # The formats to use when sending messages to KakaoTalk via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' + m.file: 'File from $sender_displayname: $message' + m.image: 'Image from $sender_displayname: $message' + m.audio: 'Audio from $sender_displayname: $message' + m.video: 'Video from $sender_displayname: $message' + m.location: '$sender_displayname sent a location' + +rpc: + connection: + # Either unix or tcp + type: tcp + # Only for type: unix + # path: /rpc/rpc.sock + # Only for type: tcp + host: matrix-appservice-kakaotalk-node + port: 8000 + +# Python logging configuration. +# +# See section 16.7.2 of the Python documentation for more info: +# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema +logging: + version: 1 + formatters: + colored: + (): matrix_appservice_kakaotalk.util.ColorFormatter + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + normal: + format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + formatter: colored + loggers: + mau: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + paho: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + aiohttp: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + root: + level: {{ matrix_appservice_kakaotalk_logging_level | to_json }} + handlers: [console] diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 new file mode 100644 index 00000000..82709138 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 @@ -0,0 +1,13 @@ +{ + "listen": { + "type": "tcp", + "host": "0.0.0.0", + "port": 8000, + "force": false + }, + "register_timeout": 3000, + "logging_keys": { + "request": ["mxid"], + "response": ["status"] + } +} diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 new file mode 100644 index 00000000..1a526ee6 --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 @@ -0,0 +1,38 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk-node bridge helper +{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_node_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/node-config.json,dst=/config.json,ro \ + {% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_node_docker_image }} \ + node src/main.js --config /config.json + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 new file mode 100644 index 00000000..83a8d4dc --- /dev/null +++ b/roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=appservice-kakaotalk bridge +{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_kakaotalk_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_appservice_kakaotalk_data_path }},dst=/data \ + {% for arg in matrix_appservice_kakaotalk_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_appservice_kakaotalk_docker_image }} \ + python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-appservice-kakaotalk + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml index a8338093..fc2cc898 100644 --- a/roles/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -29,6 +29,12 @@ matrix_beeper_linkedin_bridge_presence: true matrix_beeper_linkedin_command_prefix: "!li" +matrix_beeper_linkedin_bridge_permissions: | + {{ + {matrix_beeper_linkedin_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_beeper_linkedin_container_extra_arguments: [] @@ -72,6 +78,9 @@ matrix_beeper_linkedin_appservice_database_uri: "{{ # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). matrix_beeper_linkedin_login_shared_secret: '' +# Specifies the default log level for all bridge loggers. +matrix_beeper_linkedin_logging_level: WARNING + # Default beeper-linkedin configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml index 04a787b8..9df4d75b 100644 --- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml +++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml @@ -50,12 +50,12 @@ - name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image ansible.builtin.command: cmd: | - {{ matrix_host_command_docker }} run \ - --rm \ - --entrypoint=/bin/sh \ - --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \ - -w /work \ - docker.io/python:3.9.6-buster \ + {{ matrix_host_command_docker }} run + --rm + --entrypoint=/bin/sh + --mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work + -w /work + docker.io/python:3.9.6-buster -c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt" register: matrix_beeper_linkedin_generate_docker_requirements_result changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0 diff --git a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 index e0729549..a30f2425 100644 --- a/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 +++ b/roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2 @@ -56,7 +56,7 @@ appservice: # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # to leave display name/avatar as-is. displayname: LinkedIn bridge bot - avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB + avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB # Whether or not to receive ephemeral events via appservice transactions. # Requires MSC2409 support (i.e. Synapse 1.22+). @@ -236,11 +236,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_beeper_linkedin_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_beeper_linkedin_bridge_permissions|to_json }} @@ -259,12 +255,12 @@ logging: formatter: colored loggers: mau: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} paho: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} aiohttp: - level: WARNING + level: {{ matrix_beeper_linkedin_logging_level|to_json }} root: - level: WARNING - handlers: [ console] + level: {{ matrix_beeper_linkedin_logging_level|to_json }} + handlers: [console] diff --git a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml index b05e78a5..a6f7aa9d 100644 --- a/roles/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -4,13 +4,13 @@ matrix_go_skype_bridge_enabled: true -matrix_go_skype_bridge_container_image_self_build: true +matrix_go_skype_bridge_container_image_self_build: false matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git" matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}" matrix_go_skype_bridge_version: latest -matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" -matrix_go_skype_bridge_docker_image_name_prefix: "localhost/" +matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}" +matrix_go_skype_bridge_docker_image_name_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}" matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge" @@ -85,6 +85,20 @@ matrix_go_skype_bridge_bridge_login_shared_secret_map: matrix_go_skype_bridge_bridge_double_puppet_server_map: "{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_go_skype_bridge_bridge_encryption_allow: false +matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_go_skype_bridge_log_level: 'warn' + +matrix_go_skype_bridge_bridge_permissions: | + {{ + {matrix_go_skype_bridge_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Default go-skype-bridge configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -124,11 +138,3 @@ matrix_go_skype_bridge_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}" - -# Enable End-to-bridge encryption -matrix_go_skype_bridge_bridge_encryption_allow: false -matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}" - -# Minimum severity of journal log messages. -# Options: debug, info, warn, error, fatal -matrix_go_skype_bridge_log_level: 'warn' diff --git a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 index 56e37f84..2a1dc6c1 100644 --- a/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 +++ b/roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 @@ -197,11 +197,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_go_skype_bridge_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }} relaybot: # Whether or not relaybot support is enabled. diff --git a/roles/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/matrix-bridge-mautrix-discord/defaults/main.yml new file mode 100644 index 00000000..dbc23031 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/defaults/main.yml @@ -0,0 +1,142 @@ +--- +# mautrix-discord is a Matrix <-> Discord bridge +# Project source code URL: https://github.com/mautrix/discord + +matrix_mautrix_discord_enabled: true + +matrix_mautrix_discord_container_image_self_build: false +matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" +matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" + +matrix_mautrix_discord_version: latest +# See: https://mau.dev/mautrix/discord/container_registry +matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" +matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_discord_docker_image_force_pull: "{{ matrix_mautrix_discord_docker_image.endswith(':latest') }}" + +matrix_mautrix_discord_base_path: "{{ matrix_base_data_path }}/mautrix-discord" +matrix_mautrix_discord_config_path: "{{ matrix_mautrix_discord_base_path }}/config" +matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data" +matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src" + +matrix_mautrix_discord_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080" + +matrix_mautrix_discord_command_prefix: "!discord" + +matrix_mautrix_discord_bridge_permissions: | + {{ + {matrix_mautrix_discord_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# A list of extra arguments to pass to the container +matrix_mautrix_discord_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-discord.service depends on. +matrix_mautrix_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-discord.service wants +matrix_mautrix_discord_systemd_wanted_services_list: [] + +matrix_mautrix_discord_appservice_token: '' +matrix_mautrix_discord_homeserver_token: '' + +matrix_mautrix_discord_appservice_bot_username: discordbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_discord_logging_level: 'warn' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_discord_federate_rooms: true + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_discord_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_discord_database_*` variables +matrix_mautrix_discord_database_engine: 'sqlite' + +matrix_mautrix_discord_sqlite_database_path_local: "{{ matrix_mautrix_discord_data_path }}/mautrix-discord.db" +matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord.db" + +matrix_mautrix_discord_database_username: 'matrix_mautrix_discord' +matrix_mautrix_discord_database_password: 'some-password' +matrix_mautrix_discord_database_hostname: 'matrix-postgres' +matrix_mautrix_discord_database_port: 5432 +matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' + +matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable' + +matrix_mautrix_discord_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_discord_database_engine] +}}" + +matrix_mautrix_discord_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_discord_database_connection_string, + }[matrix_mautrix_discord_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_discord_login_shared_secret: '' +matrix_mautrix_discord_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_discord_homeserver_domain: matrix_mautrix_discord_login_shared_secret} if matrix_mautrix_discord_login_shared_secret else {} }}" + +# Servers to always allow double puppeting from +matrix_mautrix_discord_bridge_double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain : matrix_mautrix_discord_homeserver_address }}" + +# Default mautrix-discord configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_discord_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_discord_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_discord_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_discord_configuration_yaml`. + +matrix_mautrix_discord_configuration_extension: "{{ matrix_mautrix_discord_configuration_extension_yaml | from_yaml if matrix_mautrix_discord_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_discord_configuration_yaml`. +matrix_mautrix_discord_configuration: "{{ matrix_mautrix_discord_configuration_yaml | from_yaml | combine(matrix_mautrix_discord_configuration_extension, recursive=True) }}" + +matrix_mautrix_discord_registration_yaml: | + id: discord + url: {{ matrix_mautrix_discord_appservice_address }} + as_token: "{{ matrix_mautrix_discord_appservice_token }}" + hs_token: "{{ matrix_mautrix_discord_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_discord_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@discord_[0-9]+:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}" + +# Enable End-to-bridge encryption +matrix_mautrix_discord_bridge_encryption_allow: false +matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" +matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/init.yml b/roles/matrix-bridge-mautrix-discord/tasks/init.yml new file mode 100644 index 00000000..30baf017 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/init.yml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}" + when: matrix_mautrix_discord_enabled | bool + +# If the matrix-synapse role is not used, these variables may not exist. +- ansible.builtin.set_fact: + matrix_synapse_container_extra_arguments: > + {{ + matrix_synapse_container_extra_arguments | default([]) + + + ["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"] + }} + + matrix_synapse_app_service_config_files: > + {{ + matrix_synapse_app_service_config_files | default([]) + + + ["/matrix-mautrix-discord-registration.yaml"] + }} + when: matrix_mautrix_discord_enabled | bool diff --git a/roles/matrix-bridge-mautrix-discord/tasks/main.yml b/roles/matrix-bridge-mautrix-discord/tasks/main.yml new file mode 100644 index 00000000..9eaadf68 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup | bool and matrix_mautrix_discord_enabled | bool" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup and matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord + +- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup and not matrix_mautrix_discord_enabled" + tags: + - setup-all + - setup-mautrix-discord diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml new file mode 100644 index 00000000..7e2ed79c --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml @@ -0,0 +1,122 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed | default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: false + +- block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + register: matrix_mautrix_discord_sqlite_database_path_local_stat_result + + - block: + - ansible.builtin.set_fact: + matrix_postgres_db_migration_request: + src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_discord_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_discord_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-discord.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.import_role: + name: matrix-postgres + tasks_from: migrate_db_to_postgres + + - ansible.builtin.set_fact: + matrix_mautrix_discord_requires_restart: true + when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool" + when: "matrix_mautrix_discord_database_engine == 'postgres'" + + +- name: Ensure Mautrix Discord paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_discord_base_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_config_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_data_path }}", when: true} + - {path: "{{ matrix_mautrix_discord_docker_src_files_path }}", when: "{{ matrix_mautrix_discord_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix Discord image is pulled + docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_docker_image_force_pull }}" + when: not matrix_mautrix_discord_container_image_self_build + register: result + retries: "{{ matrix_container_retries_count }}" + delay: "{{ matrix_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix discord repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_discord_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_discord_docker_src_files_path }}" + version: "{{ matrix_mautrix_discord_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_discord_git_pull_results + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Ensure Mautrix discord Docker image is built + docker_image: + name: "{{ matrix_mautrix_discord_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_discord_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_discord_container_image_self_build | bool" + +- name: Ensure mautrix-discord config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-discord registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_discord_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_discord_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-discord.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-discord.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + mode: 0644 + register: matrix_mautrix_discord_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-discord.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-discord.service" + state: restarted + when: "matrix_mautrix_discord_requires_restart | bool" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml new file mode 100644 index 00000000..94fef89a --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml @@ -0,0 +1,25 @@ +--- + +- name: Check existence of matrix-mautrix-discord service + ansible.builtin.stat: + path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + register: matrix_mautrix_discord_service_stat + +- name: Ensure matrix-mautrix-discord is stopped + ansible.builtin.service: + name: matrix-mautrix-discord + state: stopped + enabled: false + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-discord.service doesn't exist + ansible.builtin.file: + path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service" + state: absent + when: "matrix_mautrix_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml new file mode 100644 index 00000000..4ba7e127 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_discord_appservice_token" + - "matrix_mautrix_discord_homeserver_token" diff --git a/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 new file mode 100644 index 00000000..fdd4f788 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 @@ -0,0 +1,221 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_discord_homeserver_address | to_json }} + # The domain of the homeserver (for MXIDs, etc). + domain: {{ matrix_mautrix_discord_homeserver_domain | to_json }} + # Is the homeserver actually mautrix-asmux? + asmux: false + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_discord_appservice_address | to_json }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3" and "postgres" are supported. + type: {{ matrix_mautrix_discord_appservice_database_type|to_json }} + # The database URI. + # SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_discord_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: discord + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_discord_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Discord bridge bot + avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: {{ matrix_mautrix_discord_appservice_token | to_json }} + hs_token: {{ matrix_mautrix_discord_homeserver_token | to_json }} + +# Bridge config +bridge: + # Localpart template of MXIDs for Discord users. + # {{ '{{.}}' }} is replaced with the internal ID of the Discord user. + username_template: "{{ 'discord_{{.}}' }}" + # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # Available variables: + # {{ '{{.ID}}' }} - Internal user ID + # {{ '{{.Username}}' }} - User's displayname on Discord + # {{ '{{.Discriminator}}' }} - The 4 numbers after the name on Discord + # {{ '{{.Bot}}' }} - Whether the user is a bot + # {{ '{{.System}}' }} - Whether the user is an official system user + displayname_template: "{{ '{{.Username}} {{if .Bot}} (bot){{end}}' }}" + # Displayname template for Discord channels (bridged as rooms, or spaces when type=4). + # Available variables: + # {{ '{{.Name}}' }} - Channel name, or user displayname (pre-formatted with displayname_template) in DMs. + # {{ '{{.ParentName}}' }} - Parent channel name (used for categories). + # {{ '{{.GuildName}}' }} - Guild name. + # {{ '{{.NSFW}}' }} - Whether the channel is marked as NSFW. + # {{ '{{.Type}}' }} - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267) + channel_name_template: "{{ '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}' }}" + # Displayname template for Discord guilds (bridged as spaces). + # Available variables: + # {{ '{{.Name}}' }} - Guild name + guild_name_template: "{{ '{{.Name}}' }}" + # Should the bridge explicitly set the avatar and room name for DM portal rooms? + # This is implicitly enabled in encrypted rooms. + private_chat_portal_meta: false + portal_message_buffer: 128 + # Number of private channel portals to create on bridge startup. + # Other portals will be created when receiving messages. + startup_private_channel_create_limit: 5 + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: true + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should the bridge use space-restricted join rules instead of invite-only for guild rooms? + # This can avoid unnecessary invite events in guild rooms when members are synced in. + restricted_rooms: true + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord? + # If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave. + delete_portal_on_channel_delete: false + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_discord_federate_rooms|to_json }} + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_discord_homeserver_domain }}": {{ matrix_mautrix_discord_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_discord_bridge_login_shared_secret_map|to_json }} + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "{{ matrix_mautrix_discord_command_prefix }}" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Discord bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }} + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }} + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Discord account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_mautrix_discord_bridge_permissions|to_json }} + +logging: + directory: ./logs + file_name_format: '' + file_date_format: "2006-01-02" + file_mode: 384 + timestamp_format: Jan _2, 2006 15:04:05 + print_level: {{ matrix_mautrix_discord_logging_level | to_json }} + print_json: false + file_json: false diff --git a/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 new file mode 100644 index 00000000..788cd012 --- /dev/null +++ b/roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix Discord bridge +{% for service in matrix_mautrix_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discord \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --mount type=bind,src={{ matrix_mautrix_discord_config_path }},dst=/config,ro \ + --mount type=bind,src={{ matrix_mautrix_discord_data_path }},dst=/data \ + --workdir=/data \ + {% for arg in matrix_mautrix_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_discord_docker_image }} \ + /usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true' +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-discord + +[Install] +WantedBy=multi-user.target diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 51b4f357..719c86dc 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -46,6 +46,12 @@ matrix_mautrix_facebook_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_facebook_federate_rooms: true +matrix_mautrix_facebook_bridge_permissions: | + {{ + {matrix_mautrix_facebook_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-facebook container exposes its HTTP port. # # Takes an ":" or "" value (e.g. "127.0.0.1:9008"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 4b27e66a..3318255d 100644 --- a/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -201,11 +201,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_facebook_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_facebook_bridge_permissions|to_json }} relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml index 85d534e5..a4b1438b 100644 --- a/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-googlechat/defaults/main.yml @@ -48,6 +48,12 @@ matrix_mautrix_googlechat_homeserver_token: '' # If false, created portal rooms will never be federated. matrix_mautrix_googlechat_federate_rooms: true +matrix_mautrix_googlechat_bridge_permissions: | + {{ + {matrix_mautrix_googlechat_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 index ad86219c..a2560a9f 100644 --- a/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2 @@ -117,11 +117,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_googlechat_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_googlechat_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index fc467871..8b338fd7 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -27,6 +27,12 @@ matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080 matrix_mautrix_hangouts_command_prefix: "!HO" +matrix_mautrix_hangouts_bridge_permissions: | + {{ + {matrix_mautrix_hangouts_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container). # # Takes an ":" or "" value (e.g. "127.0.0.1:9007"), or empty string to not expose. diff --git a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 index 6dca06ff..d737f3f1 100644 --- a/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 @@ -114,11 +114,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_hangouts_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_hangouts_bridge_permissions|to_json }} # Python logging configuration. # diff --git a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml index e31f3f46..bcb6ddb1 100644 --- a/roles/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -25,6 +25,12 @@ matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29 matrix_mautrix_instagram_command_prefix: "!ig" +matrix_mautrix_instagram_bridge_permissions: | + {{ + {matrix_mautrix_instagram_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_instagram_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 11b1d997..039b9bfe 100644 --- a/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -185,11 +185,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_instagram_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_instagram_bridge_permissions|to_json }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). provisioning: diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml index 84ef38cd..bdef7fa5 100644 --- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml @@ -103,12 +103,14 @@ matrix_mautrix_signal_relaybot_enabled: false # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user +# +# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary. matrix_mautrix_signal_bridge_permissions: | - '*': relay - '{{ matrix_mautrix_signal_homeserver_domain }}': user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + {{ + {'*': 'relay'} + | combine({matrix_mautrix_signal_homeserver_domain: 'user'}) + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. @@ -141,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG' matrix_mautrix_signal_bridge_encryption_allow: false matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" + +# Additional environment variables to pass to the Signal Daemon container +# +# Example: +# matrix_mautrix_signal_daemon_environment_variables_extension: | +# SIGNALD_TRUST_NEW_KEYS=true +matrix_mautrix_signal_daemon_environment_variables_extension: '' diff --git a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml index 3a7ad508..cfc704a8 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml @@ -92,6 +92,15 @@ - "{{ matrix_mautrix_signal_daemon_path }}/attachments" - "{{ matrix_mautrix_signal_daemon_path }}/data" + +- name: Ensure mautrix-signal-daemon environment variables file created + ansible.builtin.template: + src: "{{ role_path }}/templates/env.j2" + dest: "{{ matrix_mautrix_signal_daemon_path }}/env" + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + mode: 0644 + - name: Ensure mautrix-signal config.yaml installed ansible.builtin.copy: content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}" diff --git a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml index 01a02c2f..ea2c1c43 100644 --- a/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml +++ b/roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml @@ -11,6 +11,15 @@ - "matrix_mautrix_signal_homeserver_token" - "matrix_mautrix_signal_appservice_token" +- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary + ansible.builtin.fail: + msg: >- + The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string. + The playbook now expects a hashmap/dictionary in this variable. + Change your configuration like this: + matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }} + when: "matrix_mautrix_signal_bridge_permissions is string" + - name: (Deprecation) Catch and report renamed Signal variables ansible.builtin.fail: msg: >- diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 index f0644ee2..796a6e41 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 @@ -223,8 +223,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - {{ matrix_mautrix_signal_bridge_permissions|from_yaml }} + permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }} relay: # Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any diff --git a/roles/matrix-bridge-mautrix-signal/templates/env.j2 b/roles/matrix-bridge-mautrix-signal/templates/env.j2 new file mode 100644 index 00000000..f5357ed2 --- /dev/null +++ b/roles/matrix-bridge-mautrix-signal/templates/env.j2 @@ -0,0 +1 @@ +{{ matrix_mautrix_signal_daemon_environment_variables_extension }} diff --git a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 index d6be37e9..31e68ea9 100644 --- a/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 +++ b/roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2 @@ -34,6 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si # We can't use `--read-only` for this bridge. ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \ --log-driver=none \ + --env-file={{ matrix_mautrix_signal_daemon_path }}/env \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 2ac9fe04..5c3c88fb 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -27,6 +27,12 @@ matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data matrix_mautrix_telegram_command_prefix: "!tg" +matrix_mautrix_telegram_bridge_permissions: | + {{ + {matrix_mautrix_telegram_homeserver_domain: 'full'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Get your own API keys at https://my.telegram.org/apps matrix_mautrix_telegram_api_id: '' matrix_mautrix_telegram_api_hash: '' diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 19bacbde..3a7ab7f1 100644 --- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -289,11 +289,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_telegram_homeserver_domain }}': full - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }} # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml index 512195cb..29999c45 100644 --- a/roles/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -25,6 +25,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327' matrix_mautrix_twitter_command_prefix: "!tw" +matrix_mautrix_twitter_bridge_permissions: | + {{ + {matrix_mautrix_twitter_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # A list of extra arguments to pass to the container matrix_mautrix_twitter_container_extra_arguments: [] diff --git a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 index b59864f1..da823d1e 100644 --- a/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2 @@ -173,11 +173,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - '{{ matrix_mautrix_twitter_homeserver_domain }}': user - {% if matrix_admin %} - '{{ matrix_admin }}': admin - {% endif %} + permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }} # Python logging configuration. diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 7a511651..2bc34a91 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -90,6 +90,17 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map: matrix_mautrix_whatsapp_bridge_double_puppet_server_map: "{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}" +# Enable End-to-bridge encryption +matrix_mautrix_whatsapp_bridge_encryption_allow: false +matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" +matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" + +matrix_mautrix_whatsapp_bridge_permissions: | + {{ + {matrix_mautrix_whatsapp_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + # Default mautrix-whatsapp configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -129,8 +140,3 @@ matrix_mautrix_whatsapp_registration_yaml: | de.sorunome.msc2409.push_ephemeral: true matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}" - -# Enable End-to-bridge encryption -matrix_mautrix_whatsapp_bridge_encryption_allow: false -matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" -matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}" diff --git a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index 8e0e300b..fab8d964 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -368,11 +368,7 @@ bridge: # * - All Matrix users # domain - All users on that homeserver # mxid - Specific user - permissions: - "{{ matrix_mautrix_whatsapp_homeserver_domain }}": user - {% if matrix_admin %} - "{{ matrix_admin }}": admin - {% endif %} + permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }} # Settings for relay mode relay: diff --git a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml index a7016b30..59b8c193 100644 --- a/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -1,11 +1,11 @@ --- # Mx Puppet GroupMe is a Matrix <-> GroupMe bridge -# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme +# Project source code URL: https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme matrix_mx_puppet_groupme_enabled: true matrix_mx_puppet_groupme_container_image_self_build: false -matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme" +matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme" matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if matrix_mx_puppet_groupme_version == 'latest' else matrix_mx_puppet_groupme_version }}" # Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container). @@ -13,9 +13,9 @@ matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if # Takes an ":" or "" value (e.g. "127.0.0.1:8437"), or empty string to not expose. matrix_mx_puppet_groupme_container_http_host_bind_port: '' -matrix_mx_puppet_groupme_version: latest -matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" -matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else matrix_container_global_registry_prefix }}" +matrix_mx_puppet_groupme_version: 533cccc8 +matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix-pub/matrix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}" +matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'registry.gitlab.com/' }}" matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}" matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme" diff --git a/roles/matrix-client-cinny/defaults/main.yml b/roles/matrix-client-cinny/defaults/main.yml index efd88010..743dc077 100644 --- a/roles/matrix-client-cinny/defaults/main.yml +++ b/roles/matrix-client-cinny/defaults/main.yml @@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true matrix_client_cinny_container_image_self_build: false matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git" -matrix_client_cinny_version: v2.0.4 +matrix_client_cinny_version: v2.1.1 matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}" matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-element/defaults/main.yml b/roles/matrix-client-element/defaults/main.yml index 119f31a2..5cefc3e3 100644 --- a/roles/matrix-client-element/defaults/main.yml +++ b/roles/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.0 +matrix_client_element_version: v1.11.2 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-client-hydrogen/defaults/main.yml b/roles/matrix-client-hydrogen/defaults/main.yml index 1baccdd3..4edfa20c 100644 --- a/roles/matrix-client-hydrogen/defaults/main.yml +++ b/roles/matrix-client-hydrogen/defaults/main.yml @@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true matrix_client_hydrogen_container_image_self_build: true matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" -matrix_client_hydrogen_version: v0.2.33 +matrix_client_hydrogen_version: v0.3.1 matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" @@ -31,7 +31,13 @@ matrix_client_hydrogen_systemd_required_services_list: ['docker.service'] matrix_client_hydrogen_self_check_validate_certificates: true # config.json +matrix_client_hydrogen_push: + appId: io.element.hydrogen.web + gatewayUrl: https://matrix.org + applicationServerKey: "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" matrix_client_hydrogen_default_hs_url: "" +matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming + # Default Hydrogen configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/matrix-client-hydrogen/templates/config.json.j2 b/roles/matrix-client-hydrogen/templates/config.json.j2 index 0c4331b6..161ee47b 100644 --- a/roles/matrix-client-hydrogen/templates/config.json.j2 +++ b/roles/matrix-client-hydrogen/templates/config.json.j2 @@ -1,11 +1,7 @@ { - "push": { - "appId": "io.element.hydrogen.web", - "gatewayUrl": "https://matrix.org", - "applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM" - }, - "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string|to_json }}, - "bugReportEndpointUrl": "https://element.io/bugreports/submit", + "push": {{ matrix_client_hydrogen_push | to_json }}, + "defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }}, + "bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }}, "themeManifests": [ "assets/theme-Element.json" ], diff --git a/roles/matrix-dendrite/defaults/main.yml b/roles/matrix-dendrite/defaults/main.yml index dd6d351e..476f86a2 100644 --- a/roles/matrix-dendrite/defaults/main.yml +++ b/roles/matrix-dendrite/defaults/main.yml @@ -6,7 +6,7 @@ matrix_dendrite_enabled: true matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "docker.io/" -matrix_dendrite_docker_image_tag: "v0.8.1" +matrix_dendrite_docker_image_tag: "v0.9.1" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" @@ -89,6 +89,7 @@ matrix_dendrite_registration_disabled: false matrix_dendrite_enable_registration_captcha: false matrix_dendrite_recaptcha_public_key: "" matrix_dendrite_recaptcha_private_key: "" +matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Dendrite extensions that have been enabled. diff --git a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 29f5c55f..62f8caba 100644 --- a/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -174,7 +174,7 @@ client_api: recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }} recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }} recaptcha_bypass_secret: "" - recaptcha_siteverify_api: "" + recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }} # TURN server information that this homeserver should send to clients. turn: diff --git a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 index 0457917a..0613f443 100644 --- a/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 +++ b/roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2 @@ -46,13 +46,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \ {% endfor %} {{ matrix_dendrite_docker_image }} \ -config /data/dendrite.yaml \ + {{ matrix_dendrite_process_extra_arguments|join(' ') }} \ {% if matrix_dendrite_http_bind_address %} -http-bind-address {{ matrix_dendrite_http_bind_address }} {% endif %} {% if matrix_dendrite_https_bind_address %} -https-bind-address {{ matrix_dendrite_https_bind_address }} {% endif %} - {{ matrix_dendrite_process_extra_arguments|join(' ') }} ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true' ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true' diff --git a/roles/matrix-dynamic-dns/defaults/main.yml b/roles/matrix-dynamic-dns/defaults/main.yml index bdeea0f1..2d15db6c 100644 --- a/roles/matrix-dynamic-dns/defaults/main.yml +++ b/roles/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.9.1-ls92 +matrix_dynamic_dns_version: v3.9.1-ls94 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" diff --git a/roles/matrix-grafana/defaults/main.yml b/roles/matrix-grafana/defaults/main.yml index a1cd3273..fb166359 100644 --- a/roles/matrix-grafana/defaults/main.yml +++ b/roles/matrix-grafana/defaults/main.yml @@ -5,7 +5,7 @@ matrix_grafana_enabled: false -matrix_grafana_version: 9.0.4 +matrix_grafana_version: 9.0.6 matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" diff --git a/roles/matrix-jitsi/defaults/main.yml b/roles/matrix-jitsi/defaults/main.yml index 5546d19c..2bec0247 100644 --- a/roles/matrix-jitsi/defaults/main.yml +++ b/roles/matrix-jitsi/defaults/main.yml @@ -71,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: '' matrix_jitsi_enable_lobby: false -matrix_jitsi_version: stable-7439-2 +matrix_jitsi_version: stable-7577 matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" diff --git a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml index 4f4e5e9a..687d5e3a 100644 --- a/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/detect_existing_postgres_version.yml @@ -6,6 +6,12 @@ # This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible # to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html + +- name: Fail detection if expectation fails (Postgres not enabled) + ansible.builtin.fail: + msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)" + when: not matrix_postgres_enabled + - name: Initialize Postgres version determination variables (default to empty) ansible.builtin.set_fact: matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" diff --git a/roles/matrix-prometheus-node-exporter/defaults/main.yml b/roles/matrix-prometheus-node-exporter/defaults/main.yml index d9077697..c7d6512f 100644 --- a/roles/matrix-prometheus-node-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-node-exporter/defaults/main.yml @@ -38,7 +38,7 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9100"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`. # @@ -54,3 +54,9 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false # because node-exporter can't see all interfaces, etc. # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_node_exporter_container_http_host_bind_port: '' + +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" diff --git a/roles/matrix-prometheus-node-exporter/tasks/init.yml b/roles/matrix-prometheus-node-exporter/tasks/init.yml index 51dd94f2..42f21667 100644 --- a/roles/matrix-prometheus-node-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-node-exporter/tasks/init.yml @@ -23,10 +23,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-node-exporter:9100"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } diff --git a/roles/matrix-prometheus-node-exporter/vars/main.yml b/roles/matrix-prometheus-node-exporter/vars/main.yml new file mode 100644 index 00000000..952dc205 --- /dev/null +++ b/roles/matrix-prometheus-node-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}" diff --git a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml index 82a12f42..fbe16ca8 100644 --- a/roles/matrix-prometheus-postgres-exporter/defaults/main.yml +++ b/roles/matrix-prometheus-postgres-exporter/defaults/main.yml @@ -4,7 +4,7 @@ matrix_prometheus_postgres_exporter_enabled: false -matrix_prometheus_postgres_exporter_version: v0.10.1 +matrix_prometheus_postgres_exporter_version: v0.11.0 matrix_prometheus_postgres_exporter_port: 9187 matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" @@ -35,7 +35,7 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container). # -# Takes an ":" value (e.g. "127.0.0.1:9187"), or empty string to not expose. +# Takes an ":" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose. # # You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`. # @@ -52,5 +52,11 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false # For now, we'll live with that, until someone develops a better solution. matrix_prometheus_postgres_exporter_container_http_host_bind_port: '' +# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:" +# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that ":" value will be used +# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf) +matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}" + matrix_prometheus_postgres_exporter_dashboard_urls: - "https://grafana.com/api/dashboards/9628/revisions/7/download" diff --git a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml index 6da16937..03fe965c 100644 --- a/roles/matrix-prometheus-postgres-exporter/tasks/init.yml +++ b/roles/matrix-prometheus-postgres-exporter/tasks/init.yml @@ -23,10 +23,10 @@ resolver 127.0.0.11 valid=5s; set $backend "matrix-prometheus-postgres-exporter:9187"; proxy_pass http://$backend/metrics; + {% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %} + proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics; {% else %} - {# Generic configuration for use outside of our container setup #} - {# This may be implemented in the future. #} - return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable"; + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; {% endif %} } diff --git a/roles/matrix-prometheus-postgres-exporter/vars/main.yml b/roles/matrix-prometheus-postgres-exporter/vars/main.yml new file mode 100644 index 00000000..aed3b216 --- /dev/null +++ b/roles/matrix-prometheus-postgres-exporter/vars/main.yml @@ -0,0 +1,5 @@ +--- + +# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`, +# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234') +matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e6138bba..99ce80c0 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}" matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_synapse_version: v1.63.1 +matrix_synapse_version: v1.64.0 matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" diff --git a/setup.yml b/setup.yml index 49612a8c..18fbdf10 100755 --- a/setup.yml +++ b/setup.yml @@ -17,6 +17,7 @@ - matrix-bridge-appservice-slack - matrix-bridge-appservice-webhooks - matrix-bridge-appservice-irc + - matrix-bridge-appservice-kakaotalk - matrix-bridge-beeper-linkedin - matrix-bridge-go-skype-bridge - matrix-bridge-mautrix-facebook @@ -27,6 +28,7 @@ - matrix-bridge-mautrix-signal - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp + - matrix-bridge-mautrix-discord - matrix-bridge-mx-puppet-discord - matrix-bridge-mx-puppet-groupme - matrix-bridge-mx-puppet-steam