Merge branch 'master' into pub.solar
This commit is contained in:
commit
ce18854f21
|
@ -1,3 +1,12 @@
|
|||
# 2020-04-23
|
||||
|
||||
## Slack bridging support
|
||||
|
||||
Thanks to [Rodrigo Belem](https://github.com/rbelem)'s efforts, the playbook now supports bridging to [Slack](https://slack.com) via the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge.
|
||||
|
||||
See our [Setting up MX Puppet Slack bridging](docs/configuring-playbook-bridge-mx-puppet-slack.md) documentation page for getting started.
|
||||
|
||||
|
||||
# 2020-04-09
|
||||
|
||||
## Skype bridging support
|
||||
|
|
|
@ -146,6 +146,8 @@ This playbook sets up your server using the following Docker images:
|
|||
|
||||
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional)
|
||||
|
||||
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
|
||||
|
||||
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
|
||||
|
||||
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)
|
||||
|
|
24
docs/alternative-architectures.md
Normal file
24
docs/alternative-architectures.md
Normal file
|
@ -0,0 +1,24 @@
|
|||
# Alternative architectures
|
||||
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||
|
||||
To that end add the following variable to your `vars.yaml` file:
|
||||
```
|
||||
matrix_architecture = <your-matrix-server-architecture>
|
||||
```
|
||||
Currently supported architectures are the following:
|
||||
- `amd64` (the default)
|
||||
- `arm64`
|
||||
- `arm32`
|
||||
|
||||
so for the Raspberry Pi the following should be in your `vars.yaml` file:
|
||||
```
|
||||
matrix_architecture = "arm32"
|
||||
```
|
||||
|
||||
## Implementation details
|
||||
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||
|
||||
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
||||
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
|
||||
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
|
||||
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
|
|
@ -4,7 +4,7 @@ The playbook can install and configure [matrix-appservice-slack](https://github.
|
|||
|
||||
See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you.
|
||||
|
||||
Setup Instructions:
|
||||
## Setup Instructions:
|
||||
|
||||
loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup)
|
||||
|
||||
|
@ -29,7 +29,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
|
|||
|
||||
5. Create a new Slack App [here](https://api.slack.com/apps).
|
||||
|
||||
Name the app & select the team/workspace this app will belong to.
|
||||
Name the app "matrixbot" (or anything else you'll remember).
|
||||
|
||||
Select the team/workspace this app will belong to.
|
||||
|
||||
Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
|
||||
|
||||
|
@ -61,9 +63,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
|
|||
|
||||
* Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID - it will look something like !aBcDeF:example.com.
|
||||
|
||||
* Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @slackbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix.
|
||||
* Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix.
|
||||
|
||||
* Determine the "channel ID" that Slack uses to identify the channel, which can be found in the url https://XXX.slack.com/messages/<channel id>/.
|
||||
* Determine the "channel ID" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel id>/details/`.
|
||||
|
||||
* Issue a link command in the administration control room with these collected values as arguments:
|
||||
|
||||
|
@ -81,3 +83,28 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
|
|||
```
|
||||
|
||||
Other configuration options are available via the `matrix_appservice_slack_configuration_extension_yaml` variable.
|
||||
|
||||
10. Unlinking
|
||||
|
||||
Channels can be unlinked again like this:
|
||||
```
|
||||
unlink --room !the-matrix:room.id
|
||||
```
|
||||
|
||||
Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
* as always, check the logs:
|
||||
`journalctl -fu matrix-appservice-slack`
|
||||
|
||||
* linking: "Room is now pending-name"
|
||||
This typically means that you haven't used the correct slack channel id. Unlink the room and recheck 'Determine the "channel ID"' from above.
|
||||
|
||||
* Messages work from M to S, but not the other way around
|
||||
Check you logs, if they say something like
|
||||
|
||||
`WARN SlackEventHandler Ignoring message from unrecognised slack channel id : %s (%s) <the channel id> <some other id>`
|
||||
|
||||
then unlink your room, reinvite the bot and re-link it again. This may particularly hit you, if you tried to unsuccessfully link
|
||||
your room multiple times without unlinking it after each failed attempt.
|
||||
|
|
34
docs/configuring-playbook-bridge-mx-puppet-slack.md
Normal file
34
docs/configuring-playbook-bridge-mx-puppet-slack.md
Normal file
|
@ -0,0 +1,34 @@
|
|||
# Setting up MX Puppet Slack (optional)
|
||||
|
||||
The playbook can install and configure
|
||||
[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you.
|
||||
|
||||
See the project page to learn what it does and why it might be useful to you.
|
||||
|
||||
To enable the [Slack](https://slack.com/) bridge just use the following
|
||||
playbook configuration:
|
||||
|
||||
|
||||
```yaml
|
||||
matrix_mx_puppet_slack_enabled: true
|
||||
matrix_mx_puppet_slack_client_id: ""
|
||||
matrix_mx_puppet_slack_client_secret: ""
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
Once the bot is enabled you need to start a chat with `Slack Puppet Bridge` with
|
||||
the handle `@_slackpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
|
||||
domain, not the `matrix.` domain).
|
||||
|
||||
Three authentication methods are available, Legacy Token, OAuth and xoxc token.
|
||||
See mx-puppet-slack [documentation](https://github.com/Sorunome/mx-puppet-slack)
|
||||
for more information about how to configure the bridge.
|
||||
|
||||
Once logged in, send `list` to the bot user to list the available rooms.
|
||||
|
||||
Clicking rooms in the list will result in you receiving an invitation to the
|
||||
bridged room.
|
||||
|
||||
Also send `help` to the bot to see the commands available.
|
|
@ -4,7 +4,7 @@
|
|||
If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later.
|
||||
|
||||
## Prerequisites
|
||||
For an Integration Manager like [Dimension](https://dimension.t2bot.io) to work, your server needs to have federation enabled (`matrix_synapse_federation_enabled: true`). This is the default for this playbook, so unless you've explicitly disabled federation, you're okay.
|
||||
This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and an [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environment. This is handled automatically based on the value of `matrix_synapse_federation_enabled`.
|
||||
|
||||
Other important prerequisite is the `dimension.<your-domain>` DNS record being set up correctly. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly.
|
||||
|
||||
|
|
|
@ -99,4 +99,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||
|
||||
- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional)
|
||||
|
||||
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
|
||||
|
||||
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
|
||||
|
|
|
@ -8,11 +8,17 @@ Table of contents:
|
|||
|
||||
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api), for when you wish to delete in-use (but old) data from the Synapse database
|
||||
|
||||
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state), for when you wish to compress some Synapse state tables using the [rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) tool
|
||||
- [Synapse maintenance](#synapse-maintenance)
|
||||
- [Purging unused data with synapse-janitor](#purging-unused-data-with-synapse-janitor)
|
||||
- [Vacuuming Postgres](#vacuuming-postgres)
|
||||
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
|
||||
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
|
||||
|
||||
|
||||
## Purging unused data with synapse-janitor
|
||||
|
||||
**NOTE**: There are [reports](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465) that **synapse-janitor is dangerous to use and causes database corruption**. You may wish to refrain from using it.
|
||||
|
||||
When you **leave** and **forget** a room, Synapse can clean up its data, but currently doesn't.
|
||||
This **unused and unreachable data** remains in your database forever.
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Prerequisites
|
||||
|
||||
- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
|
||||
- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
|
||||
|
||||
- `root` access to your server (or a user capable of elevating to `root` via `sudo`).
|
||||
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
# Self-building
|
||||
|
||||
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
|
||||
|
||||
The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
|
||||
|
||||
To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:
|
||||
|
|
|
@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e
|
|||
#
|
||||
######################################################################
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-architecture
|
||||
#
|
||||
######################################################################
|
||||
|
||||
matrix_architecture: "amd64"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-architecture
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key |
|
|||
# We don't enable bridges by default.
|
||||
matrix_mautrix_facebook_enabled: false
|
||||
|
||||
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
||||
matrix_mautrix_facebook_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
|||
# We don't enable bridges by default.
|
||||
matrix_mautrix_hangouts_enabled: false
|
||||
|
||||
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
|
||||
|
||||
matrix_mautrix_hangouts_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
|
|||
# We don't enable bridges by default.
|
||||
matrix_mx_puppet_skype_enabled: false
|
||||
|
||||
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
matrix_mx_puppet_skype_systemd_required_services_list: |
|
||||
{{
|
||||
|
@ -323,6 +337,37 @@ matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_prov
|
|||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-bridge-mx-puppet-slack
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# We don't enable bridges by default.
|
||||
matrix_mx_puppet_slack_enabled: false
|
||||
|
||||
matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
matrix_mx_puppet_slack_systemd_required_services_list: |
|
||||
{{
|
||||
['docker.service']
|
||||
+
|
||||
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
|
||||
|
||||
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-bridge-mx-puppet-slack
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# matrix-corporal
|
||||
|
@ -366,7 +411,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
|
|||
|
||||
matrix_coturn_enabled: true
|
||||
|
||||
matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
|
||||
|
||||
|
@ -402,6 +447,8 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena
|
|||
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
|
||||
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
|
||||
|
||||
matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if matrix_synapse_federation_enabled|bool else 8008 }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-dimension
|
||||
|
@ -489,7 +536,7 @@ matrix_mailer_enabled: true
|
|||
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
|
||||
matrix_ma1sd_enabled: true
|
||||
|
||||
matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
|
@ -599,6 +646,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
|||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_ssl_architecture: "{{ matrix_architecture }}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-nginx-proxy
|
||||
|
@ -638,7 +687,7 @@ matrix_postgres_db_name: "homeserver"
|
|||
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
|
||||
matrix_riot_web_enabled: true
|
||||
|
||||
matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
|
||||
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
|
||||
|
@ -683,7 +732,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit
|
|||
#
|
||||
######################################################################
|
||||
|
||||
matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}"
|
||||
matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
# When ma1sd is enabled, we can use it instead of the default public Identity servers.
|
||||
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}"
|
||||
|
@ -723,6 +772,13 @@ matrix_synapse_tls_federation_listener_enabled: false
|
|||
matrix_synapse_tls_certificate_path: ~
|
||||
matrix_synapse_tls_private_key_path: ~
|
||||
|
||||
matrix_synapse_http_listener_resource_names: |
|
||||
{{
|
||||
["client"]
|
||||
+
|
||||
( ["openid"] if matrix_dimension_enabled and not matrix_synapse_federation_enabled else [] )
|
||||
}}
|
||||
|
||||
matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}"
|
||||
matrix_synapse_email_smtp_host: "matrix-mailer"
|
||||
matrix_synapse_email_smtp_port: 8025
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
- name: Ensure yum packages are installed
|
||||
yum:
|
||||
name:
|
||||
- docker-python
|
||||
- "{{ matrix_ntpd_package }}"
|
||||
- fuse
|
||||
state: latest
|
||||
|
@ -30,5 +29,6 @@
|
|||
yum:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- docker-python
|
||||
state: latest
|
||||
when: matrix_docker_installation_enabled|bool
|
||||
|
|
|
@ -27,7 +27,6 @@
|
|||
- name: Ensure APT packages are installed
|
||||
apt:
|
||||
name:
|
||||
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
|
||||
- "{{ matrix_ntpd_package }}"
|
||||
- fuse
|
||||
state: latest
|
||||
|
@ -37,5 +36,6 @@
|
|||
apt:
|
||||
name:
|
||||
- "{{ matrix_docker_package_name }}"
|
||||
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
|
||||
state: latest
|
||||
when: matrix_docker_installation_enabled|bool
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
matrix_appservice_slack_enabled: true
|
||||
|
||||
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest"
|
||||
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair"
|
||||
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"
|
||||
|
|
|
@ -141,6 +141,17 @@ matrix_mautrix_facebook_configuration_yaml: |
|
|||
presence: true
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
|
|
|
@ -124,6 +124,17 @@ matrix_mautrix_hangouts_configuration_yaml: |
|
|||
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Public website and API configs
|
||||
web:
|
||||
|
|
|
@ -227,6 +227,18 @@ matrix_mautrix_telegram_configuration_yaml: |
|
|||
height: 256
|
||||
background: "020202" # only for gif
|
||||
fps: 30 # only for webm
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Overrides for base power levels.
|
||||
initial_power_level_overrides:
|
||||
user: {}
|
||||
|
|
|
@ -13,12 +13,29 @@ matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/conf
|
|||
matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data"
|
||||
matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src"
|
||||
|
||||
matrix_mx_puppet_skype_appservice_port: "6000"
|
||||
matrix_mx_puppet_skype_appservice_port: "8438"
|
||||
|
||||
matrix_mx_puppet_skype_homeserver_address: 'http://matrix-synapse:8008'
|
||||
matrix_mx_puppet_skype_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}'
|
||||
|
||||
# "@user:server.com" to allow specific user
|
||||
# "@.*:yourserver.com" to allow users on a specific homeserver
|
||||
# "@.*" to allow anyone
|
||||
matrix_mx_puppet_skype_provisioning_whitelist:
|
||||
- "@.*:{{ matrix_domain|regex_escape }}"
|
||||
|
||||
# Leave empty to disable blacklist
|
||||
# "@user:server.com" disallow a specific user
|
||||
# "@.*:yourserver.com" disallow users on a specific homeserver
|
||||
matrix_mx_puppet_skype_provisioning_blacklist: []
|
||||
|
||||
# Same as provisioning
|
||||
matrix_mx_puppet_skype_relay_whitelist:
|
||||
- "@.*:{{ matrix_domain|regex_escape }}"
|
||||
|
||||
# Same as provisioning
|
||||
matrix_mx_puppet_skype_relay_blacklist: []
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mx_puppet_skype_container_extra_arguments: []
|
||||
|
||||
|
@ -48,7 +65,7 @@ matrix_mx_puppet_skype_configuration_yaml: |
|
|||
# Port to host the bridge on which your homeserver will connect to
|
||||
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
||||
# Name of your homeserver
|
||||
domain: {{ matrix_mx_puppet_skype_homeserver_domain }}
|
||||
domain: {{ matrix_domain }}
|
||||
# URL where the bridge can connect to your homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
||||
# Optionally specify a different media URL used for the media store
|
||||
|
@ -60,7 +77,7 @@ matrix_mx_puppet_skype_configuration_yaml: |
|
|||
# yourserver.com: supersecretsharedsecret
|
||||
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
||||
loginSharedSecretMap:
|
||||
{{ matrix_mx_puppet_skype_homeserver_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||
{% endif %}
|
||||
# optionally override the display name of the bridge bot
|
||||
#displayname: Protocol Bot
|
||||
|
@ -122,19 +139,21 @@ matrix_mx_puppet_skype_configuration_yaml: |
|
|||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist:
|
||||
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
- '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}'
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
||||
|
||||
presence:
|
||||
# Bridge online/offline status
|
||||
|
@ -150,10 +169,13 @@ matrix_mx_puppet_skype_configuration_yaml: |
|
|||
relay:
|
||||
# Regex of Matrix IDs to allow to use the relay mode
|
||||
# Same format as in provisioning
|
||||
whitelist:
|
||||
- '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}'
|
||||
#whitelist:
|
||||
#- "@.*:yourserver\\.com"
|
||||
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
||||
|
||||
#blacklist:
|
||||
#- "@user:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
||||
|
||||
# Map certain homeserver URLs to the C-S API endpoint
|
||||
# Useful for double-puppeting if .well-known is unavailable for some reason
|
||||
|
@ -196,11 +218,11 @@ matrix_mx_puppet_skype_registration_yaml: |
|
|||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}'
|
||||
regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
|
||||
rooms: []
|
||||
aliases:
|
||||
- exclusive: true
|
||||
regex: '#_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}'
|
||||
regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
|
||||
protocols: []
|
||||
rate_limited: false
|
||||
sender_localpart: _skypepuppet_bot
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
repo: https://github.com/Sorunome/mx-puppet-skype.git
|
||||
dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
register: matrix_mx_puppet_skype_git_pull_results
|
||||
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
|
||||
|
||||
- name: Ensure MX Puppet Skype Docker image is built
|
||||
|
@ -45,7 +46,7 @@
|
|||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
|
||||
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_git_pull_results.changed"
|
||||
|
||||
- name: Check if an old database file already exists
|
||||
stat:
|
||||
|
|
181
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
Normal file
181
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
Normal file
|
@ -0,0 +1,181 @@
|
|||
# Mx Puppet Slack is a Matrix <-> Slack bridge
|
||||
# See: https://github.com/Sorunome/mx-puppet-slack
|
||||
|
||||
matrix_mx_puppet_slack_enabled: true
|
||||
|
||||
matrix_mx_puppet_slack_container_image_self_build: false
|
||||
|
||||
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
|
||||
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack"
|
||||
matrix_mx_puppet_slack_config_path: "{{ matrix_mx_puppet_slack_base_path }}/config"
|
||||
matrix_mx_puppet_slack_data_path: "{{ matrix_mx_puppet_slack_base_path }}/data"
|
||||
matrix_mx_puppet_slack_docker_src_files_path: "{{ matrix_mx_puppet_slack_base_path }}/docker-src"
|
||||
|
||||
matrix_mx_puppet_slack_appservice_port: "8432"
|
||||
|
||||
matrix_mx_puppet_slack_homeserver_address: 'http://matrix-synapse:8008'
|
||||
matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}'
|
||||
matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}'
|
||||
|
||||
matrix_mx_puppet_slack_client_id: ''
|
||||
matrix_mx_puppet_slack_client_secret: ''
|
||||
matrix_mx_puppet_slack_redirect_path: '/slack/oauth'
|
||||
matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}'
|
||||
|
||||
# "@user:server.com" to allow specific user
|
||||
# "@.*:yourserver.com" to allow users on a specific homeserver
|
||||
# "@.*" to allow anyone
|
||||
matrix_mx_puppet_slack_provisioning_whitelist:
|
||||
- "@.*:{{ matrix_domain|regex_escape }}"
|
||||
|
||||
# Leave empty to disable blacklist
|
||||
# "@user:server.com" disallow a specific user
|
||||
# "@.*:yourserver.com" disallow users on a specific homeserver
|
||||
matrix_mx_puppet_slack_provisioning_blacklist: []
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_mx_puppet_slack_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-puppet-slack.service depends on.
|
||||
matrix_mx_puppet_slack_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-puppet-slack.service wants
|
||||
matrix_mx_puppet_slack_systemd_wanted_services_list: []
|
||||
|
||||
matrix_mx_puppet_slack_appservice_token: ''
|
||||
matrix_mx_puppet_slack_homeserver_token: ''
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mx_puppet_slack_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Port to host the bridge on
|
||||
# Used for communication between the homeserver and the bridge
|
||||
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
||||
# The host connections to the bridge's webserver are allowed from
|
||||
bindAddress: 0.0.0.0
|
||||
# Public domain of the homeserver
|
||||
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
||||
# Reachable URL of the Matrix homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
||||
|
||||
|
||||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||
oauth:
|
||||
enabled: false
|
||||
# Slack app credentials.
|
||||
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
||||
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
||||
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
||||
# Path where to listen for OAuth redirect callbacks.
|
||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||
# then set this field and the Slack app redirect URI field to the former.
|
||||
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
||||
|
||||
presence:
|
||||
# Bridge Discord online/offline status
|
||||
enabled: true
|
||||
# How often to send status to the homeserver in milliseconds
|
||||
interval: 500
|
||||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
||||
|
||||
# Shared secret for the provisioning API for use by integration managers.
|
||||
# If this is not set, the provisioning API will not be enabled.
|
||||
#sharedSecret: random string
|
||||
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
||||
apiPrefix: /_matrix/provision
|
||||
|
||||
database:
|
||||
# Use Postgres as a database backend
|
||||
# If set, will be used instead of SQLite3
|
||||
# Connection string to connect to the Postgres instance
|
||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||
# Modify each value as necessary
|
||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||
# Use SQLite3 as a database backend
|
||||
# The name of the database file
|
||||
filename: /data/database.db
|
||||
|
||||
logging:
|
||||
# Log level of console output
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
console: info
|
||||
# Date and time formatting
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
|
||||
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_mx_puppet_slack_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_mx_puppet_slack_configuration_yaml`.
|
||||
|
||||
matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`.
|
||||
matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml|from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}"
|
||||
|
||||
matrix_mx_puppet_slack_registration_yaml: |
|
||||
as_token: "{{ matrix_mx_puppet_slack_appservice_token }}"
|
||||
hs_token: "{{ matrix_mx_puppet_slack_homeserver_token }}"
|
||||
id: slack-puppet
|
||||
namespaces:
|
||||
users:
|
||||
- exclusive: true
|
||||
regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}'
|
||||
rooms: []
|
||||
aliases:
|
||||
- exclusive: true
|
||||
regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}'
|
||||
protocols: []
|
||||
rate_limited: false
|
||||
sender_localpart: _slackpuppet_bot
|
||||
url: {{ matrix_mx_puppet_slack_appservice_address }}
|
||||
|
||||
matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}"
|
70
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
Normal file
70
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
Normal file
|
@ -0,0 +1,70 @@
|
|||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack'] }}"
|
||||
when: matrix_mx_puppet_slack_enabled|bool
|
||||
|
||||
# If the matrix-synapse role is not used, these variables may not exist.
|
||||
- set_fact:
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
+
|
||||
["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
|
||||
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files|default([]) }}
|
||||
+
|
||||
{{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
|
||||
when: matrix_mx_puppet_slack_enabled|bool
|
||||
|
||||
- block:
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
|
||||
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||
To fix this, please change the order of roles in your plabook,
|
||||
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
|
||||
when: matrix_nginx_proxy_role_executed|default(False)|bool
|
||||
|
||||
- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
|
||||
location {{ matrix_mx_puppet_slack_redirect_path }} {
|
||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
|
||||
proxy_pass $backend;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
||||
{{
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
|
||||
+
|
||||
[matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
|
||||
}}
|
||||
tags:
|
||||
- always
|
||||
when: matrix_appservice_slack_enabled|bool
|
||||
|
||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||
debug:
|
||||
msg: >-
|
||||
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
|
||||
reverse proxy.
|
||||
Please make sure that you're proxying the `{{ something }}`
|
||||
URL endpoint to the matrix-appservice-slack container.
|
||||
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
|
||||
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self buildig it is explicitly needed, so we rather fail here
|
||||
- name: Fail if running on Ansible lower than 2.8 and trying self building
|
||||
fail:
|
||||
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"
|
21
roles/matrix-bridge-mx-puppet-slack/tasks/main.yml
Normal file
21
roles/matrix-bridge-mx-puppet-slack/tasks/main.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-mx-puppet-slack
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-mx-puppet-slack
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_mx_puppet_slack_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-mx-puppet-slack
|
93
roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
Normal file
93
roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
Normal file
|
@ -0,0 +1,93 @@
|
|||
---
|
||||
|
||||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||
# We don't want to fail in such cases.
|
||||
- name: Fail if matrix-synapse role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role.
|
||||
when: "matrix_synapse_role_executed|default(False)"
|
||||
|
||||
- name: Ensure MX Puppet Slack image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mx_puppet_slack_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}"
|
||||
when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build
|
||||
|
||||
- name: Ensure MX Puppet Slack paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true }
|
||||
- { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true }
|
||||
- { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true }
|
||||
- { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" }
|
||||
when: matrix_mx_puppet_slack_enabled|bool and item.when|bool
|
||||
|
||||
- name: Ensure MX Puppet Slack repository is present on self build
|
||||
git:
|
||||
repo: https://github.com/Sorunome/mx-puppet-slack.git
|
||||
dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
|
||||
force: "yes"
|
||||
when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"
|
||||
|
||||
- name: Ensure MX Puppet Slack Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_mx_puppet_slack_docker_image }}"
|
||||
source: build
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"
|
||||
|
||||
- name: Check if an old database file already exists
|
||||
stat:
|
||||
path: "{{ matrix_mx_puppet_slack_base_path }}/database.db"
|
||||
register: matrix_mx_puppet_slack_stat_database
|
||||
|
||||
- name: (Data relocation) Ensure matrix-mx-puppet-slack.service is stopped
|
||||
service:
|
||||
name: matrix-mx-puppet-slack
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
failed_when: false
|
||||
when: "matrix_mx_puppet_slack_stat_database.stat.exists"
|
||||
|
||||
- name: (Data relocation) Move mx-puppet-slack database file to ./data directory
|
||||
command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db"
|
||||
when: "matrix_mx_puppet_slack_stat_database.stat.exists"
|
||||
|
||||
- name: Ensure mx-puppet-slack config.yaml installed
|
||||
copy:
|
||||
content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure mx-puppet-slack slack-registration.yaml installed
|
||||
copy:
|
||||
content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
|
||||
- name: Ensure matrix-mx-puppet-slack.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-mx-puppet-slack.service"
|
||||
mode: 0644
|
||||
register: matrix_mx_puppet_slack_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_mx_puppet_slack_systemd_service_result.changed"
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Check existence of matrix-mx-puppet-slack service
|
||||
stat:
|
||||
path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
|
||||
register: matrix_mx_puppet_slack_service_stat
|
||||
|
||||
- name: Ensure matrix-mx-puppet-slack is stopped
|
||||
service:
|
||||
name: matrix-mx-puppet-slack
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
when: "matrix_mx_puppet_slack_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-mx-puppet-slack.service doesn't exist
|
||||
file:
|
||||
path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
|
||||
state: absent
|
||||
when: "matrix_mx_puppet_slack_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_mx_puppet_slack_service_stat.stat.exists"
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Fail if required settings not defined
|
||||
fail:
|
||||
msg: >-
|
||||
You need to define a required configuration setting (`{{ item }}`).
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_mx_puppet_slack_appservice_token"
|
||||
- "matrix_mx_puppet_slack_homeserver_token"
|
|
@ -0,0 +1,41 @@
|
|||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Mx Puppet Slack server
|
||||
{% for service in matrix_mx_puppet_slack_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_mx_puppet_slack_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
-e CONFIG_PATH=/config/config.yaml \
|
||||
-e REGISTRATION_PATH=/config/registration.yaml \
|
||||
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
|
||||
-v {{ matrix_mx_puppet_slack_data_path }}:/data:z \
|
||||
{% for arg in matrix_mx_puppet_slack_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_mx_puppet_slack_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
|
||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mx-puppet-slack
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
|
|||
# List of systemd services that matrix-corporal.service depends on
|
||||
matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||
|
||||
matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0"
|
||||
matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
|
||||
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"
|
||||
|
|
|
@ -32,6 +32,8 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension
|
|||
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
|
||||
matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
||||
|
||||
matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
|
||||
|
||||
# Default Dimension configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
|
@ -58,7 +60,7 @@ matrix_dimension_configuration_yaml: |
|
|||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||
# through the normal federation process.
|
||||
federationUrl: "http://matrix-synapse:8048"
|
||||
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
||||
|
||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||
|
|
|
@ -6,14 +6,6 @@
|
|||
- "matrix_dimension_access_token"
|
||||
when: "matrix_dimension_enabled and vars[item] == ''"
|
||||
|
||||
- name: Fail if Matrix Federation is disabled
|
||||
fail:
|
||||
msg: >-
|
||||
You need to enable Matrix Federation to use Dimension. Set `{{ item }}` to 'true'.
|
||||
with_items:
|
||||
- "matrix_synapse_federation_enabled"
|
||||
when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool"
|
||||
|
||||
- name: (Deprecation) Catch and report renamed Dimension variables
|
||||
fail:
|
||||
msg: >-
|
||||
|
|
|
@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
|
|||
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||
# that is frequently out of date.
|
||||
matrix_nginx_proxy_docker_image: "nginx:1.17.9-alpine"
|
||||
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
|
||||
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||
|
@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
|
|||
# plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy.
|
||||
matrix_ssl_retrieval_method: "lets-encrypt"
|
||||
|
||||
matrix_ssl_architecture: "amd64"
|
||||
|
||||
# The list of domains that this role will obtain certificates for.
|
||||
matrix_ssl_domains_to_obtain_certificates_for: []
|
||||
|
||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||
matrix_ssl_lets_encrypt_staging: false
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||
matrix_ssl_lets_encrypt_support_email: ~
|
||||
|
|
|
@ -11,7 +11,7 @@ docker run \
|
|||
--rm \
|
||||
--name=matrix-certbot \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--cap-drop=ALL \
|
||||
--network="{{ matrix_docker_network }}" \
|
||||
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
|
||||
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \
|
||||
|
|
|
@ -7,6 +7,13 @@
|
|||
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run synapse-janitor."
|
||||
when: "not matrix_postgres_enabled|bool"
|
||||
|
||||
- name: Fail if not aware of the risks
|
||||
fail:
|
||||
msg: >-
|
||||
Using Synapse Janitor is considered dangerous and may break your database.
|
||||
See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465.
|
||||
If you'd like to run it anyway, add `--extra-vars='i_know_synapse_janitor_is_dangerous=1'` to your command.
|
||||
when: "i_know_synapse_janitor_is_dangerous|default('') == ''"
|
||||
|
||||
# Defaults
|
||||
|
||||
|
|
|
@ -11,9 +11,9 @@ fi
|
|||
docker run \
|
||||
-it \
|
||||
--rm \
|
||||
--user=991:991 \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||
--network {{ matrix_docker_network }} \
|
||||
postgres:12.1-alpine \
|
||||
psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
|
||||
{{ matrix_postgres_docker_image_to_use }} \
|
||||
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
|
||||
|
|
|
@ -5,7 +5,7 @@ docker run \
|
|||
-it \
|
||||
--rm \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--cap-drop=ALL \
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||
--network {{ matrix_docker_network }} \
|
||||
{{ matrix_postgres_docker_image_to_use }} \
|
||||
|
|
|
@ -9,7 +9,7 @@ fi
|
|||
docker run \
|
||||
--rm \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--cap-drop=ALL \
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||
--network {{ matrix_docker_network }} \
|
||||
{{ matrix_postgres_docker_image_to_use }} \
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
"embeddedPages": {
|
||||
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
|
||||
},
|
||||
{% if matrix_riot_web_jitsi_preferredDomain is not none %}
|
||||
{% if matrix_riot_web_jitsi_preferredDomain %}
|
||||
"jitsi": {
|
||||
"preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}
|
||||
},
|
||||
|
|
|
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
|
|||
|
||||
matrix_synapse_container_image_self_build: false
|
||||
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.3"
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.4"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||
|
@ -137,6 +137,11 @@ matrix_synapse_tls_federation_listener_enabled: true
|
|||
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
|
||||
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
|
||||
|
||||
# Resource names used by the unsecure HTTP listener. Here only the Client API
|
||||
# is defined, see the homeserver config for a full list of valid resource
|
||||
# names.
|
||||
matrix_synapse_http_listener_resource_names: ["client"]
|
||||
|
||||
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
|
||||
# (things like number of users, number of messages sent, uptime, load, etc.)
|
||||
matrix_synapse_report_stats: false
|
||||
|
@ -164,6 +169,13 @@ matrix_synapse_enable_group_creation: false
|
|||
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
|
||||
matrix_synapse_registrations_require_3pid: []
|
||||
|
||||
# A list of patterns 3pids must match in order to permit registration, e.g.:
|
||||
# - medium: email
|
||||
# pattern: '.*@example\.com'
|
||||
# - medium: msisdn
|
||||
# pattern: '\+44'
|
||||
matrix_synapse_allowed_local_3pids: []
|
||||
|
||||
# The server to use for email threepid validation. When empty, Synapse does it by itself.
|
||||
# Otherwise, this should be pointed to an identity server.
|
||||
matrix_synapse_account_threepid_delegates_email: ''
|
||||
|
|
|
@ -28,4 +28,4 @@
|
|||
when: "start_result.changed"
|
||||
|
||||
- name: Register user
|
||||
shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}"
|
||||
command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}"
|
||||
|
|
|
@ -36,8 +36,8 @@
|
|||
when: "start_result.changed or postgres_start_result.changed"
|
||||
|
||||
- name: Generate password hash
|
||||
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}"
|
||||
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
||||
register: password_hash
|
||||
|
||||
- name: Update user password hash
|
||||
shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"
|
||||
command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}"
|
||||
|
|
|
@ -226,7 +226,7 @@ listeners:
|
|||
x_forwarded: true
|
||||
|
||||
resources:
|
||||
- names: [client]
|
||||
- names: {{ matrix_synapse_http_listener_resource_names|to_json }}
|
||||
compress: false
|
||||
|
||||
{% if matrix_synapse_federation_enabled %}
|
||||
|
@ -967,7 +967,7 @@ account_validity:
|
|||
#registrations_require_3pid:
|
||||
# - email
|
||||
# - msisdn
|
||||
{% if matrix_synapse_registrations_require_3pid %}
|
||||
{% if matrix_synapse_registrations_require_3pid|length > 0 %}
|
||||
registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }}
|
||||
{% endif %}
|
||||
|
||||
|
@ -986,6 +986,9 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json
|
|||
# pattern: '.*@vector\.im'
|
||||
# - medium: msisdn
|
||||
# pattern: '\+44'
|
||||
{% if matrix_synapse_allowed_local_3pids|length > 0 %}
|
||||
allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
|
||||
{% endif %}
|
||||
|
||||
# Enable 3PIDs lookup requests to identity servers from this server.
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue