pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

Browse source
This commit is contained in:
teutat3s 2022-08-08 13:52:01 +02:00
parent 8b057ab29b c98e3f05ab
commit ca40fa9747
Signed by: teutat3s
GPG key ID: 18DAE600A6BBE705
83 changed files with 1958 additions and 137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
CHANGELOG.md
View file

@ -1,3 +1,21 @@
# 2022-07-29
## mautrix-discord support
Thanks to [MdotAmaan](https://github.com/MdotAmaan)'s efforts, the playbook now supports bridging to [Discord](https://discordapp.com/) via the [mautrix-discord](https://mau.dev/mautrix/discord) bridge. See our [Setting up Mautrix Discord bridging](docs/configuring-playbook-bridge-mautrix-discord.md) documentation page for getting started.
**Note**: this is a new Discord bridge. The playbook still retains Discord bridging via [matrix-appservice-discord](docs/configuring-playbook-bridge-appservice-discord.md) and [mx-puppet-discord](docs/configuring-playbook-bridge-mx-puppet-discord.md). You're free too use the bridge that serves you better, or even all three of them (for different users and use-cases).
# 2022-07-27
## matrix-appservice-kakaotalk support
The playbook now supports bridging to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) via [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) - a bridge based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code. Thanks to [hnarjis](https://github.com/hnarjis) for helping us add support for this!
See our [Setting up Appservice Kakaotalk bridging](docs/configuring-playbook-bridge-appservice-kakaotalk.md) documentation to get started.
# 2022-07-20
## maubot support

2
README.md
View file

@ -89,7 +89,7 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge for [Discord](https://discordapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-discord.md](docs/configuring-playbook-bridge-mx-puppet-discord.md) for setup documentation
- (optional) the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
- (optional) the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge for [GroupMe](https://groupme.com/) - see [docs/configuring-playbook-bridge-mx-puppet-groupme.md](docs/configuring-playbook-bridge-mx-puppet-groupme.md) for setup documentation
- (optional) the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge for [Steam](https://steamapp.com/) - see [docs/configuring-playbook-bridge-mx-puppet-steam.md](docs/configuring-playbook-bridge-mx-puppet-steam.md) for setup documentation

7
docs/configuring-playbook-bot-maubot.md
View file

@ -61,10 +61,3 @@ You can expand "Access token" to copy it.
![Obatining an admin access token with Element](assets/obtain_admin_access_token_element.png)
**IMPORTANT**: once you copy the token, just close the Matrix client window/tab. Do not "log out", as that would invalidate the token.

4
docs/configuring-playbook-bridge-appservice-discord.md
View file

@ -1,6 +1,8 @@
# Setting up Appservice Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) bridge supported by the playbook.
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing.
- For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you.

68
docs/configuring-playbook-bridge-appservice-kakaotalk.md Normal file
View file

@ -0,0 +1,68 @@
# Setting up Appservice Kakaotalk (optional)
The playbook can install and configure [matrix-appservice-kakaotalk](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) for you. `matrix-appservice-kakaotalk` is a bridge to [Kakaotalk](https://www.kakaocorp.com/page/service/service/KakaoTalk?lang=ENG) based on [node-kakao](https://github.com/storycraft/node-kakao) (now unmaintained) and some [mautrix-facebook](https://github.com/mautrix/facebook) code.
See the project's [documentation](https://src.miscworks.net/fair/matrix-appservice-kakaotalk) to learn what it does and why it might be useful to you.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_appservice_kakaotalk_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the Kakaotalk bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_appservice_kakaotalk_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Appservice-Kakaotalk", "initial_device_display_name": "Appservice-Kakaotalk"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Appservice-Kakaotalk` device some time in the future, as that would break the Double Puppeting feature
## Usage
Start a chat with `@kakaotalkbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
Send `login --save EMAIL_OR_PHONE_NUMBER` to the bridge bot to enable bridging for your Kakaotalk account. The `--save` flag may be omitted, if you'd rather not save your password.
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

87
docs/configuring-playbook-bridge-mautrix-discord.md Normal file
View file

@ -0,0 +1,87 @@
# Setting up Mautrix Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the `mautrix-discord` bridge (the one being discussed here), because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The `mautrix-discord` bridge (the one being discussed here) is the most fully-featured and stable of the 3 Discord bridges supported by the playbook, so it's the one we recommend.
The playbook can install and configure [mautrix-discord](https://github.com/mautrix/discord) for you.
See the project's [documentation](https://docs.mau.fi/bridges/go/discord/index.html) to learn what it does and why it might be useful to you.
## Prerequisites
For using this bridge, you would **need to authenticate by scanning a QR code with the Discord app on your phone**.
You can delete the Discord app after the authentication process.
If this is a dealbreaker for you, consider using one of the other Discord bridges supported by the playbook: [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) or [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md). These come with their own complexity and limitations, however, so we recommend that you proceed with this one if possible.
## Installing
To enable the bridge, add this to your `vars.yml` file:
```yaml
matrix_mautrix_discord_enabled: true
```
You may optionally wish to add some [Additional configuration](#additional-configuration), or to [prepare for double-puppeting](#set-up-double-puppeting) before the initial installation.
After adjusting your `vars.yml` file, re-run the playbook and restart all services: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
To make use of the bridge, see [Usage](#usage) below.
### Additional configuration
There are some additional things you may wish to configure about the bridge.
Take a look at:
- `roles/matrix-bridge-mautrix-discord/defaults/main.yml` for some variables that you can customize via your `vars.yml` file
- `roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2` for the bridge's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_mautrix_discord_configuration_extension_yaml` variable
### Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
#### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
#### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. You can use the following command:
```
curl \
--data '{"identifier": {"type": "m.id.user", "user": "YOUR_MATRIX_USERNAME" }, "password": "YOUR_MATRIX_PASSWORD", "type": "m.login.password", "device_id": "Mautrix-Discord", "initial_device_display_name": "Mautrix-Discord"}' \
https://matrix.DOMAIN/_matrix/client/r0/login
```
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Discord` device some time in the future, as that would break the Double Puppeting feature
## Usage
1. Start a chat with `@discordbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send a `login` command
3. You'll see a QR code which you need to scan with the Discord app on your phone. You can scan it with the camera app too, which will open Discord, which will then instruct you to scan it a 2nd time in the Discord app.
4. After confirming (in the Discord app) that you'd like to allow this login, the bot should respond with "Succcessfully authenticated as ..."
5. Now that you're logged in, you can send a `help` command to the bot again, to see additional commands you have access to
6. Some Direct Messages from Discord should start syncing automatically
7. If you'd like to bridge guilds:
- send `guilds status` to see the list of guilds
- for each guild that you'd like bridged, send `guilds bridge GUILD_ID --entire`
8. You may wish to uninstall the Discord app from your phone now. It's not needed for the bridge to function.

4
docs/configuring-playbook-bridge-mx-puppet-discord.md
View file

@ -1,6 +1,8 @@
# Setting up MX Puppet Discord (optional)
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md) bridge supported by the playbook.
**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [matrix-appservice-discord](configuring-playbook-bridge-appservice-discord.md)and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook.
- For using as a Bot we recommend the [Appservice Discord](configuring-playbook-bridge-appservice-discord.md), because it supports plumbing.
- For personal use with a discord account we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook.
The playbook can install and configure
[mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) for you.

2
docs/configuring-playbook-bridge-mx-puppet-groupme.md
View file

@ -1,7 +1,7 @@
# Setting up MX Puppet GroupMe (optional)
The playbook can install and configure
[mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) for you.
[mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) for you.
See the project page to learn what it does and why it might be useful to you.

12
docs/configuring-playbook-synapse-admin.md
View file

@ -62,3 +62,15 @@ matrix_synapse_admin_container_extra_arguments:
# The Synapse Admin container uses port 80 by default
- '--label "traefik.http.services.matrix-synapse-admin.loadbalancer.server.port=80"'
```
### Sample configuration for running behind Caddy v2
Below is a sample configuration for using this playbook with a [Caddy](https://caddyserver.com/v2) 2.0 reverse proxy (non-default configuration where `matrix-nginx-proxy` is disabled - `matrix_nginx_proxy_enabled: false`).
```caddy
# This is a basic configuration that will function the same as the default nginx proxy - exposing the synapse-admin panel to matrix.YOURSERVER.com/synapse-admin/
handle_path /synapse-admin* {
reverse_proxy localhost:8766 {
}
}
```

11
docs/configuring-playbook.md
View file

@ -18,6 +18,7 @@ You can then follow these steps inside the playbook directory:
1. edit the inventory hosts file (`inventory/hosts`) to your liking
1. (optional, advanced) to run Ansible against multiple servers with different `sudo` credentials, you can copy the sample inventory hosts yaml file for each of your hosts: (`cp examples/host.yml inventory/my_host1.yml` …) and use the [`ansible-all-hosts.sh`](../inventory/scripts/ansible-all-hosts.sh) script [in the installation step](installing.md).
For a basic Matrix installation, that's all you need.
For a more custom setup, see the [Other configuration options](#other-configuration-options) below.
@ -51,7 +52,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Serving your base domain using this playbook's nginx server](configuring-playbook-base-domain-serving.md) (optional)
- [Configure Nginx (optional, advanced)](configuring-playbook-nginx.md) (optional, advanced)
- [Configure Nginx](configuring-playbook-nginx.md) (optional, advanced)
- [Using your own webserver, instead of this playbook's nginx proxy](configuring-playbook-own-webserver.md) (optional, advanced)
@ -92,6 +93,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
### Bridging other networks
- [Setting up Mautrix Discord bridging](configuring-playbook-bridge-mautrix-discord.md) (optional)
- [Setting up Mautrix Telegram bridging](configuring-playbook-bridge-mautrix-telegram.md) (optional)
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
@ -110,14 +113,16 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
- [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional)
- [Setting up Appservice Webhooks bridging](configuring-playbook-bridge-appservice-webhooks.md) (optional)
- [Setting up Appservice Kakaotalk bridging](configuring-playbook-bridge-appservice-kakaotalk.md) (optional)
- [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional)
- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
- ~~[Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md)~~ (optional) - this component has been broken for a long time, so it has been removed from the playbook. Consider [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md)

2
docs/container-images.md
View file

@ -76,7 +76,7 @@ These services are not part of our default installation, but can be enabled by [
- [sorunome/mx-puppet-discord](https://hub.docker.com/r/sorunome/mx-puppet-discord) - the [mx-puppet-discord](https://github.com/matrix-discord/mx-puppet-discord) bridge to [Discord](https://discordapp.com) (optional)
- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/robintown/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional)
- [xangelix/mx-puppet-groupme](https://hub.docker.com/r/xangelix/mx-puppet-groupme) - the [mx-puppet-groupme](https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme) bridge to [GroupMe](https://groupme.com/) (optional)
- [icewind1991/mx-puppet-steam](https://hub.docker.com/r/icewind1991/mx-puppet-steam) - the [mx-puppet-steam](https://github.com/icewind1991/mx-puppet-steam) bridge to [Steam](https://steampowered.com) (optional)

11
examples/host.yml Normal file
View file

@ -0,0 +1,11 @@
---
# This is a host file for usage with the `ansible-all-hosts.sh` script,
# which runs Ansible against a bunch of hosts, each with its own `sudo` password.
matrix_servers:
hosts:
matrix.<your domain>:
ansible_host: <your server's external ip address>
ansible_ssh_user: <your ssh user>
become: true
become_user: root

95
group_vars/matrix_servers
View file

@ -213,6 +213,43 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_homeserver_gen
#
######################################################################
######################################################################
#
# matrix-bridge-appservice-kakaotalk
#
######################################################################
# We don't enable bridges by default.
matrix_appservice_kakaotalk_enabled: false
matrix_appservice_kakaotalk_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-appservice-kakaotalk-node.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
}}
matrix_appservice_kakaotalk_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.hs') | to_uuid }}"
matrix_appservice_kakaotalk_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
matrix_appservice_kakaotalk_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_appservice_kakaotalk_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'as.kakao.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-appservice-kakaotalk
#
######################################################################
######################################################################
#
@ -261,7 +298,7 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge
# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false
matrix_go_skype_bridge_container_image_self_build: true
matrix_go_skype_bridge_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_go_skype_bridge_systemd_required_services_list: |
{{
@ -624,6 +661,44 @@ matrix_mautrix_whatsapp_database_password: "{{ '%s' | format(matrix_homeserver_g
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-discord
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_discord_enabled: false
matrix_mautrix_discord_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_discord_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_discord_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.as.tok') | to_uuid }}"
matrix_mautrix_discord_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudisc.hs.tok') | to_uuid }}"
matrix_mautrix_discord_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_mautrix_discord_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_mautrix_discord_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maudiscord.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-discord
#
######################################################################
######################################################################
#
# matrix-sms-bridge
@ -1050,6 +1125,8 @@ matrix_bot_maubot_registration_shared_secret: |-
}[matrix_homeserver_implementation]
}}
matrix_bot_maubot_management_interface_http_bind_port: "{{ '' if matrix_nginx_proxy_enabled else ('127.0.0.1:' + matrix_bot_maubot_management_interface_port | string) }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_bot_maubot_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_bot_maubot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mxpup.dsc.db') | to_uuid }}"
@ -1811,6 +1888,12 @@ matrix_postgres_additional_databases: |
'password': matrix_appservice_irc_database_password,
}] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_appservice_kakaotalk_database_name,
'username': matrix_appservice_kakaotalk_database_username,
'password': matrix_appservice_kakaotalk_database_password,
}] if (matrix_appservice_kakaotalk_enabled and matrix_appservice_kakaotalk_database_engine == 'postgres' and matrix_appservice_kakaotalk_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_beeper_linkedin_database_name,
'username': matrix_beeper_linkedin_database_username,
@ -1871,6 +1954,12 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_whatsapp_database_password,
}] if (matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_database_engine == 'postgres' and matrix_mautrix_whatsapp_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_discord_database_name,
'username': matrix_mautrix_discord_database_username,
'password': matrix_mautrix_discord_database_password,
}] if (matrix_mautrix_discord_enabled and matrix_mautrix_discord_database_engine == 'postgres' and matrix_mautrix_discord_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mx_puppet_slack_database_name,
'username': matrix_mx_puppet_slack_database_username,
@ -2007,7 +2096,7 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_client_element_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Element over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -2075,7 +2164,7 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl
matrix_client_cinny_enabled: false
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
matrix_client_cinny_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Cinny over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose

32
inventory/scripts/ansible-all-hosts.sh Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env bash
#
# Run the playbook on multiple hosts with different credentials with this script
# It defaults to ansible tags "setup-all,start". You can pass alternative tags
# to this script as arguments, e.g.
#
# ./inventory/scripts/ansible-all-hosts.sh self-check
#
# set playbook root path
root=$(dirname "$(readlink -f "$0")")/../..
# set default tags or get from first argument if any
tags="${1:-setup-all,start}"
# init password array
declare -A pws
# capture passwords for all hosts
for host in "$root"/inventory/*.yml; do
read -rp "sudo password for $(basename "$host"): " -s pw
pws[$host]="$pw"
echo
done
# run ansible on all captured passwords/hosts
for host in "${!pws[@]}"; do
ansible-playbook "$root"/setup.yml \
--inventory-file "$host" \
--extra-vars "ansible_become_pass=${pws[$host]}" \
--tags="$tags"
done

8
inventory/scripts/jitsi-generate-passwords.sh
View file

@ -18,7 +18,7 @@ JIBRI_XMPP_PASSWORD=$(generatePassword)
echo "# Paste these variables into your inventory/host_vars/matrix.DOMAIN/vars.yml file:"
echo ""
echo "matrix_jitsi_jicofo_auth_password: "$JICOFO_AUTH_PASSWORD
echo "matrix_jitsi_jvb_auth_password: "$JVB_AUTH_PASSWORD
echo "matrix_jitsi_jibri_recorder_password: "$JIBRI_RECORDER_PASSWORD
echo "matrix_jitsi_jibri_xmpp_password: "$JIBRI_XMPP_PASSWORD
echo "matrix_jitsi_jicofo_auth_password: $JICOFO_AUTH_PASSWORD"
echo "matrix_jitsi_jvb_auth_password: $JVB_AUTH_PASSWORD"
echo "matrix_jitsi_jibri_recorder_password: $JIBRI_RECORDER_PASSWORD"
echo "matrix_jitsi_jibri_xmpp_password: $JIBRI_XMPP_PASSWORD"

7
roles/matrix-backup-borg/tasks/setup_install.yml
View file

@ -1,6 +1,13 @@
---
- block:
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`matrix_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not matrix_postgres_enabled
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: detect_existing_postgres_version

8
roles/matrix-bot-honoroit/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git"
matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.10
matrix_bot_honoroit_version: v0.9.12
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
@ -91,6 +91,12 @@ matrix_bot_honoroit_noencryption: false
# Max items in cache
matrix_bot_honoroit_cachesize: ''
# List of ignored room IDs
matrix_bot_honoroit_ignoredrooms: []
# Ignore messages outside of threads
matrix_bot_honoroit_ignorenothread: false
# Text prefix: open
matrix_bot_honoroit_text_prefix_open: ''

2
roles/matrix-bot-honoroit/templates/env.j2
View file

@ -9,6 +9,8 @@ HONOROIT_SENTRY={{ matrix_bot_honoroit_sentry }}
HONOROIT_LOGLEVEL={{ matrix_bot_honoroit_loglevel }}
HONOROIT_CACHESIZE={{ matrix_bot_honoroit_cachesize }}
HONOROIT_NOENCRYPTION={{ matrix_bot_honoroit_noencryption }}
HONOROIT_IGNORENOTHREAD={{ matrix_bot_honoroit_ignorenothread }}
HONOROIT_IGNOREDROOMS={{ matrix_bot_honoroit_ignoredrooms|join(' ') }}
HONOROIT_TEXT_PREFIX_OPEN={{ matrix_bot_honoroit_text_prefix_open }}
HONOROIT_TEXT_PREFIX_DONE={{ matrix_bot_honoroit_text_prefix_done }}
HONOROIT_TEXT_NOENCRYPTION={{ matrix_bot_honoroit_text_noencryption }}

3
roles/matrix-bot-maubot/templates/config/config.yaml.j2
View file

@ -27,6 +27,9 @@ plugin_directories:
# Configuration for storing plugin databases
plugin_databases:
# Some plugins still require sqlite, so configure a path here.
# postgres will be used if supported.
sqlite: /data/dbs
postgres: default
server:

4
roles/matrix-bot-maubot/templates/systemd/matrix-bot-maubot.service.j2
View file

@ -28,10 +28,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-maubot \
{% endfor %}
--network={{ matrix_docker_network }} \
{% if matrix_bot_maubot_management_interface_http_bind_port %}
-p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }}
-p {{ matrix_bot_maubot_management_interface_http_bind_port }}:{{ matrix_bot_maubot_management_interface_port }} \
{% endif %}
{{ matrix_bot_maubot_docker_image }} \
python3 -m maubot -c /config/config.yaml
python3 -m maubot -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-maubot 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true'

200
roles/matrix-bridge-appservice-kakaotalk/defaults/main.yml Normal file
View file

@ -0,0 +1,200 @@
---
# matrix-appservice-kakaotalk is a Matrix <-> Kakaotalk bridge
# Project source code URL: https://src.miscworks.net/fair/matrix-appservice-kakaotalk/
matrix_appservice_kakaotalk_enabled: true
# No images are published for neither of the container images (appservice or node), so we're self-building everything.
matrix_appservice_kakaotalk_container_image_self_build: true
# matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/fair/matrix-appservice-kakaotalk.git"
#
# hnarjis' fork is used instead of upstream (fair's), because upstream is currently broken.
# The following error happens when chatting up the bot without this fix:
# [2022-07-25 09:04:53,784] [ERROR@mau.as] Exception in Matrix event handler
# Traceback (most recent call last):
# File "/usr/lib/python3.9/site-packages/mautrix/appservice/as_handler.py", line 239, in try_handle
# await handler_func(event)
# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 820, in int_handle_event
# await self.int_handle_invite(evt)
# File "/usr/lib/python3.9/site-packages/mautrix/bridge/matrix.py", line 441, in int_handle_invite
# inviter = await self.bridge.get_user(evt.sender)
# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/__main__.py", line 112, in get_user
# return await User.get_by_mxid(user_id, create=create)
# File "/usr/lib/python3.9/site-packages/mautrix/util/async_getter_lock.py", line 60, in wrapper
# return await fn(cls, *args, **kwargs)
# File "/usr/lib/python3.9/site-packages/matrix_appservice_kakaotalk/user.py", line 227, in get_by_mxid
# user = cls(mxid)
# TypeError: __init__() missing 2 required positional arguments: 'force_login' and 'was_connected'
matrix_appservice_kakaotalk_container_image_self_build_repo: "https://src.miscworks.net/hnarjis/matrix-appservice-kakaotalk.git"
matrix_appservice_kakaotalk_container_image_self_build_repo_version: "{{ 'master' if matrix_appservice_kakaotalk_version == 'latest' else matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_node_version: "{{ matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_node_docker_image: "{{ matrix_appservice_kakaotalk_node_docker_image_prefix }}fair/matrix-appservice-kakaotalk-node:{{ matrix_appservice_kakaotalk_node_version }}"
matrix_appservice_kakaotalk_node_docker_image_prefix: "localhost/"
matrix_appservice_kakaotalk_node_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_node_docker_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_version: 86c038fd2ffee5e0aebf65136f085cce7e38b54e
matrix_appservice_kakaotalk_docker_image: "{{ matrix_appservice_kakaotalk_docker_image_name_prefix }}fair/matrix-appservice-kakaotalk:{{ matrix_appservice_kakaotalk_version }}"
matrix_appservice_kakaotalk_docker_image_name_prefix: "localhost/"
matrix_appservice_kakaotalk_docker_image_force_pull: "{{ matrix_appservice_kakaotalk_docker_image.endswith(':latest') }}"
matrix_appservice_kakaotalk_base_path: "{{ matrix_base_data_path }}/appservice-kakaotalk"
matrix_appservice_kakaotalk_config_path: "{{ matrix_appservice_kakaotalk_base_path }}/config"
matrix_appservice_kakaotalk_data_path: "{{ matrix_appservice_kakaotalk_base_path }}/data"
matrix_appservice_kakaotalk_docker_src_files_path: "{{ matrix_appservice_kakaotalk_base_path }}/docker-src"
matrix_appservice_kakaotalk_command_prefix: "!kt"
matrix_appservice_kakaotalk_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_appservice_kakaotalk_homeserver_domain: '{{ matrix_domain }}'
matrix_appservice_kakaotalk_appservice_address: 'http://matrix-appservice-kakaotalk:11115'
# A list of extra arguments to pass to the appservice-kakaotalk container
matrix_appservice_kakaotalk_container_extra_arguments: []
# List of systemd services that matrix-appservice-kakaotalk.service depends on.
matrix_appservice_kakaotalk_systemd_required_services_list: ['docker.service', 'matrix-appservice-kakaotalk-node.service']
# List of systemd services that matrix-appservice-kakaotalk.service wants
matrix_appservice_kakaotalk_systemd_wanted_services_list: []
# A list of extra arguments to pass to the appservice-kakaotalk-node container
matrix_appservice_kakaotalk_node_container_extra_arguments: []
# List of systemd services that matrix-appservice-kakaotalk-node.service depends on.
matrix_appservice_kakaotalk_node_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-appservice-kakaotalk-node.service wants
matrix_appservice_kakaotalk_node_systemd_wanted_services_list: []
matrix_appservice_kakaotalk_appservice_token: ''
matrix_appservice_kakaotalk_homeserver_token: ''
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_appservice_kakaotalk_federate_rooms: true
# Database-related configuration fields.
#
# To use SQLite:
# - change the engine (`matrix_appservice_kakaotalk_database_engine: 'sqlite'`)
# To use Postgres:
# - adjust your database credentials via the `matrix_appservice_kakaotalk_database_*` variables
matrix_appservice_kakaotalk_database_engine: 'postgres'
matrix_appservice_kakaotalk_sqlite_database_path_local: "{{ matrix_appservice_kakaotalk_data_path }}/appservice-kakaotalk.db"
matrix_appservice_kakaotalk_sqlite_database_path_in_container: "/data/appservice-kakaotalk.db"
matrix_appservice_kakaotalk_database_username: 'matrix_appservice_kakaotalk'
matrix_appservice_kakaotalk_database_password: 'some-password'
matrix_appservice_kakaotalk_database_hostname: 'matrix-postgres'
matrix_appservice_kakaotalk_database_port: 5432
matrix_appservice_kakaotalk_database_name: 'matrix_appservice_kakaotalk'
matrix_appservice_kakaotalk_database_connection_string: 'postgres://{{ matrix_appservice_kakaotalk_database_username }}:{{ matrix_appservice_kakaotalk_database_password }}@{{ matrix_appservice_kakaotalk_database_hostname }}:{{ matrix_appservice_kakaotalk_database_port }}/{{ matrix_appservice_kakaotalk_database_name }}'
matrix_appservice_kakaotalk_appservice_database: "{{
{
'sqlite': ('sqlite:///' + matrix_appservice_kakaotalk_sqlite_database_path_in_container),
'postgres': matrix_appservice_kakaotalk_database_connection_string,
}[matrix_appservice_kakaotalk_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
# Also see: matrix_appservice_kakaotalk_bridge_login_shared_secret_map
matrix_appservice_kakaotalk_login_shared_secret: ''
matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}"
matrix_appservice_kakaotalk_bridge_permissions: |
{{
{matrix_appservice_kakaotalk_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
matrix_appservice_kakaotalk_appservice_bot_username: kakaotalkbot
matrix_appservice_kakaotalk_user_prefix: 'kakaotalk_'
# End-to-bridge encryption configuration
matrix_appservice_kakaotalk_bridge_encryption_allow: false
matrix_appservice_kakaotalk_bridge_encryption_default: "{{ matrix_appservice_kakaotalk_bridge_encryption_allow }}"
# Specifies the default log level for all bridge loggers.
matrix_appservice_kakaotalk_logging_level: WARNING
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_appservice_kakaotalk_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_kakaotalk_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_appservice_kakaotalk_configuration_yaml`.
matrix_appservice_kakaotalk_configuration_extension: "{{ matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml if matrix_appservice_kakaotalk_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_configuration_yaml`.
matrix_appservice_kakaotalk_configuration: "{{ matrix_appservice_kakaotalk_configuration_yaml | from_yaml | combine(matrix_appservice_kakaotalk_configuration_extension, recursive=True) }}"
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_appservice_kakaotalk_node_configuration_extension_yaml`)
# or completely replace this variable with your own template.
#
# The side-effect of this lookup is that Ansible would even parse the JSON for us, returning a dict.
# This is unlike what it does when looking up YAML template files (no automatic parsing there).
matrix_appservice_kakaotalk_node_configuration_default: "{{ lookup('template', 'templates/node-config.json.j2') }}"
# Your custom JSON configuration for appservice-kakaotalk-node should go to `matrix_appservice_kakaotalk_node_configuration_extension_json`.
# This configuration extends the default starting configuration (`matrix_appservice_kakaotalk_node_configuration_default`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_appservice_kakaotalk_node_configuration_default`.
#
# Example configuration extension follows:
#
# matrix_appservice_kakaotalk_node_configuration_extension_json: |
# {
# "register_timeout": 5000
# }
matrix_appservice_kakaotalk_node_configuration_extension_json: '{}'
matrix_appservice_kakaotalk_node_configuration_extension: "{{ matrix_appservice_kakaotalk_node_configuration_extension_json | from_json if matrix_appservice_kakaotalk_node_configuration_extension_json | from_json is mapping else {} }}"
# Holds the final appservice-kakaotalk-node configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_appservice_kakaotalk_node_configuration_default`.
matrix_appservice_kakaotalk_node_configuration: "{{ matrix_appservice_kakaotalk_node_configuration_default | combine(matrix_appservice_kakaotalk_node_configuration_extension, recursive=True) }}"
matrix_appservice_kakaotalk_registration_yaml: |
id: appservice-kakaotalk
as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }}
hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }}
namespaces:
users:
- exclusive: true
regex: '^@{{ matrix_appservice_kakaotalk_user_prefix | regex_escape }}.*:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_appservice_kakaotalk_appservice_bot_username | regex_escape }}:{{ matrix_appservice_kakaotalk_homeserver_domain | regex_escape }}$'
url: {{ matrix_appservice_kakaotalk_appservice_address | to_json }}
sender_localpart: _appservice_kakaotalk
rate_limited: false
matrix_appservice_kakaotalk_registration: "{{ matrix_appservice_kakaotalk_registration_yaml | from_yaml }}"

28
roles/matrix-bridge-appservice-kakaotalk/tasks/init.yml Normal file
View file

@ -0,0 +1,28 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8
ansible.builtin.fail:
msg: "To self-build the appservice-kakaotalk image, you should use Ansible 2.8 or higher. See docs/ansible.md"
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_appservice_kakaotalk_container_image_self_build and matrix_appservice_kakaotalk_enabled"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-kakaotalk.service', 'matrix-appservice-kakaotalk-node.service'] }}"
when: matrix_appservice_kakaotalk_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/registration.yaml,dst=/matrix-appservice-kakaotalk-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
+
["/matrix-appservice-kakaotalk-registration.yaml"]
}}
when: matrix_appservice_kakaotalk_enabled | bool

23
roles/matrix-bridge-appservice-kakaotalk/tasks/main.yml Normal file
View file

@ -0,0 +1,23 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
tags:
- setup-all
- setup-appservice-kakaotalk
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_appservice_kakaotalk_enabled | bool"
tags:
- setup-all
- setup-appservice-kakaotalk
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_appservice_kakaotalk_enabled | bool"
tags:
- setup-all
- setup-appservice-kakaotalk

125
roles/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,125 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-matrix-appservice-kakaotalk role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- name: Ensure matrix-appservice-kakaotalk image is pulled
docker_image:
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_docker_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-appservice-kakaotalk-node image is pulled
docker_image:
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_appservice_kakaotalk_node_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_node_docker_image_force_pull }}"
when: not matrix_appservice_kakaotalk_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-appservice-kakaotalk paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_appservice_kakaotalk_base_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_config_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_data_path }}", when: true}
- {path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}", when: "{{ matrix_appservice_kakaotalk_container_image_self_build }}"}
when: item.when | bool
- name: Ensure matrix-appservice-kakaotalk repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo }}"
dest: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
version: "{{ matrix_appservice_kakaotalk_container_image_self_build_repo_version }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_appservice_kakaotalk_git_pull_results
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk-node Docker image is built
docker_image:
name: "{{ matrix_appservice_kakaotalk_node_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}/node"
pull: true
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk Docker image is built
docker_image:
name: "{{ matrix_appservice_kakaotalk_docker_image }}"
source: build
force_source: "{{ matrix_appservice_kakaotalk_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_appservice_kakaotalk_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_appservice_kakaotalk_docker_src_files_path }}"
pull: true
when: "matrix_appservice_kakaotalk_container_image_self_build | bool"
- name: Ensure matrix-appservice-kakaotalk-node config.json installed
ansible.builtin.copy:
content: "{{ matrix_appservice_kakaotalk_node_configuration | to_nice_json }}"
dest: "{{ matrix_appservice_kakaotalk_config_path }}/node-config.json"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-kakaotalk config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_appservice_kakaotalk_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_kakaotalk_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-kakaotalk registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_appservice_kakaotalk_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_appservice_kakaotalk_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-appservice-kakaotalk-node.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk-node.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
mode: 0644
register: matrix_appservice_kakaotalk_node_systemd_service_result
- name: Ensure matrix-appservice-kakaotalk.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-appservice-kakaotalk.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
mode: 0644
register: matrix_appservice_kakaotalk_systemd_service_result
- name: Ensure systemd reloaded after matrix-appservice-kakaotalk.service or matrix-appservice-kakaotalk-node.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_appservice_kakaotalk_node_systemd_service_result.changed or matrix_appservice_kakaotalk_systemd_service_result.changed

41
roles/matrix-bridge-appservice-kakaotalk/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,41 @@
---
- name: Check existence of matrix-appservice-kakaotalk service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
register: matrix_appservice_kakaotalk_service_stat
- name: Ensure matrix-appservice-kakaotalk is stopped
ansible.builtin.service:
name: matrix-appservice-kakaotalk
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
- name: Check existence of matrix-appservice-kakaotalk-node service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
register: matrix_appservice_kakaotalk_node_service_stat
- name: Ensure matrix-appservice-kakaotalk-node is stopped
ansible.builtin.service:
name: matrix-appservice-kakaotalk-node
state: stopped
enabled: false
daemon_reload: true
when: "matrix_appservice_kakaotalk_node_service_stat.stat.exists"
- name: Ensure matrix-appservice-kakaotalk.service files don't exist
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk-node.service"
- "{{ matrix_systemd_path }}/matrix-appservice-kakaotalk.service"
when: "matrix_appservice_kakaotalk_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-appservice-kakaotalk service files removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_appservice_kakaotalk_service_stat.stat.exists or matrix_appservice_kakaotalk_node_service_stat.stat.exists"

10
roles/matrix-bridge-appservice-kakaotalk/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_appservice_kakaotalk_appservice_token"
- "matrix_appservice_kakaotalk_homeserver_token"

276
roles/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,276 @@
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_appservice_kakaotalk_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_appservice_kakaotalk_homeserver_domain | to_json }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Whether or not the homeserver supports asmux-specific endpoints,
# such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically
# updating m.direct.
asmux: false
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's MQTT connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Whether asynchronous uploads via MSC2246 should be enabled for media.
# Requires a media repo that supports MSC2246.
async_media: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_appservice_kakaotalk_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 11115
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: {{ matrix_appservice_kakaotalk_appservice_database | to_json }}
# Additional arguments for asyncpg.create_pool() or sqlite3.connect()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored.
database_opts:
min_size: 5
max_size: 10
# The unique ID of this appservice.
id: appservice-kakaotalk
# Username of the appservice bot.
bot_username: {{ matrix_appservice_kakaotalk_appservice_bot_username | to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: KakaoTalk bridge bot
bot_avatar:
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_appservice_kakaotalk_appservice_token | to_json }}
hs_token: {{ matrix_appservice_kakaotalk_homeserver_token | to_json }}
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false
# The path for the unix socket.
path: /var/tmp/matrix-appservice-kakaotalk.manhole
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
# Config for things that are directly sent to KakaoTalk.
kakaotalk:
device_name: "KakaoTalk Bridge"
# Bridge config
bridge:
# Localpart template of MXIDs for KakaoTalk users.
# {userid} is replaced with the user ID of the KakaoTalk user.
username_template: "{{ matrix_appservice_kakaotalk_user_prefix }}{userid}"
# Displayname template for KakaoTalk users.
# {displayname} is replaced with the display name of the KakaoTalk user.
displayname_template: "{displayname} (KT)"
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_appservice_kakaotalk_command_prefix | to_json }}
# Number of chats to sync (and create portals for) on startup/login.
# Set to 0 to disable automatic syncing, or -1 to sync as much as possible.
initial_chat_sync: 20
# Whether or not the KakaoTalk users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: true
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map: {{ matrix_appservice_kakaotalk_bridge_login_shared_secret_map | to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_appservice_kakaotalk_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_appservice_kakaotalk_bridge_encryption_default| to_json }}
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to KakaoTalk.
delivery_receipts: false
# Whether to allow inviting arbitrary mxids to portal rooms
allow_invites: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_appservice_kakaotalk_federate_rooms | to_json }}
# Settings for backfilling messages from KakaoTalk.
backfill:
# Whether or not the KakaoTalk users of logged in Matrix users should be
# invited to private chats when backfilling history from KakaoTalk. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal, or -1 to backfill as much as possible.
initial_limit: 0
# Maximum number of messages to backfill if messages were missed while
# the bridge was disconnected.
# Set to 0 to disable backfilling missed messages, or -1 to backfill as much as possible.
missed_limit: 1000
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
# The number of seconds that a disconnection can last without triggering an automatic re-sync
# and missed message backfilling when reconnecting.
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
resync_max_disconnected_time: 5
# Should users remain logged in after being disconnected from chatroom updates?
# This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
remain_logged_in_on_disconnect: true
# May the bridge restore user logins with session tokens instead of requiring a password?
# This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
# Note that password-based login will be tried first for users who have saved their password.
allow_token_relogin: true
# Should the bridge connect users to chatroom updates after a token-based login?
# This will disconnect any KakaoTalk PC/bridge sessions that were started since the last connection.
# This is a convenience feature, but might make the bridge look more suspicious to KakaoTalk.
reconnect_on_token_relogin: true
# Should the bridge do a resync for connected users on startup?
sync_on_startup: true
# Whether or not temporary disconnections should send notices to the notice room.
# If this is false, disconnections will never send messages and connections will only send
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
temporary_disconnect_notices: true
# Disable bridge notices entirely
disable_bridge_notices: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# Whether or not mute status and tags should only be bridged when the portal room is created.
tag_only_on_create: true
# If set to true, downloading media from the CDN will use a plain aiohttp client without the usual headers or
# other configuration. This may be useful if you don't want to use the default proxy for large files.
sandbox_media_download: false
# Permissions for using the bridge.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_appservice_kakaotalk_bridge_permissions | to_json }}
relay:
# Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# The formats to use when sending messages to KakaoTalk via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '<b>$sender_displayname</b>: $message'
m.notice: '<b>$sender_displayname<b>: $message'
m.emote: '* <b>$sender_displayname<b> $message'
m.file: 'File from <b>$sender_displayname</b>: $message'
m.image: 'Image from <b>$sender_displayname</b>: $message'
m.audio: 'Audio from <b>$sender_displayname</b>: $message'
m.video: 'Video from <b>$sender_displayname</b>: $message'
m.location: '<b>$sender_displayname</b> sent a location'
rpc:
connection:
# Either unix or tcp
type: tcp
# Only for type: unix
# path: /rpc/rpc.sock
# Only for type: tcp
host: matrix-appservice-kakaotalk-node
port: 8000
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): matrix_appservice_kakaotalk.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: {{ matrix_appservice_kakaotalk_logging_level | to_json }}
paho:
level: {{ matrix_appservice_kakaotalk_logging_level | to_json }}
aiohttp:
level: {{ matrix_appservice_kakaotalk_logging_level | to_json }}
root:
level: {{ matrix_appservice_kakaotalk_logging_level | to_json }}
handlers: [console]

13
roles/matrix-bridge-appservice-kakaotalk/templates/node-config.json.j2 Normal file
View file

@ -0,0 +1,13 @@
{
"listen": {
"type": "tcp",
"host": "0.0.0.0",
"port": 8000,
"force": false
},
"register_timeout": 3000,
"logging_keys": {
"request": ["mxid"],
"response": ["status"]
}
}

38
roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk-node.service.j2 Normal file
View file

@ -0,0 +1,38 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=appservice-kakaotalk-node bridge helper
{% for service in matrix_appservice_kakaotalk_node_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_appservice_kakaotalk_node_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk-node \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }}/node-config.json,dst=/config.json,ro \
{% for arg in matrix_appservice_kakaotalk_node_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_kakaotalk_node_docker_image }} \
node src/main.js --config /config.json
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk-node 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk-node 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-kakaotalk-node
[Install]
WantedBy=multi-user.target

42
roles/matrix-bridge-appservice-kakaotalk/templates/systemd/matrix-appservice-kakaotalk.service.j2 Normal file
View file

@ -0,0 +1,42 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=appservice-kakaotalk bridge
{% for service in matrix_appservice_kakaotalk_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_appservice_kakaotalk_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-kakaotalk \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_appservice_kakaotalk_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_appservice_kakaotalk_data_path }},dst=/data \
{% for arg in matrix_appservice_kakaotalk_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_appservice_kakaotalk_docker_image }} \
python3 -m matrix_appservice_kakaotalk -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-appservice-kakaotalk 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-appservice-kakaotalk 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-kakaotalk
[Install]
WantedBy=multi-user.target

9
roles/matrix-bridge-beeper-linkedin/defaults/main.yml
View file

@ -29,6 +29,12 @@ matrix_beeper_linkedin_bridge_presence: true
matrix_beeper_linkedin_command_prefix: "!li"
matrix_beeper_linkedin_bridge_permissions: |
{{
{matrix_beeper_linkedin_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_beeper_linkedin_container_extra_arguments: []
@ -72,6 +78,9 @@ matrix_beeper_linkedin_appservice_database_uri: "{{
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_beeper_linkedin_login_shared_secret: ''
# Specifies the default log level for all bridge loggers.
matrix_beeper_linkedin_logging_level: WARNING
# Default beeper-linkedin configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

12
roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View file

@ -50,12 +50,12 @@
- name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image
ansible.builtin.command:
cmd: |
{{ matrix_host_command_docker }} run \
--rm \
--entrypoint=/bin/sh \
--mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \
-w /work \
docker.io/python:3.9.6-buster \
{{ matrix_host_command_docker }} run
--rm
--entrypoint=/bin/sh
--mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work
-w /work
docker.io/python:3.9.6-buster
-c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
register: matrix_beeper_linkedin_generate_docker_requirements_result
changed_when: matrix_beeper_linkedin_generate_docker_requirements_result.rc == 0

16
roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
View file

@ -236,11 +236,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_beeper_linkedin_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_beeper_linkedin_bridge_permissions|to_json }}
@ -259,12 +255,12 @@ logging:
formatter: colored
loggers:
mau:
level: WARNING
level: {{ matrix_beeper_linkedin_logging_level|to_json }}
paho:
level: WARNING
level: {{ matrix_beeper_linkedin_logging_level|to_json }}
aiohttp:
level: WARNING
level: {{ matrix_beeper_linkedin_logging_level|to_json }}
root:
level: WARNING
handlers: [ console]
level: {{ matrix_beeper_linkedin_logging_level|to_json }}
handlers: [console]

28
roles/matrix-bridge-go-skype-bridge/defaults/main.yml
View file

@ -4,13 +4,13 @@
matrix_go_skype_bridge_enabled: true
matrix_go_skype_bridge_container_image_self_build: true
matrix_go_skype_bridge_container_image_self_build: false
matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git"
matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}"
matrix_go_skype_bridge_version: latest
matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}"
matrix_go_skype_bridge_docker_image_name_prefix: "localhost/"
matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}nodefyme/go-skype-bridge:{{ matrix_go_skype_bridge_version }}"
matrix_go_skype_bridge_docker_image_name_prefix: "{{ 'localhost/' if matrix_go_skype_bridge_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}"
matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge"
@ -85,6 +85,20 @@ matrix_go_skype_bridge_bridge_login_shared_secret_map:
matrix_go_skype_bridge_bridge_double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_go_skype_bridge_log_level: 'warn'
matrix_go_skype_bridge_bridge_permissions: |
{{
{matrix_go_skype_bridge_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default go-skype-bridge configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -124,11 +138,3 @@ matrix_go_skype_bridge_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_go_skype_bridge_log_level: 'warn'

6
roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2
View file

@ -197,11 +197,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_go_skype_bridge_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }}
relaybot:
# Whether or not relaybot support is enabled.

142
roles/matrix-bridge-mautrix-discord/defaults/main.yml Normal file
View file

@ -0,0 +1,142 @@
---
# mautrix-discord is a Matrix <-> Discord bridge
# Project source code URL: https://github.com/mautrix/discord
matrix_mautrix_discord_enabled: true
matrix_mautrix_discord_container_image_self_build: false
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
matrix_mautrix_discord_version: latest
# See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_discord_docker_image_force_pull: "{{ matrix_mautrix_discord_docker_image.endswith(':latest') }}"
matrix_mautrix_discord_base_path: "{{ matrix_base_data_path }}/mautrix-discord"
matrix_mautrix_discord_config_path: "{{ matrix_mautrix_discord_base_path }}/config"
matrix_mautrix_discord_data_path: "{{ matrix_mautrix_discord_base_path }}/data"
matrix_mautrix_discord_docker_src_files_path: "{{ matrix_mautrix_discord_base_path }}/docker-src"
matrix_mautrix_discord_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_discord_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_discord_appservice_address: "http://matrix-mautrix-discord:8080"
matrix_mautrix_discord_command_prefix: "!discord"
matrix_mautrix_discord_bridge_permissions: |
{{
{matrix_mautrix_discord_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_discord_container_extra_arguments: []
# List of systemd services that matrix-mautrix-discord.service depends on.
matrix_mautrix_discord_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-discord.service wants
matrix_mautrix_discord_systemd_wanted_services_list: []
matrix_mautrix_discord_appservice_token: ''
matrix_mautrix_discord_homeserver_token: ''
matrix_mautrix_discord_appservice_bot_username: discordbot
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_discord_logging_level: 'warn'
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_mautrix_discord_federate_rooms: true
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_discord_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_discord_database_*` variables
matrix_mautrix_discord_database_engine: 'sqlite'
matrix_mautrix_discord_sqlite_database_path_local: "{{ matrix_mautrix_discord_data_path }}/mautrix-discord.db"
matrix_mautrix_discord_sqlite_database_path_in_container: "/data/mautrix-discord.db"
matrix_mautrix_discord_database_username: 'matrix_mautrix_discord'
matrix_mautrix_discord_database_password: 'some-password'
matrix_mautrix_discord_database_hostname: 'matrix-postgres'
matrix_mautrix_discord_database_port: 5432
matrix_mautrix_discord_database_name: 'matrix_mautrix_discord'
matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable'
matrix_mautrix_discord_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_discord_database_engine]
}}"
matrix_mautrix_discord_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_discord_sqlite_database_path_in_container,
'postgres': matrix_mautrix_discord_database_connection_string,
}[matrix_mautrix_discord_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_discord_login_shared_secret: ''
matrix_mautrix_discord_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_discord_homeserver_domain: matrix_mautrix_discord_login_shared_secret} if matrix_mautrix_discord_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_discord_bridge_double_puppet_server_map:
"{{ matrix_mautrix_discord_homeserver_domain : matrix_mautrix_discord_homeserver_address }}"
# Default mautrix-discord configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_discord_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_discord_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_discord_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_discord_configuration_yaml`.
matrix_mautrix_discord_configuration_extension: "{{ matrix_mautrix_discord_configuration_extension_yaml | from_yaml if matrix_mautrix_discord_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_discord_configuration_yaml`.
matrix_mautrix_discord_configuration: "{{ matrix_mautrix_discord_configuration_yaml | from_yaml | combine(matrix_mautrix_discord_configuration_extension, recursive=True) }}"
matrix_mautrix_discord_registration_yaml: |
id: discord
url: {{ matrix_mautrix_discord_appservice_address }}
as_token: "{{ matrix_mautrix_discord_appservice_token }}"
hs_token: "{{ matrix_mautrix_discord_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_discord_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@discord_[0-9]+:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_discord_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_discord_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_discord_registration: "{{ matrix_mautrix_discord_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_discord_bridge_encryption_allow: false
matrix_mautrix_discord_bridge_encryption_default: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"
matrix_mautrix_discord_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_discord_bridge_encryption_allow }}"

21
roles/matrix-bridge-mautrix-discord/tasks/init.yml Normal file
View file

@ -0,0 +1,21 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-discord.service'] }}"
when: matrix_mautrix_discord_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_mautrix_discord_config_path }}/registration.yaml,dst=/matrix-mautrix-discord-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
{{
matrix_synapse_app_service_config_files | default([])
+
["/matrix-mautrix-discord-registration.yaml"]
}}
when: matrix_mautrix_discord_enabled | bool

22
roles/matrix-bridge-mautrix-discord/tasks/main.yml Normal file
View file

@ -0,0 +1,22 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_mautrix_discord_enabled | bool"
tags:
- setup-all
- setup-mautrix-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup and matrix_mautrix_discord_enabled"
tags:
- setup-all
- setup-mautrix-discord
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup and not matrix_mautrix_discord_enabled"
tags:
- setup-all
- setup-mautrix-discord

122
roles/matrix-bridge-mautrix-discord/tasks/setup_install.yml Normal file
View file

@ -0,0 +1,122 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-mautrix-discord role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: false
- block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
register: matrix_mautrix_discord_sqlite_database_path_local_stat_result
- block:
- ansible.builtin.set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_discord_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_discord_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-discord.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.import_role:
name: matrix-postgres
tasks_from: migrate_db_to_postgres
- ansible.builtin.set_fact:
matrix_mautrix_discord_requires_restart: true
when: "matrix_mautrix_discord_sqlite_database_path_local_stat_result.stat.exists | bool"
when: "matrix_mautrix_discord_database_engine == 'postgres'"
- name: Ensure Mautrix Discord paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_discord_base_path }}", when: true}
- {path: "{{ matrix_mautrix_discord_config_path }}", when: true}
- {path: "{{ matrix_mautrix_discord_data_path }}", when: true}
- {path: "{{ matrix_mautrix_discord_docker_src_files_path }}", when: "{{ matrix_mautrix_discord_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix Discord image is pulled
docker_image:
name: "{{ matrix_mautrix_discord_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_discord_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_docker_image_force_pull }}"
when: not matrix_mautrix_discord_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure Mautrix discord repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_discord_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_discord_docker_src_files_path }}"
version: "{{ matrix_mautrix_discord_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_discord_git_pull_results
when: "matrix_mautrix_discord_container_image_self_build | bool"
- name: Ensure Mautrix discord Docker image is built
docker_image:
name: "{{ matrix_mautrix_discord_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_discord_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_discord_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_discord_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_discord_container_image_self_build | bool"
- name: Ensure mautrix-discord config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_discord_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_discord_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-discord registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_discord_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_discord_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-discord.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-discord.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service"
mode: 0644
register: matrix_mautrix_discord_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-discord.service installation
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_discord_systemd_service_result.changed"
- name: Ensure matrix-mautrix-discord.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-discord.service"
state: restarted
when: "matrix_mautrix_discord_requires_restart | bool"

25
roles/matrix-bridge-mautrix-discord/tasks/setup_uninstall.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-mautrix-discord service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service"
register: matrix_mautrix_discord_service_stat
- name: Ensure matrix-mautrix-discord is stopped
ansible.builtin.service:
name: matrix-mautrix-discord
state: stopped
enabled: false
daemon_reload: true
when: "matrix_mautrix_discord_service_stat.stat.exists"
- name: Ensure matrix-mautrix-discord.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-discord.service"
state: absent
when: "matrix_mautrix_discord_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-discord.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_mautrix_discord_service_stat.stat.exists"

10
roles/matrix-bridge-mautrix-discord/tasks/validate_config.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_discord_appservice_token"
- "matrix_mautrix_discord_homeserver_token"

221
roles/matrix-bridge-mautrix-discord/templates/config.yaml.j2 Normal file
View file

@ -0,0 +1,221 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_discord_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_discord_homeserver_domain | to_json }}
# Is the homeserver actually mautrix-asmux?
asmux: false
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_discord_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: {{ matrix_mautrix_discord_appservice_database_type|to_json }}
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_discord_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: discord
# Appservice bot details.
bot:
# Username of the appservice bot.
username: {{ matrix_mautrix_discord_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Discord bridge bot
avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_discord_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_discord_homeserver_token | to_json }}
# Bridge config
bridge:
# Localpart template of MXIDs for Discord users.
# {{ '{{.}}' }} is replaced with the internal ID of the Discord user.
username_template: "{{ 'discord_{{.}}' }}"
# Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# Available variables:
# {{ '{{.ID}}' }} - Internal user ID
# {{ '{{.Username}}' }} - User's displayname on Discord
# {{ '{{.Discriminator}}' }} - The 4 numbers after the name on Discord
# {{ '{{.Bot}}' }} - Whether the user is a bot
# {{ '{{.System}}' }} - Whether the user is an official system user
displayname_template: "{{ '{{.Username}} {{if .Bot}} (bot){{end}}' }}"
# Displayname template for Discord channels (bridged as rooms, or spaces when type=4).
# Available variables:
# {{ '{{.Name}}' }} - Channel name, or user displayname (pre-formatted with displayname_template) in DMs.
# {{ '{{.ParentName}}' }} - Parent channel name (used for categories).
# {{ '{{.GuildName}}' }} - Guild name.
# {{ '{{.NSFW}}' }} - Whether the channel is marked as NSFW.
# {{ '{{.Type}}' }} - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267)
channel_name_template: "{{ '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}' }}"
# Displayname template for Discord guilds (bridged as spaces).
# Available variables:
# {{ '{{.Name}}' }} - Guild name
guild_name_template: "{{ '{{.Name}}' }}"
# Should the bridge explicitly set the avatar and room name for DM portal rooms?
# This is implicitly enabled in encrypted rooms.
private_chat_portal_meta: false
portal_message_buffer: 128
# Number of private channel portals to create on bridge startup.
# Other portals will be created when receiving messages.
startup_private_channel_create_limit: 5
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: true
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge use space-restricted join rules instead of invite-only for guild rooms?
# This can avoid unnecessary invite events in guild rooms when members are synced in.
restricted_rooms: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord?
# If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave.
delete_portal_on_channel_delete: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_discord_federate_rooms|to_json }}
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_discord_homeserver_domain }}": {{ matrix_mautrix_discord_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_discord_bridge_login_shared_secret_map|to_json }}
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_discord_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Discord bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_discord_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_discord_bridge_encryption_default|to_json }}
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_discord_bridge_encryption_key_sharing_allow|to_json }}
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Discord account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_discord_bridge_permissions|to_json }}
logging:
directory: ./logs
file_name_format: ''
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: {{ matrix_mautrix_discord_logging_level | to_json }}
print_json: false
file_json: false

43
roles/matrix-bridge-mautrix-discord/templates/systemd/matrix-mautrix-discord.service.j2 Normal file
View file

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Discord bridge
{% for service in matrix_mautrix_discord_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_discord_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-discord \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_mautrix_discord_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_discord_data_path }},dst=/data \
--workdir=/data \
{% for arg in matrix_mautrix_discord_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_discord_docker_image }} \
/usr/bin/mautrix-discord -c /config/config.yaml -r /config/registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-discord 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-discord 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-discord
[Install]
WantedBy=multi-user.target

6
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View file

@ -46,6 +46,12 @@ matrix_mautrix_facebook_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_facebook_federate_rooms: true
matrix_mautrix_facebook_bridge_permissions: |
{{
{matrix_mautrix_facebook_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Controls whether the matrix-mautrix-facebook container exposes its HTTP port.
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9008"), or empty string to not expose.

6
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View file

@ -201,11 +201,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_facebook_bridge_permissions|to_json }}
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

6
roles/matrix-bridge-mautrix-googlechat/defaults/main.yml
View file

@ -48,6 +48,12 @@ matrix_mautrix_googlechat_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_googlechat_federate_rooms: true
matrix_mautrix_googlechat_bridge_permissions: |
{{
{matrix_mautrix_googlechat_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.

6
roles/matrix-bridge-mautrix-googlechat/templates/config.yaml.j2
View file

@ -117,11 +117,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_googlechat_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_googlechat_bridge_permissions|to_json }}
# Python logging configuration.
#

6
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View file

@ -27,6 +27,12 @@ matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080
matrix_mautrix_hangouts_command_prefix: "!HO"
matrix_mautrix_hangouts_bridge_permissions: |
{{
{matrix_mautrix_hangouts_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.

6
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
View file

@ -114,11 +114,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_hangouts_bridge_permissions|to_json }}
# Python logging configuration.
#

6
roles/matrix-bridge-mautrix-instagram/defaults/main.yml
View file

@ -25,6 +25,12 @@ matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29
matrix_mautrix_instagram_command_prefix: "!ig"
matrix_mautrix_instagram_bridge_permissions: |
{{
{matrix_mautrix_instagram_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_instagram_container_extra_arguments: []

6
roles/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
View file

@ -185,11 +185,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_instagram_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_mautrix_instagram_bridge_permissions|to_json }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:

19
roles/matrix-bridge-mautrix-signal/defaults/main.yml
View file

@ -103,12 +103,14 @@ matrix_mautrix_signal_relaybot_enabled: false
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
#
# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary.
matrix_mautrix_signal_bridge_permissions: |
'*': relay
'{{ matrix_mautrix_signal_homeserver_domain }}': user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
{{
{'*': 'relay'}
| combine({matrix_mautrix_signal_homeserver_domain: 'user'})
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
@ -141,3 +143,10 @@ matrix_mautrix_signal_log_level: 'DEBUG'
matrix_mautrix_signal_bridge_encryption_allow: false
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
# Additional environment variables to pass to the Signal Daemon container
#
# Example:
# matrix_mautrix_signal_daemon_environment_variables_extension: |
# SIGNALD_TRUST_NEW_KEYS=true
matrix_mautrix_signal_daemon_environment_variables_extension: ''

9
roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View file

@ -92,6 +92,15 @@
- "{{ matrix_mautrix_signal_daemon_path }}/attachments"
- "{{ matrix_mautrix_signal_daemon_path }}/data"
- name: Ensure mautrix-signal-daemon environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_mautrix_signal_daemon_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
- name: Ensure mautrix-signal config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_signal_configuration | to_nice_yaml(indent=2, width=999999) }}"

9
roles/matrix-bridge-mautrix-signal/tasks/validate_config.yml
View file

@ -11,6 +11,15 @@
- "matrix_mautrix_signal_homeserver_token"
- "matrix_mautrix_signal_appservice_token"
- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary
ansible.builtin.fail:
msg: >-
The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string.
The playbook now expects a hashmap/dictionary in this variable.
Change your configuration like this:
matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }}
when: "matrix_mautrix_signal_bridge_permissions is string"
- name: (Deprecation) Catch and report renamed Signal variables
ansible.builtin.fail:
msg: >-

3
roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View file

@ -223,8 +223,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
{{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }}
relay:
# Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any

1
roles/matrix-bridge-mautrix-signal/templates/env.j2 Normal file
View file

@ -0,0 +1 @@
{{ matrix_mautrix_signal_daemon_environment_variables_extension }}

1
roles/matrix-bridge-mautrix-signal/templates/systemd/matrix-mautrix-signal-daemon.service.j2
View file

@ -34,6 +34,7 @@ ExecStartPre=-{{ matrix_host_command_docker }} run --rm --name matrix-mautrix-si
# We can't use `--read-only` for this bridge.
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
--log-driver=none \
--env-file={{ matrix_mautrix_signal_daemon_path }}/env \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \

6
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View file

@ -27,6 +27,12 @@ matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data
matrix_mautrix_telegram_command_prefix: "!tg"
matrix_mautrix_telegram_bridge_permissions: |
{{
{matrix_mautrix_telegram_homeserver_domain: 'full'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Get your own API keys at https://my.telegram.org/apps
matrix_mautrix_telegram_api_id: ''
matrix_mautrix_telegram_api_hash: ''

6
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
View file

@ -289,11 +289,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }}
# Options related to the message relay Telegram bot.
relaybot:

6
roles/matrix-bridge-mautrix-twitter/defaults/main.yml
View file

@ -25,6 +25,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
matrix_mautrix_twitter_command_prefix: "!tw"
matrix_mautrix_twitter_bridge_permissions: |
{{
{matrix_mautrix_twitter_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_twitter_container_extra_arguments: []

6
roles/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
View file

@ -173,11 +173,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_twitter_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }}
# Python logging configuration.

16
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View file

@ -90,6 +90,17 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
matrix_mautrix_whatsapp_bridge_double_puppet_server_map:
"{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_permissions: |
{{
{matrix_mautrix_whatsapp_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -129,8 +140,3 @@ matrix_mautrix_whatsapp_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"

6
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View file

@ -368,11 +368,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }}
# Settings for relay mode
relay:

10
roles/matrix-bridge-mx-puppet-groupme/defaults/main.yml
View file

@ -1,11 +1,11 @@
---
# Mx Puppet GroupMe is a Matrix <-> GroupMe bridge
# Project source code URL: https://gitlab.com/robintown/mx-puppet-groupme
# Project source code URL: https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme
matrix_mx_puppet_groupme_enabled: true
matrix_mx_puppet_groupme_container_image_self_build: false
matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/robintown/mx-puppet-groupme"
matrix_mx_puppet_groupme_container_image_self_build_repo: "https://gitlab.com/xangelix-pub/matrix/mx-puppet-groupme"
matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if matrix_mx_puppet_groupme_version == 'latest' else matrix_mx_puppet_groupme_version }}"
# Controls whether the mx-puppet-groupme container exposes its HTTP port (tcp/8437 in the container).
@ -13,9 +13,9 @@ matrix_mx_puppet_groupme_container_image_self_build_repo_version: "{{ 'main' if
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8437"), or empty string to not expose.
matrix_mx_puppet_groupme_container_http_host_bind_port: ''
matrix_mx_puppet_groupme_version: latest
matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}"
matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_mx_puppet_groupme_version: 533cccc8
matrix_mx_puppet_groupme_docker_image: "{{ matrix_mx_puppet_groupme_docker_image_name_prefix }}xangelix-pub/matrix/mx-puppet-groupme:{{ matrix_mx_puppet_groupme_version }}"
matrix_mx_puppet_groupme_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_groupme_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_mx_puppet_groupme_docker_image_force_pull: "{{ matrix_mx_puppet_groupme_docker_image.endswith(':latest') }}"
matrix_mx_puppet_groupme_base_path: "{{ matrix_base_data_path }}/mx-puppet-groupme"

2
roles/matrix-client-cinny/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v2.0.4
matrix_client_cinny_version: v2.1.1
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

2
roles/matrix-client-element/defaults/main.yml
View file

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.0
matrix_client_element_version: v1.11.2
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

8
roles/matrix-client-hydrogen/defaults/main.yml
View file

@ -8,7 +8,7 @@ matrix_client_hydrogen_enabled: true
matrix_client_hydrogen_container_image_self_build: true
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
matrix_client_hydrogen_version: v0.2.33
matrix_client_hydrogen_version: v0.3.1
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
@ -31,7 +31,13 @@ matrix_client_hydrogen_systemd_required_services_list: ['docker.service']
matrix_client_hydrogen_self_check_validate_certificates: true
# config.json
matrix_client_hydrogen_push:
appId: io.element.hydrogen.web
gatewayUrl: https://matrix.org
applicationServerKey: "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
matrix_client_hydrogen_default_hs_url: ""
matrix_client_hydrogen_bugReportEndpointUrl: "https://element.io/bugreports/submit" # noqa var-naming
# Default Hydrogen configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.

10
roles/matrix-client-hydrogen/templates/config.json.j2
View file

@ -1,11 +1,7 @@
{
"push": {
"appId": "io.element.hydrogen.web",
"gatewayUrl": "https://matrix.org",
"applicationServerKey": "BC-gpSdVHEXhvHSHS0AzzWrQoukv2BE7KzpoPO_FfPacqOo3l1pdqz7rSgmB04pZCWaHPz7XRe6fjLaC-WPDopM"
},
"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string|to_json }},
"bugReportEndpointUrl": "https://element.io/bugreports/submit",
"push": {{ matrix_client_hydrogen_push | to_json }},
"defaultHomeServer": {{ matrix_client_hydrogen_default_hs_url | string | to_json }},
"bugReportEndpointUrl": {{ matrix_client_hydrogen_bugReportEndpointUrl | to_json }},
"themeManifests": [
"assets/theme-Element.json"
],

3
roles/matrix-dendrite/defaults/main.yml
View file

@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.8.1"
matrix_dendrite_docker_image_tag: "v0.9.1"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"
@ -89,6 +89,7 @@ matrix_dendrite_registration_disabled: false
matrix_dendrite_enable_registration_captcha: false
matrix_dendrite_recaptcha_public_key: ""
matrix_dendrite_recaptcha_private_key: ""
matrix_dendrite_recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
# A list of additional "volumes" to mount in the container.
# This list gets populated dynamically based on Dendrite extensions that have been enabled.

2
roles/matrix-dendrite/templates/dendrite/dendrite.yaml.j2
View file

@ -174,7 +174,7 @@ client_api:
recaptcha_public_key: {{ matrix_dendrite_recaptcha_public_key|to_json }}
recaptcha_private_key: {{ matrix_dendrite_recaptcha_private_key|to_json }}
recaptcha_bypass_secret: ""
recaptcha_siteverify_api: ""
recaptcha_siteverify_api: {{ matrix_dendrite_recaptcha_siteverify_api|to_json }}
# TURN server information that this homeserver should send to clients.
turn:

2
roles/matrix-dendrite/templates/dendrite/systemd/matrix-dendrite.service.j2
View file

@ -46,13 +46,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dendrite \
{% endfor %}
{{ matrix_dendrite_docker_image }} \
-config /data/dendrite.yaml \
{{ matrix_dendrite_process_extra_arguments|join(' ') }} \
{% if matrix_dendrite_http_bind_address %}
-http-bind-address {{ matrix_dendrite_http_bind_address }}
{% endif %}
{% if matrix_dendrite_https_bind_address %}
-https-bind-address {{ matrix_dendrite_https_bind_address }}
{% endif %}
{{ matrix_dendrite_process_extra_arguments|join(' ') }}
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-dendrite 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'

2
roles/matrix-dynamic-dns/defaults/main.yml
View file

@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true
# The dynamic dns daemon interval
matrix_dynamic_dns_daemon_interval: '300'
matrix_dynamic_dns_version: v3.9.1-ls92
matrix_dynamic_dns_version: v3.9.1-ls94
# The docker container to use when in mode
matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}"

2
roles/matrix-grafana/defaults/main.yml
View file

@ -5,7 +5,7 @@
matrix_grafana_enabled: false
matrix_grafana_version: 9.0.4
matrix_grafana_version: 9.0.6
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

2
roles/matrix-jitsi/defaults/main.yml
View file

@ -71,7 +71,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-7439-2
matrix_jitsi_version: stable-7577
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"

6
roles/matrix-postgres/tasks/detect_existing_postgres_version.yml
View file

@ -6,6 +6,12 @@
# This utility is intentionally not in `tasks/util`, because if it were, it wouldn't be possible
# to include it in other roles via the import_role module: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/import_role_module.html
- name: Fail detection if expectation fails (Postgres not enabled)
ansible.builtin.fail:
msg: "Trying to detect the version of the built-in Postgres server, but Postgres installation is not enabled (`matrix_postgres_enabled: false`)"
when: not matrix_postgres_enabled
- name: Initialize Postgres version determination variables (default to empty)
ansible.builtin.set_fact:
matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION"

8
roles/matrix-prometheus-node-exporter/defaults/main.yml
View file

@ -38,7 +38,7 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false
# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container).
#
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9100"), or empty string to not expose.
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose.
#
# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`.
#
@ -54,3 +54,9 @@ matrix_prometheus_node_exporter_metrics_proxying_enabled: false
# because node-exporter can't see all interfaces, etc.
# For now, we'll live with that, until someone develops a better solution.
matrix_prometheus_node_exporter_container_http_host_bind_port: ''
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"

6
roles/matrix-prometheus-node-exporter/tasks/init.yml
View file

@ -23,10 +23,10 @@
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-node-exporter:9100";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
{# This may be implemented in the future. #}
return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable";
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}

5
roles/matrix-prometheus-node-exporter/vars/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`,
# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234')
matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}"

10
roles/matrix-prometheus-postgres-exporter/defaults/main.yml
View file

@ -4,7 +4,7 @@
matrix_prometheus_postgres_exporter_enabled: false
matrix_prometheus_postgres_exporter_version: v0.10.1
matrix_prometheus_postgres_exporter_version: v0.11.0
matrix_prometheus_postgres_exporter_port: 9187
matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"
@ -35,7 +35,7 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false
# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container).
#
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9187"), or empty string to not expose.
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose.
#
# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`.
#
@ -52,5 +52,11 @@ matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false
# For now, we'll live with that, until someone develops a better solution.
matrix_prometheus_postgres_exporter_container_http_host_bind_port: ''
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
matrix_prometheus_postgres_exporter_dashboard_urls:
- "https://grafana.com/api/dashboards/9628/revisions/7/download"

6
roles/matrix-prometheus-postgres-exporter/tasks/init.yml
View file

@ -23,10 +23,10 @@
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-postgres-exporter:9187";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
{# This may be implemented in the future. #}
return 404 "matrix-nginx-proxy is disabled, so metrics are unavailable";
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}

5
roles/matrix-prometheus-postgres-exporter/vars/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`,
# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234')
matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}"

2
roles/matrix-synapse/defaults/main.yml
View file

@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.63.1
matrix_synapse_version: v1.64.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"

2
setup.yml
View file

@ -17,6 +17,7 @@
- matrix-bridge-appservice-slack
- matrix-bridge-appservice-webhooks
- matrix-bridge-appservice-irc
- matrix-bridge-appservice-kakaotalk
- matrix-bridge-beeper-linkedin
- matrix-bridge-go-skype-bridge
- matrix-bridge-mautrix-facebook
@ -27,6 +28,7 @@
- matrix-bridge-mautrix-signal
- matrix-bridge-mautrix-telegram
- matrix-bridge-mautrix-whatsapp
- matrix-bridge-mautrix-discord
- matrix-bridge-mx-puppet-discord
- matrix-bridge-mx-puppet-groupme
- matrix-bridge-mx-puppet-steam