pub-solar
/
matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into pub.solar

pub.solar
teutat3s 2020-04-28 02:24:25 +02:00
parent 06c013695d 438652c732
commit ce18854f21
Signed by: teutat3s
GPG Key ID: 18DAE600A6BBE705
41 changed files with 731 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -1,3 +1,12 @@
# 2020-04-23
## Slack bridging support
Thanks to [Rodrigo Belem](https://github.com/rbelem)'s efforts, the playbook now supports bridging to [Slack](https://slack.com) via the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge.
See our [Setting up MX Puppet Slack bridging](docs/configuring-playbook-bridge-mx-puppet-slack.md) documentation page for getting started.
# 2020-04-09
## Skype bridging support

2
README.md
View File

@ -146,6 +146,8 @@ This playbook sets up your server using the following Docker images:
- [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional)
- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional)
- [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional)
- [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional)

24
docs/alternative-architectures.md Normal file
View File

@ -0,0 +1,24 @@
# Alternative architectures
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
```
matrix_architecture = <your-matrix-server-architecture>
```
Currently supported architectures are the following:
- `amd64` (the default)
- `arm64`
- `arm32`
so for the Raspberry Pi the following should be in your `vars.yaml` file:
```
matrix_architecture = "arm32"
```
## Implementation details
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.

35
docs/configuring-playbook-bridge-appservice-slack.md
View File

@ -4,7 +4,7 @@ The playbook can install and configure [matrix-appservice-slack](https://github.
See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you.
Setup Instructions:
## Setup Instructions:
loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup)
@ -29,7 +29,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
5. Create a new Slack App [here](https://api.slack.com/apps).
Name the app & select the team/workspace this app will belong to.
Name the app "matrixbot" (or anything else you'll remember).
Select the team/workspace this app will belong to.
Click on bot users and add a new bot user. We will use this account to bridge the the rooms.
@ -61,9 +63,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
* Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID - it will look something like !aBcDeF:example.com.
* Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @slackbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix.
* Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix.
* Determine the "channel ID" that Slack uses to identify the channel, which can be found in the url https://XXX.slack.com/messages/<channel id>/.
* Determine the "channel ID" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX/<the channel id>/details/`.
* Issue a link command in the administration control room with these collected values as arguments:
@ -81,3 +83,28 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi
```
Other configuration options are available via the `matrix_appservice_slack_configuration_extension_yaml` variable.
10. Unlinking
Channels can be unlinked again like this:
```
unlink --room !the-matrix:room.id
```
Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again.
## Troubleshooting
* as always, check the logs:
`journalctl -fu matrix-appservice-slack`
* linking: "Room is now pending-name"
This typically means that you haven't used the correct slack channel id. Unlink the room and recheck 'Determine the "channel ID"' from above.
* Messages work from M to S, but not the other way around
Check you logs, if they say something like
`WARN SlackEventHandler Ignoring message from unrecognised slack channel id : %s (%s) <the channel id> <some other id>`
then unlink your room, reinvite the bot and re-link it again. This may particularly hit you, if you tried to unsuccessfully link
your room multiple times without unlinking it after each failed attempt.

34
docs/configuring-playbook-bridge-mx-puppet-slack.md Normal file
View File

@ -0,0 +1,34 @@
# Setting up MX Puppet Slack (optional)
The playbook can install and configure
[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Slack](https://slack.com/) bridge just use the following
playbook configuration:
```yaml
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: ""
matrix_mx_puppet_slack_client_secret: ""
```
## Usage
Once the bot is enabled you need to start a chat with `Slack Puppet Bridge` with
the handle `@_slackpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Three authentication methods are available, Legacy Token, OAuth and xoxc token.
See mx-puppet-slack [documentation](https://github.com/Sorunome/mx-puppet-slack)
for more information about how to configure the bridge.
Once logged in, send `list` to the bot user to list the available rooms.
Clicking rooms in the list will result in you receiving an invitation to the
bridged room.
Also send `help` to the bot to see the commands available.

2
docs/configuring-playbook-dimension.md
View File

@ -4,7 +4,7 @@
If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later.
## Prerequisites
For an Integration Manager like [Dimension](https://dimension.t2bot.io) to work, your server needs to have federation enabled (`matrix_synapse_federation_enabled: true`). This is the default for this playbook, so unless you've explicitly disabled federation, you're okay.
This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and an [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environment. This is handled automatically based on the value of `matrix_synapse_federation_enabled`.
Other important prerequisite is the `dimension.<your-domain>` DNS record being set up correctly. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly.

2
docs/configuring-playbook.md
View File

@ -99,4 +99,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional)
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)

8
docs/maintenance-synapse.md
View File

@ -8,11 +8,17 @@ Table of contents:
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api), for when you wish to delete in-use (but old) data from the Synapse database
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state), for when you wish to compress some Synapse state tables using the [rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) tool
- [Synapse maintenance](#synapse-maintenance)
- [Purging unused data with synapse-janitor](#purging-unused-data-with-synapse-janitor)
- [Vacuuming Postgres](#vacuuming-postgres)
- [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api)
- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state)
## Purging unused data with synapse-janitor
**NOTE**: There are [reports](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465) that **synapse-janitor is dangerous to use and causes database corruption**. You may wish to refrain from using it.
When you **leave** and **forget** a room, Synapse can clean up its data, but currently doesn't.
This **unused and unreachable data** remains in your database forever.

2
docs/prerequisites.md
View File

@ -1,6 +1,6 @@
# Prerequisites
- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there.
- `root` access to your server (or a user capable of elevating to `root` via `sudo`).

2
docs/self-building.md
View File

@ -1,5 +1,7 @@
# Self-building
**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.**
The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd).
To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file:

70
group_vars/matrix_servers
View File

@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e
#
######################################################################
######################################################################
#
# matrix-architecture
#
######################################################################
matrix_architecture: "amd64"
######################################################################
#
# /matrix-architecture
#
######################################################################
######################################################################
#
@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key |
# We don't enable bridges by default.
matrix_mautrix_facebook_enabled: false
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_facebook_systemd_required_services_list: |
{{
@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default.
matrix_mautrix_hangouts_enabled: false
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_hangouts_systemd_required_services_list: |
{{
@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro
# We don't enable bridges by default.
matrix_mx_puppet_skype_enabled: false
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_skype_systemd_required_services_list: |
{{
@ -323,6 +337,37 @@ matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_prov
######################################################################
######################################################################
#
# matrix-bridge-mx-puppet-slack
#
######################################################################
# We don't enable bridges by default.
matrix_mx_puppet_slack_enabled: false
matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_mx_puppet_slack_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
}}
matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}"
matrix_mx_puppet_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}"
matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
######################################################################
#
# /matrix-bridge-mx-puppet-slack
#
######################################################################
######################################################################
#
# matrix-corporal
@ -366,7 +411,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
matrix_coturn_turn_external_ip_address: "{{ ansible_host }}"
@ -402,6 +447,8 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena
matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}"
matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}"
matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if matrix_synapse_federation_enabled|bool else 8008 }}"
######################################################################
#
# /matrix-dimension
@ -489,7 +536,7 @@ matrix_mailer_enabled: true
# If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this.
matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -599,6 +646,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
}}
matrix_ssl_architecture: "{{ matrix_architecture }}"
######################################################################
#
# /matrix-nginx-proxy
@ -638,7 +687,7 @@ matrix_postgres_db_name: "homeserver"
# If you wish to connect to your Matrix server by other means, you may wish to disable this.
matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
@ -683,7 +732,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit
#
######################################################################
matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}"
matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
# When ma1sd is enabled, we can use it instead of the default public Identity servers.
matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}"
@ -723,6 +772,13 @@ matrix_synapse_tls_federation_listener_enabled: false
matrix_synapse_tls_certificate_path: ~
matrix_synapse_tls_private_key_path: ~
matrix_synapse_http_listener_resource_names: |
{{
["client"]
+
( ["openid"] if matrix_dimension_enabled and not matrix_synapse_federation_enabled else [] )
}}
matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}"
matrix_synapse_email_smtp_host: "matrix-mailer"
matrix_synapse_email_smtp_port: 8025

2
roles/matrix-base/tasks/server_base/setup_centos.yml
View File

@ -20,7 +20,6 @@
- name: Ensure yum packages are installed
yum:
name:
- docker-python
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
@ -30,5 +29,6 @@
yum:
name:
- "{{ matrix_docker_package_name }}"
- docker-python
state: latest
when: matrix_docker_installation_enabled|bool

2
roles/matrix-base/tasks/server_base/setup_debian.yml
View File

@ -27,7 +27,6 @@
- name: Ensure APT packages are installed
apt:
name:
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
- "{{ matrix_ntpd_package }}"
- fuse
state: latest
@ -37,5 +36,6 @@
apt:
name:
- "{{ matrix_docker_package_name }}"
- "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
state: latest
when: matrix_docker_installation_enabled|bool

2
roles/matrix-bridge-appservice-slack/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_appservice_slack_enabled: true
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest"
matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"

11
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View File

@ -141,6 +141,17 @@ matrix_mautrix_facebook_configuration_yaml: |
presence: true
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Permissions for using the bridge.
# Permitted values:

11
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View File

@ -124,6 +124,17 @@ matrix_mautrix_hangouts_configuration_yaml: |
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:

12
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -227,6 +227,18 @@ matrix_mautrix_telegram_configuration_yaml: |
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Overrides for base power levels.
initial_power_level_overrides:
user: {}

42
roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
View File

@ -13,12 +13,29 @@ matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/conf
matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data"
matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src"
matrix_mx_puppet_skype_appservice_port: "6000"
matrix_mx_puppet_skype_appservice_port: "8438"
matrix_mx_puppet_skype_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_skype_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}'
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_skype_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_skype_provisioning_blacklist: []
# Same as provisioning
matrix_mx_puppet_skype_relay_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Same as provisioning
matrix_mx_puppet_skype_relay_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_skype_container_extra_arguments: []
@ -48,7 +65,7 @@ matrix_mx_puppet_skype_configuration_yaml: |
# Port to host the bridge on which your homeserver will connect to
port: {{ matrix_mx_puppet_skype_appservice_port }}
# Name of your homeserver
domain: {{ matrix_mx_puppet_skype_homeserver_domain }}
domain: {{ matrix_domain }}
# URL where the bridge can connect to your homeserver
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
# Optionally specify a different media URL used for the media store
@ -60,7 +77,7 @@ matrix_mx_puppet_skype_configuration_yaml: |
# yourserver.com: supersecretsharedsecret
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_mx_puppet_skype_homeserver_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{% endif %}
# optionally override the display name of the bridge bot
#displayname: Protocol Bot
@ -122,19 +139,21 @@ matrix_mx_puppet_skype_configuration_yaml: |
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist:
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
- '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}'
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
presence:
# Bridge online/offline status
@ -150,10 +169,13 @@ matrix_mx_puppet_skype_configuration_yaml: |
relay:
# Regex of Matrix IDs to allow to use the relay mode
# Same format as in provisioning
whitelist:
- '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}'
#whitelist:
#- "@.*:yourserver\\.com"
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
#blacklist:
#- "@user:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
# Map certain homeserver URLs to the C-S API endpoint
# Useful for double-puppeting if .well-known is unavailable for some reason
@ -196,11 +218,11 @@ matrix_mx_puppet_skype_registration_yaml: |
namespaces:
users:
- exclusive: true
regex: '@_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}'
regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}'
regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _skypepuppet_bot

3
roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
View File

@ -35,6 +35,7 @@
repo: https://github.com/Sorunome/mx-puppet-skype.git
dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_skype_git_pull_results
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
- name: Ensure MX Puppet Skype Docker image is built
@ -45,7 +46,7 @@
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_git_pull_results.changed"
- name: Check if an old database file already exists
stat:

181
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml Normal file
View File

@ -0,0 +1,181 @@
# Mx Puppet Slack is a Matrix <-> Slack bridge
# See: https://github.com/Sorunome/mx-puppet-slack
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_container_image_self_build: false
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack"
matrix_mx_puppet_slack_config_path: "{{ matrix_mx_puppet_slack_base_path }}/config"
matrix_mx_puppet_slack_data_path: "{{ matrix_mx_puppet_slack_base_path }}/data"
matrix_mx_puppet_slack_docker_src_files_path: "{{ matrix_mx_puppet_slack_base_path }}/docker-src"
matrix_mx_puppet_slack_appservice_port: "8432"
matrix_mx_puppet_slack_homeserver_address: 'http://matrix-synapse:8008'
matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}'
matrix_mx_puppet_slack_client_id: ''
matrix_mx_puppet_slack_client_secret: ''
matrix_mx_puppet_slack_redirect_path: '/slack/oauth'
matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}'
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone
matrix_mx_puppet_slack_provisioning_whitelist:
- "@.*:{{ matrix_domain|regex_escape }}"
# Leave empty to disable blacklist
# "@user:server.com" disallow a specific user
# "@.*:yourserver.com" disallow users on a specific homeserver
matrix_mx_puppet_slack_provisioning_blacklist: []
# A list of extra arguments to pass to the container
matrix_mx_puppet_slack_container_extra_arguments: []
# List of systemd services that matrix-puppet-slack.service depends on.
matrix_mx_puppet_slack_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-puppet-slack.service wants
matrix_mx_puppet_slack_systemd_wanted_services_list: []
matrix_mx_puppet_slack_appservice_token: ''
matrix_mx_puppet_slack_homeserver_token: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_slack_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_slack_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: false
# Slack app credentials.
# N.B. This must be quoted so YAML wouldn't parse it as a float.
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
# then set this field and the Slack app redirect URI field to the former.
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
matrix_mx_puppet_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mx_puppet_slack_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mx_puppet_slack_configuration_yaml`.
matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`.
matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml|from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}"
matrix_mx_puppet_slack_registration_yaml: |
as_token: "{{ matrix_mx_puppet_slack_appservice_token }}"
hs_token: "{{ matrix_mx_puppet_slack_homeserver_token }}"
id: slack-puppet
namespaces:
users:
- exclusive: true
regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}'
rooms: []
aliases:
- exclusive: true
regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}'
protocols: []
rate_limited: false
sender_localpart: _slackpuppet_bot
url: {{ matrix_mx_puppet_slack_appservice_address }}
matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}"

70
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml Normal file
View File

@ -0,0 +1,70 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack'] }}"
when: matrix_mx_puppet_slack_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mx-puppet-slack-registration.yaml"] }}
when: matrix_mx_puppet_slack_enabled|bool
- block:
- name: Fail if matrix-nginx-proxy role already executed
fail:
msg: >-
Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your plabook,
so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role.
when: matrix_nginx_proxy_role_executed|default(False)|bool
- name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy
set_fact:
matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: |
location {{ matrix_mx_puppet_slack_redirect_path }} {
{% if matrix_nginx_proxy_enabled|default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_mx_puppet_slack_appservice_address }}";
proxy_pass $backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }};
{% endif %}
}
- name: Register Slack Appservice proxying configuration with matrix-nginx-proxy
set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
+
[matrix_mx_puppet_slack_matrix_nginx_proxy_configuration]
}}
tags:
- always
when: matrix_appservice_slack_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ something }}`
URL endpoint to the matrix-appservice-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build"

21
roles/matrix-bridge-mx-puppet-slack/tasks/main.yml Normal file
View File

@ -0,0 +1,21 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-slack
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-slack
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mx_puppet_slack_enabled|bool"
tags:
- setup-all
- setup-mx-puppet-slack

93
roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,93 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure MX Puppet Slack image is pulled
docker_image:
name: "{{ matrix_mx_puppet_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}"
when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build
- name: Ensure MX Puppet Slack paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true }
- { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true }
- { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true }
- { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" }
when: matrix_mx_puppet_slack_enabled|bool and item.when|bool
- name: Ensure MX Puppet Slack repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-slack.git
dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"
- name: Ensure MX Puppet Slack Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_slack_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"
- name: Check if an old database file already exists
stat:
path: "{{ matrix_mx_puppet_slack_base_path }}/database.db"
register: matrix_mx_puppet_slack_stat_database
- name: (Data relocation) Ensure matrix-mx-puppet-slack.service is stopped
service:
name: matrix-mx-puppet-slack
state: stopped
daemon_reload: yes
failed_when: false
when: "matrix_mx_puppet_slack_stat_database.stat.exists"
- name: (Data relocation) Move mx-puppet-slack database file to ./data directory
command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db"
when: "matrix_mx_puppet_slack_stat_database.stat.exists"
- name: Ensure mx-puppet-slack config.yaml installed
copy:
content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure mx-puppet-slack slack-registration.yaml installed
copy:
content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}"
dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Ensure matrix-mx-puppet-slack.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2"
dest: "/etc/systemd/system/matrix-mx-puppet-slack.service"
mode: 0644
register: matrix_mx_puppet_slack_systemd_service_result
- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation
service:
daemon_reload: yes
when: "matrix_mx_puppet_slack_systemd_service_result.changed"

24
roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Check existence of matrix-mx-puppet-slack service
stat:
path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
register: matrix_mx_puppet_slack_service_stat
- name: Ensure matrix-mx-puppet-slack is stopped
service:
name: matrix-mx-puppet-slack
state: stopped
daemon_reload: yes
when: "matrix_mx_puppet_slack_service_stat.stat.exists"
- name: Ensure matrix-mx-puppet-slack.service doesn't exist
file:
path: "/etc/systemd/system/matrix-mx-puppet-slack.service"
state: absent
when: "matrix_mx_puppet_slack_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal
service:
daemon_reload: yes
when: "matrix_mx_puppet_slack_service_stat.stat.exists"

10
roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mx_puppet_slack_appservice_token"
- "matrix_mx_puppet_slack_homeserver_token"

41
roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 Normal file
View File

@ -0,0 +1,41 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mx Puppet Slack server
{% for service in matrix_mx_puppet_slack_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mx_puppet_slack_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
-v {{ matrix_mx_puppet_slack_data_path }}:/data:z \
{% for arg in matrix_mx_puppet_slack_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mx_puppet_slack_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-slack
[Install]
WantedBy=multi-user.target

2
roles/matrix-corporal/defaults/main.yml
View File

@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0"
matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0"
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"

4
roles/matrix-dimension/defaults/main.yml
View File

@ -32,6 +32,8 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
# Default Dimension configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -58,7 +60,7 @@ matrix_dimension_configuration_yaml: |
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
federationUrl: "http://matrix-synapse:8048"
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.

8
roles/matrix-dimension/tasks/validate_config.yml
View File

@ -6,14 +6,6 @@
- "matrix_dimension_access_token"
when: "matrix_dimension_enabled and vars[item] == ''"
- name: Fail if Matrix Federation is disabled
fail:
msg: >-
You need to enable Matrix Federation to use Dimension. Set `{{ item }}` to 'true'.
with_items:
- "matrix_synapse_federation_enabled"
when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool"
- name: (Deprecation) Catch and report renamed Dimension variables
fail:
msg: >-

6
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.17.9-alpine"
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none
# plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy.
matrix_ssl_retrieval_method: "lets-encrypt"
matrix_ssl_architecture: "amd64"
# The list of domains that this role will obtain certificates for.
matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0"
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~

2
roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
View File

@ -11,7 +11,7 @@ docker run \
--rm \
--name=matrix-certbot \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--cap-drop=ALL \
--network="{{ matrix_docker_network }}" \
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \

7
roles/matrix-postgres/tasks/run_synapse_janitor.yml
View File

@ -7,6 +7,13 @@
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run synapse-janitor."
when: "not matrix_postgres_enabled|bool"
- name: Fail if not aware of the risks
fail:
msg: >-
Using Synapse Janitor is considered dangerous and may break your database.
See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465.
If you'd like to run it anyway, add `--extra-vars='i_know_synapse_janitor_is_dangerous=1'` to your command.
when: "i_know_synapse_janitor_is_dangerous|default('') == ''"
# Defaults

6
roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2
View File

@ -11,9 +11,9 @@ fi
docker run \
-it \
--rm \
--user=991:991 \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \
postgres:12.1-alpine \
psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"
{{ matrix_postgres_docker_image_to_use }} \
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'"

2
roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2
View File

@ -5,7 +5,7 @@ docker run \
-it \
--rm \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--cap-drop=ALL \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \
{{ matrix_postgres_docker_image_to_use }} \

2
roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2
View File

@ -9,7 +9,7 @@ fi
docker run \
--rm \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--cap-drop=ALL \
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
--network {{ matrix_docker_network }} \
{{ matrix_postgres_docker_image_to_use }} \

2
roles/matrix-riot-web/templates/config.json.j2
View File

@ -30,7 +30,7 @@
"embeddedPages": {
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
},
{% if matrix_riot_web_jitsi_preferredDomain is not none %}
{% if matrix_riot_web_jitsi_preferredDomain %}
"jitsi": {
"preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }}
},

14
roles/matrix-synapse/defaults/main.yml
View File

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.3"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.4"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -137,6 +137,11 @@ matrix_synapse_tls_federation_listener_enabled: true
matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt"
matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key"
# Resource names used by the unsecure HTTP listener. Here only the Client API
# is defined, see the homeserver config for a full list of valid resource
# names.
matrix_synapse_http_listener_resource_names: ["client"]
# Enable this to allow Synapse to report utilization statistics about your server to matrix.org
# (things like number of users, number of messages sent, uptime, load, etc.)
matrix_synapse_report_stats: false
@ -164,6 +169,13 @@ matrix_synapse_enable_group_creation: false
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
matrix_synapse_registrations_require_3pid: []
# A list of patterns 3pids must match in order to permit registration, e.g.:
# - medium: email
# pattern: '.*@example\.com'
# - medium: msisdn
# pattern: '\+44'
matrix_synapse_allowed_local_3pids: []
# The server to use for email threepid validation. When empty, Synapse does it by itself.
# Otherwise, this should be pointed to an identity server.
matrix_synapse_account_threepid_delegates_email: ''

2
roles/matrix-synapse/tasks/register_user.yml
View File

@ -28,4 +28,4 @@
when: "start_result.changed"
- name: Register user
shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}"
command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}"

4
roles/matrix-synapse/tasks/update_user_password.yml
View File

@ -36,8 +36,8 @@
when: "start_result.changed or postgres_start_result.changed"
- name: Generate password hash
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}"
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
register: password_hash
- name: Update user password hash
shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"
command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}"

7
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -226,7 +226,7 @@ listeners:
x_forwarded: true
resources:
- names: [client]
- names: {{ matrix_synapse_http_listener_resource_names|to_json }}
compress: false
{% if matrix_synapse_federation_enabled %}
@ -967,7 +967,7 @@ account_validity:
#registrations_require_3pid:
# - email
# - msisdn
{% if matrix_synapse_registrations_require_3pid %}
{% if matrix_synapse_registrations_require_3pid|length > 0 %}
registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }}
{% endif %}
@ -986,6 +986,9 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json
# pattern: '.*@vector\.im'
# - medium: msisdn
# pattern: '\+44'
{% if matrix_synapse_allowed_local_3pids|length > 0 %}
allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }}
{% endif %}
# Enable 3PIDs lookup requests to identity servers from this server.
#

1
setup.yml
View File

@ -17,6 +17,7 @@
- matrix-bridge-mautrix-telegram
- matrix-bridge-mautrix-whatsapp
- matrix-bridge-mx-puppet-skype
- matrix-bridge-mx-puppet-slack
- matrix-synapse
- matrix-riot-web
- matrix-jitsi