From a5cb6272d8891532735aee79238059f1d9ea5ef6 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 21 Jul 2023 13:22:05 +0300 Subject: [PATCH 01/90] add global bridges relay mode switch --- docs/configuring-playbook-mautrix-bridges.md | 22 +++++++++++++++++++ roles/custom/matrix-base/defaults/main.yml | 3 +++ .../defaults/main.yml | 2 ++ .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 2 +- .../defaults/main.yml | 3 +++ .../templates/config.yaml.j2 | 17 ++++++++++++++ .../defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- 10 files changed, 54 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-mautrix-bridges.md b/docs/configuring-playbook-mautrix-bridges.md index 392be47d..c6e78d02 100644 --- a/docs/configuring-playbook-mautrix-bridges.md +++ b/docs/configuring-playbook-mautrix-bridges.md @@ -32,14 +32,18 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: | '@YOUR_USERNAME:{{ matrix_domain }}': admin ``` +## encryption + Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: **for all bridges with encryption support**: + ```yaml matrix_bridges_encryption_enabled: true ``` **Alternatively**, for a specific bridge: + ```yaml matrix_mautrix_SERVICENAME_configuration_extension_yaml: | bridge: @@ -48,6 +52,24 @@ matrix_mautrix_SERVICENAME_configuration_extension_yaml: | default: true ``` +## relay mode + +Relay mode is off by default. If you would like to enable relay mode, add the following to your `vars.yml` file: + +**for all bridges with relay mode support**: + +```yaml +matrix_bridges_relay_enabled: true +``` + +**Alternatively**, for a specific bridge: + +```yaml +matrix_mautrix_SERVICENAME_configuration_extension_yaml: | + bridge: + relay: + enabled: true +``` You can only have one `matrix_mautrix_SERVICENAME_configuration_extension_yaml` definition in `vars.yml` per bridge, so if you need multiple pieces of configuration there, just merge them like this: diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 35974bba..637ce3bb 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -16,6 +16,9 @@ matrix_admin: '' # Global var to enable/disable encryption across all bridges with encryption support matrix_bridges_encryption_enabled: false +# Global var to enable/disable relay mode across all bridges with relay mode support +matrix_bridges_relay_enabled: false + # matrix_homeserver_enabled controls whether to enable the homeserver systemd service, etc. # # Unless you're wrapping this playbook in another one diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml index 86c3366c..9f86be5f 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/defaults/main.yml @@ -110,6 +110,8 @@ matrix_appservice_kakaotalk_login_shared_secret: '' matrix_appservice_kakaotalk_bridge_login_shared_secret_map: "{{ {matrix_appservice_kakaotalk_homeserver_domain: matrix_appservice_kakaotalk_login_shared_secret} if matrix_appservice_kakaotalk_login_shared_secret else {} }}" +matrix_appservice_kakaotalk_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_appservice_kakaotalk_bridge_permissions: | {{ {matrix_appservice_kakaotalk_homeserver_domain: 'user'} diff --git a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 index 803d443f..cf3644a9 100644 --- a/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-appservice-kakaotalk/templates/config.yaml.j2 @@ -220,7 +220,7 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, `!kt set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_appservice_kakaotalk_bridge_relay_enabled }} # The formats to use when sending messages to KakaoTalk via a relay user. # # Available variables: diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index dcd9fdfa..0b48aaad 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -103,6 +103,9 @@ matrix_mautrix_facebook_login_shared_secret: '' matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}" +# Enable bridge relay bot functionality +matrix_mautrix_facebook_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_mautrix_facebook_appservice_bot_username: facebookbot matrix_mautrix_facebook_bridge_presence: true diff --git a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 636b442b..7ec9342a 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -206,7 +206,7 @@ bridge: relay: # Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any # authenticated user into a relaybot for that chat. - enabled: false + enabled: {{ matrix_mautrix_facebook_relay_enabled }} # The formats to use when sending messages to Messenger via a relay user. # # Available variables: diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index 2288fb77..cef49288 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -83,6 +83,9 @@ matrix_mautrix_instagram_login_shared_secret: '' matrix_mautrix_instagram_bridge_login_shared_secret_map: "{{ {matrix_mautrix_instagram_homeserver_domain: matrix_mautrix_instagram_login_shared_secret} if matrix_mautrix_instagram_login_shared_secret else {} }}" +# Enable bridge relay bot functionality +matrix_mautrix_instagram_relay_enabled: "{{ matrix_bridges_relay_enabled }}" + matrix_mautrix_instagram_appservice_bot_username: instagrambot matrix_mautrix_instagram_bridge_presence: true diff --git a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 index 1949a253..e3d4be52 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2 @@ -196,6 +196,23 @@ bridge: # The shared secret to authorize users of the API. # Set to "generate" to generate and save a new token. shared_secret: generate + relay: + # Whether relay mode should be allowed. If allowed, `!ig set-relay` can be used to turn any + # authenticated user into a relaybot for that chat. + enabled: {{ matrix_mautrix_instagram_relay_enabled }} + # The formats to use when sending messages to Instagram via a relay user. + # + # Available variables: + # $sender_displayname - The display name of the sender (e.g. Example User) + # $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser) + # $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com) + # $message - The message content + # + # Note that Instagram doesn't support captions for images, so images won't include any indication of being relayed. + message_formats: + m.text: '$sender_displayname: $message' + m.notice: '$sender_displayname: $message' + m.emote: '* $sender_displayname $message' # Python logging configuration. # diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index ca9bab54..7675e7b1 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -104,7 +104,7 @@ matrix_mautrix_signal_appservice_database: "{{ matrix_mautrix_signal_login_shared_secret: '' # Enable bridge relay bot functionality -matrix_mautrix_signal_relaybot_enabled: false +matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}" # Permissions for using the bridge. # Permitted values: diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index ab2921e3..a308811a 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -113,7 +113,7 @@ matrix_mautrix_whatsapp_bridge_permissions: | }} # Enable bridge relay functionality -matrix_mautrix_whatsapp_bridge_relay_enabled: false +matrix_mautrix_whatsapp_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}" # Only allow admins on this home server to set themselves as a relay user matrix_mautrix_whatsapp_bridge_relay_admin_only: true From 5ea6aa3e50d20a4a2e50e84810c20411a1f58448 Mon Sep 17 00:00:00 2001 From: Shreyas Ajjarapu Date: Fri, 21 Jul 2023 06:33:52 -0500 Subject: [PATCH 02/90] Added Google Messager Bridge (#2794) * intial commit * changed * Reorderd * merge old changes * added changes to matrix_servers * Remove duplicate discord * Update main.yml * added google message to configuring-playbook.md * Changed docs to add new changes * Changed bug? * Removed problem j2 values * Rename a service files * change how password hash string * Changed port number * Change how the local part works * Revert "Merge pull request #8 from shreyasajj/wsproxy" This reverts commit bb1b8fc67ca39f63ca77e70077be99cb2b32c4de, reversing changes made to cce6ba5f9d74f89172488afc8b1ef124031de8c1. --------- Co-authored-by: Shreyas Ajjarapu --- README.md | 1 + ...uring-playbook-bridge-mautrix-gmessages.md | 38 +++ docs/configuring-playbook.md | 2 + docs/container-images.md | 2 + docs/self-building.md | 1 + group_vars/matrix_servers | 63 +++- .../defaults/main.yml | 151 +++++++++ .../tasks/inject_into_nginx_proxy.yml | 35 ++ .../tasks/main.yml | 29 ++ .../tasks/setup_install.yml | 140 ++++++++ .../tasks/setup_uninstall.yml | 20 ++ .../tasks/validate_config.yml | 20 ++ .../templates/config.yaml.j2 | 298 ++++++++++++++++++ .../matrix-mautrix-gmessages.service.j2 | 43 +++ setup.yml | 1 + 15 files changed, 841 insertions(+), 3 deletions(-) create mode 100644 docs/configuring-playbook-bridge-mautrix-gmessages.md create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 diff --git a/README.md b/README.md index 912febc0..71d46f82 100644 --- a/README.md +++ b/README.md @@ -103,6 +103,7 @@ Bridges can be used to connect your matrix installation with third-party communi | [mautrix-discord](https://github.com/mautrix/discord) | x | Bridge for bridging your Matrix server to [Discord](https://discord.com/) | [Link](docs/configuring-playbook-bridge-mautrix-discord.md) | | [mautrix-slack](https://github.com/mautrix/slack) | x | Bridge for bridging your Matrix server to [Slack](https://slack.com/) | [Link](docs/configuring-playbook-bridge-mautrix-slack.md) | | [mautrix-telegram](https://github.com/mautrix/telegram) | x | Bridge for bridging your Matrix server to [Telegram](https://telegram.org/) | [Link](docs/configuring-playbook-bridge-mautrix-telegram.md) | +| [mautrix-gmessages](https://github.com/mautrix/gmessages) | x | Bridge for bridging your Matrix server to [Google Messages](https://messages.google.com/) | [Link](docs/configuring-playbook-bridge-mautrix-gmessages.md) | | [mautrix-whatsapp](https://github.com/mautrix/whatsapp) | x | Bridge for bridging your Matrix server to [WhatsApp](https://www.whatsapp.com/) | [Link](docs/configuring-playbook-bridge-mautrix-whatsapp.md) | | [mautrix-facebook](https://github.com/mautrix/facebook) | x | Bridge for bridging your Matrix server to [Facebook](https://facebook.com/) | [Link](docs/configuring-playbook-bridge-mautrix-facebook.md) | | [mautrix-twitter](https://github.com/mautrix/twitter) | x | Bridge for bridging your Matrix server to [Twitter](https://twitter.com/) | [Link](docs/configuring-playbook-bridge-mautrix-twitter.md) | diff --git a/docs/configuring-playbook-bridge-mautrix-gmessages.md b/docs/configuring-playbook-bridge-mautrix-gmessages.md new file mode 100644 index 00000000..6b2b18e6 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md @@ -0,0 +1,38 @@ +# Setting up Mautrix gmessages (optional) + +The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you. + +See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you. + +Use the following playbook configuration: + +```yaml +matrix_mautrix_gmessages_enabled: true +``` + +## Set up Double Puppeting + +If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. + +### Method 1: automatically, by enabling Shared Secret Auth + +The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. + +This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. + +### Method 2: manually, by asking each user to provide a working access token + +**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)). + +When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps: + +- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md). + +- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` + +- make sure you don't log out the `Mautrix-gmessages` device some time in the future, as that would break the Double Puppeting feature + + +## Usage + +You then need to start a chat with `@gmessagesbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 8f598f6b..a4746a62 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -114,6 +114,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Slack bridging](configuring-playbook-bridge-mautrix-slack.md) (optional) +- [Setting up Mautrix Google Messages bridging](configuring-playbook-bridge-mautrix-gmessages.md) (optional) + - [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional) - [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional) diff --git a/docs/container-images.md b/docs/container-images.md index 737a4457..e89161f7 100644 --- a/docs/container-images.md +++ b/docs/container-images.md @@ -46,6 +46,8 @@ These services are not part of our default installation, but can be enabled by [ - [mautrix/telegram](https://mau.dev/mautrix/telegram/container_registry) - the [mautrix-telegram](https://github.com/mautrix/telegram) bridge to [Telegram](https://telegram.org/) (optional) +- [mautrix/gmessages](https://mau.dev/mautrix/gmessages/container_registry) - the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge to [Google Messages](https://messages.google.com/) (optional) + - [mautrix/whatsapp](https://mau.dev/mautrix/whatsapp/container_registry) - the [mautrix-whatsapp](https://github.com/mautrix/whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional) - [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional) diff --git a/docs/self-building.md b/docs/self-building.md index ad29fc2d..3fe826da 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -32,6 +32,7 @@ Possibly outdated list of roles where self-building the Docker image is currentl - `matrix-bridge-mautrix-googlechat` - `matrix-bridge-mautrix-telegram` - `matrix-bridge-mautrix-signal` +- `matrix-bridge-mautrix-gmessages` - `matrix-bridge-mautrix-whatsapp` - `matrix-bridge-mx-puppet-steam` - `matrix-bot-mjolnir` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8d7197f1..5fc5c25d 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -101,6 +101,8 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_gmessages_config_path + '/registration.yaml,dst=/matrix-mautrix-gmessages-registration.yaml,ro'] if matrix_mautrix_gmessages_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else []) + (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else []) @@ -158,6 +160,8 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else []) + + (['/matrix-mautrix-gmessages-registration.yaml'] if matrix_mautrix_gmessages_enabled else []) + + (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else []) + (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else []) @@ -270,6 +274,8 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else []) + + ([{'name': 'matrix-mautrix-gmessages.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-gmessages']}] if matrix_mautrix_gmessages_enabled else []) + + ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else []) + ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else []) @@ -1153,6 +1159,51 @@ matrix_mautrix_twitter_database_password: "{{ '%s' | format(matrix_homeserver_ge # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-gmessages +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_gmessages_enabled: false + +matrix_mautrix_gmessages_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" + +matrix_mautrix_gmessages_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.as.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.hs.token', rounds=655555) | to_uuid }}" + +matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: +# - `matrix_mautrix_gmessages_metrics_enabled` +# - `matrix_mautrix_gmessages_proxying_metrics_enabled` +# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` +matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled }}" + +# Postgres is the default, except if not using internal Postgres server +matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" +matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" +matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'maugmessages.db', rounds=655555) | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-gmessages +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -1182,10 +1233,10 @@ matrix_mautrix_whatsapp_homeserver_token: "{{ '%s' | format(matrix_homeserver_ge matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" # People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: -# - `matrix_mautrix_twitter_metrics_enabled` -# - `matrix_mautrix_twitter_proxying_metrics_enabled` +# - `matrix_mautrix_whatsapp_metrics_enabled` +# - `matrix_mautrix_whatsapp_proxying_metrics_enabled` # - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` -matrix_mautrix_twitter_metrics_enabled: "{{ prometheus_enabled }}" +matrix_mautrix_whatsapp_metrics_enabled: "{{ prometheus_enabled }}" # Postgres is the default, except if not using internal Postgres server matrix_mautrix_whatsapp_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" @@ -3016,6 +3067,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_mautrix_twitter_database_password, }] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_mautrix_gmessages_database_name, + 'username': matrix_mautrix_gmessages_database_username, + 'password': matrix_mautrix_gmessages_database_password, + }] if (matrix_mautrix_gmessages_enabled and matrix_mautrix_gmessages_database_engine == 'postgres' and matrix_mautrix_gmessages_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ 'name': matrix_mautrix_whatsapp_database_name, 'username': matrix_mautrix_whatsapp_database_username, diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml new file mode 100644 index 00000000..6a6c14b0 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -0,0 +1,151 @@ +--- +# mautrix-gmessages is a Matrix <-> gmessages bridge +# Project source code URL: https://github.com/mautrix/gmessages + +matrix_mautrix_gmessages_enabled: true + +matrix_mautrix_gmessages_container_image_self_build: false +matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" +matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" + +matrix_mautrix_gmessages_version: latest +# See: https://mau.dev/mautrix/gmessages/container_registry +matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" +matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" +matrix_mautrix_gmessages_docker_image_force_pull: "{{ matrix_mautrix_gmessages_docker_image.endswith(':latest') }}" + +matrix_mautrix_gmessages_base_path: "{{ matrix_base_data_path }}/mautrix-gmessages" +matrix_mautrix_gmessages_config_path: "{{ matrix_mautrix_gmessages_base_path }}/config" +matrix_mautrix_gmessages_data_path: "{{ matrix_mautrix_gmessages_base_path }}/data" +matrix_mautrix_gmessages_docker_src_files_path: "{{ matrix_mautrix_gmessages_base_path }}/docker-src" + +matrix_mautrix_gmessages_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080" + +matrix_mautrix_gmessages_command_prefix: "!gm" + +# A list of extra arguments to pass to the container +matrix_mautrix_gmessages_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-gmessages.service depends on. +matrix_mautrix_gmessages_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-gmessages.service wants +matrix_mautrix_gmessages_systemd_wanted_services_list: [] + +matrix_mautrix_gmessages_appservice_token: '' +matrix_mautrix_gmessages_homeserver_token: '' + +matrix_mautrix_gmessages_appservice_bot_username: gmessagesbot + +# Minimum severity of journal log messages. +# Options: debug, info, warn, error, fatal +matrix_mautrix_gmessages_logging_level: 'warn' + +# Whether or not created rooms should have federation enabled. +# If false, created portal rooms will never be federated. +matrix_mautrix_gmessages_federate_rooms: true + +# Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`. +matrix_mautrix_gmessages_metrics_enabled: false + +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_gmessages_metrics_proxying_enabled: false + +# Database-related configuration fields. +# +# To use SQLite, stick to these defaults. +# +# To use Postgres: +# - change the engine (`matrix_mautrix_gmessages_database_engine: 'postgres'`) +# - adjust your database credentials via the `matrix_mautrix_gmessages_database_*` variables +matrix_mautrix_gmessages_database_engine: 'sqlite' + +matrix_mautrix_gmessages_sqlite_database_path_local: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" +matrix_mautrix_gmessages_sqlite_database_path_in_container: "/data/mautrix-gmessages.db" + +matrix_mautrix_gmessages_database_username: 'matrix_mautrix_gmessages' +matrix_mautrix_gmessages_database_password: 'some-password' +matrix_mautrix_gmessages_database_hostname: '' +matrix_mautrix_gmessages_database_port: 5432 +matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages' + +matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable' + +matrix_mautrix_gmessages_appservice_database_type: "{{ + { + 'sqlite': 'sqlite3', + 'postgres':'postgres', + }[matrix_mautrix_gmessages_database_engine] +}}" + +matrix_mautrix_gmessages_appservice_database_uri: "{{ + { + 'sqlite': matrix_mautrix_gmessages_sqlite_database_path_in_container, + 'postgres': matrix_mautrix_gmessages_database_connection_string, + }[matrix_mautrix_gmessages_database_engine] +}}" + +# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). +matrix_mautrix_gmessages_login_shared_secret: '' +matrix_mautrix_gmessages_bridge_login_shared_secret_map: + "{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}" + +# Enable End-to-bridge encryption +matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" +matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" +matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}" + +matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true +matrix_mautrix_gmessages_bridge_mute_bridging: true + +matrix_mautrix_gmessages_bridge_permissions: | + {{ + {matrix_mautrix_gmessages_homeserver_domain: 'user'} + | combine({matrix_admin: 'admin'} if matrix_admin else {}) + }} + +# Default mautrix-gmessages configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_gmessages_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_gmessages_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_gmessages_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_gmessages_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_gmessages_configuration_yaml`. + +matrix_mautrix_gmessages_configuration_extension: "{{ matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml if matrix_mautrix_gmessages_configuration_extension_yaml | from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_gmessages_configuration_yaml`. +matrix_mautrix_gmessages_configuration: "{{ matrix_mautrix_gmessages_configuration_yaml | from_yaml | combine(matrix_mautrix_gmessages_configuration_extension, recursive=True) }}" + +matrix_mautrix_gmessages_registration_yaml: | + id: gmessages + url: {{ matrix_mautrix_gmessages_appservice_address }} + as_token: "{{ matrix_mautrix_gmessages_appservice_token }}" + hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}" + # See https://github.com/mautrix/signal/issues/43 + sender_localpart: _bot_{{ matrix_mautrix_gmessages_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '^@gmessages_.+:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_gmessages_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_gmessages_homeserver_domain | regex_escape }}$' + de.sorunome.msc2409.push_ephemeral: true + +matrix_mautrix_gmessages_registration: "{{ matrix_mautrix_gmessages_registration_yaml | from_yaml }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..c5cb1ba8 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,35 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append mautrix-gmessages-metrics's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-gmessages role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- when: matrix_mautrix_gmessages_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-gmessages metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages) + ansible.builtin.set_fact: + matrix_mautrix_gmessages_nginx_metrics_configuration_block: | + location /metrics/mautrix-gmessages { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-gmessages:8001"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } + + - name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_gmessages_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml new file mode 100644 index 00000000..45da31da --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + block: + - when: matrix_mautrix_gmessages_enabled | bool and matrix_mautrix_gmessages_metrics_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + +- tags: + - setup-all + - setup-mautrix-gmessages + - install-all + - install-mautrix-gmessages + block: + - when: matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-mautrix-gmessages + block: + - when: not matrix_mautrix_gmessages_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml new file mode 100644 index 00000000..73038c4c --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml @@ -0,0 +1,140 @@ +--- + +- ansible.builtin.set_fact: + matrix_mautrix_gmessages_requires_restart: false + +- when: "matrix_mautrix_gmessages_database_engine == 'postgres'" + block: + - name: Check if an SQLite database already exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" + register: matrix_mautrix_gmessages_sqlite_database_path_local_stat_result + + - when: "matrix_mautrix_gmessages_sqlite_database_path_local_stat_result.stat.exists | bool" + block: + - ansible.builtin.include_role: + name: galaxy/com.devture.ansible.role.postgres + tasks_from: migrate_db_to_postgres + vars: + devture_postgres_db_migration_request: + src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}" + dst: "{{ matrix_mautrix_gmessages_database_connection_string }}" + caller: "{{ role_path | basename }}" + engine_variable_name: 'matrix_mautrix_gmessages_database_engine' + engine_old: 'sqlite' + systemd_services_to_stop: ['matrix-mautrix-gmessages.service'] + pgloader_options: ['--with "quote identifiers"'] + + - ansible.builtin.set_fact: + matrix_mautrix_gmessages_requires_restart: true + +- name: Ensure Mautrix gmessages paths exists + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - {path: "{{ matrix_mautrix_gmessages_base_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_config_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_data_path }}", when: true} + - {path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}", when: "{{ matrix_mautrix_gmessages_container_image_self_build }}"} + when: item.when | bool + +- name: Ensure Mautrix gmessages image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_gmessages_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_gmessages_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_docker_image_force_pull }}" + when: not matrix_mautrix_gmessages_container_image_self_build + register: result + retries: "{{ devture_playbook_help_container_retries_count }}" + delay: "{{ devture_playbook_help_container_retries_delay }}" + until: result is not failed + +- name: Ensure Mautrix gmessages repository is present on self-build + ansible.builtin.git: + repo: "{{ matrix_mautrix_gmessages_container_image_self_build_repo }}" + dest: "{{ matrix_mautrix_gmessages_docker_src_files_path }}" + version: "{{ matrix_mautrix_gmessages_container_image_self_build_branch }}" + force: "yes" + become: true + become_user: "{{ matrix_user_username }}" + register: matrix_mautrix_gmessages_git_pull_results + when: "matrix_mautrix_gmessages_container_image_self_build | bool" + +- name: Ensure Mautrix gmessages Docker image is built + community.docker.docker_image: + name: "{{ matrix_mautrix_gmessages_docker_image }}" + source: build + force_source: "{{ matrix_mautrix_gmessages_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_gmessages_git_pull_results.changed }}" + build: + dockerfile: Dockerfile + path: "{{ matrix_mautrix_gmessages_docker_src_files_path }}" + pull: true + when: "matrix_mautrix_gmessages_container_image_self_build | bool" + +- name: Check if an old database file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db" + register: matrix_mautrix_gmessages_stat_database + +- name: Check if an old matrix state file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json" + register: matrix_mautrix_gmessages_stat_mx_state + +- name: (Data relocation) Ensure matrix-mautrix-gmessages.service is stopped + ansible.builtin.service: + name: matrix-mautrix-gmessages + state: stopped + enabled: false + daemon_reload: true + failed_when: false + when: "matrix_mautrix_gmessages_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-gmessages database file to ./data directory + ansible.builtin.command: + cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db {{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" + creates: "{{ matrix_mautrix_gmessages_data_path }}/mautrix-gmessages.db" + removes: "{{ matrix_mautrix_gmessages_base_path }}/mautrix-gmessages.db" + when: "matrix_mautrix_gmessages_stat_database.stat.exists" + +- name: (Data relocation) Move mautrix-gmessages mx-state file to ./data directory + ansible.builtin.command: + cmd: "mv {{ matrix_mautrix_gmessages_base_path }}/mx-state.json {{ matrix_mautrix_gmessages_data_path }}/mx-state.json" + creates: "{{ matrix_mautrix_gmessages_data_path }}/mx-state.json" + removes: "{{ matrix_mautrix_gmessages_base_path }}/mx-state.json" + when: "matrix_mautrix_gmessages_stat_mx_state.stat.exists" + +- name: Ensure mautrix-gmessages config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_gmessages_configuration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_gmessages_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-gmessages registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_gmessages_registration | to_nice_yaml(indent=2, width=999999) }}" + dest: "{{ matrix_mautrix_gmessages_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure matrix-mautrix-gmessages.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-gmessages.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + mode: 0644 + +- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-gmessages.service" + state: restarted + daemon_reload: true + when: "matrix_mautrix_gmessages_requires_restart | bool" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml new file mode 100644 index 00000000..e324a523 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_uninstall.yml @@ -0,0 +1,20 @@ +--- + +- name: Check existence of matrix-mautrix-gmessages service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + register: matrix_mautrix_gmessages_service_stat + +- when: matrix_mautrix_gmessages_service_stat.stat.exists | bool + block: + - name: Ensure matrix-mautrix-gmessages is stopped + ansible.builtin.service: + name: matrix-mautrix-gmessages + state: stopped + enabled: false + daemon_reload: true + + - name: Ensure matrix-mautrix-gmessages.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-gmessages.service" + state: absent diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml new file mode 100644 index 00000000..acfffa75 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml @@ -0,0 +1,20 @@ +--- + +- name: Fail if required mautrix-gmessages settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item.name }}`). + when: "item.when | bool and vars[item.name] == ''" + with_items: + - {'name': 'matrix_mautrix_gmessages_appservice_token', when: true} + - {'name': 'matrix_mautrix_gmessages_homeserver_token', when: true} + - {'name': 'matrix_mautrix_gmessages_database_hostname', when: "{{ matrix_mautrix_gmessages_database_engine == 'postgres' }}"} + +- name: (Deprecation) Catch and report renamed settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'} diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 new file mode 100644 index 00000000..a17f6cd1 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -0,0 +1,298 @@ +#jinja2: lstrip_blocks: "True" +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: {{ matrix_mautrix_gmessages_homeserver_address }} + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: {{ matrix_mautrix_gmessages_homeserver_domain }} + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: false + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: {{ matrix_mautrix_gmessages_appservice_address }} + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: 8080 + + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }} + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: gmessages + # Appservice bot details. + bot: + # Username of the appservice bot. + username: {{ matrix_mautrix_gmessages_appservice_bot_username|to_json }} + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Google Messages bridge bot + avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "{{ matrix_mautrix_gmessages_appservice_token }}" + hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}" + +# Segment API key to track some events, like provisioning API login and encryption errors. +segment_key: null +# Optional user_id to use when sending Segment events. If null, defaults to using mxID. +segment_user_id: null + +# Prometheus config. +metrics: + # Enable prometheus metrics? + enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }} + # IP and port where the metrics listener should be. The path is always /metrics + listen: 127.0.0.1:8001 + +google_messages: + # OS name to tell the phone. This is the name that shows up in the paired devices list. + os: mautrix-gmessages + # Browser type to tell the phone. This decides which icon is shown. + # Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE + browser: OTHER + + # Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser? + # If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge. + aggressive_reconnect: false + +# Bridge config +bridge: + # Localpart template of MXIDs for SMS users. + # {{ '{{.}}' }} is replaced with an identifier of the recipient. + username_template: "{{ 'gmessages_{{.}}' }}" + # Displayname template for SMS users. + # {{ '{{.FullName}}' }} - Full name provided by the phone + # {{ '{{.FirstName}}' }} - First name provided by the phone + # {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone + displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}" + # Should the bridge create a space for each logged-in user and add bridged rooms to it? + personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }} + # Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + + portal_message_buffer: 128 + + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Number of chats to sync when connecting to Google Messages. + initial_chat_sync_count: 25 + # Backfill settings + backfill: + # Number of messages to backfill in new chats. + initial_limit: 50 + # Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message. + missed_limit: 100 + + # Servers to always allow double puppeting from + double_puppet_server_map: + "{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }} + + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + # Should Matrix m.notice-type messages be bridged? + bridge_notices: true + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # When using double puppeting, should muted chats be muted in Matrix? + mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }} + # When using double puppeting, should archived chats be moved to a specific tag in Matrix? + # This can be set to a tag (e.g. m.lowpriority), or null to disable. + archive_tag: null + # Same as above, but for pinned chats. The favorite tag is called m.favourite + pinned_tag: null + # Should mute status and tags only be bridged when the portal room is created? + tag_only_on_create: true + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }} + # Should the bridge never send alerts to the bridge management room? + # These are mostly things like the user being logged out. + disable_bridge_alerts: false + # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552. + # This is currently not supported in most clients. + caption_in_message: false + + # The prefix for commands. Only required in non-management rooms. + command_prefix: "!gm" + + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Google Messages bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }} + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }} + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }} + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + + # Permissions for using the bridge. + # Permitted values: + # user - Access to use the bridge to link their own Google Messages on android. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }} + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: debug + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: ./logs/mautrix-gmessages.log + max_size: 100 + max_backups: 10 + compress: true diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 new file mode 100644 index 00000000..fb34e95b --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/systemd/matrix-mautrix-gmessages.service.j2 @@ -0,0 +1,43 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix gmessages bridge +{% for service in matrix_mautrix_gmessages_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_gmessages_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-gmessages \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -v {{ matrix_mautrix_gmessages_config_path }}:/config:z \ + -v {{ matrix_mautrix_gmessages_data_path }}:/data:z \ + --workdir=/data \ + {% for arg in matrix_mautrix_gmessages_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_gmessages_docker_image }} \ + /usr/bin/mautrix-gmessages -c /config/config.yaml -r /config/registration.yaml + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-gmessages 2>/dev/null || true' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-gmessages 2>/dev/null || true' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-gmessages + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index c7a6a363..4da64ff4 100644 --- a/setup.yml +++ b/setup.yml @@ -59,6 +59,7 @@ - custom/matrix-bridge-mautrix-instagram - custom/matrix-bridge-mautrix-signal - custom/matrix-bridge-mautrix-telegram + - custom/matrix-bridge-mautrix-gmessages - custom/matrix-bridge-mautrix-whatsapp - custom/matrix-bridge-mautrix-discord - custom/matrix-bridge-mautrix-slack From 0a81083e7dc5932146cc7c75a51e01d6eb49c13b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 21 Jul 2023 14:37:05 +0300 Subject: [PATCH 03/90] Announce mautrix-gmessages support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2794 --- CHANGELOG.md | 6 ++++++ docs/configuring-playbook-bridge-mautrix-gmessages.md | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1870a27..950e38e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 2023-07-21 + +## mautrix-gmessages support + +Thanks to [Shreyas Ajjarapu](https://github.com/shreyasajj)'s efforts, the playbook now supports bridging to [Google Messages](https://messages.google.com/) via the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge. See our [Setting up Mautrix Google Messages bridging](docs/configuring-playbook-bridge-mautrix-gmessages.md) documentation page for getting started. + # 2023-07-17 ## matrix-media-repo support diff --git a/docs/configuring-playbook-bridge-mautrix-gmessages.md b/docs/configuring-playbook-bridge-mautrix-gmessages.md index 6b2b18e6..10981bf1 100644 --- a/docs/configuring-playbook-bridge-mautrix-gmessages.md +++ b/docs/configuring-playbook-bridge-mautrix-gmessages.md @@ -1,6 +1,6 @@ # Setting up Mautrix gmessages (optional) -The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you. +The playbook can install and configure [mautrix-gmessages](https://github.com/mautrix/gmessages) for you, for bridging to [Google Messages](https://messages.google.com/). See the project's [documentation](https://docs.mau.fi/bridges/go/gmessages/index.html) to learn what it does and why it might be useful to you. @@ -8,7 +8,7 @@ Use the following playbook configuration: ```yaml matrix_mautrix_gmessages_enabled: true -``` +``` ## Set up Double Puppeting From eea143e6eb8c87cfbd9e785081baad815969f40b Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 21 Jul 2023 05:47:51 -0800 Subject: [PATCH 04/90] Shortened gmessages salt The salts need to be shorter than 16 chars --- group_vars/matrix_servers | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5fc5c25d..f1fbb6c3 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1176,14 +1176,14 @@ matrix_mautrix_gmessages_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])gmessage.as.token + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} -matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.as.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.as.token', rounds=655555) | to_uuid }}" -matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessage.hs.token', rounds=655555) | to_uuid }}" +matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'gmessa.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" From 2153c310f76eedc9d715cd2c2fdec3a175ea7fa6 Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Fri, 21 Jul 2023 05:49:52 -0800 Subject: [PATCH 05/90] Update matrix_servers --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f1fbb6c3..0a30f217 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1176,7 +1176,7 @@ matrix_mautrix_gmessages_systemd_required_services_list: | + ['matrix-' + matrix_homeserver_implementation + '.service'] + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])gmessage.as.token + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) }} From 856a328e96c679bc7d51760d00708d921a08cb17 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 24 Jul 2023 08:44:33 +0300 Subject: [PATCH 06/90] Upgrade prometheus-postgres-exporter (v0.13.1-0 -> v0.13.2-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index bac5fea3..91912c90 100644 --- a/requirements.yml +++ b/requirements.yml @@ -47,7 +47,7 @@ - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git - version: v0.13.1-0 + version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git version: v7.0.10-0 From 14f7eed9324b58f4acb264f0cab3b15bfd10ac07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Mon, 24 Jul 2023 12:57:06 +0200 Subject: [PATCH 07/90] Update matrix-registration-bot, improve authentication config (#2723) * Adjust to new mrb docker versioning * Stabilze authentication * fix lint * Move & document mrb password usage * Add clean cache role * Document clean cache * Fix lint * Update CHANGELOG.md * Automate access tokens * Improve changelog * Make use of mrb's function to fetch API tokens * Adjust changelog * Use ansible.builtin.file to clear directory * Fix typo --------- Co-authored-by: Slavi Pantaleev --- CHANGELOG.md | 11 +++++ ...ng-playbook-bot-matrix-registration-bot.md | 47 +++++++++---------- group_vars/matrix_servers | 6 +++ .../defaults/main.yml | 22 +++++---- .../tasks/clean_cache.yml | 12 +++++ .../tasks/main.yml | 6 +++ .../tasks/setup_install.yml | 2 +- .../tasks/validate_config.yml | 9 +++- .../templates/config/config.yml.j2 | 6 ++- 9 files changed, 83 insertions(+), 38 deletions(-) create mode 100644 roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 950e38e4..3db319af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +# 2023-07-24 + +## matrix-registration-bot usage changed + +[matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot. + +**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings + +* `matrix_bot_matrix_registration_bot_bot_access_token` +* `matrix_bot_matrix_registration_bot_api_token` + # 2023-07-21 ## mautrix-gmessages support diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index b1e3fdc6..f0bffc85 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -2,40 +2,30 @@ The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you. -The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server, -where you invite someone by sending them a registration token. They can register as normal but have to provide a valid -registration token in a final step of the registration. +The bot allows you to easily **create and manage registration tokens** aka. invitation codes. +It can be used for an invitation-based server, +where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration. See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it does and why it might be useful to you. -## Registering the bot user +## Configuration -By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`. +To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: -(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable). - -For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md): - -``` -ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user -``` - -Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`. - -## Obtaining an admin access token - -In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - -## Adjusting the playbook configuration - -Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: +For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). ```yaml matrix_bot_matrix_registration_bot_enabled: true -# Token obtained via logging into the bot account (see above) -matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE" + +#By default, the playbook will set use the bot with a username like +## this: `@bot.matrix-registration-bot:DOMAIN`. +# To use a different username, uncomment & adjust the variable. +# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot + +# Generate a strong password here. Consider generating it with `pwgen -s 64 1` +matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT # Enables registration matrix_synapse_enable_registration: true @@ -44,6 +34,7 @@ matrix_synapse_enable_registration: true matrix_synapse_registration_requires_token: true ``` +The bot account will be automatically created. ## Installing @@ -56,10 +47,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start ## Usage -To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). +To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain). In this room send `help` and the bot will reply with all options. You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands). If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md) or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de). + +To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use + +```bash +just run-tags bot-matrix-registration-bot-clean-cache +``` diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 0a30f217..bf9928d0 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4123,6 +4123,12 @@ matrix_conduit_systemd_required_services_list: | matrix_user_creator_users_auto: | {{ + ([{ + 'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart, + 'initial_password': matrix_bot_matrix_registration_bot_bot_password, + 'initial_type': 'admin', + }] if matrix_bot_matrix_registration_bot_enabled else []) + + ([{ 'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart, 'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password, diff --git a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml index d8e52b71..41143566 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/defaults/main.yml @@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}" matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src" -matrix_bot_matrix_registration_bot_version: latest -matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}" +matrix_bot_matrix_registration_bot_version: 1.3.0 +matrix_bot_matrix_registration_bot_docker_iteration: 0 +matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}" +matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}" matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}" matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot" @@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}" matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}" -# The access token that the bot uses to communicate in Matrix chats -# This does not necessarily need to be a privileged (admin) access token. -matrix_bot_matrix_registration_bot_bot_access_token: '' -# The access token that the bot uses to call the Matrix API for creating registration tokens. -# This needs to be a privileged (admin) access token. -# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is. -# If necessary, you can define your own other access token here, which might even be for a different Matrix user. -matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}" +# The bot's password (can also be used to login via a client like element) +matrix_bot_matrix_registration_bot_bot_password: '' + +# Optional variable that only needs to be set if the bot account is not admin +# Needs to be a valid access token of an admin account +matrix_bot_matrix_registration_bot_api_token: '' + +matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy" matrix_bot_matrix_registration_bot_logging_level: info matrix_bot_matrix_registration_environment_variables_extension: '' diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml new file mode 100644 index 00000000..ae4433b8 --- /dev/null +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/clean_cache.yml @@ -0,0 +1,12 @@ +--- + +- name: Delete cache files + ansible.builtin.file: + state: "{{ item }}" + path: "{{ matrix_bot_matrix_registration_bot_data_path }}" + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - absent + - directory diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml index 83291fb6..cd11c1d5 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/main.yml @@ -18,3 +18,9 @@ block: - when: not matrix_bot_matrix_registration_bot_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + +- tags: + - bot-matrix-registration-bot-clean-cache + block: + - when: matrix_bot_matrix_registration_bot_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml index 515cd997..655f3d27 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml @@ -9,7 +9,7 @@ group: "{{ matrix_user_groupname }}" with_items: - {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true} - - - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} + - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true} - {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true} when: "item.when | bool" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml index 39e97cde..b7a47563 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml +++ b/roles/custom/matrix-bot-matrix-registration-bot/tasks/validate_config.yml @@ -5,6 +5,13 @@ msg: >- You need to define a required configuration setting (`{{ item }}`). when: "vars[item] == ''" + with_items: + - "matrix_bot_matrix_registration_bot_bot_password" + +- name: (Deprecation) Catch and report old settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot. + when: "item in vars" with_items: - "matrix_bot_matrix_registration_bot_bot_access_token" - - "matrix_bot_matrix_registration_bot_api_token" diff --git a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 index 756efb01..4a2242aa 100644 --- a/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 +++ b/roles/custom/matrix-bot-matrix-registration-bot/templates/config/config.yml.j2 @@ -1,12 +1,16 @@ bot: server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }} username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }} - access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }} + password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }} + api: # API endpoint of the registration tokens base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }} # Access token of an administrator on the server +{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %} token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }} +{% endif %} + logging: level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }} From 6666d230795fa1efb1cda13c7f868f282a1ed7fc Mon Sep 17 00:00:00 2001 From: ThellraAK Date: Tue, 25 Jul 2023 00:04:02 -0800 Subject: [PATCH 08/90] Remove file logging, and add existing log level variable to config --- .../templates/config.yaml.j2 | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 index a17f6cd1..6dc136bb 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 +++ b/roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2 @@ -286,13 +286,7 @@ bridge: # Logging config. See https://github.com/tulir/zeroconfig for details. logging: - min_level: debug + min_level: {{ matrix_mautrix_gmessages_logging_level }} writers: - - type: stdout - format: pretty-colored - - type: file - format: json - filename: ./logs/mautrix-gmessages.log - max_size: 100 - max_backups: 10 - compress: true + - type: stdout + format: pretty-colored From 02de889656eee73bd457a2c39d9894d99001a2ac Mon Sep 17 00:00:00 2001 From: wuast94 Date: Tue, 25 Jul 2023 12:35:51 +0200 Subject: [PATCH 09/90] Fix Variable Registration bot variable need to be named: matrix_bot_matrix_registration_bot_bot_password and not: matrix_bot_matrix_registration_bot_password Dont know if it need fixed in every rule or just change the docs --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index f0bffc85..babfd268 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -25,7 +25,7 @@ matrix_bot_matrix_registration_bot_enabled: true # matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot # Generate a strong password here. Consider generating it with `pwgen -s 64 1` -matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT +matrix_bot_matrix_registration_bot_bot_password: PASSWORD_FOR_THE_BOT # Enables registration matrix_synapse_enable_registration: true From 9703d1d1e5866e781168fd3255f26103b6de9020 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 25 Jul 2023 17:28:30 +0300 Subject: [PATCH 10/90] Upgrade Traefik (v2.10.3-0 -> v2.10.4-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 91912c90..4f2fd7f8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.3-0 + version: v2.10.4-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 52ed1f7a0bb4adf39842965892bc78b1a5e88602 Mon Sep 17 00:00:00 2001 From: greentore <117551249+greentore@users.noreply.github.com> Date: Tue, 25 Jul 2023 19:26:20 +0200 Subject: [PATCH 11/90] Update Element logo location --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 9199a1d5..123cbd32 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -159,7 +159,7 @@ matrix_client_element_welcome_user_id: ~ matrix_client_element_brand: "Element" # URL to Logo on welcome page -matrix_client_element_welcome_logo: "welcome/images/logo.svg" +matrix_client_element_welcome_logo: "themes/element/img/logos/element-logo.svg" # URL of link on welcome image matrix_client_element_welcome_logo_link: "https://element.io" From ae2f67e15f5dd5a5fe88b64a837348d7fdd3cc7f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jul 2023 15:27:38 +0300 Subject: [PATCH 12/90] Make maubot communicate with the homeserver via the container network Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2791 --- roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 index 49bbcb87..7750ec9a 100644 --- a/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 +++ b/roles/custom/matrix-bot-maubot/templates/config/config.yaml.j2 @@ -60,7 +60,7 @@ server: homeservers: {{ matrix_domain }}: # Client-server API URL - url: "https://{{ matrix_server_fqn_matrix }}" + url: {{ matrix_homeserver_container_url | to_json }} # registration_shared_secret from synapse config # You can leave this empty if you don't have access to the homeserver. # When this is empty, `mbc auth --register` won't work, but `mbc auth` (login) will. From 08b433a8f7b02b5f3fc88dfc3b2f85f2feb1730c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 26 Jul 2023 19:50:18 +0300 Subject: [PATCH 13/90] Upgrade Grafana (v10.0.2-1 -> v10.0.3-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 4f2fd7f8..1ef1f4da 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.1.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.2-1 + version: v10.0.3-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi From ba1d665bd993cc07f2b3a2a5077804cc3b5719ea Mon Sep 17 00:00:00 2001 From: Alexis Yushin Date: Thu, 27 Jul 2023 11:26:15 +0200 Subject: [PATCH 14/90] make smtp tls configurable / optional --- .gitignore | 1 + .../custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- roles/custom/matrix-synapse/vars/main.yml | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 42187739..6b56900a 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /roles/**/files/scratchpad .DS_Store .python-version +.idea/ flake.lock # ignore roles pulled by ansible-galaxy diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index f42f6e30..e12bdb19 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2351,7 +2351,7 @@ email: # must present a certificate that is valid for 'smtp_host'. If this option # is set to false, TLS will not be used. # - #enable_tls: false + enable_tls: {{ matrix_synapse_email_smtp_enable_tls|to_json }} # notif_from defines the "From" address to use when sending emails. # It must be set if email sending is enabled. diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 9ac7afeb..a12b4401 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -5,6 +5,9 @@ matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}" +# Optionally: `false` to fully disable tls on outbound smtp +matrix_synapse_email_smtp_enable_tls: true + # A Synapse generic worker can handle both federation and client-server API endpoints. # We wish to split these, as we normally serve federation separately and don't want them mixed up. # From 92ea0480805a11c17fc9535332f0a9d2a27d8ac7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 08:40:43 +0300 Subject: [PATCH 15/90] Add some missing install-all/install-synapse tags to Synapse role --- .../matrix-synapse/tasks/ext/setup_install.yml | 14 ++++++++++++++ .../custom/matrix-synapse/tasks/setup_install.yml | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml index 0d887939..4adb6566 100644 --- a/roles/custom/matrix-synapse/tasks/ext/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/setup_install.yml @@ -4,6 +4,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_encryption_disabler_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml" @@ -12,6 +14,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" @@ -20,6 +24,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" @@ -28,6 +34,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_password_provider_ldap_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml" @@ -36,6 +44,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml" @@ -44,6 +54,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml" @@ -52,6 +64,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml" diff --git a/roles/custom/matrix-synapse/tasks/setup_install.yml b/roles/custom/matrix-synapse/tasks/setup_install.yml index 378a0dee..a2185da5 100644 --- a/roles/custom/matrix-synapse/tasks/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/setup_install.yml @@ -26,6 +26,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml" @@ -34,6 +36,8 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_synapse_workers_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml" @@ -41,12 +45,16 @@ - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" - tags: - setup-all - setup-synapse + - install-all + - install-synapse block: - when: matrix_s3_media_store_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" From 621578399fe1e400b67140a8e5e18e226dfc3da4 Mon Sep 17 00:00:00 2001 From: "System user; root" Date: Thu, 27 Jul 2023 23:00:59 -0800 Subject: [PATCH 16/90] Adding variable for messing with the prompt and setting the default to the example --- roles/custom/matrix-bot-chatgpt/defaults/main.yml | 2 ++ roles/custom/matrix-bot-chatgpt/templates/env.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/custom/matrix-bot-chatgpt/defaults/main.yml b/roles/custom/matrix-bot-chatgpt/defaults/main.yml index 00eae167..298437ca 100644 --- a/roles/custom/matrix-bot-chatgpt/defaults/main.yml +++ b/roles/custom/matrix-bot-chatgpt/defaults/main.yml @@ -88,3 +88,5 @@ matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true # matrix_bot_chatgpt_environment_variables_extension: | # chatgpt_TEXT_DONE=Done matrix_bot_chatgpt_environment_variables_extension: '' + +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' diff --git a/roles/custom/matrix-bot-chatgpt/templates/env.j2 b/roles/custom/matrix-bot-chatgpt/templates/env.j2 index bc8c3866..d9ca2d50 100644 --- a/roles/custom/matrix-bot-chatgpt/templates/env.j2 +++ b/roles/custom/matrix-bot-chatgpt/templates/env.j2 @@ -25,6 +25,8 @@ MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }} MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }} MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }} +CHATGPT_PROMPT_PREFIX={{ matrix_bot_chatgpt_matrix_bot_prompt_prefix }} + DATA_PATH=/data/ {{ matrix_bot_chatgpt_environment_variables_extension }} From 0a6b934a44a4f2a6a7d0f146b026d4aeb66024f7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 17:17:48 +0300 Subject: [PATCH 17/90] Rename Element configuration key (preferredDomain -> preferred_domain) Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1655758296 --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++-- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 45c3ea2a..e3a3172e 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -20,10 +20,10 @@ {% endif %} {% if matrix_client_element_jitsi_preferredDomain %}, "io.element.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 6f2498fd..c0d11abd 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -35,7 +35,7 @@ }, {% if matrix_client_element_jitsi_preferredDomain %} "jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} From f3445c124c088b0122ee0bb8dd7ae327c96a7fb4 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 17:26:05 +0300 Subject: [PATCH 18/90] Fix Traefik support for matrix-user-verification-service Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1655758296 --- group_vars/matrix_servers | 21 ++++++++++++------- .../defaults/main.yml | 8 +++++++ .../tasks/setup_install.yml | 5 +++++ ...atrix-user-verification-service.service.j2 | 10 +++++++-- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index bf9928d0..74f382fa 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4172,13 +4172,20 @@ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_serv matrix_user_verification_service_enabled: false matrix_user_verification_service_systemd_required_services_list: | - {{ - ['docker.service'] - + - (['matrix-synapse.service'] if matrix_synapse_enabled else []) - + - ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) - }} + {{ + ['docker.service'] + + + (['matrix-' + matrix_homeserver_implementation + '.service']) + }} + +matrix_user_verification_service_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([matrix_homeserver_container_network] if matrix_homeserver_container_network != matrix_user_verification_service_container_network else []) + ) | unique + }} # If Jitsi is managed by this playbook we can use the docker network - no need to expose a port. # If Jitsi is not managed by this playbook, or you otherwise have a need for it, you can expose diff --git a/roles/custom/matrix-user-verification-service/defaults/main.yml b/roles/custom/matrix-user-verification-service/defaults/main.yml index 5b3611b8..b553ad12 100644 --- a/roles/custom/matrix-user-verification-service/defaults/main.yml +++ b/roles/custom/matrix-user-verification-service/defaults/main.yml @@ -18,6 +18,14 @@ matrix_user_verification_service_docker_image_name_prefix: "{{ matrix_container_ matrix_user_verification_service_docker_image: "{{ matrix_user_verification_service_docker_image_name_prefix }}matrixdotorg/matrix-user-verification-service:{{ matrix_user_verification_service_version }}" matrix_user_verification_service_docker_image_force_pull: "{{ matrix_user_verification_service_docker_image.endswith(':latest') }}" +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_user_verification_service_container_network: "{{ matrix_docker_network }}" + +# A list of additional container networks that the container would be connected to. +# The role does not create these networks, so make sure they already exist. +# Use this to expose this container to another reverse proxy, which runs in a different container network. +matrix_user_verification_service_container_additional_networks: [] + matrix_user_verification_service_container_name: "matrix-user-verification-service" # This will be set in group vars matrix_user_verification_service_container_http_host_bind_port: '' diff --git a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml index 185b4b64..54d5d979 100644 --- a/roles/custom/matrix-user-verification-service/tasks/setup_install.yml +++ b/roles/custom/matrix-user-verification-service/tasks/setup_install.yml @@ -30,6 +30,11 @@ group: "{{ matrix_user_groupname }}" mode: 0644 +- name: Ensure matrix-user-verification-service container network is created + community.general.docker_network: + name: "{{ matrix_user_verification_service_container_network }}" + driver: bridge + - name: Ensure matrix-user-verification-service.service installed ansible.builtin.template: src: "{{ role_path }}/templates/systemd/matrix-user-verification-service.service.j2" diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index eb24b128..d42dc2d9 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -17,12 +17,14 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' -ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {{ matrix_user_verification_service_container_name }}\ +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ + --rm \ + --name={{ matrix_user_verification_service_container_name }}\ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ - --network={{ matrix_docker_network }} \ + --network={{ matrix_user_verification_service_container_network }} \ {% if matrix_user_verification_service_container_http_host_bind_port %} -p {{ matrix_user_verification_service_container_http_host_bind_port }}:3000 \ {% endif %} @@ -32,6 +34,10 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name {% endfor %} {{ matrix_user_verification_service_docker_image }} +{% for network in matrix_user_verification_service_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} {{ matrix_user_verification_service_container_name }} +{% endfor %} + ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill {{ matrix_user_verification_service_container_name }} 2>/dev/null' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm {{ matrix_user_verification_service_container_name }} 2>/dev/null' Restart=always From 06e2ab94fdebba0ad2be29307986f66828436548 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 28 Jul 2023 20:53:44 +0300 Subject: [PATCH 19/90] Add missing space Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2375#issuecomment-1656064975 --- .../systemd/matrix-user-verification-service.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 index d42dc2d9..68398263 100644 --- a/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 +++ b/roles/custom/matrix-user-verification-service/templates/systemd/matrix-user-verification-service.service.j2 @@ -19,7 +19,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \ --rm \ - --name={{ matrix_user_verification_service_container_name }}\ + --name={{ matrix_user_verification_service_container_name }} \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ From 4a1ed92671d860f3c41cfeee56da6a11c47147b0 Mon Sep 17 00:00:00 2001 From: wuast94 Date: Sun, 30 Jul 2023 04:50:05 +0200 Subject: [PATCH 20/90] Add system promt variable to docs Added the system promt variable and added a bit information for beginners --- docs/configuring-playbook-bot-chatgpt.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuring-playbook-bot-chatgpt.md b/docs/configuring-playbook-bot-chatgpt.md index fa7972ca..72171f28 100644 --- a/docs/configuring-playbook-bot-chatgpt.md +++ b/docs/configuring-playbook-bot-chatgpt.md @@ -43,6 +43,11 @@ matrix_bot_chatgpt_openai_api_key: '' # Matrix access token (from bot user above) # see: https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix matrix_bot_chatgpt_matrix_access_token: '' + +# Configuring the system promt used, needed if the bot is used for special tasks. +# More information: https://github.com/mustvlad/ChatGPT-System-Prompts +matrix_bot_chatgpt_matrix_bot_prompt_prefix: 'Instructions:\nYou are ChatGPT, a large language model trained by OpenAI.' + ``` You will need to get tokens for ChatGPT. From 8eac642a2d9bfce0ba436f4c29f33746ec65af19 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 30 Jul 2023 22:41:45 +0300 Subject: [PATCH 21/90] Upgrade Heisenbridge (1.14.3 -> 1.14.4) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index 5dfe3810..cba4d631 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.3 +matrix_heisenbridge_version: 1.14.4 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From e7bc6b3729340040dccb7afbe0a5687781fb5467 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:40:29 +0300 Subject: [PATCH 22/90] Upgrade appservice-slack (2.0.2 -> 2.1.2) Related to https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index 6fb6d7e7..a3ea586b 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_slack_docker_src_files_path: "{{ matrix_base_data_path }}/apps # matrix_appservice_slack_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_slack_version: 2.0.2 +matrix_appservice_slack_version: 2.1.2 matrix_appservice_slack_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-slack:{{ matrix_appservice_slack_docker_image_tag }}" matrix_appservice_slack_docker_image_tag: "{{ 'latest' if matrix_appservice_slack_version == 'latest' else ('release-' + matrix_appservice_slack_version) }}" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" From bfe89df323c55ee3a2de2590d99b48f14a6e3d4e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:41:02 +0300 Subject: [PATCH 23/90] Upgrade appservice-irc (0.38.0 -> 1.0.1) Related to: https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-appservice-irc/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index b6e6f119..2611da8a 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -11,7 +11,7 @@ matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appser # matrix_appservice_irc_version used to contain the full Docker image tag (e.g. `release-X.X.X`). # It's a bare version number now. We try to somewhat retain compatibility below. -matrix_appservice_irc_version: 0.38.0 +matrix_appservice_irc_version: 1.0.1 matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_docker_image_tag }}" matrix_appservice_irc_docker_image_tag: "{{ 'latest' if matrix_appservice_irc_version == 'latest' else ('release-' + matrix_appservice_irc_version) }}" matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" From 2a56fe09c336bdffd938580266ffb1b6c9961524 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 31 Jul 2023 18:41:25 +0300 Subject: [PATCH 24/90] Upgrade Hookshot (4.4.0 -> 4.4.1) Related to: https://matrix.org/blog/2023/07/bridges-security-updates/ --- roles/custom/matrix-bridge-hookshot/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-hookshot/defaults/main.yml b/roles/custom/matrix-bridge-hookshot/defaults/main.yml index 3c1ba519..491bf318 100644 --- a/roles/custom/matrix-bridge-hookshot/defaults/main.yml +++ b/roles/custom/matrix-bridge-hookshot/defaults/main.yml @@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git" matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}" -matrix_hookshot_version: 4.4.0 +matrix_hookshot_version: 4.4.1 matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}" matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}" From df406dbfd85039e0687847e41fcf803204a4bd23 Mon Sep 17 00:00:00 2001 From: adam-kress Date: Tue, 1 Aug 2023 08:12:35 -0400 Subject: [PATCH 25/90] Update synapse 1.88.0 -> 1.89.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 48d8e8d9..0e37be32 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.88.0 +matrix_synapse_version: v1.89.0 matrix_synapse_username: '' matrix_synapse_uid: '' From 2bd9d2a142c27de163442bed9c80afd260c91e02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julian-Samuel=20Geb=C3=BChr?= Date: Tue, 1 Aug 2023 14:48:56 +0200 Subject: [PATCH 26/90] docs: Remove mention of access token --- docs/configuring-playbook-bot-matrix-registration-bot.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configuring-playbook-bot-matrix-registration-bot.md b/docs/configuring-playbook-bot-matrix-registration-bot.md index babfd268..66b3e576 100644 --- a/docs/configuring-playbook-bot-matrix-registration-bot.md +++ b/docs/configuring-playbook-bot-matrix-registration-bot.md @@ -14,8 +14,6 @@ does and why it might be useful to you. To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file: -For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - ```yaml matrix_bot_matrix_registration_bot_enabled: true From 1b9a20bc2e2a6423ef336825376828efa4b8e724 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 1 Aug 2023 20:11:51 +0300 Subject: [PATCH 27/90] Update element 1.11.36 -> 1.11.37 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 123cbd32..f62ee35a 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.36 +matrix_client_element_version: v1.11.37 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 9d08d8e32ef5204736cf5b34b033481311c26413 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 2 Aug 2023 21:53:00 +0300 Subject: [PATCH 28/90] Update honoroit 0.9.17 -> 0.9.18 --- roles/custom/matrix-bot-honoroit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index 90ffa0c6..b190c3b7 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -20,7 +20,7 @@ matrix_bot_honoroit_docker_repo: "https://gitlab.com/etke.cc/honoroit.git" matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src" -matrix_bot_honoroit_version: v0.9.17 +matrix_bot_honoroit_version: v0.9.18 matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}" matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}" matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}" From 90e39875258c53ec4542be6da4bb32ba09597623 Mon Sep 17 00:00:00 2001 From: krassle <6473406+krassle@users.noreply.github.com> Date: Fri, 4 Aug 2023 16:10:23 +0200 Subject: [PATCH 29/90] Upgrade Element 1.11.37 -> 1.11.38 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f62ee35a..39750ab0 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.37 +matrix_client_element_version: v1.11.38 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 6d9a990657f3adbe9d89776a6ccc0078ecad14c7 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 4 Aug 2023 17:51:12 +0300 Subject: [PATCH 30/90] Partially revert (preferredDomain -> preferred_domain) renaming Partially reverts 0a6b934a44a4f. `preferred_domain` is only used by Element and does not apply to the `/.well-known/matrix/client` file. --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index e3a3172e..45c3ea2a 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -20,10 +20,10 @@ {% endif %} {% if matrix_client_element_jitsi_preferredDomain %}, "io.element.jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} }, "im.vector.riot.jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, From 4dfaeed4a1b8c90ca42bb0d1b49041cbe2c13493 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 5 Aug 2023 00:23:10 +0300 Subject: [PATCH 31/90] Update borg role v1.2.4-1.7.15-1 -> v1.2.4-1.7.15-2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1ef1f4da..cc3f912c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-1 + version: v1.2.4-1.7.15-2 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 4b61aca11e14e42672b83e08b63d3cb2f9a8e9b0 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 5 Aug 2023 09:01:33 +0300 Subject: [PATCH 32/90] Upgrade Prometheus (v2.45.0-0 -> v2.45.0-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 1ef1f4da..42a14670 100644 --- a/requirements.yml +++ b/requirements.yml @@ -42,7 +42,7 @@ - src: git+https://gitlab.com/etke.cc/roles/ntfy.git version: v2.6.2-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git - version: v2.45.0-0 + version: v2.45.0-1 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git version: v1.6.0-0 From b9b68c7110d256c72c06e6d6bd87285d81e8f52a Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sat, 5 Aug 2023 12:48:11 +0200 Subject: [PATCH 33/90] Upgrade sliding-sync (v0.99.4 -> v0.99.5) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index cfc55ecd..97301597 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.4 +matrix_sliding_sync_version: v0.99.5 matrix_sliding_sync_scheme: https From 1dfe7a3da83ed4570c1ea4564430a997fd6bb4dd Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat, 5 Aug 2023 14:09:35 +0300 Subject: [PATCH 34/90] Update backup-borg role --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index cc3f912c..23f45962 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-2 + version: v1.2.4-1.7.15-3 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From ccebbc07ca2ab931adde9e8fb12306949d0b6d2d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 6 Aug 2023 12:13:56 +0300 Subject: [PATCH 35/90] Upgrade Traefik (v2.10.4-0 -> v2.10.4-1) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 26d4f0c8..0ba980c3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -26,7 +26,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.timesync.git version: v1.0.0-0 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: v2.10.4-0 + version: v2.10.4-1 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git From 809316b16eb4a9b229c3b10c2fb1d239ed3c028b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:47:29 +0300 Subject: [PATCH 36/90] element-web camelCase renaming (showLabsSettings -> show_labs_settings) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- .../matrix-client-element/tasks/validate_config.yml | 9 +++++++++ .../matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 39750ab0..f64f302d 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -151,7 +151,7 @@ matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api" matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" -matrix_client_element_showLabsSettings: true # noqa var-naming +matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) matrix_client_element_roomdir_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index fdf42df7..50455cae 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -27,6 +27,15 @@ with_items: - {'old': 'matrix_riot_web_.*', 'new': 'matrix_client_element_.*'} +- name: (Deprecation) Catch and report renamed element-web settings + ansible.builtin.fail: + msg: >- + Your configuration contains a variable, which now has a different name. + Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). + when: "item.old in vars" + with_items: + - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} + - when: matrix_client_element_container_labels_traefik_enabled | bool block: - name: Fail if required matrix-client-element Traefik settings not defined diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index c0d11abd..5d510403 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -22,7 +22,7 @@ "integrations_widgets_urls": {{ matrix_client_element_integrations_widgets_urls | to_json }}, "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }}, - "showLabsSettings": {{ matrix_client_element_showLabsSettings | to_json }}, + "show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }}, "roomDirectory": { "servers": {{ matrix_client_element_roomdir_servers | to_json }} }, From c800af1bb62c6527c380fca1c9891c1c392cc57c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:48:22 +0300 Subject: [PATCH 37/90] element-web camelCase renaming (permalinkPrefix -> permalink_prefix) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f64f302d..3b1899cf 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -149,7 +149,7 @@ matrix_client_element_integrations_ui_url: "https://scalar.vector.im/" matrix_client_element_integrations_rest_url: "https://scalar.vector.im/api" matrix_client_element_integrations_widgets_urls: ["https://scalar.vector.im/api"] matrix_client_element_integrations_jitsi_widget_url: "https://scalar.vector.im/api/widgets/jitsi.html" -matrix_client_element_permalinkPrefix: "https://matrix.to" # noqa var-naming +matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 50455cae..425683b8 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -35,6 +35,7 @@ when: "item.old in vars" with_items: - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} + - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 5d510403..798faa1d 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -13,7 +13,7 @@ }, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, - "permalinkPrefix": {{ matrix_client_element_permalinkPrefix | string | to_json }}, + "permalink_prefix": {{ matrix_client_element_permalink_prefix | string | to_json }}, "disable_custom_urls": {{ matrix_client_element_disable_custom_urls | to_json }}, "disable_guests": {{ matrix_client_element_disable_guests | to_json }}, "brand": {{ matrix_client_element_brand | to_json }}, From bb90a59bbb1ab7889b88fd43d4625308306e7479 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:49:48 +0300 Subject: [PATCH 38/90] element-web camelCase renaming (roomDirectory -> room_directory) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3b1899cf..f238636b 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -153,7 +153,7 @@ matrix_client_element_permalink_prefix: "https://matrix.to" # noqa var-naming matrix_client_element_bug_report_endpoint_url: "https://element.io/bugreports/submit" matrix_client_element_show_lab_settings: true # noqa var-naming # Element public room directory server(s) -matrix_client_element_roomdir_servers: ['matrix.org'] +matrix_client_element_room_directory_servers: ['matrix.org'] matrix_client_element_welcome_user_id: ~ # Branding of Element matrix_client_element_brand: "Element" diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 425683b8..4f5fd0ee 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -36,6 +36,7 @@ with_items: - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} + - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 798faa1d..498b2580 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -23,8 +23,8 @@ "integrations_jitsi_widget_url": {{ matrix_client_element_integrations_jitsi_widget_url | string | to_json }}, "bug_report_endpoint_url": {{ matrix_client_element_bug_report_endpoint_url | to_json }}, "show_labs_settings": {{ matrix_client_element_show_lab_settings | to_json }}, - "roomDirectory": { - "servers": {{ matrix_client_element_roomdir_servers | to_json }} + "room_directory": { + "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, "welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} From d4e48a3a67c78be4e1ae6f5b0146aa176956d231 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:50:09 +0300 Subject: [PATCH 39/90] element-web camelCase renaming (welcomeUserId -> welcome_user_id) --- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 498b2580..77cf5b26 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -26,7 +26,7 @@ "room_directory": { "servers": {{ matrix_client_element_room_directory_servers | to_json }} }, - "welcomeUserId": {{ matrix_client_element_welcome_user_id | to_json }}, + "welcome_user_id": {{ matrix_client_element_welcome_user_id | to_json }}, {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} From c4f716624b0187912b47c171b9d609e8fb3c30dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:50:27 +0300 Subject: [PATCH 40/90] element-web camelCase renaming (embeddedPages -> embedded_pages) --- roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 77cf5b26..5465395d 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -30,7 +30,7 @@ {% if matrix_client_element_enable_presence_by_hs_url is not none %} "enable_presence_by_hs_url": {{ matrix_client_element_enable_presence_by_hs_url | to_json }}, {% endif %} - "embeddedPages": { + "embedded_pages": { "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }} }, {% if matrix_client_element_jitsi_preferredDomain %} From 38c9aa9369b21aa08e6b1aba0adde9793a3e7432 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:53:02 +0300 Subject: [PATCH 41/90] element-web camelCase renaming (settingDefault -> setting_defaults) --- docs/configuring-playbook-client-element.md | 2 +- roles/custom/matrix-client-element/defaults/main.yml | 4 ++-- roles/custom/matrix-client-element/tasks/prepare_themes.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/configuring-playbook-client-element.md b/docs/configuring-playbook-client-element.md index 1f90aca6..ec855601 100644 --- a/docs/configuring-playbook-client-element.md +++ b/docs/configuring-playbook-client-element.md @@ -32,7 +32,7 @@ Alternatively, **if there is no pre-defined variable** for an Element setting yo ## Themes -To change the look of Element, you can define your own themes manually by using the `matrix_client_element_settingDefaults_custom_themes` setting. +To change the look of Element, you can define your own themes manually by using the `matrix_client_element_setting_defaults_custom_themes` setting. Or better yet, you can automatically pull it all themes provided by the [aaronraimist/element-themes](https://github.com/aaronraimist/element-themes) project by simply flipping a flag (`matrix_client_element_themes_enabled: true`). diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index f238636b..133f9d94 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -207,14 +207,14 @@ matrix_client_element_themes_repository_version: master # Controls the default theme matrix_client_element_default_theme: 'light' -# Controls the `settingsDefault.custom_themes` setting of the Element configuration. +# Controls the `setting_defaults.custom_themes` setting of the Element configuration. # You can use this setting to define custom themes. # # Also, look at `matrix_client_element_themes_enabled` for a way to pull in a bunch of custom themes automatically. # If you define your own themes here and set `matrix_client_element_themes_enabled: true`, your themes will be preserved as well. # # Note that for a custom theme to work well, all Element instances that you use must have the same theme installed. -matrix_client_element_settingDefaults_custom_themes: [] # noqa var-naming +matrix_client_element_setting_defaults_custom_themes: [] # noqa var-naming # Default Element configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-client-element/tasks/prepare_themes.yml b/roles/custom/matrix-client-element/tasks/prepare_themes.yml index 70646c94..194335b2 100644 --- a/roles/custom/matrix-client-element/tasks/prepare_themes.yml +++ b/roles/custom/matrix-client-element/tasks/prepare_themes.yml @@ -30,7 +30,7 @@ - name: Load Element theme ansible.builtin.set_fact: - matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming + matrix_client_element_setting_defaults_custom_themes: "{{ matrix_client_element_setting_defaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming with_items: "{{ matrix_client_element_theme_file_contents.results }}" # diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 4f5fd0ee..e78bd4a7 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -37,6 +37,7 @@ - {'old': 'matrix_client_element_showLabsSettings', 'new': 'matrix_client_element_show_lab_settings'} - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} + - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 5465395d..9b5ff153 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -8,8 +8,8 @@ "base_url": {{ matrix_client_element_default_is_url | string | to_json }} } }, - "settingDefaults": { - "custom_themes": {{ matrix_client_element_settingDefaults_custom_themes | to_json }} + "setting_defaults": { + "custom_themes": {{ matrix_client_element_setting_defaults_custom_themes | to_json }} }, "default_theme": {{ matrix_client_element_default_theme | string | to_json }}, "default_country_code": {{ matrix_client_element_default_country_code | string | to_json }}, From e7c5eff924ffa97b7a9983740f874ecfc89c7390 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:54:48 +0300 Subject: [PATCH 42/90] element-web camelCase renaming (branding.authFooterLinks -> branding.auth_footer_links) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 133f9d94..3152dd72 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -169,7 +169,7 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col # Links, shown in footer of welcome page: # [{"text": "Link text", "url": "https://link.target"}, {"text": "Other link"}] -matrix_client_element_branding_authFooterLinks: ~ # noqa var-naming +matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming # URL to image, shown during Login matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e78bd4a7..52aba395 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -38,6 +38,7 @@ - {'old': 'matrix_client_element_permalinkPrefix', 'new': 'matrix_client_element_permalink_prefix'} - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} + - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 9b5ff153..66b236a9 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -42,7 +42,7 @@ "map_style_url": "https://{{ matrix_server_fqn_element }}/map_style.json", {% endif %} "branding": { - "authFooterLinks": {{ matrix_client_element_branding_authFooterLinks | to_json }}, + "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }}, "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} } From 1918519e07abf4ac98d083291d0406de084daa22 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:55:44 +0300 Subject: [PATCH 43/90] element-web camelCase renaming (branding.authHeaderLogoUrl -> branding.auth_header_logo_url) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 3152dd72..1873dda5 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -172,7 +172,7 @@ matrix_client_element_welcome_text: "_t('Decentralised, encrypted chat & col matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming # URL to image, shown during Login -matrix_client_element_branding_authHeaderLogoUrl: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming +matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 52aba395..216143c3 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -39,6 +39,7 @@ - {'old': 'matrix_client_element_roomdir_servers', 'new': 'matrix_client_element_room_directory_servers'} - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} + - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 66b236a9..d41523a7 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -43,7 +43,7 @@ {% endif %} "branding": { "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, - "authHeaderLogoUrl": {{ matrix_client_element_branding_authHeaderLogoUrl | to_json }}, + "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} } } From e9c0e90147e9502408d9fdcfe0620bd7cfced088 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:56:38 +0300 Subject: [PATCH 44/90] element-web camelCase renaming (branding.welcomeBackgroundUrl -> branding.welcome_background_url) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- roles/custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 1873dda5..ac163001 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -175,7 +175,7 @@ matrix_client_element_branding_auth_footer_links: ~ # noqa var-naming matrix_client_element_branding_auth_header_logo_url: "{{ matrix_client_element_welcome_logo }}" # noqa var-naming # URL to Wallpaper, shown in background of welcome page -matrix_client_element_branding_welcomeBackgroundUrl: ~ # noqa var-naming +matrix_client_element_branding_welcome_background_url: ~ # noqa var-naming matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/welcome.html.j2" diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index 216143c3..e2241b74 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -40,6 +40,7 @@ - {'old': 'matrix_client_element_settingDefaults_custom_themes', 'new': 'matrix_client_element_setting_defaults_custom_themes'} - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} + - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index d41523a7..883c89bf 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -44,6 +44,6 @@ "branding": { "auth_footer_links": {{ matrix_client_element_branding_auth_footer_links | to_json }}, "auth_header_logo_url": {{ matrix_client_element_branding_auth_header_logo_url | to_json }}, - "welcomeBackgroundUrl": {{ matrix_client_element_branding_welcomeBackgroundUrl | to_json }} + "welcome_background_url": {{ matrix_client_element_branding_welcome_background_url | to_json }} } } From ae12ab5c24a85ac8defaf7d20a75d9b9258f6b50 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 10 Aug 2023 15:57:29 +0300 Subject: [PATCH 45/90] Rename variable (matrix_client_element_jitsi_preferredDomain -> matrix_client_element_jitsi_preferredDomain) --- group_vars/matrix_servers | 2 +- roles/custom/matrix-base/defaults/main.yml | 2 +- .../templates/static-files/well-known/matrix-client.j2 | 6 +++--- roles/custom/matrix-client-element/defaults/main.yml | 2 +- .../custom/matrix-client-element/tasks/validate_config.yml | 1 + roles/custom/matrix-client-element/templates/config.json.j2 | 4 ++-- 6 files changed, 9 insertions(+), 8 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 74f382fa..114fc09f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3341,7 +3341,7 @@ matrix_client_element_enable_presence_by_hs_url: | matrix_client_element_welcome_user_id: ~ -matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" +matrix_client_element_jitsi_preferred_domain: "{{ matrix_server_fqn_jitsi if jitsi_enabled else '' }}" ###################################################################### # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 637ce3bb..8642ace2 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -158,7 +158,7 @@ matrix_integration_manager_ui_url: ~ # The domain name where a Jitsi server is self-hosted. # If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server. # See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether Element should use End-to-End Encryption by default. # Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE. diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 45c3ea2a..4de91a37 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -18,12 +18,12 @@ ] } {% endif %} - {% if matrix_client_element_jitsi_preferredDomain %}, + {% if matrix_client_element_jitsi_preferred_domain %}, "io.element.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} }, "im.vector.riot.jitsi": { - "preferredDomain": {{ matrix_client_element_jitsi_preferredDomain|to_json }} + "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} } {% endif %} {% if matrix_sliding_sync_enabled %}, diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index ac163001..917738ae 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -183,7 +183,7 @@ matrix_client_element_page_template_welcome_path: "{{ role_path }}/templates/wel # point this to a `home.html` template file on your local filesystem. matrix_client_element_embedded_pages_home_path: ~ -matrix_client_element_jitsi_preferredDomain: '' # noqa var-naming +matrix_client_element_jitsi_preferred_domain: '' # noqa var-naming # Controls whether the self-check feature should validate SSL certificates. matrix_client_element_self_check_validate_certificates: true diff --git a/roles/custom/matrix-client-element/tasks/validate_config.yml b/roles/custom/matrix-client-element/tasks/validate_config.yml index e2241b74..dc6c9f5a 100644 --- a/roles/custom/matrix-client-element/tasks/validate_config.yml +++ b/roles/custom/matrix-client-element/tasks/validate_config.yml @@ -41,6 +41,7 @@ - {'old': 'matrix_client_element_branding_authFooterLinks', 'new': 'matrix_client_element_branding_auth_footer_links'} - {'old': 'matrix_client_element_branding_authHeaderLogoUrl', 'new': 'matrix_client_element_branding_auth_header_logo_url'} - {'old': 'matrix_client_element_branding_welcomeBackgroundUrl', 'new': 'matrix_client_element_branding_welcome_background_url'} + - {'old': 'matrix_client_element_jitsi_preferredDomain', 'new': 'matrix_client_element_jitsi_preferred_domain'} - when: matrix_client_element_container_labels_traefik_enabled | bool block: diff --git a/roles/custom/matrix-client-element/templates/config.json.j2 b/roles/custom/matrix-client-element/templates/config.json.j2 index 883c89bf..180a8f81 100644 --- a/roles/custom/matrix-client-element/templates/config.json.j2 +++ b/roles/custom/matrix-client-element/templates/config.json.j2 @@ -33,9 +33,9 @@ "embedded_pages": { "homeUrl": {{ matrix_client_element_embedded_pages_home_url | string | to_json }} }, - {% if matrix_client_element_jitsi_preferredDomain %} + {% if matrix_client_element_jitsi_preferred_domain %} "jitsi": { - "preferred_domain": {{ matrix_client_element_jitsi_preferredDomain | to_json }} + "preferred_domain": {{ matrix_client_element_jitsi_preferred_domain | to_json }} }, {% endif %} {% if matrix_client_element_location_sharing_enabled %} From 62a086d3e2fc7fcb3a8e47cdccac7fadd8efad85 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 10 Aug 2023 20:30:11 +0200 Subject: [PATCH 46/90] Update conduit 0.5.0 -> 0.6.0 --- roles/custom/matrix-conduit/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-conduit/defaults/main.yml b/roles/custom/matrix-conduit/defaults/main.yml index 7673a7d2..862e55c2 100644 --- a/roles/custom/matrix-conduit/defaults/main.yml +++ b/roles/custom/matrix-conduit/defaults/main.yml @@ -6,7 +6,7 @@ matrix_conduit_enabled: true matrix_conduit_docker_image: "{{ matrix_conduit_docker_image_name_prefix }}matrixconduit/matrix-conduit:{{ matrix_conduit_docker_image_tag }}" matrix_conduit_docker_image_name_prefix: "docker.io/" -matrix_conduit_docker_image_tag: "v0.5.0" +matrix_conduit_docker_image_tag: "v0.6.0" matrix_conduit_docker_image_force_pull: "{{ matrix_conduit_docker_image.endswith(':latest') }}" matrix_conduit_base_path: "{{ matrix_base_data_path }}/conduit" From 9faa65f05914baa75a5eab06aa429d116c5eefe7 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Thu, 10 Aug 2023 22:07:33 +0200 Subject: [PATCH 47/90] Advertise sliding-sync support when using conduit Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. https://gitlab.com/famedly/conduit/-/releases/v0.6.0 https://gitlab.com/famedly/conduit/-/merge_requests/501 --- .../templates/static-files/well-known/matrix-client.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 4de91a37..549bfc8a 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -30,6 +30,10 @@ "org.matrix.msc3575.proxy": { "url": "{{ matrix_sliding_sync_base_url }}" } + {% elif matrix_homeserver_implementation == 'conduit' %}, + "org.matrix.msc3575.proxy": { + "url": "{{ matrix_homeserver_url }}" + } {% endif %} {% if matrix_client_element_location_sharing_enabled %}, "m.tile_server": { From 837cca4ee16d989f4b336232b13665fcb319af31 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:13:49 +0000 Subject: [PATCH 48/90] Move sliding sync url logic out of matrix-client.j2 --- group_vars/matrix_servers | 4 ++++ roles/custom/matrix-base/defaults/main.yml | 6 ++++++ .../templates/static-files/well-known/matrix-client.j2 | 8 ++------ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 114fc09f..1273280e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4018,6 +4018,8 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" + ###################################################################### # # /matrix-sliding-sync @@ -4107,6 +4109,8 @@ matrix_conduit_systemd_required_services_list: | (['docker.service']) }} +# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. +matrix_homeserver_sliding_sync_url: "{{ matrix_homeserver_url if matrix_conduit_enabled and not matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" ###################################################################### # diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 8642ace2..bb0d579f 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -150,6 +150,12 @@ matrix_homeserver_container_url: "" # This likely gets overriden elsewhere. matrix_homeserver_container_federation_url: "" +# Specifies the public url of the Sync v3 (sliding-sync) API. +# This will be used to set the `org.matrix.msc3575.proxy` property in `/.well-known/matrix/client`. +# Once the API is stabilized, this will no longer be required. +# See MSC3575: https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/sync-v3/proposals/3575-sync.md +matrix_homeserver_sliding_sync_url: "" + matrix_identity_server_url: ~ matrix_integration_manager_rest_url: ~ diff --git a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 index 549bfc8a..96c301a8 100644 --- a/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 +++ b/roles/custom/matrix-base/templates/static-files/well-known/matrix-client.j2 @@ -26,13 +26,9 @@ "preferredDomain": {{ matrix_client_element_jitsi_preferred_domain|to_json }} } {% endif %} - {% if matrix_sliding_sync_enabled %}, + {% if matrix_homeserver_sliding_sync_url %}, "org.matrix.msc3575.proxy": { - "url": "{{ matrix_sliding_sync_base_url }}" - } - {% elif matrix_homeserver_implementation == 'conduit' %}, - "org.matrix.msc3575.proxy": { - "url": "{{ matrix_homeserver_url }}" + "url": "{{ matrix_homeserver_sliding_sync_url }}" } {% endif %} {% if matrix_client_element_location_sharing_enabled %}, From 28b736fc9d6b39c28165477dc9d73d769edd7818 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:30:22 +0000 Subject: [PATCH 49/90] docs: conduit sliding sync support --- docs/configuring-playbook-sliding-sync-proxy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuring-playbook-sliding-sync-proxy.md b/docs/configuring-playbook-sliding-sync-proxy.md index a0eb36ba..a7aab981 100644 --- a/docs/configuring-playbook-sliding-sync-proxy.md +++ b/docs/configuring-playbook-sliding-sync-proxy.md @@ -12,6 +12,7 @@ Element X Android requires manual compilation to get it working with a non-`matr **NOTE**: The Sliding Sync proxy **only works with the Traefik reverse-proxy**. If you have an old server installation (from the time `matrix-nginx-proxy` was our default reverse-proxy - `matrix_playbook_reverse_proxy_type: playbook-managed-nginx`), you won't be able to use Sliding Sync. +**NOTE**: The sliding-sync proxy is **not required** when using the **Conduit homeserver**. Starting from version `0.6.0` Conduit has native support for some sliding sync features. If there are issues with the native implementation, you might have a better experience when enabling the sliding-sync proxy anyway. ## Decide on a domain and path From e01a6f29720577675242c36ff6b7efe6f7c26e44 Mon Sep 17 00:00:00 2001 From: Samuel Meenzen Date: Fri, 11 Aug 2023 08:46:03 +0000 Subject: [PATCH 50/90] fix: `recursive loop detected in template string` error --- group_vars/matrix_servers | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1273280e..5accdd85 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -4018,7 +4018,8 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" -matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" +# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. +matrix_homeserver_sliding_sync_url: "{{ matrix_sliding_sync_base_url if matrix_sliding_sync_enabled else matrix_homeserver_url if matrix_conduit_enabled else '' }}" ###################################################################### # @@ -4109,9 +4110,6 @@ matrix_conduit_systemd_required_services_list: | (['docker.service']) }} -# Starting from version `0.6.0` conduit natively supports some sync v3 (sliding-sync) features. -matrix_homeserver_sliding_sync_url: "{{ matrix_homeserver_url if matrix_conduit_enabled and not matrix_sliding_sync_enabled else matrix_homeserver_sliding_sync_url }}" - ###################################################################### # # /matrix-conduit From 75d4b534844fbcb0df03ad34a2496115786d1529 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 15 Aug 2023 11:17:41 +0300 Subject: [PATCH 51/90] Upgrade ddclient (v3.10.0-ls126 -> v3.10.0-ls131) --- roles/custom/matrix-dynamic-dns/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dynamic-dns/defaults/main.yml b/roles/custom/matrix-dynamic-dns/defaults/main.yml index 6369f109..727dfd5b 100644 --- a/roles/custom/matrix-dynamic-dns/defaults/main.yml +++ b/roles/custom/matrix-dynamic-dns/defaults/main.yml @@ -7,7 +7,7 @@ matrix_dynamic_dns_enabled: true # The dynamic dns daemon interval matrix_dynamic_dns_daemon_interval: '300' -matrix_dynamic_dns_version: v3.10.0-ls126 +matrix_dynamic_dns_version: v3.10.0-ls131 # The docker container to use when in mode matrix_dynamic_dns_docker_image: "{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:{{ matrix_dynamic_dns_version }}" From 68562173e71ee9a9a4e341151b157ac5821f3a21 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Tue, 15 Aug 2023 22:37:35 +0800 Subject: [PATCH 52/90] bump synapse to v1.90.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 0e37be32..c48ff09c 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.89.0 +matrix_synapse_version: v1.90.0 matrix_synapse_username: '' matrix_synapse_uid: '' From f55d5be6c3746dfae6411f779c38ab667fd04a79 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 15 Aug 2023 20:59:54 +0300 Subject: [PATCH 53/90] Update Element 1.11.38 -> 1.11.39 --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 917738ae..b9a1aaba 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.38 +matrix_client_element_version: v1.11.39 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 8903b1e341b30c928950983c30fef9ac43cb85df Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Aug 2023 07:10:07 +0300 Subject: [PATCH 54/90] Upgrade Heisenbridge (1.14.4 -> 1.14.5) --- roles/custom/matrix-bridge-heisenbridge/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml index cba4d631..c81c4fe6 100644 --- a/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-heisenbridge/defaults/main.yml @@ -4,7 +4,7 @@ matrix_heisenbridge_enabled: true -matrix_heisenbridge_version: 1.14.4 +matrix_heisenbridge_version: 1.14.5 matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" From 4574ebbd31888c26dc72a9449e8b6c7427e8bc3f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 16 Aug 2023 09:17:32 +0300 Subject: [PATCH 55/90] Add notes about Dimension being unmaintained Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806 --- docs/configuring-playbook-dimension.md | 2 ++ docs/configuring-playbook.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 4472e103..cafe6f4d 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -3,6 +3,8 @@ **[Dimension](https://dimension.t2bot.io) can only be installed after Matrix services are installed and running.** If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later. +**Note**: Dimension is **[officially unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299)**. We recommend not bothering with installing it. + **Note**: This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environments. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Enabling Dimension, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. It's something to be aware of, especially in terms of firewall whitelisting (make sure port `8448` is accessible). diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index a4746a62..85ae79d7 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -30,7 +30,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins ### Additional useful services -- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional, but recommended; after [installing](installing.md)) +- [Setting up the Dimension Integration Manager](configuring-playbook-dimension.md) (optional; [unmaintained](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2806#issuecomment-1673559299); after [installing](installing.md)) - [Setting up the Jitsi video-conferencing platform](configuring-playbook-jitsi.md) (optional) From e7e81f7828911d19924c15c57b00e52655ed4861 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 16 Aug 2023 10:09:22 +0300 Subject: [PATCH 56/90] update nginx 1.25.1 -> 1.25.2 --- roles/custom/matrix-nginx-proxy/defaults/main.yml | 2 +- .../matrix-synapse-reverse-proxy-companion/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index d8d73a86..8767fee1 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -1,7 +1,7 @@ --- # Project source code URL: https://github.com/nginx/nginx matrix_nginx_proxy_enabled: true -matrix_nginx_proxy_version: 1.25.1-alpine +matrix_nginx_proxy_version: 1.25.2-alpine # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but diff --git a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml index 048ded6b..3a29791c 100644 --- a/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml +++ b/roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml @@ -25,7 +25,7 @@ matrix_synapse_reverse_proxy_companion_enabled: true -matrix_synapse_reverse_proxy_companion_version: 1.25.1-alpine +matrix_synapse_reverse_proxy_companion_version: 1.25.2-alpine matrix_synapse_reverse_proxy_companion_base_path: "{{ matrix_synapse_base_path }}/reverse-proxy-companion" matrix_synapse_reverse_proxy_companion_confd_path: "{{ matrix_synapse_reverse_proxy_companion_base_path }}/conf.d" From 4fb0a0222e78ad7adf95dc607e95c4253773fd33 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Wed, 16 Aug 2023 10:10:39 +0300 Subject: [PATCH 57/90] Update redis 7.0.10 -> 7.0.12 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 0ba980c3..0c85d199 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,4 +50,4 @@ version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.0.10-0 + version: v7.0.12-0 From 5da7b911f7e422fd91323711370d4d8407ff6238 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 16 Aug 2023 10:23:07 +0300 Subject: [PATCH 58/90] update docker role; update prometheus node exporter (1.6.0 -> 1.6.1) --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index 0c85d199..a44152a3 100644 --- a/requirements.yml +++ b/requirements.yml @@ -32,7 +32,7 @@ - src: git+https://gitlab.com/etke.cc/roles/etherpad.git version: v1.9.0-0 - src: git+https://github.com/geerlingguy/ansible-role-docker - version: 6.1.0 + version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git version: v10.0.3-0 @@ -45,7 +45,7 @@ version: v2.45.0-1 name: prometheus - src: git+https://gitlab.com/etke.cc/roles/prometheus_node_exporter.git - version: v1.6.0-0 + version: v1.6.1-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git version: v0.13.2-0 name: prometheus_postgres_exporter From afd3e1bd9d4c12f819e0fa09a6755a0b4a2e7170 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:38:06 +0300 Subject: [PATCH 59/90] Pin mautrix-gmessages to v0.1.0 Related to https://github.com/mautrix/gmessages/releases/tag/v0.1.0 --- roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 6a6c14b0..9448dfde 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_gmessages_container_image_self_build: false matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/mautrix/gmessages.git" matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}" -matrix_mautrix_gmessages_version: latest +matrix_mautrix_gmessages_version: v0.1.0 # See: https://mau.dev/mautrix/gmessages/container_registry matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}" matrix_mautrix_gmessages_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_gmessages_container_image_self_build else 'dock.mau.dev/' }}" From 33e56f44ca0b167a0c1d36d6ec8623aba4f9d517 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:38:49 +0300 Subject: [PATCH 60/90] Upgrade mautrix-whatsapp (0.9.0 -> 0.10.0) --- roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index a308811a..fb11bc69 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git" matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}" -matrix_mautrix_whatsapp_version: v0.9.0 +matrix_mautrix_whatsapp_version: v0.10.0 # See: https://mau.dev/mautrix/whatsapp/container_registry matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}" matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}" From c9a549b1f5359263302c2e97a6e5fdba4cfde191 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 17 Aug 2023 10:39:25 +0300 Subject: [PATCH 61/90] Upgrade mautrix-discord (0.6.0 -> 0.6.1) --- roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index f9b853bc..1f1e007a 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git" matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}" -matrix_mautrix_discord_version: v0.6.0 +matrix_mautrix_discord_version: v0.6.1 # See: https://mau.dev/mautrix/discord/container_registry matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}" matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}" From 221dd613f073d696c571dea6f78317f74370d4f5 Mon Sep 17 00:00:00 2001 From: Aine Date: Fri, 18 Aug 2023 01:41:30 +0300 Subject: [PATCH 62/90] update etherpad (1.9.0 -> 1.9.2); update ntfy (2.6.2 -> 2.7.0) --- requirements.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index a44152a3..7490bb6e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -30,7 +30,7 @@ - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git version: v2.8.1-0 - src: git+https://gitlab.com/etke.cc/roles/etherpad.git - version: v1.9.0-0 + version: v1.9.2-0 - src: git+https://github.com/geerlingguy/ansible-role-docker version: 6.2.0 name: geerlingguy.docker @@ -40,7 +40,7 @@ version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.6.2-0 + version: v2.7.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.45.0-1 name: prometheus From b7076719c72742f24c32522efc07452d80cb4d94 Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Fri, 18 Aug 2023 08:50:06 +0300 Subject: [PATCH 63/90] Update redis 7.0.12 -> 7.2.0 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 7490bb6e..af22b877 100644 --- a/requirements.yml +++ b/requirements.yml @@ -50,4 +50,4 @@ version: v0.13.2-0 name: prometheus_postgres_exporter - src: git+https://gitlab.com/etke.cc/roles/redis.git - version: v7.0.12-0 + version: v7.2.0-0 From e127e6f464f11c3eabd0692db1f5b400dbbc0b40 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Mon, 21 Aug 2023 14:46:25 +0200 Subject: [PATCH 64/90] Update Draupnir from 1.83.0 to 1.84.0 --- roles/custom/matrix-bot-draupnir/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-bot-draupnir/defaults/main.yml b/roles/custom/matrix-bot-draupnir/defaults/main.yml index bd0e2def..b7e56c34 100644 --- a/roles/custom/matrix-bot-draupnir/defaults/main.yml +++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml @@ -4,7 +4,7 @@ matrix_bot_draupnir_enabled: true -matrix_bot_draupnir_version: "v1.83.0" +matrix_bot_draupnir_version: "v1.84.0" matrix_bot_draupnir_container_image_self_build: false matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git" From a9518e721a186e2f23e3a8b67822746211641745 Mon Sep 17 00:00:00 2001 From: Catalan Lover Date: Mon, 21 Aug 2023 15:10:57 +0200 Subject: [PATCH 65/90] Add Arm64 as valid prebuilt container architecture for Draupnir --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 5accdd85..598a5cc1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2000,7 +2000,7 @@ matrix_bot_mjolnir_systemd_required_services_list: | # We don't enable bots by default. matrix_bot_draupnir_enabled: false -matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture != 'amd64' }}" +matrix_bot_draupnir_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_bot_draupnir_systemd_required_services_list: | {{ From 454cd836702679968305d64ff6b602eb8030b31a Mon Sep 17 00:00:00 2001 From: Aine <97398200+etkecc@users.noreply.github.com> Date: Tue, 22 Aug 2023 09:59:25 +0300 Subject: [PATCH 66/90] Update borgmatic 1.7.15 -> 1.8.2 --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index af22b877..28382d05 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,7 +4,7 @@ version: v1.0.0-1 name: auxiliary - src: git+https://gitlab.com/etke.cc/roles/backup_borg.git - version: v1.2.4-1.7.15-3 + version: v1.2.4-1.8.2-0 - src: git+https://github.com/devture/com.devture.ansible.role.container_socket_proxy.git version: v0.1.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.docker_sdk_for_python.git From 6427397486c647f65fef7853c3db0e7b4267f948 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 22 Aug 2023 19:38:11 +0300 Subject: [PATCH 67/90] Do not hardcode sslmode=disable to Postgres connection strings - make it configurable This is backward-compatible with what we had before. We're not changing the SSL mode - just making it configurable. Most components are defaulting to `sslmode=disable`, while some (`matrix-bot-matrix-reminder-bot` and others) do not specify an `sslmode` at all. We're making sslmode configurable, because certain external Postgres servers may be configured to require SSL encryption. In such cases `sslmode=disable` does not work and needs to be changed to `sslmode=require` or something else (`verify-ca`, `verify-full`, etc). --- .../matrix-bot-buscarron/defaults/main.yml | 3 ++- .../matrix-bot-honoroit/defaults/main.yml | 3 ++- .../custom/matrix-bot-maubot/defaults/main.yml | 3 ++- .../matrix-bot-postmoogle/defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- .../defaults/main.yml | 3 ++- roles/custom/matrix-dendrite/defaults/main.yml | 1 + .../templates/dendrite/dendrite.yaml.j2 | 18 +++++++++--------- .../custom/matrix-media-repo/defaults/main.yml | 3 ++- .../matrix-sliding-sync/defaults/main.yml | 3 ++- 22 files changed, 50 insertions(+), 29 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 7a31514b..85cea3f5 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -108,8 +108,9 @@ matrix_bot_buscarron_database_password: 'some-password' matrix_bot_buscarron_database_hostname: '' matrix_bot_buscarron_database_port: 5432 matrix_bot_buscarron_database_name: 'buscarron' +matrix_bot_buscarron_database_sslmode: disable -matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode=disable' +matrix_bot_buscarron_database_connection_string: 'postgres://{{ matrix_bot_buscarron_database_username }}:{{ matrix_bot_buscarron_database_password }}@{{ matrix_bot_buscarron_database_hostname }}:{{ matrix_bot_buscarron_database_port }}/{{ matrix_bot_buscarron_database_name }}?sslmode={{ matrix_bot_buscarron_database_sslmode }}' matrix_bot_buscarron_storage_database: "{{ { diff --git a/roles/custom/matrix-bot-honoroit/defaults/main.yml b/roles/custom/matrix-bot-honoroit/defaults/main.yml index b190c3b7..788b8066 100644 --- a/roles/custom/matrix-bot-honoroit/defaults/main.yml +++ b/roles/custom/matrix-bot-honoroit/defaults/main.yml @@ -105,8 +105,9 @@ matrix_bot_honoroit_database_password: 'some-password' matrix_bot_honoroit_database_hostname: '' matrix_bot_honoroit_database_port: 5432 matrix_bot_honoroit_database_name: 'honoroit' +matrix_bot_honoroit_database_sslmode: disable -matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode=disable' +matrix_bot_honoroit_database_connection_string: 'postgres://{{ matrix_bot_honoroit_database_username }}:{{ matrix_bot_honoroit_database_password }}@{{ matrix_bot_honoroit_database_hostname }}:{{ matrix_bot_honoroit_database_port }}/{{ matrix_bot_honoroit_database_name }}?sslmode={{ matrix_bot_honoroit_database_sslmode }}' matrix_bot_honoroit_storage_database: "{{ { diff --git a/roles/custom/matrix-bot-maubot/defaults/main.yml b/roles/custom/matrix-bot-maubot/defaults/main.yml index a31d8191..5b35b9d9 100644 --- a/roles/custom/matrix-bot-maubot/defaults/main.yml +++ b/roles/custom/matrix-bot-maubot/defaults/main.yml @@ -31,8 +31,9 @@ matrix_bot_maubot_database_password: ~ matrix_bot_maubot_database_hostname: '' matrix_bot_maubot_database_port: 5432 matrix_bot_maubot_database_name: matrix_bot_maubot +matrix_bot_maubot_database_sslmode: disable -matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode=disable +matrix_bot_maubot_database_connection_string: postgres://{{ matrix_bot_maubot_database_username }}:{{ matrix_bot_maubot_database_password }}@{{ matrix_bot_maubot_database_hostname }}:{{ matrix_bot_maubot_database_port }}/{{ matrix_bot_maubot_database_name }}?sslmode={{ matrix_bot_maubot_database_sslmode }} matrix_bot_maubot_database_uri: "{{ { diff --git a/roles/custom/matrix-bot-postmoogle/defaults/main.yml b/roles/custom/matrix-bot-postmoogle/defaults/main.yml index 0c9db2d7..56882bf1 100644 --- a/roles/custom/matrix-bot-postmoogle/defaults/main.yml +++ b/roles/custom/matrix-bot-postmoogle/defaults/main.yml @@ -45,8 +45,9 @@ matrix_bot_postmoogle_database_password: 'some-password' matrix_bot_postmoogle_database_hostname: '' matrix_bot_postmoogle_database_port: 5432 matrix_bot_postmoogle_database_name: 'postmoogle' +matrix_bot_postmoogle_database_sslmode: disable -matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode=disable' +matrix_bot_postmoogle_database_connection_string: 'postgres://{{ matrix_bot_postmoogle_database_username }}:{{ matrix_bot_postmoogle_database_password }}@{{ matrix_bot_postmoogle_database_hostname }}:{{ matrix_bot_postmoogle_database_port }}/{{ matrix_bot_postmoogle_database_name }}?sslmode={{ matrix_bot_postmoogle_database_sslmode }}' matrix_bot_postmoogle_storage_database: "{{ { diff --git a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml index 2611da8a..b0cf5bc4 100644 --- a/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-irc/defaults/main.yml @@ -33,10 +33,11 @@ matrix_appservice_irc_database_password: 'some-password' matrix_appservice_irc_database_hostname: '' matrix_appservice_irc_database_port: 5432 matrix_appservice_irc_database_name: matrix_appservice_irc +matrix_appservice_irc_database_sslmode: disable # This is just the Postgres connection string, if Postgres is used. # Naming clashes with `matrix_appservice_irc_database_connectionString` somewhat. -matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode=disable' +matrix_appservice_irc_database_connection_string: 'postgresql://{{ matrix_appservice_irc_database_username }}:{{ matrix_appservice_irc_database_password }}@{{ matrix_appservice_irc_database_hostname }}:{{ matrix_appservice_irc_database_port }}/{{ matrix_appservice_irc_database_name }}?sslmode={{ matrix_appservice_irc_database_sslmode }}' # This is what actually goes into `database.connectionString` for the bridge. matrix_appservice_irc_database_connectionString: |- # noqa var-naming diff --git a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml index a3ea586b..d8b10757 100644 --- a/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-appservice-slack/defaults/main.yml @@ -61,10 +61,11 @@ matrix_appservice_slack_database_password: 'some-passsword' matrix_appservice_slack_database_hostname: '' matrix_appservice_slack_database_port: 5432 matrix_appservice_slack_database_name: matrix_appservice_slack +matrix_appservice_slack_database_sslmode: disable # This is just the Postgres connection string, if Postgres is used. # Naming clashes with `matrix_appservice_slack_database_connectionString` somewhat. -matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode=disable' +matrix_appservice_slack_database_connection_string: 'postgresql://{{ matrix_appservice_slack_database_username }}:{{ matrix_appservice_slack_database_password }}@{{ matrix_appservice_slack_database_hostname }}:{{ matrix_appservice_slack_database_port }}/{{ matrix_appservice_slack_database_name }}?sslmode={{ matrix_appservice_slack_database_sslmode }}' # This is what actually goes into `database.connectionString` for the bridge. matrix_appservice_slack_database_connectionString: |- # noqa var-naming diff --git a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml index 75e9de55..a18740ad 100644 --- a/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml +++ b/roles/custom/matrix-bridge-beeper-linkedin/defaults/main.yml @@ -61,8 +61,9 @@ matrix_beeper_linkedin_database_password: 'some-password' matrix_beeper_linkedin_database_hostname: '' matrix_beeper_linkedin_database_port: 5432 matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' +matrix_beeper_linkedin_database_sslmode: disable -matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' +matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode={{ matrix_beeper_linkedin_database_sslmode }}' matrix_beeper_linkedin_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml index 477f2127..02ec422e 100644 --- a/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml +++ b/roles/custom/matrix-bridge-go-skype-bridge/defaults/main.yml @@ -59,8 +59,9 @@ matrix_go_skype_bridge_database_password: 'some-password' matrix_go_skype_bridge_database_hostname: '' matrix_go_skype_bridge_database_port: 5432 matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge' +matrix_go_skype_bridge_database_sslmode: disable -matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable' +matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode={{ matrix_go_skype_bridge_database_sslmode }}' matrix_go_skype_bridge_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml index 1f1e007a..36fd5fef 100644 --- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml @@ -70,8 +70,9 @@ matrix_mautrix_discord_database_password: 'some-password' matrix_mautrix_discord_database_hostname: '' matrix_mautrix_discord_database_port: 5432 matrix_mautrix_discord_database_name: 'matrix_mautrix_discord' +matrix_mautrix_discord_database_sslmode: disable -matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode=disable' +matrix_mautrix_discord_database_connection_string: 'postgresql://{{ matrix_mautrix_discord_database_username }}:{{ matrix_mautrix_discord_database_password }}@{{ matrix_mautrix_discord_database_hostname }}:{{ matrix_mautrix_discord_database_port }}/{{ matrix_mautrix_discord_database_name }}?sslmode={{ matrix_mautrix_discord_database_sslmode }}' matrix_mautrix_discord_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 9448dfde..8d5ce244 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mautrix_gmessages_database_password: 'some-password' matrix_mautrix_gmessages_database_hostname: '' matrix_mautrix_gmessages_database_port: 5432 matrix_mautrix_gmessages_database_name: 'matrix_mautrix_gmessages' +matrix_mautrix_gmessages_database_sslmode: disable -matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode=disable' +matrix_mautrix_gmessages_database_connection_string: 'postgresql://{{ matrix_mautrix_gmessages_database_username }}:{{ matrix_mautrix_gmessages_database_password }}@{{ matrix_mautrix_gmessages_database_hostname }}:{{ matrix_mautrix_gmessages_database_port }}/{{ matrix_mautrix_gmessages_database_name }}?sslmode={{ matrix_mautrix_gmessages_database_sslmode }}' matrix_mautrix_gmessages_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml index 2b6c7752..5266e25c 100644 --- a/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml @@ -66,8 +66,9 @@ matrix_mautrix_slack_database_password: 'some-password' matrix_mautrix_slack_database_hostname: '' matrix_mautrix_slack_database_port: 5432 matrix_mautrix_slack_database_name: 'matrix_mautrix_slack' +matrix_mautrix_slack_database_sslmode: disable -matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable' +matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode={{ matrix_mautrix_slack_database_sslmode }}' matrix_mautrix_slack_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index fb11bc69..9f630f51 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mautrix_whatsapp_database_password: 'some-password' matrix_mautrix_whatsapp_database_hostname: '' matrix_mautrix_whatsapp_database_port: 5432 matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' +matrix_mautrix_whatsapp_database_sslmode: disable -matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode=disable' +matrix_mautrix_whatsapp_database_connection_string: 'postgresql://{{ matrix_mautrix_whatsapp_database_username }}:{{ matrix_mautrix_whatsapp_database_password }}@{{ matrix_mautrix_whatsapp_database_hostname }}:{{ matrix_mautrix_whatsapp_database_port }}/{{ matrix_mautrix_whatsapp_database_name }}?sslmode={{ matrix_mautrix_whatsapp_database_sslmode }}' matrix_mautrix_whatsapp_appservice_database_type: "{{ { diff --git a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml index be691157..90ad2f0f 100644 --- a/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-discord/defaults/main.yml @@ -69,8 +69,9 @@ matrix_mx_puppet_discord_database_password: ~ matrix_mx_puppet_discord_database_hostname: '' matrix_mx_puppet_discord_database_port: 5432 matrix_mx_puppet_discord_database_name: matrix_mx_puppet_discord +matrix_mx_puppet_discord_database_sslmode: disable -matrix_mx_puppet_discord_database_connection_string: 'postgresql://{{ matrix_mx_puppet_discord_database_username }}:{{ matrix_mx_puppet_discord_database_password }}@{{ matrix_mx_puppet_discord_database_hostname }}:{{ matrix_mx_puppet_discord_database_port }}/{{ matrix_mx_puppet_discord_database_name }}?sslmode=disable' +matrix_mx_puppet_discord_database_connection_string: 'postgresql://{{ matrix_mx_puppet_discord_database_username }}:{{ matrix_mx_puppet_discord_database_password }}@{{ matrix_mx_puppet_discord_database_hostname }}:{{ matrix_mx_puppet_discord_database_port }}/{{ matrix_mx_puppet_discord_database_name }}?sslmode={{ matrix_mx_puppet_discord_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml index ca9d7668..c176c6eb 100644 --- a/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-groupme/defaults/main.yml @@ -65,8 +65,9 @@ matrix_mx_puppet_groupme_database_password: ~ matrix_mx_puppet_groupme_database_hostname: '' matrix_mx_puppet_groupme_database_port: 5432 matrix_mx_puppet_groupme_database_name: matrix_mx_puppet_groupme +matrix_mx_puppet_groupme_database_sslmode: disable -matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode=disable' +matrix_mx_puppet_groupme_database_connection_string: 'postgresql://{{ matrix_mx_puppet_groupme_database_username }}:{{ matrix_mx_puppet_groupme_database_password }}@{{ matrix_mx_puppet_groupme_database_hostname }}:{{ matrix_mx_puppet_groupme_database_port }}/{{ matrix_mx_puppet_groupme_database_name }}?sslmode={{ matrix_mx_puppet_groupme_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml index 0f6dd443..638d1558 100644 --- a/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-instagram/defaults/main.yml @@ -59,8 +59,9 @@ matrix_mx_puppet_instagram_database_password: ~ matrix_mx_puppet_instagram_database_hostname: '' matrix_mx_puppet_instagram_database_port: 5432 matrix_mx_puppet_instagram_database_name: matrix_mx_puppet_instagram +matrix_mx_puppet_instagram_database_sslmode: disable -matrix_mx_puppet_instagram_database_connection_string: 'postgresql://{{ matrix_mx_puppet_instagram_database_username }}:{{ matrix_mx_puppet_instagram_database_password }}@{{ matrix_mx_puppet_instagram_database_hostname }}:{{ matrix_mx_puppet_instagram_database_port }}/{{ matrix_mx_puppet_instagram_database_name }}?sslmode=disable' +matrix_mx_puppet_instagram_database_connection_string: 'postgresql://{{ matrix_mx_puppet_instagram_database_username }}:{{ matrix_mx_puppet_instagram_database_password }}@{{ matrix_mx_puppet_instagram_database_hostname }}:{{ matrix_mx_puppet_instagram_database_port }}/{{ matrix_mx_puppet_instagram_database_name }}?sslmode={{ matrix_mx_puppet_instagram_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml index b428c40b..9e79465d 100644 --- a/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -73,8 +73,9 @@ matrix_mx_puppet_slack_database_password: ~ matrix_mx_puppet_slack_database_hostname: '' matrix_mx_puppet_slack_database_port: 5432 matrix_mx_puppet_slack_database_name: matrix_mx_puppet_slack +matrix_mx_puppet_slack_database_sslmode: disable -matrix_mx_puppet_slack_database_connection_string: 'postgresql://{{ matrix_mx_puppet_slack_database_username }}:{{ matrix_mx_puppet_slack_database_password }}@{{ matrix_mx_puppet_slack_database_hostname }}:{{ matrix_mx_puppet_slack_database_port }}/{{ matrix_mx_puppet_slack_database_name }}?sslmode=disable' +matrix_mx_puppet_slack_database_connection_string: 'postgresql://{{ matrix_mx_puppet_slack_database_username }}:{{ matrix_mx_puppet_slack_database_password }}@{{ matrix_mx_puppet_slack_database_hostname }}:{{ matrix_mx_puppet_slack_database_port }}/{{ matrix_mx_puppet_slack_database_name }}?sslmode={{ matrix_mx_puppet_slack_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml index 9efedb13..e9a03c89 100644 --- a/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-steam/defaults/main.yml @@ -65,8 +65,9 @@ matrix_mx_puppet_steam_database_password: ~ matrix_mx_puppet_steam_database_hostname: '' matrix_mx_puppet_steam_database_port: 5432 matrix_mx_puppet_steam_database_name: matrix_mx_puppet_steam +matrix_mx_puppet_steam_database_sslmode: disable -matrix_mx_puppet_steam_database_connection_string: 'postgresql://{{ matrix_mx_puppet_steam_database_username }}:{{ matrix_mx_puppet_steam_database_password }}@{{ matrix_mx_puppet_steam_database_hostname }}:{{ matrix_mx_puppet_steam_database_port }}/{{ matrix_mx_puppet_steam_database_name }}?sslmode=disable' +matrix_mx_puppet_steam_database_connection_string: 'postgresql://{{ matrix_mx_puppet_steam_database_username }}:{{ matrix_mx_puppet_steam_database_password }}@{{ matrix_mx_puppet_steam_database_hostname }}:{{ matrix_mx_puppet_steam_database_port }}/{{ matrix_mx_puppet_steam_database_name }}?sslmode={{ matrix_mx_puppet_steam_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml index 8e5e82f0..932c3462 100644 --- a/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mx-puppet-twitter/defaults/main.yml @@ -74,8 +74,9 @@ matrix_mx_puppet_twitter_database_password: ~ matrix_mx_puppet_twitter_database_hostname: '' matrix_mx_puppet_twitter_database_port: 5432 matrix_mx_puppet_twitter_database_name: matrix_mx_puppet_twitter +matrix_mx_puppet_twitter_database_sslmode: disable -matrix_mx_puppet_twitter_database_connection_string: 'postgresql://{{ matrix_mx_puppet_twitter_database_username }}:{{ matrix_mx_puppet_twitter_database_password }}@{{ matrix_mx_puppet_twitter_database_hostname }}:{{ matrix_mx_puppet_twitter_database_port }}/{{ matrix_mx_puppet_twitter_database_name }}?sslmode=disable' +matrix_mx_puppet_twitter_database_connection_string: 'postgresql://{{ matrix_mx_puppet_twitter_database_username }}:{{ matrix_mx_puppet_twitter_database_password }}@{{ matrix_mx_puppet_twitter_database_hostname }}:{{ matrix_mx_puppet_twitter_database_port }}/{{ matrix_mx_puppet_twitter_database_name }}?sslmode={{ matrix_mx_puppet_twitter_database_sslmode }}' # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index 5cfbfe15..b18f396d 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -156,6 +156,7 @@ matrix_dendrite_database_str: "postgresql://{{ matrix_dendrite_database_user }}: matrix_dendrite_database_hostname: "" matrix_dendrite_database_user: "dendrite" matrix_dendrite_database_password: "itsasecret" +matrix_dendrite_database_sslmode: disable matrix_dendrite_federation_api_database: "dendrite_federationapi" matrix_dendrite_key_server_database: "dendrite_keyserver" matrix_dendrite_media_api_database: "dendrite_mediaapi" diff --git a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 index 3c1e56e5..2ca9b062 100644 --- a/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 +++ b/roles/custom/matrix-dendrite/templates/dendrite/dendrite.yaml.j2 @@ -223,7 +223,7 @@ federation_api: external_api: listen: http://0.0.0.0:8072 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federation_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_federation_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -266,7 +266,7 @@ key_server: listen: http://0.0.0.0:7779 connect: http://key_server:7779 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_key_server_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_key_server_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -279,7 +279,7 @@ media_api: external_api: listen: http://0.0.0.0:8074 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_media_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_media_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -318,7 +318,7 @@ mscs: # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) mscs: [] database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_mscs_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_mscs_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 5 max_idle_conns: 2 conn_max_lifetime: -1 @@ -329,7 +329,7 @@ room_server: listen: http://0.0.0.0:7770 connect: http://room_server:7770 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_room_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_room_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -342,7 +342,7 @@ sync_api: external_api: listen: http://0.0.0.0:8073 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_sync_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_sync_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -376,7 +376,7 @@ user_api: listen: http://0.0.0.0:7781 connect: http://user_api:7781 account_database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_user_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_user_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -394,7 +394,7 @@ push_server: listen: http://localhost:7782 connect: http://localhost:7782 database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_push_server_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_push_server_database }}?sslmode={{ matrix_dendrite_database_sslmode }} max_open_conns: 10 max_idle_conns: 2 conn_max_lifetime: -1 @@ -403,7 +403,7 @@ push_server: # relay_api: database: - connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_relay_api_database }}?sslmode=disable + connection_string: {{ matrix_dendrite_database_str }}/{{ matrix_dendrite_relay_api_database }}?sslmode={{ matrix_dendrite_database_sslmode }} # Configuration for Opentracing. # See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on diff --git a/roles/custom/matrix-media-repo/defaults/main.yml b/roles/custom/matrix-media-repo/defaults/main.yml index 312e0258..488289d1 100644 --- a/roles/custom/matrix-media-repo/defaults/main.yml +++ b/roles/custom/matrix-media-repo/defaults/main.yml @@ -112,9 +112,10 @@ matrix_media_repo_database_password: "your_password" matrix_media_repo_database_hostname: "{{ devture_postgres_identifier }}" matrix_media_repo_database_port: 5432 matrix_media_repo_database_name: "matrix_media_repo" +matrix_media_repo_database_sslmode: disable # Currently only "postgres" is supported. -matrix_media_repo_database_postgres: "postgres://{{ matrix_media_repo_database_username }}:{{ matrix_media_repo_database_password }}@{{ matrix_media_repo_database_hostname }}:{{ matrix_media_repo_database_port }}/{{ matrix_media_repo_database_name }}?sslmode=disable" +matrix_media_repo_database_postgres: "postgres://{{ matrix_media_repo_database_username }}:{{ matrix_media_repo_database_password }}@{{ matrix_media_repo_database_hostname }}:{{ matrix_media_repo_database_port }}/{{ matrix_media_repo_database_name }}?sslmode={{ matrix_media_repo_database_sslmode }}" # The database pooling options diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 97301597..c0347d2f 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -82,10 +82,11 @@ matrix_sliding_sync_environment_variable_syncv3_server: "{{ matrix_homeserver_ur matrix_sliding_sync_environment_variable_syncv3_secret: '' # Controls the SYNCV3_DB environment variable -matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode=disable' +matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' matrix_sliding_sync_database_username: 'matrix_sliding_sync' matrix_sliding_sync_database_password: '' matrix_sliding_sync_database_hostname: '' matrix_sliding_sync_database_port: 5432 matrix_sliding_sync_database_name: 'matrix_sliding_sync' +matrix_sliding_sync_database_sslmode: disable From 4299d4ebd59ba2643ddb7e893fb3ba9afd7e559b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Swetz=C3=A9n?= Date: Wed, 23 Aug 2023 14:05:32 +0200 Subject: [PATCH 68/90] wsproxy for Android SMS (#2261) * Inital work, copeid from mautrix-amp PR * Some fixes leftover code copeid over from whatsapp * Got it to run and register * Fixed service issue with docker image * I now realize I need 2 roles wsproxy and imessage * Got someting working, still rough * Closer to working but still not working * reverting ports * Update main.yml * Add matrix-nginx-proxy config for mautrix-wsproxy * Changed * Add back file * fix for error hopefully * Changed the the way nginx was recieved * basically did not add anything ugh * Added some arguments * just trying stuff now * Ugh i messed up port number * Changed docs * Change dns config * changed generic secret key * Testing new nginx proxy * test * Fix linting errors * Add mautrix syncproxy to wsproxy for Android SMS * WIP * Move wsproxy to custom * Squashed commit of the following: commit 943189a9aa163f9fbcb795636b4cc0fd3c0d2877 Merge: 4a229d68 f5a09f30 Author: Slavi Pantaleev Date: Sun Nov 13 08:54:32 2022 +0200 Merge pull request #2259 from throny/patch-3 warn users about upgrading to pg15 when using borg commit 4a229d68700536491ee3bec611f62568dbe7c442 Merge: 9b326e08 c68def08 Author: Slavi Pantaleev Date: Sun Nov 13 08:53:13 2022 +0200 Merge pull request #2260 from etkecc/patch-117 Update ntfy 1.28.0 -> 1.29.0 commit f5a09f30b746f1c19dbec3b077f9d3a612ba15e7 Author: throny Date: Sat Nov 12 23:48:57 2022 +0100 Update maintenance-postgres.md commit b12cdbd99d381acc587cef7b895cd3ac814a230c Author: throny Date: Sat Nov 12 23:40:46 2022 +0100 Update maintenance-postgres.md commit c68def0809aa68cf8a7c0c70b1e3ddad39db105a Author: Aine <97398200+etkecc@users.noreply.github.com> Date: Sat Nov 12 22:01:31 2022 +0000 Update ntfy 1.28.0 -> 1.29.0 commit adbc09f152c390af8f272a0580a1810983ae592f Author: throny Date: Sat Nov 12 11:20:43 2022 +0100 warn users about upgrading to pg15 when using borg * Fix linting errors * Cleanup after merge * Correct outdated variable names * Enable both Android and iMessage with wsproxy * Restructure wsproxy service defs and nginx config * Fix linter errors * Apply suggestions from code review Co-authored-by: Slavi Pantaleev * Fix comments for documentation, volumes and ports * Correct mount syntax * Complete network and traefik support for wsproxy * Remove wsproxy data_path * Fix wsproxy service definitions * Actually include syncproxy service * Remove wsproxy PathPrefix, it needs a subdomain There's no setting in the iMessage bridge that allows a path. Also don't bind port by default, wsproxy has no TLS. Syncproxy should never expose a port, it's only internal. --------- Co-authored-by: hanthor Co-authored-by: Miguel Alatzar Co-authored-by: Shreyas Ajjarapu Co-authored-by: Slavi Pantaleev --- docs/configuring-dns.md | 3 + ...iguring-playbook-bridge-mautrix-wsproxy.md | 22 +++ group_vars/matrix_servers | 68 ++++++++ roles/custom/matrix-base/defaults/main.yml | 3 + .../defaults/main.yml | 155 ++++++++++++++++++ .../tasks/inject_into_nginx_proxy.yml | 48 ++++++ .../tasks/main.yml | 29 ++++ .../tasks/setup_install.yml | 121 ++++++++++++++ .../tasks/setup_uninstall.yml | 47 ++++++ .../tasks/validate_config.yml | 13 ++ .../templates/config.yaml.j2 | 14 ++ .../templates/syncproxy-env.j2 | 3 + ...atrix-mautrix-wsproxy-syncproxy.service.j2 | 40 +++++ .../systemd/matrix-mautrix-wsproxy.service.j2 | 51 ++++++ .../templates/wsproxy-labels.j2 | 34 ++++ .../matrix-nginx-proxy/defaults/main.yml | 7 + .../tasks/setup_nginx_proxy.yml | 13 ++ .../conf.d/matrix-mautrix-wsproxy.conf.j2 | 110 +++++++++++++ setup.yml | 1 + 19 files changed, 782 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mautrix-wsproxy.md create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 create mode 100644 roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 create mode 100644 roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 diff --git a/docs/configuring-dns.md b/docs/configuring-dns.md index d7ccf17e..86253458 100644 --- a/docs/configuring-dns.md +++ b/docs/configuring-dns.md @@ -42,6 +42,7 @@ When you're done configuring DNS, proceed to [Configuring the playbook](configur | [Etherpad](configuring-playbook-etherpad.md) collaborative text editor | CNAME | `etherpad` | - | - | - | `matrix.` | | [Hydrogen](configuring-playbook-client-hydrogen.md) web client | CNAME | `hydrogen` | - | - | - | `matrix.` | | [Cinny](configuring-playbook-client-cinny.md) web client | CNAME | `cinny` | - | - | - | `matrix.` | +| [wsproxy](configuring-playbook-bridge-mautrix-wsproxy.md) sms bridge | CNAME | `wsproxy` | - | - | - | `matrix.` | | [Buscarron](configuring-playbook-bot-buscarron.md) helpdesk bot | CNAME | `buscarron` | - | - | - | `matrix.` | | [Postmoogle](configuring-playbook-bot-postmoogle.md)/[Email2Matrix](configuring-playbook-email2matrix.md) email bridges | MX | `matrix` | 10 | 0 | - | `matrix.` | | [Postmoogle](configuring-playbook-bot-postmoogle.md) email bridge | TXT | `matrix` | - | - | - | `v=spf1 ip4: -all` | @@ -75,6 +76,8 @@ The `hydrogen.` subdomain may be necessary, because this playbook c The `cinny.` subdomain may be necessary, because this playbook could install the [Cinny](https://github.com/ajbura/cinny) web client. The installation of cinny is disabled by default, it is not a core required component. To learn how to install it, see our [configuring cinny guide](configuring-playbook-client-cinny.md). If you do not wish to set up cinny, feel free to skip the `cinny.` DNS record. +The `wsproxy.` subdomain may be necessary, because this playbook could install the [wsproxy](https://github.com/mautrix/wsproxy) web client. The installation of wsproxy is disabled by default, it is not a core required component. To learn how to install it, see our [configuring wsproxy guide](configuring-playbook-bridge-mautrix-wsproxy.md). If you do not wish to set up wsproxy, feel free to skip the `wsproxy.` DNS record. + The `buscarron.` subdomain may be necessary, because this playbook could install the [buscarron](https://gitlab.com/etke.cc/buscarron) bot. The installation of buscarron is disabled by default, it is not a core required component. To learn how to install it, see our [configuring buscarron guide](configuring-playbook-bot-buscarron.md). If you do not wish to set up buscarron, feel free to skip the `buscarron.` DNS record. ## `_matrix-identity._tcp` SRV record setup diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md new file mode 100644 index 00000000..462f1027 --- /dev/null +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -0,0 +1,22 @@ +# Setting up Mautrix wsproxy (optional) + +The playbook can install and configure [mautrix-wsproxy](https://github.com/mautrix/wsproxy) for you. + +See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you. + +Use the following playbook configuration: + +```yaml +matrix_mautrix_wsproxy_enabled: true +matrix_mautrix_androidsms_appservice_token: 'secret token from bridge' +matrix_mautrix_androidsms_homeserver_token: 'secret token from bridge' +matrix_mautrix_imessage_appservice_token: 'secret token from bridge' +matrix_mautrix_imessage_homeserver_token: 'secret token from bridge' +matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' +``` + +Note that the tokens must match what is compiled into the `mautrix-imessage` bridge running on Mac and Android. + +## Usage + +Follow the [matrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s). diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 598a5cc1..816fb2b1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -105,6 +105,10 @@ matrix_homeserver_container_extra_arguments_auto: | + (['--mount type=bind,src=' + matrix_mautrix_whatsapp_config_path + '/registration.yaml,dst=/matrix-mautrix-whatsapp-registration.yaml,ro'] if matrix_mautrix_whatsapp_enabled else []) + + (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/androidsms-registration.yaml,dst=/matrix-mautrix-androidsms-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else []) + + + (['--mount type=bind,src=' + matrix_mautrix_wsproxy_config_path + '/imessage-registration.yaml,dst=/matrix-mautrix-imessage-registration.yaml,ro'] if matrix_mautrix_wsproxy_enabled else []) + + (['--mount type=bind,src=' + matrix_mx_puppet_discord_config_path + '/registration.yaml,dst=/matrix-mx-puppet-discord-registration.yaml,ro'] if matrix_mx_puppet_discord_enabled else []) + (['--mount type=bind,src=' + matrix_mx_puppet_groupme_config_path + '/registration.yaml,dst=/matrix-mx-puppet-groupme-registration.yaml,ro'] if matrix_mx_puppet_groupme_enabled else []) @@ -164,6 +168,10 @@ matrix_homeserver_app_service_config_files_auto: | + (['/matrix-mautrix-whatsapp-registration.yaml'] if matrix_mautrix_whatsapp_enabled else []) + + (['/matrix-mautrix-androidsms-registration.yaml'] if matrix_mautrix_wsproxy_enabled else []) + + + (['/matrix-mautrix-imessage-registration.yaml'] if matrix_mautrix_wsproxy_enabled else []) + + (['/matrix-mx-puppet-discord-registration.yaml'] if matrix_mx_puppet_discord_enabled else []) + (['/matrix-mx-puppet-groupme-registration.yaml'] if matrix_mx_puppet_groupme_enabled else []) @@ -278,6 +286,10 @@ devture_systemd_service_manager_services_list_auto: | + ([{'name': 'matrix-mautrix-whatsapp.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-whatsapp']}] if matrix_mautrix_whatsapp_enabled else []) + + ([{'name': 'matrix-mautrix-wsproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy']}] if matrix_mautrix_wsproxy_enabled else []) + + + ([{'name': 'matrix-mautrix-wsproxy-syncproxy.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-wsproxy-syncproxy']}] if matrix_mautrix_wsproxy_enabled else []) + + ([{'name': 'matrix-mx-puppet-discord.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-discord']}] if matrix_mx_puppet_discord_enabled else []) + ([{'name': 'matrix-mx-puppet-groupme.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mx-puppet-groupme']}] if matrix_mx_puppet_groupme_enabled else []) @@ -1204,6 +1216,53 @@ matrix_mautrix_gmessages_database_password: "{{ '%s' | format(matrix_homeserver_ # ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-wsproxy +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_wsproxy_enabled: false + +matrix_mautrix_wsproxy_systemd_required_services_list: | + {{ + ['docker.service'] + + + ['matrix-' + matrix_homeserver_implementation + '.service'] + + + ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) + + + (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) + }} + +matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" + +matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_wsproxy_hostname: "wsproxy.{{ matrix_mautrix_wsproxy_homeserver_domain }}" + +matrix_mautrix_wsproxy_container_additional_networks: | + {{ + ( + ([matrix_playbook_reverse_proxyable_services_additional_network] if matrix_playbook_reverse_proxyable_services_additional_network else []) + + + ([matrix_nginx_proxy_container_network] if matrix_nginx_proxy_enabled and matrix_nginx_proxy_container_network != matrix_mautrix_wsproxy_container_network else []) + + + ([devture_postgres_container_network] if devture_postgres_enabled and devture_postgres_container_network != matrix_mautrix_wsproxy_container_network else []) + ) | unique + }} + +matrix_mautrix_wsproxy_container_labels_traefik_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}" +matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_playbook_reverse_proxyable_services_additional_network }}" +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" + +###################################################################### +# +# /matrix-bridge-mautrix-wsproxy +# +###################################################################### + ###################################################################### # # matrix-bridge-mautrix-whatsapp @@ -2698,6 +2757,7 @@ matrix_nginx_proxy_proxy_dimension_enabled: "{{ matrix_dimension_enabled and mat matrix_nginx_proxy_proxy_rageshake_enabled: "{{ matrix_rageshake_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_etherpad_enabled: "{{ etherpad_enabled and not etherpad_nginx_proxy_dimension_integration_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_bot_go_neb_enabled: "{{ matrix_bot_go_neb_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" +matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled: "{{ matrix_mautrix_wsproxy_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" matrix_nginx_proxy_proxy_jitsi_enabled: "{{ jitsi_enabled and matrix_playbook_reverse_proxy_type in ['playbook-managed-nginx', 'other-nginx-non-container'] }}" @@ -2837,6 +2897,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | + ([matrix_server_fqn_sygnal] if matrix_sygnal_enabled else []) + + ([matrix_server_fqn_mautrix_wsproxy] if matrix_mautrix_wsproxy_enabled else []) + + ([ntfy_hostname] if ntfy_enabled else []) + ([matrix_server_fqn_rageshake] if matrix_rageshake_enabled else []) @@ -3055,6 +3117,12 @@ devture_postgres_managed_databases_auto: | 'password': matrix_mautrix_signal_database_password, }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) + + ([{ + 'name': matrix_mautrix_wsproxy_syncproxy_database_name, + 'username': matrix_mautrix_wsproxy_syncproxy_database_username, + 'password': matrix_mautrix_wsproxy_syncproxy_database_password, + }] if (matrix_mautrix_wsproxy_enabled and matrix_mautrix_wsproxy_syncproxy_database_engine == 'postgres' and matrix_mautrix_wsproxy_syncproxy_database_hostname == 'matrix-postgres') else []) + + ([{ 'name': matrix_mautrix_telegram_database_name, 'username': matrix_mautrix_telegram_database_username, diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index bb0d579f..cd85b0ab 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -93,6 +93,9 @@ matrix_server_fqn_grafana: "stats.{{ matrix_domain }}" # This is where you access the Sygnal push gateway. matrix_server_fqn_sygnal: "sygnal.{{ matrix_domain }}" +# This is where you access the mautrix wsproxy push gateway. +matrix_server_fqn_mautrix_wsproxy: "wsproxy.{{ matrix_domain }}" + # This is where you access the ntfy push notification service. matrix_server_fqn_ntfy: "ntfy.{{ matrix_domain }}" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml new file mode 100644 index 00000000..b7cd06d6 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/defaults/main.yml @@ -0,0 +1,155 @@ +--- +# mautrix-wsproxy is a Matrix <-> websocket bridge +# See: https://github.com/mautrix/wsproxy + +matrix_mautrix_wsproxy_enabled: true + +matrix_mautrix_wsproxy_version: latest +# See: https://mau.dev/mautrix/wsproxy/container_registry +matrix_mautrix_wsproxy_docker_image: "dock.mau.dev/mautrix/wsproxy:{{ matrix_mautrix_wsproxy_version }}" +matrix_mautrix_wsproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_docker_image.endswith(':latest') }}" + +matrix_mautrix_wsproxy_base_path: "{{ matrix_base_data_path }}/wsproxy" +matrix_mautrix_wsproxy_config_path: "{{ matrix_mautrix_wsproxy_base_path }}/config" + +matrix_mautrix_wsproxy_homeserver_address: "{{ matrix_homeserver_container_url }}" +matrix_mautrix_wsproxy_homeserver_domain: "{{ matrix_domain }}" + +matrix_mautrix_wsproxy_bind_port: false +matrix_mautrix_wsproxy_port: 29331 + +matrix_mautrix_wsproxy_appservice_address: "http://matrix-mautrix-wsproxy:{{ matrix_mautrix_wsproxy_port }}" + +matrix_mautrix_wsproxy_hostname: "" + +# The base container network. It will be auto-created by this role if it doesn't exist already. +matrix_mautrix_wsproxy_container_network: matrix-mautrix-wsproxy + +# matrix_mautrix_wsproxy_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. +# See `../templates/labels.j2` for details. +# +# To inject your own other container labels, see `matrix_mautrix_wsproxy_container_labels_additional_labels`. +matrix_mautrix_wsproxy_container_labels_traefik_enabled: true +matrix_mautrix_wsproxy_container_labels_traefik_docker_network: "{{ matrix_mautrix_wsproxy_container_network }}" +matrix_mautrix_wsproxy_container_labels_traefik_hostname: "{{ matrix_mautrix_wsproxy_hostname }}" +# The path prefix must either be `/` or not end with a slash (e.g. `/wsproxy`). +matrix_mautrix_wsproxy_container_labels_traefik_rule: "Host(`{{ matrix_mautrix_wsproxy_container_labels_traefik_hostname }}`)" +matrix_mautrix_wsproxy_container_labels_traefik_priority: 0 +matrix_mautrix_wsproxy_container_labels_traefik_entrypoints: web-secure +matrix_mautrix_wsproxy_container_labels_traefik_tls: "{{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints != 'web' }}" +matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver: default # noqa var-naming + +# Controls which additional headers to attach to all HTTP responses. +# To add your own headers, use `matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom` +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto: {} +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom: {} +matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers: "{{ matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_auto | combine(matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers_custom) }}" + +# matrix_mautrix_wsproxy_container_labels_additional_labels contains a multiline string with additional labels to add to the container label file. +# See `../templates/labels.j2` for details. +# +# Example: +# matrix_mautrix_wsproxy_container_labels_additional_labels: | +# my.label=1 +# another.label="here" +matrix_mautrix_wsproxy_container_labels_additional_labels: '' + +# A list of extra arguments to pass to the container +matrix_mautrix_wsproxy_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-wsproxy.service depends on. +matrix_mautrix_wsproxy_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-wsproxy.service wants +matrix_mautrix_wsproxy_systemd_wanted_services_list: [] + +matrix_mautrix_androidsms_appservice_token: '' +matrix_mautrix_androidsms_homeserver_token: '' + +matrix_mautrix_imessage_appservice_token: '' +matrix_mautrix_imessage_homeserver_token: '' + +matrix_mautrix_androidsms_appservice_bot_username: androidsmsbot +matrix_mautrix_imessage_appservice_bot_username: imessagebot + +# Default mautrix-wsproxy configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mautrix_wsproxy_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mautrix_wsproxy_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" + +matrix_mautrix_wsproxy_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mautrix_wsproxy_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mautrix_wsproxy_configuration_yaml`. + +matrix_mautrix_wsproxy_configuration_extension: "{{ matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml if matrix_mautrix_wsproxy_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_wsproxy_configuration_yaml`. +matrix_mautrix_wsproxy_configuration: "{{ matrix_mautrix_wsproxy_configuration_yaml|from_yaml|combine(matrix_mautrix_wsproxy_configuration_extension, recursive=True) }}" + +matrix_mautrix_androidsms_registration_yaml: | + id: androidsms + url: {{ matrix_mautrix_wsproxy_appservice_address }} + as_token: "{{ matrix_mautrix_androidsms_appservice_token }}" + hs_token: "{{ matrix_mautrix_androidsms_homeserver_token }}" + sender_localpart: _bot_{{ matrix_mautrix_androidsms_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '@androidsms_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_androidsms_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + +matrix_mautrix_androidsms_registration: "{{ matrix_mautrix_androidsms_registration_yaml|from_yaml }}" + +matrix_mautrix_imessage_registration_yaml: | + id: imessage + url: {{ matrix_mautrix_wsproxy_appservice_address }} + as_token: "{{ matrix_mautrix_imessage_appservice_token }}" + hs_token: "{{ matrix_mautrix_imessage_homeserver_token }}" + sender_localpart: _bot_{{ matrix_mautrix_imessage_appservice_bot_username }} + rate_limited: false + namespaces: + users: + - regex: '@imessage_.+:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + exclusive: true + - exclusive: true + regex: '^@{{ matrix_mautrix_imessage_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_wsproxy_homeserver_domain|regex_escape }}$' + +matrix_mautrix_imessage_registration: "{{ matrix_mautrix_imessage_registration_yaml|from_yaml }}" + +# Syncproxy-related configuration fields +matrix_mautrix_wsproxy_syncproxy_version: latest +# See: https://mau.dev/mautrix/wsproxy/container_registry +matrix_mautrix_wsproxy_syncproxy_docker_image: "dock.mau.dev/mautrix/syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_version }}" +matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image.endswith(':latest') }}" +matrix_mautrix_wsproxy_syncproxy_container_extra_arguments: [] + +matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list: ['docker.service', 'matrix-mautrix-wsproxy.service'] +matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list: [] + +matrix_mautrix_wsproxy_syncproxy_shared_secret: '' +matrix_mautrix_wsproxy_syncproxy_port: 29332 +matrix_mautrix_wsproxy_syncproxy_appservice_address: "http://matrix-mautrix-wsproxy-syncproxy:{{ matrix_mautrix_wsproxy_syncproxy_port }}" + +# Database-related configuration fields +# +# This bridge supports Postgres and SQLite. +# +matrix_mautrix_wsproxy_syncproxy_database_engine: 'postgres' + +matrix_mautrix_wsproxy_syncproxy_database_username: 'matrix_mautrix_wsproxy_syncproxy' +matrix_mautrix_wsproxy_syncproxy_database_password: 'some-password' +matrix_mautrix_wsproxy_syncproxy_database_hostname: 'matrix-postgres' +matrix_mautrix_wsproxy_syncproxy_database_port: 5432 +matrix_mautrix_wsproxy_syncproxy_database_name: 'matrix_mautrix_wsproxy_syncproxy' + +matrix_mautrix_signal_wsproxy_syncproxy_connection_string: 'postgres://{{ matrix_mautrix_wsproxy_syncproxy_database_username }}:{{ matrix_mautrix_wsproxy_syncproxy_database_password }}@{{ matrix_mautrix_wsproxy_syncproxy_database_hostname }}:{{ matrix_mautrix_wsproxy_syncproxy_database_port }}/{{ matrix_mautrix_wsproxy_syncproxy_database_name }}' diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml new file mode 100644 index 00000000..9e30d707 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/inject_into_nginx_proxy.yml @@ -0,0 +1,48 @@ +--- + +- name: Fail if matrix-nginx-proxy role already executed + ansible.builtin.fail: + msg: >- + Trying to append Mautrix Wsproxy reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your playbook, + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-wsproxy role. + when: matrix_nginx_proxy_role_executed | default(False) | bool + +- tags: + - always + when: matrix_mautrix_wsproxy_enabled|bool + block: + - name: Generate Mautrix Wsproxy proxying configuration for matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration: | + location ~ ^/(_matrix/wsproxy/.*) { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-wsproxy:29331"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:29331; + {% endif %} + } + + - name: Register Mautrix Wsproxy proxying configuration with matrix-nginx-proxy + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mautrix_wsproxy_matrix_nginx_proxy_configuration] + }} + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + ansible.builtin.debug: + msg: >- + NOTE: You've enabled the Mautrix wsproxy bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ matrix_mautrix_wsproxy_public_endpoint }}` + URL endpoint to the matrix-mautrix-wsproxy container. + You can expose the container's port using the `matrix_mautrix_wsproxy_container_http_host_bind_port` variable. + when: "matrix_mautrix_wsproxy_enabled|bool and matrix_nginx_proxy_enabled is not defined" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml new file mode 100644 index 00000000..e41d555a --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- tags: + - setup-all + - setup-nginx-proxy + - install-all + - install-nginx-proxy + block: + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml" + +- tags: + - setup-all + - setup-mautrix-wsproxy + - install-all + - install-mautrix-wsproxy + block: + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml" + + - when: matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml" + +- tags: + - setup-all + - setup-mautrix-wsproxy + block: + - when: not matrix_mautrix_wsproxy_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml new file mode 100644 index 00000000..6ea93639 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml @@ -0,0 +1,121 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + ansible.builtin.fail: + msg: >- + The matrix-bridge-mautrix-wsproxy role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- ansible.builtin.set_fact: + matrix_mautrix_wsproxy_requires_restart: false + +- ansible.builtin.set_fact: + matrix_mautrix_wsproxy_syncproxy_requires_restart: false + +- name: Ensure Mautrix wsproxy support files installed + ansible.builtin.template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_mautrix_wsproxy_base_path }}/{{ item }}" + mode: 0640 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - syncproxy-env + - wsproxy-labels + +- name: Ensure Mautrix wsproxy image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_wsproxy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_wsproxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_wsproxy_docker_image_force_pull }}" + +- name: Ensure Mautrix syncproxy image is pulled + community.docker.docker_image: + name: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_wsproxy_syncproxy_docker_image_force_pull }}" + +- name: Ensure Mautrix wsproxy paths exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_mautrix_wsproxy_base_path }}" + - "{{ matrix_mautrix_wsproxy_config_path }}" + +- name: Check if an old matrix state file exists + ansible.builtin.stat: + path: "{{ matrix_mautrix_wsproxy_base_path }}/mx-state.json" + register: matrix_mautrix_wsproxy_stat_mx_state + +- name: Ensure mautrix-wsproxy config.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_wsproxy_configuration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-androidsms registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_androidsms_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/androidsms-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-imessage registration.yaml installed + ansible.builtin.copy: + content: "{{ matrix_mautrix_imessage_registration|to_nice_yaml }}" + dest: "{{ matrix_mautrix_wsproxy_config_path }}/imessage-registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + +- name: Ensure mautrix-wsproxy container network is created + community.general.docker_network: + name: "{{ matrix_mautrix_wsproxy_container_network }}" + driver: bridge + +- name: Ensure matrix-mautrix-wsproxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-wsproxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + mode: 0644 + register: matrix_mautrix_wsproxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-wsproxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-wsproxy.service" + state: restarted + when: "matrix_mautrix_wsproxy_requires_restart|bool" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service installed + ansible.builtin.template: + src: "{{ role_path }}/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2" + dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + mode: 0644 + register: matrix_mautrix_wsproxy_syncproxy_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy-syncproxy.service installation + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_systemd_service_result.changed" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service restarted, if necessary + ansible.builtin.service: + name: "matrix-mautrix-wsproxy-syncproxy.service" + state: restarted + when: "matrix_mautrix_wsproxy_syncproxy_requires_restart|bool" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml new file mode 100644 index 00000000..c39fd29f --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_uninstall.yml @@ -0,0 +1,47 @@ +--- + +- name: Check existence of matrix-mautrix-wsproxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + register: matrix_mautrix_wsproxy_service_stat + +- name: Ensure matrix-mautrix-wsproxy is stopped + ansible.builtin.service: + name: matrix-mautrix-wsproxy + state: stopped + daemon_reload: true + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-wsproxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy.service" + state: absent + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_service_stat.stat.exists" + +- name: Check existence of matrix-mautrix-wsproxy-syncproxy service + ansible.builtin.stat: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + register: matrix_mautrix_wsproxy_syncproxy_service_stat + +- name: Ensure matrix-mautrix-wsproxy-syncproxy is stopped + ansible.builtin.service: + name: matrix-mautrix-wsproxy-syncproxy + state: stopped + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" + +- name: Ensure matrix-mautrix-wsproxy-syncproxy.service doesn't exist + ansible.builtin.file: + path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-wsproxy-syncproxy.service" + state: absent + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-wsproxy-syncproxy.service removal + ansible.builtin.service: + daemon_reload: true + when: "matrix_mautrix_wsproxy_syncproxy_service_stat.stat.exists" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml new file mode 100644 index 00000000..0db36f95 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/tasks/validate_config.yml @@ -0,0 +1,13 @@ +--- + +- name: Fail if required settings not defined + ansible.builtin.fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_androidsms_appservice_token" + - "matrix_mautrix_androidsms_homeserver_token" + - "matrix_mautrix_imessage_appservice_token" + - "matrix_mautrix_imessage_homeserver_token" + - "matrix_mautrix_wsproxy_syncproxy_shared_secret" diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 new file mode 100644 index 00000000..2c793261 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/config.yaml.j2 @@ -0,0 +1,14 @@ +listen_address: 0.0.0.0:29331 +appservices: + - id: androidsms + as: {{ matrix_mautrix_androidsms_appservice_token | to_json }} + hs: {{ matrix_mautrix_androidsms_homeserver_token | to_json }} + - id: imessage + as: {{ matrix_mautrix_imessage_appservice_token | to_json }} + hs: {{ matrix_mautrix_imessage_homeserver_token | to_json }} +sync_proxy: + # The URL that mautrix-wsproxy can use to reach mautrix-syncproxy + url: {{ matrix_mautrix_wsproxy_syncproxy_appservice_address | to_json }} + # The URL that mautrix-syncproxy can use to reach mautrix-wsproxy + wsproxy_url: {{ matrix_mautrix_wsproxy_appservice_address | to_json }} + shared_secret: {{ matrix_mautrix_wsproxy_syncproxy_shared_secret | to_json }} diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 new file mode 100644 index 00000000..bc23e54b --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/syncproxy-env.j2 @@ -0,0 +1,3 @@ +DATABASE_URL={{ matrix_mautrix_signal_wsproxy_syncproxy_connection_string }} +HOMESERVER_URL={{ matrix_homeserver_container_url }} +SHARED_SECRET={{ matrix_mautrix_wsproxy_syncproxy_shared_secret }} \ No newline at end of file diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 new file mode 100644 index 00000000..4531e12e --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy-syncproxy.service.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix wsproxy syncproxy +{% for service in matrix_mautrix_wsproxy_syncproxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_wsproxy_syncproxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-wsproxy-syncproxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_mautrix_wsproxy_base_path }}/syncproxy-env \ + {% for arg in matrix_mautrix_wsproxy_syncproxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_wsproxy_syncproxy_docker_image }} + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy-syncproxy 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-wsproxy-syncproxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 new file mode 100644 index 00000000..0965efa3 --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/systemd/matrix-mautrix-wsproxy.service.j2 @@ -0,0 +1,51 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mautrix wsproxy bridge +{% for service in matrix_mautrix_wsproxy_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_wsproxy_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre={{ matrix_host_command_sleep }} 5 + +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create --rm --name matrix-mautrix-wsproxy \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + {% if matrix_mautrix_wsproxy_bind_port %} + -p {{ matrix_mautrix_wsproxy_port }}:29331 \ + {% endif %} + --mount type=bind,src={{ matrix_mautrix_wsproxy_config_path }},dst=/data \ + --label-file={{ matrix_mautrix_wsproxy_base_path }}/wsproxy-labels \ + {% for arg in matrix_mautrix_wsproxy_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mautrix_wsproxy_docker_image }} \ + /usr/bin/mautrix-wsproxy -config /data/config.yaml + +{% for network in matrix_mautrix_wsproxy_container_additional_networks %} +ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-mautrix-wsproxy +{% endfor %} + +ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-mautrix-wsproxy + +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-wsproxy 2>/dev/null' +ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-wsproxy 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mautrix-wsproxy + +[Install] +WantedBy=multi-user.target diff --git a/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 new file mode 100644 index 00000000..f16a631e --- /dev/null +++ b/roles/custom/matrix-bridge-mautrix-wsproxy/templates/wsproxy-labels.j2 @@ -0,0 +1,34 @@ +{% if matrix_mautrix_wsproxy_container_labels_traefik_enabled %} +traefik.enable=true + +{% if matrix_mautrix_wsproxy_container_labels_traefik_docker_network %} +traefik.docker.network={{ matrix_mautrix_wsproxy_container_labels_traefik_docker_network }} +{% endif %} + +{% set middlewares = [] %} + +{% if matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.keys() | length > 0 %} +{% for name, value in matrix_mautrix_wsproxy_container_labels_traefik_additional_response_headers.items() %} +traefik.http.middlewares.matrix-mautrix-wsproxy-add-headers.headers.customresponseheaders.{{ name }}={{ value }} +{% endfor %} +{% set middlewares = middlewares + ['matrix-mautrix-wsproxy-add-headers'] %} +{% endif %} + +traefik.http.routers.matrix-mautrix-wsproxy.rule={{ matrix_mautrix_wsproxy_container_labels_traefik_rule }} +{% if matrix_mautrix_wsproxy_container_labels_traefik_priority | int > 0 %} +traefik.http.routers.matrix-mautrix-wsproxy.priority={{ matrix_mautrix_wsproxy_container_labels_traefik_priority }} +{% endif %} +traefik.http.routers.matrix-mautrix-wsproxy.service=matrix-mautrix-wsproxy +{% if middlewares | length > 0 %} +traefik.http.routers.matrix-mautrix-wsproxy.middlewares={{ middlewares | join(',') }} +{% endif %} +traefik.http.routers.matrix-mautrix-wsproxy.entrypoints={{ matrix_mautrix_wsproxy_container_labels_traefik_entrypoints }} +traefik.http.routers.matrix-mautrix-wsproxy.tls={{ matrix_mautrix_wsproxy_container_labels_traefik_tls | to_json }} +{% if matrix_mautrix_wsproxy_container_labels_traefik_tls %} +traefik.http.routers.matrix-mautrix-wsproxy.tls.certResolver={{ matrix_mautrix_wsproxy_container_labels_traefik_tls_certResolver }} +{% endif %} + +traefik.http.services.matrix-mautrix-wsproxy.loadbalancer.server.port={{ matrix_mautrix_wsproxy_port }} +{% endif %} + +{{ matrix_mautrix_wsproxy_container_labels_additional_labels }} diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 8767fee1..a817b225 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -253,6 +253,10 @@ matrix_nginx_proxy_proxy_grafana_hostname: "{{ matrix_server_fqn_grafana }}" matrix_nginx_proxy_proxy_sygnal_enabled: false matrix_nginx_proxy_proxy_sygnal_hostname: "{{ matrix_server_fqn_sygnal }}" +# Controls whether proxying the mautrix wsproxy should be done. +matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled: false +matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname: "{{ matrix_server_fqn_mautrix_wsproxy }}" + # Controls whether proxying the ntfy domain should be done. matrix_nginx_proxy_proxy_ntfy_enabled: false matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" @@ -441,6 +445,9 @@ matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks: [] # A list of strings containing additional configuration blocks to add to Sygnal's server configuration (matrix-sygnal.conf). matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] +# A list of strings containing additional configuration blocks to add to mautrix wsproxy server configuration (matrix-mautrix-wsproxy.conf). +matrix_nginx_proxy_proxy_mautrix_wsproxy_additional_server_configuration_blocks: [] + # A list of strings containing additional configuration blocks to add to ntfy's server configuration (matrix-ntfy.conf). matrix_nginx_proxy_proxy_ntfy_additional_server_configuration_blocks: [] diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 1a55e28f..2c54d675 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -178,6 +178,13 @@ mode: 0644 when: matrix_nginx_proxy_proxy_ntfy_enabled | bool +- name: Ensure Matrix nginx-proxy configuration for mautrix wsproxy exists + ansible.builtin.template: + src: "{{ role_path }}/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2" + dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-mautrix-wsproxy.conf" + mode: 0644 + when: matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled|bool + - name: Ensure Matrix nginx-proxy configuration for Matrix domain exists ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" @@ -334,6 +341,12 @@ state: absent when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool" +- name: Ensure Matrix nginx-proxy configuration for mautrix wsproxy deleted + ansible.builtin.file: + path: "{{ matrix_nginx_proxy_confd_path }}/matrix-mautrix-wsproxy.conf" + state: absent + when: "not matrix_nginx_proxy_proxy_mautrix_wsproxy_enabled|bool" + - name: Ensure Matrix nginx-proxy configuration for etherpad domain deleted ansible.builtin.file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf" diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 new file mode 100644 index 00000000..47e4c432 --- /dev/null +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-mautrix-wsproxy.conf.j2 @@ -0,0 +1,110 @@ +#jinja2: lstrip_blocks: "True" + +{% macro render_vhost_directives() %} + gzip on; + gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + + {% if matrix_nginx_proxy_hsts_preload_enabled %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + {% else %} + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + {% endif %} + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; + add_header X-Frame-Options SAMEORIGIN; + + {% if matrix_nginx_proxy_floc_optout_enabled %} + add_header Permissions-Policy interest-cohort=() always; + {% endif %} + + + {% for configuration_block in matrix_nginx_proxy_proxy_mautrix_wsproxy_additional_server_configuration_blocks %} + {{- configuration_block }} + {% endfor %} + + location / { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "wsproxy:29331"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:29331; + {% endif %} + + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_http_version 1.1; + proxy_send_timeout 1d; + proxy_read_timeout 1d; + + tcp_nodelay on; + } +{% endmacro %} + +server { + listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; + + server_name {{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}; + + server_tokens off; + root /dev/null; + + {% if matrix_nginx_proxy_https_enabled %} + location /.well-known/acme-challenge { + {% if matrix_nginx_proxy_enabled %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-certbot:8080"; + proxy_pass http://$backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; + {% endif %} + } + + location / { + return 301 https://$http_host$request_uri; + } + {% else %} + {{ render_vhost_directives() }} + {% endif %} +} + +{% if matrix_nginx_proxy_https_enabled %} +server { + listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2; + + server_name {{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}; + + server_tokens off; + root /dev/null; + + ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/fullchain.pem; + ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/privkey.pem; + + ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }}; + {% if matrix_nginx_proxy_ssl_ciphers != "" %} + ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }}; + {% endif %} + ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }}; + + {% if matrix_nginx_proxy_ocsp_stapling_enabled %} + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname }}/chain.pem; + {% endif %} + + {% if matrix_nginx_proxy_ssl_session_tickets_off %} + ssl_session_tickets off; + {% endif %} + ssl_session_cache {{ matrix_nginx_proxy_ssl_session_cache }}; + ssl_session_timeout {{ matrix_nginx_proxy_ssl_session_timeout }}; + + {{ render_vhost_directives() }} +} +{% endif %} diff --git a/setup.yml b/setup.yml index 4da64ff4..0c324700 100644 --- a/setup.yml +++ b/setup.yml @@ -61,6 +61,7 @@ - custom/matrix-bridge-mautrix-telegram - custom/matrix-bridge-mautrix-gmessages - custom/matrix-bridge-mautrix-whatsapp + - custom/matrix-bridge-mautrix-wsproxy - custom/matrix-bridge-mautrix-discord - custom/matrix-bridge-mautrix-slack - custom/matrix-bridge-mx-puppet-discord From 9f90510d53b62997e64e4fee63d058f4880352dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 15:11:08 +0300 Subject: [PATCH 69/90] Announce mautrix-wsproxy support Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2261 --- CHANGELOG.md | 11 +++++++++++ docs/configuring-playbook-bridge-mautrix-wsproxy.md | 2 +- docs/configuring-playbook.md | 2 ++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3db319af..587e4761 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2023-08-23 + +## mautrix-wsproxy support + +Thanks to [Johan Swetzén](https://github.com/jswetzen)'s efforts (who finished what was started by [James Reilly](https://github.com/hanthor) and [Shreyas Ajjarapu](https://github.com/shreyasajj)), the playbook now supports bridging to Android SMS and Apple iMessage via the [mautrix-wsproxy](https://github.com/mautrix/wsproxy) service (in combination with a [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android phone). + +See our [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](docs/configuring-playbook-bridge-mautrix-wsproxy.md) documentation page for getting started. + + # 2023-07-24 ## matrix-registration-bot usage changed @@ -9,12 +18,14 @@ * `matrix_bot_matrix_registration_bot_bot_access_token` * `matrix_bot_matrix_registration_bot_api_token` + # 2023-07-21 ## mautrix-gmessages support Thanks to [Shreyas Ajjarapu](https://github.com/shreyasajj)'s efforts, the playbook now supports bridging to [Google Messages](https://messages.google.com/) via the [mautrix-gmessages](https://github.com/mautrix/gmessages) bridge. See our [Setting up Mautrix Google Messages bridging](docs/configuring-playbook-bridge-mautrix-gmessages.md) documentation page for getting started. + # 2023-07-17 ## matrix-media-repo support diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md index 462f1027..db474e73 100644 --- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -15,7 +15,7 @@ matrix_mautrix_imessage_homeserver_token: 'secret token from bridge' matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' ``` -Note that the tokens must match what is compiled into the `mautrix-imessage` bridge running on Mac and Android. +Note that the tokens must match what is compiled into the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android device. ## Usage diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index 85ae79d7..4da62545 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -130,6 +130,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional) +- [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) (optional) + - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) From ef6f7f1ab9e4e93fd48a48f4f5a9d51f29cfb197 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 15:17:02 +0300 Subject: [PATCH 70/90] Add DNS section to wsproxy docs Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2261 --- docs/configuring-playbook-bridge-mautrix-wsproxy.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/configuring-playbook-bridge-mautrix-wsproxy.md b/docs/configuring-playbook-bridge-mautrix-wsproxy.md index db474e73..8e3bc2c4 100644 --- a/docs/configuring-playbook-bridge-mautrix-wsproxy.md +++ b/docs/configuring-playbook-bridge-mautrix-wsproxy.md @@ -4,10 +4,20 @@ The playbook can install and configure [mautrix-wsproxy](https://github.com/maut See the project's [documentation](https://github.com/mautrix/wsproxy#readme) to learn what it does and why it might be useful to you. + +## DNS + +You need to create a `wsproxy.DOMAIN` DNS record pointing to your Matrix server (a `CNAME` pointing to `matrix.DOMAIN`) to use wsproxy. +The hostname is configurable via a `matrix_mautrix_wsproxy_hostname` variable. + + +## Configuration + Use the following playbook configuration: ```yaml matrix_mautrix_wsproxy_enabled: true + matrix_mautrix_androidsms_appservice_token: 'secret token from bridge' matrix_mautrix_androidsms_homeserver_token: 'secret token from bridge' matrix_mautrix_imessage_appservice_token: 'secret token from bridge' @@ -17,6 +27,7 @@ matrix_mautrix_wsproxy_syncproxy_shared_secret: 'secret token from bridge' Note that the tokens must match what is compiled into the [mautrix-imessage](https://github.com/mautrix/imessage) bridge running on your Mac or Android device. + ## Usage Follow the [matrix-imessage documenation](https://docs.mau.fi/bridges/go/imessage/index.html) for running `android-sms` and/or `matrix-imessage` on your device(s). From 5fc254ef118c239c0f6a8ef8f1f4a21e4410a27b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 23 Aug 2023 19:54:37 +0300 Subject: [PATCH 71/90] Upgrade Dendrite (v0.13.1 -> v0.13.2) --- roles/custom/matrix-dendrite/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-dendrite/defaults/main.yml b/roles/custom/matrix-dendrite/defaults/main.yml index b18f396d..f66f3403 100644 --- a/roles/custom/matrix-dendrite/defaults/main.yml +++ b/roles/custom/matrix-dendrite/defaults/main.yml @@ -10,7 +10,7 @@ matrix_dendrite_container_image_self_build_repo: "https://github.com/matrix-org/ matrix_dendrite_docker_image_path: "matrixdotorg/dendrite-monolith" matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}{{ matrix_dendrite_docker_image_path }}:{{ matrix_dendrite_docker_image_tag }}" matrix_dendrite_docker_image_name_prefix: "{{ 'localhost/' if matrix_dendrite_container_image_self_build else matrix_container_global_registry_prefix }}" -matrix_dendrite_docker_image_tag: "v0.13.1" +matrix_dendrite_docker_image_tag: "v0.13.2" matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}" matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite" From 0d8b66abd77a64dd9192f0e80b3cf954fe3c38d1 Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Mon, 21 Aug 2023 20:19:52 +0300 Subject: [PATCH 72/90] Simplify additional JVB configuration The variable matrix_nginx_proxy_proxy_jitsi_additional_jvbs isn't needed, as this information is already in the inventory. This contribution is provided by GRNET S.A. (grnet.gr). --- docs/configuring-playbook-jitsi.md | 12 ------------ roles/custom/matrix-nginx-proxy/defaults/main.yml | 9 --------- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 6 +++--- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 1213f46a..87184f9b 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -218,18 +218,6 @@ jitsi_prosody_container_jvb_host_bind_port: 5222 (The default is empty; if it's set then docker forwards the port.) -The nginx configuration will also need to be updated in order to deal with the additional JVB servers. This is achieved via its own configuration variable -`matrix_nginx_proxy_proxy_jitsi_additional_jvbs`, which contains a dictionary of server ids to ip addresses. - -For example, - -``` yaml -matrix_nginx_proxy_proxy_jitsi_additional_jvbs: - jvb-2: 192.168.0.2 - jvb-3: 192.168.0.3 -``` - - Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo to route conferences too. diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index a817b225..eae9e61b 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -701,12 +701,3 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ['{{ ansible_def # http://nginx.org/en/docs/ngx_core_module.html#worker_connections matrix_nginx_proxy_worker_processes: auto matrix_nginx_proxy_worker_connections: 1024 - -# A mapping of JVB server ids to hostname/ipa addresses used to add additional jvb blocks -# to the Jitsi's server configuration (matrix-jitsi.conf) -# Note: avoid using the JVB server id "jvb-1" as this is reserved for the main host. -# Example: -# matrix_nginx_proxy_proxy_jitsi_additional_jvbs: -# jvb-2: 192.168.0.1 -# jvb-3: 192.168.0.2 -matrix_nginx_proxy_proxy_jitsi_additional_jvbs: {} diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 5493c2b0..4a9983f4 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -53,10 +53,10 @@ tcp_nodelay on; } - {% for id, ip_address in matrix_nginx_proxy_proxy_jitsi_additional_jvbs.items() %} + {% for host in groups['jitsi_jvb_servers'] %} # colibri (JVB) websockets for additional JVBs - location ~ ^/colibri-ws/{{ id | regex_escape }}/(.*) { - proxy_pass http://{{ ip_address }}:9090/colibri-ws/{{ id }}/$1$is_args$args; + location ~ ^/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] | regex_escape }}/(.*) { + proxy_pass http://{{ host }}:9090/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/$1$is_args$args; proxy_set_header Host $host; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }}; From 242e0ee829834e28f72eca509218a83c4d37d88d Mon Sep 17 00:00:00 2001 From: Antonis Christofides Date: Wed, 23 Aug 2023 20:03:53 +0300 Subject: [PATCH 73/90] Proxy additional JVBs through traefik (fixes #2721) Traefik wasn't proxying /colibri-ws/jvb-X/ to additional jvbs. This fixes it. This contribution is provided by GRNET S.A. (grnet.gr). --- group_vars/matrix_servers | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 816fb2b1..7b7ed58e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2555,6 +2555,38 @@ jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method # when embedding Jitsi in Matrix rooms. jitsi_disable_gravatar: true +# Traefik proxying for additional JVBs. These can't be configured using Docker +# labels, like the first JVB is, because they run on different hosts, so we add +# the necessary configuration to the file provider. +devture_traefik_provider_configuration_extension_yaml: | + http: + routers: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: + entryPoints: + - "{{ devture_traefik_entrypoint_primary }}" + rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" + service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service + {% if devture_traefik_entrypoint_primary != 'web' %} + + tls: + certResolver: "{{ devture_traefik_certResolver_primary }}" + + {% endif %} + + {% endfor %} + + services: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: + loadBalancer: + servers: + - url: "http://{{ host }}:9090/" + + {% endfor %} + ###################################################################### # # /jitsi From a4e642e3f4a5950c827e3e76caae609b0e5f2500 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 10:22:25 +0300 Subject: [PATCH 74/90] Mark matrix_nginx_proxy_proxy_jitsi_additional_jvbs as deprecated Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- roles/custom/matrix-nginx-proxy/tasks/validate_config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml index 8d63876a..6f96ec78 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml @@ -16,6 +16,7 @@ - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': ''} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_rule', 'new': ''} - {'old': 'matrix_nginx_proxy_container_labels_traefik_proxy_matrix_hostname', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_jitsi_additional_jvbs', 'new': ''} - name: Fail on unknown matrix_ssl_retrieval_method ansible.builtin.fail: From b7a0db2d7ca864a53a2a4f466d13affb1190817f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 11:57:52 +0300 Subject: [PATCH 75/90] Upgrade Grafana (v10.0.3-0 -> v10.1.0-0) --- requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.yml b/requirements.yml index 28382d05..b96b8e66 100644 --- a/requirements.yml +++ b/requirements.yml @@ -35,7 +35,7 @@ version: 6.2.0 name: geerlingguy.docker - src: git+https://gitlab.com/etke.cc/roles/grafana.git - version: v10.0.3-0 + version: v10.1.0-0 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git version: v8615-2 name: jitsi From a036987ba45d723f38ab8415868d65f276ee7336 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 15:43:16 +0300 Subject: [PATCH 76/90] Do not define devture_traefik_provider_configuration_extension_yaml in group_vars/matrix_servers `devture_traefik_provider_configuration_extension_yaml` should not be set automatically by the playbook. It's a variable to be used by users. Moreover, setting for for everyone (not just people who have additional JVBs) means that for most people the following error will be produced: > 'dict object' has no attribute 'jitsi_jvb_servers' .. as detailed in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2844 Fixes a regression introduced in: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- docs/configuring-playbook-jitsi.md | 36 ++++++++++++++++++++++++++++++ group_vars/matrix_servers | 32 -------------------------- 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/docs/configuring-playbook-jitsi.md b/docs/configuring-playbook-jitsi.md index 87184f9b..53eb35de 100644 --- a/docs/configuring-playbook-jitsi.md +++ b/docs/configuring-playbook-jitsi.md @@ -221,6 +221,42 @@ jitsi_prosody_container_jvb_host_bind_port: 5222 Applied together this will allow you to provision extra JVB instances which will register themselves with the prosody service and be available for jicofo to route conferences too. +To make Traefik reverse-proxy to these additional JVBs (living on other hosts), **you would need to add the following Traefik configuration extension**: + +```yaml +# Traefik proxying for additional JVBs. These can't be configured using Docker +# labels, like the first JVB is, because they run on different hosts, so we add +# the necessary configuration to the file provider. +devture_traefik_provider_configuration_extension_yaml: | + http: + routers: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: + entryPoints: + - "{{ devture_traefik_entrypoint_primary }}" + rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" + service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service + {% if devture_traefik_entrypoint_primary != 'web' %} + + tls: + certResolver: "{{ devture_traefik_certResolver_primary }}" + + {% endif %} + + {% endfor %} + + services: + {% for host in groups['jitsi_jvb_servers'] %} + + additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: + loadBalancer: + servers: + - url: "http://{{ host }}:9090/" + + {% endfor %} +``` + ## (Optional) Enable Gravatar In the default Jisti Meet configuration, gravatar.com is enabled as an avatar service. This results in third party request leaking data to gravatar. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 7b7ed58e..816fb2b1 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2555,38 +2555,6 @@ jitsi_self_check_validate_certificates: "{{ false if matrix_ssl_retrieval_method # when embedding Jitsi in Matrix rooms. jitsi_disable_gravatar: true -# Traefik proxying for additional JVBs. These can't be configured using Docker -# labels, like the first JVB is, because they run on different hosts, so we add -# the necessary configuration to the file provider. -devture_traefik_provider_configuration_extension_yaml: | - http: - routers: - {% for host in groups['jitsi_jvb_servers'] %} - - additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router: - entryPoints: - - "{{ devture_traefik_entrypoint_primary }}" - rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)" - service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service - {% if devture_traefik_entrypoint_primary != 'web' %} - - tls: - certResolver: "{{ devture_traefik_certResolver_primary }}" - - {% endif %} - - {% endfor %} - - services: - {% for host in groups['jitsi_jvb_servers'] %} - - additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service: - loadBalancer: - servers: - - url: "http://{{ host }}:9090/" - - {% endfor %} - ###################################################################### # # /jitsi From 4873b1800086fc766f579a2cd80d6372832eb316 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Aug 2023 15:50:10 +0300 Subject: [PATCH 77/90] Do not assume the jitsi_jvb_servers group is defined in everyone's inventory Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2842 --- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index 4a9983f4..f745f866 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -53,7 +53,7 @@ tcp_nodelay on; } - {% for host in groups['jitsi_jvb_servers'] %} + {% for host in groups['jitsi_jvb_servers'] | default([]) %} # colibri (JVB) websockets for additional JVBs location ~ ^/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] | regex_escape }}/(.*) { proxy_pass http://{{ host }}:9090/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/$1$is_args$args; From 0c88408bb75da2db9e5fe19dadd555b5c3c7db27 Mon Sep 17 00:00:00 2001 From: blotree <82391368+blotree@users.noreply.github.com> Date: Fri, 25 Aug 2023 08:53:28 -0400 Subject: [PATCH 78/90] Update docs for older appservice bridges to enable legacy authorization (#2841) * Update docs for older appservice bridges to enable legacy authorization * Update docs/configuring-playbook-bridge-appservice-discord.md Co-authored-by: Slavi Pantaleev * Update docs/configuring-playbook-bridge-appservice-webhooks.md Co-authored-by: Slavi Pantaleev * further fix formatting --------- Co-authored-by: blotree Co-authored-by: Slavi Pantaleev --- ...guring-playbook-bridge-appservice-discord.md | 12 +++++++++--- ...uring-playbook-bridge-appservice-webhooks.md | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-discord.md b/docs/configuring-playbook-bridge-appservice-discord.md index d37724c0..bd30d5aa 100644 --- a/docs/configuring-playbook-bridge-appservice-discord.md +++ b/docs/configuring-playbook-bridge-appservice-discord.md @@ -1,7 +1,7 @@ # Setting up Appservice Discord (optional) -**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. -- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. +**Note**: bridging to [Discord](https://discordapp.com/) can also happen via the [mx-puppet-discord](configuring-playbook-bridge-mx-puppet-discord.md) and [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridges supported by the playbook. +- For using as a Bot we are recommend the Appservice Discord bridge (the one being discussed here), because it supports plumbing. - For personal use we recommend the [mautrix-discord](configuring-playbook-bridge-mautrix-discord.md) bridge, because it is the most fully-featured and stable of the 3 Discord bridges supported by the playbook. The playbook can install and configure [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) for you. @@ -23,8 +23,14 @@ matrix_appservice_discord_enabled: true matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID" matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" ``` +5. As of Synapse 1.90.0, you will need to add the following to `matrix_synapse_configuration_extension_yaml` to enable the [backwards compatibility](https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1900) that this bridge needs: +```yaml +matrix_synapse_configuration_extension_yaml: | + use_appservice_legacy_authorization: true +``` +*Note*: This deprecated method is considered insecure. -5. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +6. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable. diff --git a/docs/configuring-playbook-bridge-appservice-webhooks.md b/docs/configuring-playbook-bridge-appservice-webhooks.md index f4fbfbc0..3a4c7ea5 100644 --- a/docs/configuring-playbook-bridge-appservice-webhooks.md +++ b/docs/configuring-playbook-bridge-appservice-webhooks.md @@ -26,22 +26,29 @@ you can adjust this in `inventory/host_vars/matrix./vars.yml` as we matrix_appservice_webhooks_log_level: '' ``` -3. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. +3. As of Synapse 1.90.0, you will need to add the following to `matrix_synapse_configuration_extension_yaml` to enable the [backwards compatibility](https://matrix-org.github.io/synapse/latest/upgrade#upgrading-to-v1900) that this bridge needs: +```yaml +matrix_synapse_configuration_extension_yaml: | + use_appservice_legacy_authorization: true +``` +*Note*: This deprecated method is considered insecure. -4. If you're using the [Dimension Integration Manager](configuring-playbook-dimension.md), you can configure the Webhooks bridge by opening the Dimension integration manager -> Settings -> Bridges and selecting edit action for "Webhook Bridge". Press "Add self-hosted Bridge" button and populate "Provisioning URL" & "Shared Secret" values from `/matrix/appservice-webhooks/config/config.yaml` file's homeserver URL value and provisioning secret value, respectively. +4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready. -5. Invite the bridge bot user to your room: +5. If you're using the [Dimension Integration Manager](configuring-playbook-dimension.md), you can configure the Webhooks bridge by opening the Dimension integration manager -> Settings -> Bridges and selecting edit action for "Webhook Bridge". Press "Add self-hosted Bridge" button and populate "Provisioning URL" & "Shared Secret" values from `/matrix/appservice-webhooks/config/config.yaml` file's homeserver URL value and provisioning secret value, respectively. + +6. Invite the bridge bot user to your room: - either with `/invite @_webhook:` (*Note*: Make sure you have administration permissions in your room) - or simply add the bridge bot to a private channel (personal channels imply you being an administrator) -6. Send a message to the bridge bot in order to receive a private message including the webhook link. +7. Send a message to the bridge bot in order to receive a private message including the webhook link. ``` !webhook ``` -7. The JSON body for posting messages will have to look like this: +8. The JSON body for posting messages will have to look like this: ```json { "text": "Hello world!", From 04d91839048e830d837b88d6a67abecd5c86a600 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Fri, 25 Aug 2023 18:43:57 +0200 Subject: [PATCH 79/90] Upgrade sliding-sync (v0.99.5 -> v0.99.7) --- roles/custom/matrix-sliding-sync/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index c0347d2f..7b17b9b1 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -4,7 +4,7 @@ matrix_sliding_sync_enabled: true -matrix_sliding_sync_version: v0.99.5 +matrix_sliding_sync_version: v0.99.7 matrix_sliding_sync_scheme: https From af636a1bb06f33fde709440ed2198dae262e8645 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 08:20:56 +0300 Subject: [PATCH 80/90] Upgrade ntfy (v2.7.0-0 -> v2.7.0-2) and switch it to a non-privileged port Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2846 --- requirements.yml | 2 +- .../templates/nginx/conf.d/matrix-ntfy.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index b96b8e66..cfbead11 100644 --- a/requirements.yml +++ b/requirements.yml @@ -40,7 +40,7 @@ version: v8615-2 name: jitsi - src: git+https://gitlab.com/etke.cc/roles/ntfy.git - version: v2.7.0-0 + version: v2.7.0-2 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git version: v2.45.0-1 name: prometheus diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 index 7d5c8a0e..fbae47e1 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-ntfy.conf.j2 @@ -21,7 +21,7 @@ {% if matrix_nginx_proxy_enabled %} {# Use the embedded DNS resolver in Docker containers to discover the service #} resolver {{ matrix_nginx_proxy_http_level_resolver }} valid=5s; - set $backend "matrix-ntfy:80"; + set $backend "matrix-ntfy:8080"; proxy_pass http://$backend; {% else %} {# Generic configuration for use outside of our container setup #} From 4e08ad98b6c4b26c2e706059bbc45abae799d414 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:04:58 +0300 Subject: [PATCH 81/90] Upgrade mjolnir-antispam (1.4.0 -> v1.6.4) --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index c48ff09c..88d400b1 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -825,7 +825,7 @@ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeserve # See: https://github.com/matrix-org/mjolnir#synapse-module matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled: false matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url: "https://github.com/matrix-org/mjolnir" -matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "4008e3f65d3745b9307dd31f1c5aa80c13a61a58" +matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version: "v1.6.4" matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites: true # Flag messages sent by servers/users in the ban lists as spam. Currently # this means that spammy messages will appear as empty to users. Default From e03ec11fcf3e6215f73646f2671ceeaab23df210 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:07:40 +0300 Subject: [PATCH 82/90] Switch mjolnir-antispam from using spam_checker to modules `spam_checker` has been deprecated for quite a while. While it still probably works and while newer versions of mjolnir-antispam still use it, we should switch to the new API. --- roles/custom/matrix-synapse/defaults/main.yml | 11 ++++++++++- .../tasks/ext/mjolnir-antispam/setup_install.yml | 13 ++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 88d400b1..dffe6178 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -840,7 +840,16 @@ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames: false # these rooms. # ["!roomid:example.org"] matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists: [] - +# A dictionary with various fields controlling max length. +# See https://github.com/matrix-org/mjolnir/blob/main/docs/synapse_module.md for details. +matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length: {} +# Actual configuration passed to the mjolnir-antispam Synapse module +matrix_synapse_ext_spam_checker_mjolnir_antispam_config: + block_invites: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites }}" + block_messages: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages }}" + block_usernames: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames }}" + ban_lists: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists }}" + message_max_length: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_config_message_max_length }}" # Enable this to activate the E2EE disabling Synapse module. # See: https://github.com/digitalentity/matrix_encryption_disabler diff --git a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml index f3218808..0fc2a750 100644 --- a/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml @@ -14,18 +14,13 @@ become_user: "{{ matrix_synapse_username }}" - ansible.builtin.set_fact: - matrix_synapse_spam_checker: > + matrix_synapse_modules: > {{ - matrix_synapse_spam_checker + matrix_synapse_modules | default([]) + [{ - "module": "mjolnir.AntiSpam", - "config": { - "block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites, - "block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages, - "block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames, - "ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists, - } + "module": "mjolnir.Module", + "config": matrix_synapse_ext_spam_checker_mjolnir_antispam_config, }] }} From d207edb304cc3c925d7b00fe94eb310b5ebe168c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 26 Aug 2023 20:09:06 +0300 Subject: [PATCH 83/90] Deprecate matrix_synapse_spam_checker in favor of matrix_synapse_modules --- roles/custom/matrix-synapse/defaults/main.yml | 6 ------ .../matrix-synapse/tasks/validate_config.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 14 -------------- 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index dffe6178..ecf1d976 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -952,12 +952,6 @@ matrix_synapse_default_room_version: "10" # The upstream default is `false`, but we try to make Synapse less wasteful of resources, so we do things differently. matrix_synapse_forget_rooms_on_leave: true -# Controls the Synapse `spam_checker` setting. -# -# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime. -# If not, you can also control its value manually. -matrix_synapse_spam_checker: [] - # Controls the Synapse `modules` list. # You can define your own list of modules here. See the `modules` syntax in `homeserver.yaml.j2` # Certain Synapse extensions that you can enable below auto-inject themselves into `matrix_synapse_modules` at runtime. diff --git a/roles/custom/matrix-synapse/tasks/validate_config.yml b/roles/custom/matrix-synapse/tasks/validate_config.yml index 607c75b8..64397a49 100644 --- a/roles/custom/matrix-synapse/tasks/validate_config.yml +++ b/roles/custom/matrix-synapse/tasks/validate_config.yml @@ -66,7 +66,7 @@ - {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'} - {'old': 'matrix_synapse_send_federation', 'new': ''} - {'old': 'matrix_synapse_start_pushers', 'new': ''} - + - {'old': 'matrix_synapse_spam_checker', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index e12bdb19..7b1c1dfd 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2570,20 +2570,6 @@ push: #group_unread_count_by_room: false -# Spam checkers are third-party modules that can block specific actions -# of local users, such as creating rooms and registering undesirable -# usernames, as well as remote users by redacting incoming events. -# -# spam_checker: - #- module: "my_custom_project.SuperSpamChecker" - # config: - # example_option: 'things' - #- module: "some_other_project.BadEventStopper" - # config: - # example_stop_events_from: ['@bad:example.com'] -spam_checker: {{ matrix_synapse_spam_checker|to_json }} - - ## Rooms ## # Controls whether locally-created rooms should be end-to-end encrypted by From ba1cce1316abeaf5902dfc0850451040b409d727 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 07:04:55 +0300 Subject: [PATCH 84/90] Add Project source code URL comment to matrix-sliding-sync role --- roles/custom/matrix-sliding-sync/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/custom/matrix-sliding-sync/defaults/main.yml b/roles/custom/matrix-sliding-sync/defaults/main.yml index 7b17b9b1..c3c15da2 100644 --- a/roles/custom/matrix-sliding-sync/defaults/main.yml +++ b/roles/custom/matrix-sliding-sync/defaults/main.yml @@ -1,6 +1,7 @@ --- # Sliding Sync Proxy is an implementation of MSC3575 for the new sliding sync +# Project source code URL: https://github.com/matrix-org/sliding-sync matrix_sliding_sync_enabled: true From cc7244c14d56a64f6ea79eed393bdc55f5c93378 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 14:53:28 +0300 Subject: [PATCH 85/90] Fix Synapse sub-component (worker, S3, ..) uninstallation matrix-synapse/tasks/setup_uninstall.yml would previously not run unless Synapse was completely disabled. --- roles/custom/matrix-synapse/tasks/main.yml | 4 ++-- roles/custom/matrix-synapse/tasks/setup_uninstall.yml | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/roles/custom/matrix-synapse/tasks/main.yml b/roles/custom/matrix-synapse/tasks/main.yml index 743dab5f..2a8a0094 100644 --- a/roles/custom/matrix-synapse/tasks/main.yml +++ b/roles/custom/matrix-synapse/tasks/main.yml @@ -36,8 +36,8 @@ - setup-all - setup-synapse block: - - when: not matrix_synapse_enabled | bool - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + # This always runs because it handles uninstallation for sub-components too. + - ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - tags: - import-synapse-media-store diff --git a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml index 7ce5e13d..66cda3e7 100644 --- a/roles/custom/matrix-synapse/tasks/setup_uninstall.yml +++ b/roles/custom/matrix-synapse/tasks/setup_uninstall.yml @@ -4,7 +4,8 @@ - setup-all - setup-synapse block: - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" + - when: not matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml" - tags: - setup-all @@ -17,7 +18,8 @@ - setup-all - setup-synapse block: - - ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + - when: not matrix_synapse_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" - tags: - setup-all From 17124a0548008c35058837a5407cb7f8e2edadb9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 29 Aug 2023 15:12:10 +0300 Subject: [PATCH 86/90] Upgrade Element (v1.11.39 -> v1.11.40) --- roles/custom/matrix-client-element/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index b9a1aaba..695a6edc 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto # - https://github.com/vector-im/element-web/issues/19544 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}" -matrix_client_element_version: v1.11.39 +matrix_client_element_version: v1.11.40 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" From 8ba1e771b9710b60afc7349ecce6518ad352d6ee Mon Sep 17 00:00:00 2001 From: chagai95 <31655082+chagai95@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:00:32 +0200 Subject: [PATCH 87/90] Add a small tip to maintenance-migrating.md --- docs/maintenance-migrating.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/maintenance-migrating.md b/docs/maintenance-migrating.md index fd593691..4c1f7119 100644 --- a/docs/maintenance-migrating.md +++ b/docs/maintenance-migrating.md @@ -5,7 +5,7 @@ # Migrating to new server 1. Prepare by lowering DNS TTL for your domains (`matrix.DOMAIN`, etc.), so that DNS record changes (step 4 below) would happen faster, leading to less downtime -2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` +2. Stop all services on the old server and make sure they won't be starting again. Execute this on the old server: `systemctl disable --now matrix*` (you might have to cd to /etc/systemd/system/ first) 3. Copy directory `/matrix` from the old server to the new server. Make sure to preserve ownership and permissions (use `cp -p` or `rsync -ar`)! 4. Make sure your DNS records are adjusted to point to the new server's IP address 5. Remove old server from the `inventory/hosts` file and add new server. From abdb4375db263aee140918e6b0b838a310d698dd Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Aug 2023 12:50:47 +0300 Subject: [PATCH 88/90] Add matrix_synapse_additional_loggers_auto and matrix_synapse_additional_loggers_custom --- roles/custom/matrix-synapse/defaults/main.yml | 4 +++- .../tasks/ext/encryption-disabler/setup_install.yml | 4 ++-- .../matrix-synapse/tasks/ext/ldap-auth/setup_install.yml | 4 ++-- .../matrix-synapse/tasks/ext/rest-auth/setup_install.yml | 4 ++-- .../tasks/ext/shared-secret-auth/setup_install.yml | 4 ++-- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index ecf1d976..f2a96f78 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -438,7 +438,9 @@ matrix_synapse_container_additional_volumes: [] # A list of additional loggers to register in synapse.log.config. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"} -matrix_synapse_additional_loggers: [] +matrix_synapse_additional_loggers: "{{ matrix_synapse_additional_loggers_auto + matrix_synapse_additional_loggers_custom }}" +matrix_synapse_additional_loggers_auto: [] +matrix_synapse_additional_loggers_custom: [] # A list of appservice config files (in-container filesystem paths). # This list gets populated dynamically based on Synapse extensions that have been enabled. diff --git a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml index 3725545f..b8046033 100644 --- a/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml @@ -33,9 +33,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'matrix_e2ee_filter', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml index c13a0404..6d484377 100644 --- a/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup_install.yml @@ -3,9 +3,9 @@ - ansible.builtin.set_fact: matrix_synapse_password_providers_enabled: true - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml index ad58830a..4c59a4b1 100644 --- a/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml @@ -28,9 +28,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} diff --git a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml index c974bd2c..ecec3e80 100644 --- a/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml +++ b/roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml @@ -43,9 +43,9 @@ ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"] }} - matrix_synapse_additional_loggers: > + matrix_synapse_additional_loggers_auto: > {{ - matrix_synapse_additional_loggers + matrix_synapse_additional_loggers_auto + [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} From b0fb3814a57b019f449743ac463d296935c73bee Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 30 Aug 2023 12:52:44 +0300 Subject: [PATCH 89/90] Make Synapse quieter by default Hopefully fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2849 Related to: - https://github.com/matrix-org/synapse/issues/16101 - https://github.com/matrix-org/synapse/issues/16208 --- roles/custom/matrix-synapse/defaults/main.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index f2a96f78..89ce3e9b 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -439,7 +439,19 @@ matrix_synapse_container_additional_volumes: [] # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"name": "..", "level": "DEBUG"} matrix_synapse_additional_loggers: "{{ matrix_synapse_additional_loggers_auto + matrix_synapse_additional_loggers_custom }}" -matrix_synapse_additional_loggers_auto: [] + +matrix_synapse_additional_loggers_auto: + # By default, we're disabling some useless (and even toxic) spammy WARNING-level logs. + # Related to: + # - https://github.com/matrix-org/synapse/issues/16208 + # - https://github.com/matrix-org/synapse/issues/16101 + - name: synapse.http.matrixfederationclient + level: CRITICAL + - name: synapse.federation.sender.per_destination_queue + level: CRITICAL + - name: synapse.handlers.device + level: CRITICAL + matrix_synapse_additional_loggers_custom: [] # A list of appservice config files (in-container filesystem paths). From 4acaeac7aa7a412765cff9db6cb504525d37f275 Mon Sep 17 00:00:00 2001 From: slikie <13197246+slikie@users.noreply.github.com> Date: Wed, 30 Aug 2023 22:31:15 +0800 Subject: [PATCH 90/90] Update synapse 1.90.0 -> 1.91.0 --- roles/custom/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 89ce3e9b..67f99244 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -4,7 +4,7 @@ matrix_synapse_enabled: true -matrix_synapse_version: v1.90.0 +matrix_synapse_version: v1.91.0 matrix_synapse_username: '' matrix_synapse_uid: ''