From ddc44996e3337d00814824fdec1aec524f538c1d Mon Sep 17 00:00:00 2001 From: John Goerzen Date: Sat, 11 Apr 2020 17:07:30 -0500 Subject: [PATCH 01/34] Fix to avoid putting an incorrect empty jitsi.preferredDomain when no local jitsi --- roles/matrix-riot-web/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index 43d50ab5..0a388e81 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -30,7 +30,7 @@ "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }} }, - {% if matrix_riot_web_jitsi_preferredDomain is not none %} + {% if matrix_riot_web_jitsi_preferredDomain is not none and matrix_riot_web_jitsi_preferredDomain != '' %} "jitsi": { "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }} }, From 69338d045a9ff7c6917216586ba1a78645afac6e Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sun, 12 Apr 2020 01:09:22 +0300 Subject: [PATCH 02/34] Simplify if conditions --- roles/matrix-riot-web/templates/config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/templates/config.json.j2 b/roles/matrix-riot-web/templates/config.json.j2 index 0a388e81..adbbf8dc 100644 --- a/roles/matrix-riot-web/templates/config.json.j2 +++ b/roles/matrix-riot-web/templates/config.json.j2 @@ -30,7 +30,7 @@ "embeddedPages": { "homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }} }, - {% if matrix_riot_web_jitsi_preferredDomain is not none and matrix_riot_web_jitsi_preferredDomain != '' %} + {% if matrix_riot_web_jitsi_preferredDomain %} "jitsi": { "preferredDomain": {{ matrix_riot_web_jitsi_preferredDomain|to_json }} }, From cf36dbe4f6627e64e35e9831fe4f67b5185050fb Mon Sep 17 00:00:00 2001 From: Udo Rader Date: Mon, 13 Apr 2020 11:22:13 +0200 Subject: [PATCH 03/34] correctly quoted and added another way to retrieve it --- docs/configuring-playbook-bridge-appservice-slack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index afeeb658..cf087414 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -63,7 +63,7 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi * Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @slackbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix. - * Determine the "channel ID" that Slack uses to identify the channel, which can be found in the url https://XXX.slack.com/messages//. + * Determine the "channel ID" that Slack uses to identify the channel, which can be found in the url `https://XXX.slack.com/messages//`. Or, even simpler, if you open a channel in a browser, the URL reads like this: `https://app.slack.com/client/XXX//details/`. * Issue a link command in the administration control room with these collected values as arguments: From b6aa246f7c5cfa66078efffccb02d8d621224988 Mon Sep 17 00:00:00 2001 From: Udo Rader Date: Mon, 13 Apr 2020 17:17:19 +0200 Subject: [PATCH 04/34] better described how to get channel id, added a section how to unlink a channel and a troubleshooting section --- ...guring-playbook-bridge-appservice-slack.md | 35 ++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/docs/configuring-playbook-bridge-appservice-slack.md b/docs/configuring-playbook-bridge-appservice-slack.md index cf087414..371195b6 100644 --- a/docs/configuring-playbook-bridge-appservice-slack.md +++ b/docs/configuring-playbook-bridge-appservice-slack.md @@ -4,7 +4,7 @@ The playbook can install and configure [matrix-appservice-slack](https://github. See the project's [documentation](https://github.com/matrix-org/matrix-appservice-slack/blob/master/README.md) to learn what it does and why it might be useful to you. -Setup Instructions: +## Setup Instructions: loosely based on [this](https://github.com/matrix-org/matrix-appservice-slack#Setup) @@ -29,7 +29,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi 5. Create a new Slack App [here](https://api.slack.com/apps). - Name the app & select the team/workspace this app will belong to. + Name the app "matrixbot" (or anything else you'll remember). + + Select the team/workspace this app will belong to. Click on bot users and add a new bot user. We will use this account to bridge the the rooms. @@ -61,9 +63,9 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi * Create a Matrix room in the usual manner for your client. Take a note of its Matrix room ID - it will look something like !aBcDeF:example.com. - * Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @slackbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix. + * Invite the bot user to both the Slack and Matrix channels you would like to bridge using `/invite @matrixbot` for slack and `/invite @slackbot:MY.DOMAIN` for matrix. - * Determine the "channel ID" that Slack uses to identify the channel, which can be found in the url `https://XXX.slack.com/messages//`. Or, even simpler, if you open a channel in a browser, the URL reads like this: `https://app.slack.com/client/XXX//details/`. + * Determine the "channel ID" that Slack uses to identify the channel. You can see it when you open a given Slack channel in a browser. The URL reads like this: `https://app.slack.com/client/XXX//details/`. * Issue a link command in the administration control room with these collected values as arguments: @@ -81,3 +83,28 @@ Note that the bot's domain is your server's domain **without the `matrix.` prefi ``` Other configuration options are available via the `matrix_appservice_slack_configuration_extension_yaml` variable. + +10. Unlinking + + Channels can be unlinked again like this: + ``` + unlink --room !the-matrix:room.id + ``` + + Unlinking doesn't only disconnect the bridge, but also makes the slackbot leave the bridged matrix room. So in case you want to re-link later, don't forget to re-invite the slackbot into this room again. + +## Troubleshooting + +* as always, check the logs: +`journalctl -fu matrix-appservice-slack` + +* linking: "Room is now pending-name" +This typically means that you haven't used the correct slack channel id. Unlink the room and recheck 'Determine the "channel ID"' from above. + +* Messages work from M to S, but not the other way around +Check you logs, if they say something like + +`WARN SlackEventHandler Ignoring message from unrecognised slack channel id : %s (%s) ` + +then unlink your room, reinvite the bot and re-link it again. This may particularly hit you, if you tried to unsuccessfully link +your room multiple times without unlinking it after each failed attempt. From cc8fc55ac6fdac94fadb01de91584b34e62ab0d6 Mon Sep 17 00:00:00 2001 From: Rodrigo Belem Date: Wed, 15 Apr 2020 15:13:56 -0400 Subject: [PATCH 05/34] Upstream set mx-puppet-skype default port to 8438 --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index d4df2f0d..c3276807 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -13,7 +13,7 @@ matrix_mx_puppet_skype_config_path: "{{ matrix_mx_puppet_skype_base_path }}/conf matrix_mx_puppet_skype_data_path: "{{ matrix_mx_puppet_skype_base_path }}/data" matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_path }}/docker-src" -matrix_mx_puppet_skype_appservice_port: "6000" +matrix_mx_puppet_skype_appservice_port: "8438" matrix_mx_puppet_skype_homeserver_address: 'http://matrix-synapse:8008' matrix_mx_puppet_skype_homeserver_domain: '{{ matrix_domain }}' From d83236ea0e87af29fb1f81647fe92c04fb360bc5 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Fri, 17 Apr 2020 00:52:09 +0200 Subject: [PATCH 06/34] Fix inconsistent whitespace --- .../usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 | 2 +- .../templates/usr-local-bin/matrix-postgres-cli.j2 | 2 +- .../usr-local-bin/matrix-postgres-update-user-password-hash.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 index 93306d78..f7c930c0 100644 --- a/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 +++ b/roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 @@ -11,7 +11,7 @@ docker run \ --rm \ --name=matrix-certbot \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ + --cap-drop=ALL \ --network="{{ matrix_docker_network }}" \ -p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \ -v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \ diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 index 8f0c4c5b..61f4cf80 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-cli.j2 @@ -5,7 +5,7 @@ docker run \ -it \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ + --cap-drop=ALL \ --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ {{ matrix_postgres_docker_image_to_use }} \ diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 index d950ce97..e546b2c5 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2 @@ -9,7 +9,7 @@ fi docker run \ --rm \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ - --cap-drop=ALL \ + --cap-drop=ALL \ --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ {{ matrix_postgres_docker_image_to_use }} \ From 88c1fbf6aa9505db0e4cc43f3a3ed322f14e4494 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Fri, 17 Apr 2020 00:54:38 +0200 Subject: [PATCH 07/34] Fix hardcoded values in postgres script matrix-change-user-admin-status --- .../usr-local-bin/matrix-change-user-admin-status.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 index 861a0d0d..e9c76674 100644 --- a/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 +++ b/roles/matrix-postgres/templates/usr-local-bin/matrix-change-user-admin-status.j2 @@ -11,9 +11,9 @@ fi docker run \ -it \ --rm \ - --user=991:991 \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --env-file={{ matrix_postgres_base_path }}/env-postgres-psql \ --network {{ matrix_docker_network }} \ - postgres:12.1-alpine \ - psql -h matrix-postgres -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'" + {{ matrix_postgres_docker_image_to_use }} \ + psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set admin=$2 WHERE name like '@$1:{{ matrix_domain }}'" From 4d260c0dd533a0cf6a87d113887759660472f898 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Apr 2020 09:44:48 +0300 Subject: [PATCH 08/34] Add encryption configuration defaults to Mautrix bridges Related to #451 (Github Issue). --- .../matrix-bridge-mautrix-facebook/defaults/main.yml | 11 +++++++++++ .../matrix-bridge-mautrix-hangouts/defaults/main.yml | 11 +++++++++++ .../matrix-bridge-mautrix-telegram/defaults/main.yml | 12 ++++++++++++ 3 files changed, 34 insertions(+) diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml index 30693bd5..3c09dafd 100644 --- a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -141,6 +141,17 @@ matrix_mautrix_facebook_configuration_yaml: | presence: true # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false # Permissions for using the bridge. # Permitted values: diff --git a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml index 5284bc82..8de4576f 100644 --- a/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-hangouts/defaults/main.yml @@ -124,6 +124,17 @@ matrix_mautrix_hangouts_configuration_yaml: | login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }} # Whether or not to update avatars when syncing all contacts at startup. update_avatar_initial_sync: true + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false # Public website and API configs web: diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml index 6cfa3abb..b491dce8 100644 --- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -227,6 +227,18 @@ matrix_mautrix_telegram_configuration_yaml: | height: 256 background: "020202" # only for gif fps: 30 # only for webm + # End-to-bridge encryption support options. These require matrix-nio to be installed with pip + # and login_shared_secret to be configured in order to get a device for the bridge bot. + # + # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal + # application service. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Overrides for base power levels. initial_power_level_overrides: user: {} From 9a43cc02e0a5b46670d13c7a2c5f8388e7ba3046 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Apr 2020 09:45:35 +0300 Subject: [PATCH 09/34] Only install docker-python if matrix_docker_installation_enabled Should help with #300 (Github Issue). --- roles/matrix-base/tasks/server_base/setup_centos.yml | 2 +- roles/matrix-base/tasks/server_base/setup_debian.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-base/tasks/server_base/setup_centos.yml b/roles/matrix-base/tasks/server_base/setup_centos.yml index 77b2866a..07776d7f 100644 --- a/roles/matrix-base/tasks/server_base/setup_centos.yml +++ b/roles/matrix-base/tasks/server_base/setup_centos.yml @@ -20,7 +20,6 @@ - name: Ensure yum packages are installed yum: name: - - docker-python - "{{ matrix_ntpd_package }}" - fuse state: latest @@ -30,5 +29,6 @@ yum: name: - "{{ matrix_docker_package_name }}" + - docker-python state: latest when: matrix_docker_installation_enabled|bool diff --git a/roles/matrix-base/tasks/server_base/setup_debian.yml b/roles/matrix-base/tasks/server_base/setup_debian.yml index c54b3cb6..88ea1c1d 100644 --- a/roles/matrix-base/tasks/server_base/setup_debian.yml +++ b/roles/matrix-base/tasks/server_base/setup_debian.yml @@ -27,7 +27,6 @@ - name: Ensure APT packages are installed apt: name: - - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" - "{{ matrix_ntpd_package }}" - fuse state: latest @@ -37,5 +36,6 @@ apt: name: - "{{ matrix_docker_package_name }}" + - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker" state: latest when: matrix_docker_installation_enabled|bool From 43201c9e223d42ddf5fca65ca42da5bc684d2c89 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 17 Apr 2020 22:26:55 +0300 Subject: [PATCH 10/34] Upgrade matrix-corporal (1.8.0 -> 1.9.0) --- roles/matrix-corporal/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-corporal/defaults/main.yml b/roles/matrix-corporal/defaults/main.yml index 9430f053..f077b465 100644 --- a/roles/matrix-corporal/defaults/main.yml +++ b/roles/matrix-corporal/defaults/main.yml @@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: [] # List of systemd services that matrix-corporal.service depends on matrix_corporal_systemd_required_services_list: ['docker.service'] -matrix_corporal_docker_image: "devture/matrix-corporal:1.8.0" +matrix_corporal_docker_image: "devture/matrix-corporal:1.9.0" matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}" matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal" From e54428b160de6720bd603610d1ebbcc5ee9d8953 Mon Sep 17 00:00:00 2001 From: Tom Date: Sat, 18 Apr 2020 00:11:30 +0100 Subject: [PATCH 11/34] Expose allowed local 3pids as a configurable option --- roles/matrix-synapse/defaults/main.yml | 7 +++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 3 +++ 2 files changed, 10 insertions(+) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e2ab5fb8..f117fe93 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -164,6 +164,13 @@ matrix_synapse_enable_group_creation: false # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] +# A list of patterns 3pids must match in order to permit registration, e.g.: +# - medium: email +# pattern: '.*@example\.com' +# - medium: msisdn +# pattern: '\+44' +matrix_synapse_allowed_local_3pids: [] + # The server to use for email threepid validation. When empty, Synapse does it by itself. # Otherwise, this should be pointed to an identity server. matrix_synapse_account_threepid_delegates_email: '' diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 310421e9..59c35c1f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -986,6 +986,9 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json # pattern: '.*@vector\.im' # - medium: msisdn # pattern: '\+44' +{% if matrix_synapse_allowed_local_3pids %} +allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} +{% endif %} # Enable 3PIDs lookup requests to identity servers from this server. # From 8cd9cdead0ca6e38711fed4b953db848934b180c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 18 Apr 2020 11:05:47 +0300 Subject: [PATCH 12/34] Improve consistency --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 59c35c1f..08476c25 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -967,8 +967,8 @@ account_validity: #registrations_require_3pid: # - email # - msisdn -{% if matrix_synapse_registrations_require_3pid %} -registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }} +{% if matrix_synapse_registrations_require_3pid|length > 0 %} +registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_nice_yaml }} {% endif %} # Explicitly disable asking for MSISDNs from the registration @@ -986,8 +986,8 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json # pattern: '.*@vector\.im' # - medium: msisdn # pattern: '\+44' -{% if matrix_synapse_allowed_local_3pids %} -allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} +{% if matrix_synapse_allowed_local_3pids|length > 0 %} +allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_nice_yaml }} {% endif %} # Enable 3PIDs lookup requests to identity servers from this server. From c13c29f48eae238ac1a7359cede5785635b77328 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 18 Apr 2020 11:06:53 +0300 Subject: [PATCH 13/34] Fix |to_nice_yaml breaking formatting Well, actually 8cd9cde won't work, unless we put the `|to_nice_yaml` thing on a new line. We can, but that takes more lines and makes things look uglier. Using `|to_json` seems good enough. The whole file is parsed as YAML later on and merged with the `_extension` variable before being dumped as YAML again in the end. --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 08476c25..d41313e3 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -968,7 +968,7 @@ account_validity: # - email # - msisdn {% if matrix_synapse_registrations_require_3pid|length > 0 %} -registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_nice_yaml }} +registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }} {% endif %} # Explicitly disable asking for MSISDNs from the registration @@ -987,7 +987,7 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_nice # - medium: msisdn # pattern: '\+44' {% if matrix_synapse_allowed_local_3pids|length > 0 %} -allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_nice_yaml }} +allowed_local_3pids: {{ matrix_synapse_allowed_local_3pids|to_json }} {% endif %} # Enable 3PIDs lookup requests to identity servers from this server. From 203a319881ed7fb4bdbcbdb652f384d2b9327530 Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sat, 18 Apr 2020 12:56:36 +0200 Subject: [PATCH 14/34] force build docker image if git master changes --- roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml index 894b0a9b..6857c6c9 100644 --- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml +++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml @@ -35,6 +35,7 @@ repo: https://github.com/Sorunome/mx-puppet-skype.git dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" force: "yes" + register: matrix_mx_puppet_skype_git_pull_results when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build" - name: Ensure MX Puppet Skype Docker image is built @@ -45,7 +46,7 @@ dockerfile: Dockerfile path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}" pull: yes - when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build" + when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_git_pull_results.changed" - name: Check if an old database file already exists stat: From 3ddb8cd148435ff663bd5b71db8da83d92de9e3a Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Sat, 18 Apr 2020 19:00:20 +0200 Subject: [PATCH 15/34] Add support for running dimension in an unfederated environment This config change follows: https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md --- roles/matrix-dimension/defaults/main.yml | 2 +- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index 5ee01b61..e9faffa3 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -58,7 +58,7 @@ matrix_dimension_configuration_yaml: | # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address # through the normal federation process. - federationUrl: "http://matrix-synapse:8048" + federationUrl: "http://matrix-synapse:{{ 8048 if matrix_synapse_federation_enabled|bool else 8008 }}" # The URL that Dimension will redirect media requests to for downloading media such as # stickers. If not supplied or left empty Dimension will use the clientServerUrl. diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index d41313e3..7f9eb04f 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -226,7 +226,11 @@ listeners: x_forwarded: true resources: - - names: [client] + - names: + - client +{% if matrix_dimension_enabled and not matrix_synapse_federation_enabled %} + - openid +{% endif %} compress: false {% if matrix_synapse_federation_enabled %} From da2e90dcc1a68ce161d693cbe520ed5fafeb62de Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Sat, 18 Apr 2020 19:01:45 +0200 Subject: [PATCH 16/34] Remove check for "Fail if Matrix Federation is disabled" This playbook now suports running dimension in both a federated and an unfederated environment. --- roles/matrix-dimension/tasks/validate_config.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index 62f23e33..ead8352b 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -6,14 +6,6 @@ - "matrix_dimension_access_token" when: "matrix_dimension_enabled and vars[item] == ''" -- name: Fail if Matrix Federation is disabled - fail: - msg: >- - You need to enable Matrix Federation to use Dimension. Set `{{ item }}` to 'true'. - with_items: - - "matrix_synapse_federation_enabled" - when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool" - - name: (Deprecation) Catch and report renamed Dimension variables fail: msg: >- From 18beb3046612fb2b4f2d665087fa2e1f425d8edb Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Sat, 18 Apr 2020 19:12:20 +0200 Subject: [PATCH 17/34] Update docs to reflect support for unfederated dimension --- docs/configuring-playbook-dimension.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuring-playbook-dimension.md b/docs/configuring-playbook-dimension.md index 99de20d6..40bec06b 100644 --- a/docs/configuring-playbook-dimension.md +++ b/docs/configuring-playbook-dimension.md @@ -4,7 +4,7 @@ If you're just installing Matrix services for the first time, please continue with the [Configuration](configuring-playbook.md) / [Installation](installing.md) flow and come back here later. ## Prerequisites -For an Integration Manager like [Dimension](https://dimension.t2bot.io) to work, your server needs to have federation enabled (`matrix_synapse_federation_enabled: true`). This is the default for this playbook, so unless you've explicitly disabled federation, you're okay. +This playbook now supports running [Dimension](https://dimension.t2bot.io) in both a federated and an [unfederated](https://github.com/turt2live/matrix-dimension/blob/master/docs/unfederated.md) environment. This is handled automatically based on the value of `matrix_synapse_federation_enabled`. Other important prerequisite is the `dimension.` DNS record being set up correctly. See [Configuring your DNS server](configuring-dns.md) on how to set up DNS record correctly. From bd61598faf37246022d073fdb91f3f546f48f3b9 Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sat, 18 Apr 2020 22:55:19 +0200 Subject: [PATCH 18/34] add experimental(?) architecture support for arm32 and arm64 the changes are necessary because certbot images are tagged, so docker does not recognize the necessary architecture --- docs/alternative-architectures.md | 16 ++++++++++++ group_vars/matrix_servers | 30 +++++++++++++++++----- roles/matrix-nginx-proxy/defaults/main.yml | 4 ++- 3 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 docs/alternative-architectures.md diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md new file mode 100644 index 00000000..a469e422 --- /dev/null +++ b/docs/alternative-architectures.md @@ -0,0 +1,16 @@ +# Alternative architectures +As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used. + +To that end add the following variable to your `vars.yaml` file: +``` +matrix_architecture = +``` +Currently supported architectures are the following: +- `amd64` (the default) +- `arm64` +- `arm32` + +On most roles self-building is used if the architecture is not `amd64`. Special cases: +- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, +- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, +- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e80d55c3..524c11cd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -26,6 +26,20 @@ matrix_riot_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jitsi_e # ###################################################################### +###################################################################### +# +# matrix-architecture +# +###################################################################### + +matrix_architecture: "amd64" + +###################################################################### +# +# /matrix-architecture +# +###################################################################### + ###################################################################### # @@ -174,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | # We don't enable bridges by default. matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mautrix_facebook_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" matrix_mautrix_facebook_systemd_required_services_list: | {{ @@ -205,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mautrix_hangouts_enabled: false -matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mautrix_hangouts_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" matrix_mautrix_hangouts_systemd_required_services_list: | {{ @@ -301,7 +315,7 @@ matrix_mautrix_whatsapp_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mx_puppet_skype_enabled: false -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" matrix_mx_puppet_skype_systemd_required_services_list: | {{ @@ -366,7 +380,7 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati matrix_coturn_enabled: true -matrix_coturn_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_coturn_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" matrix_coturn_turn_external_ip_address: "{{ ansible_host }}" @@ -489,7 +503,7 @@ matrix_mailer_enabled: true # If you wish to use the public identity servers (matrix.org, vector.im) instead of your own you may wish to disable this. matrix_ma1sd_enabled: true -matrix_ma1sd_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_ma1sd_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # Normally, matrix-nginx-proxy is enabled and nginx can reach ma1sd over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -599,6 +613,8 @@ matrix_ssl_domains_to_obtain_certificates_for: | ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else []) }} +matrix_ssl_architecture: "{{ matrix_architecture }}" + ###################################################################### # # /matrix-nginx-proxy @@ -638,7 +654,7 @@ matrix_postgres_db_name: "homeserver" # If you wish to connect to your Matrix server by other means, you may wish to disable this. matrix_riot_web_enabled: true -matrix_riot_web_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_riot_web_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # Normally, matrix-nginx-proxy is enabled and nginx can reach riot-web over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose @@ -683,7 +699,7 @@ matrix_riot_web_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matrix_jit # ###################################################################### -matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_build }}" +matrix_synapse_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" # When ma1sd is enabled, we can use it instead of the default public Identity servers. matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}" diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 12d314f5..35c6adfc 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -213,12 +213,14 @@ matrix_nginx_proxy_self_check_well_known_matrix_client_follow_redirects: none # plain HTTP traffic only (usually, on the loopback interface only) and you'd be terminating SSL using another reverse-proxy. matrix_ssl_retrieval_method: "lets-encrypt" +matrix_ssl_architecture: "amd64" + # The list of domains that this role will obtain certificates for. matrix_ssl_domains_to_obtain_certificates_for: [] # Controls whether to obtain production or staging certificates from Let's Encrypt. matrix_ssl_lets_encrypt_staging: false -matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:v1.3.0" +matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.3.0" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_support_email: ~ From b5844d2395f9d55afe83bd963f768055f06dbd96 Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:31:36 +0200 Subject: [PATCH 19/34] shortening line based on @spantaleev 's comment --- group_vars/matrix_servers | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 524c11cd..517c299f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -188,7 +188,7 @@ matrix_appservice_irc_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | # We don't enable bridges by default. matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" +matrix_mautrix_facebook_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_facebook_systemd_required_services_list: | {{ @@ -219,7 +219,7 @@ matrix_mautrix_facebook_login_shared_secret: "{{ matrix_synapse_ext_password_pro # We don't enable bridges by default. matrix_mautrix_hangouts_enabled: false -matrix_mautrix_hangouts_container_image_self_build: "{{ (matrix_architecture != 'amd64') and (matrix_architecture != 'arm64') }}" +matrix_mautrix_hangouts_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}" matrix_mautrix_hangouts_systemd_required_services_list: | {{ From 7dba695713fd1855d0b3d13a7f905259996398eb Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:32:27 +0200 Subject: [PATCH 20/34] clarification for the list of implementation details --- docs/alternative-architectures.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index a469e422..5fb0c8ea 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -10,7 +10,10 @@ Currently supported architectures are the following: - `arm64` - `arm32` -On most roles self-building is used if the architecture is not `amd64`. Special cases: +## Implementation details +This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. + +On most roles self-building is used if the architecture is not `amd64`, however there are some special cases: - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. From 441278412b4839a70f500a053c0137bc0de08c8e Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 13:51:26 +0200 Subject: [PATCH 21/34] add explicit information for the Rapsberry pi --- docs/alternative-architectures.md | 5 +++++ docs/prerequisites.md | 2 +- docs/self-building.md | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index 5fb0c8ea..b38f1cdc 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -10,6 +10,11 @@ Currently supported architectures are the following: - `arm64` - `arm32` +so for the Raspberry Pi the following should be in your `vars.yaml` file: +``` +matrix_architecture = "arm32" +``` + ## Implementation details This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. diff --git a/docs/prerequisites.md b/docs/prerequisites.md index 6b66c3d3..9a26d769 100644 --- a/docs/prerequisites.md +++ b/docs/prerequisites.md @@ -1,6 +1,6 @@ # Prerequisites -- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Self-Building](self-building.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. +- An x86 server running **CentOS** (7 only for now; [8 is not yet supported](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/300)), **Debian** (9/Stretch+), **Ubuntu** (16.04+), or **Archlinux**. This playbook doesn't support running on ARM ([see](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/299)), however a minimal subset of the tools can be built on the host, which may result in a working configuration, even on a Raspberry pi (see [Alternative Architectures](alternative-architectures.md)). We only strive to support released stable versions of distributions, not betas or pre-releases. This playbook can take over your whole server or co-exist with other services that you have there. - `root` access to your server (or a user capable of elevating to `root` via `sudo`). diff --git a/docs/self-building.md b/docs/self-building.md index aae31c7b..85d09812 100644 --- a/docs/self-building.md +++ b/docs/self-building.md @@ -1,5 +1,7 @@ # Self-building +**Caution: self-building does not have to be used on its own. See the [Alternative Architectures](alternative-architectures.md) page.** + The playbook supports the self-building of some of its components. This may be useful for architectures besides x86_64, which have no Docker images right now (e g. the armv7 for the Raspberry Pi). Some playbook roles have been updated, so they build the necessary image on the host. It needs more space, as some build tools need to be present (like Java, for ma1sd). To use these modification there is a variable that needs to be switched to enable this functionality. Add this to your `vars.yaml` file: From 588e97a97c30bb26e9761ca81e5dae640ea56dae Mon Sep 17 00:00:00 2001 From: Horvath Gergely Date: Sun, 19 Apr 2020 14:02:32 +0200 Subject: [PATCH 22/34] link to self-building from implementation subsection --- docs/alternative-architectures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/alternative-architectures.md b/docs/alternative-architectures.md index b38f1cdc..01f6946f 100644 --- a/docs/alternative-architectures.md +++ b/docs/alternative-architectures.md @@ -18,7 +18,7 @@ matrix_architecture = "arm32" ## Implementation details This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection. -On most roles self-building is used if the architecture is not `amd64`, however there are some special cases: +On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases: - matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well, - matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well, - matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling. From e2de6a156978c642b8ddf81462e2a1a0a97b7737 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Sun, 19 Apr 2020 08:38:53 -0500 Subject: [PATCH 23/34] Update nginx (1.17.9 -> 1.17.10) --- roles/matrix-nginx-proxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml index 12d314f5..3bbd2c9b 100644 --- a/roles/matrix-nginx-proxy/defaults/main.yml +++ b/roles/matrix-nginx-proxy/defaults/main.yml @@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true # We use an official nginx image, which we fix-up to run unprivileged. # An alternative would be an `nginxinc/nginx-unprivileged` image, but # that is frequently out of date. -matrix_nginx_proxy_docker_image: "nginx:1.17.9-alpine" +matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine" matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}" matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy" From 9991d545ddbec3b3686bffd3ee02aa58fcf8ca0b Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 Apr 2020 21:48:06 +0300 Subject: [PATCH 24/34] Add note about synapse-janitor and require explicit confirmation for usage Fixes #465 (Github Issue). Related to https://github.com/xwiki-labs/synapse_scripts/pull/12. --- docs/maintenance-synapse.md | 8 +++++++- roles/matrix-postgres/tasks/run_synapse_janitor.yml | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/maintenance-synapse.md b/docs/maintenance-synapse.md index d64b3b9f..ab33b9de 100644 --- a/docs/maintenance-synapse.md +++ b/docs/maintenance-synapse.md @@ -8,11 +8,17 @@ Table of contents: - [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api), for when you wish to delete in-use (but old) data from the Synapse database -- [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state), for when you wish to compress some Synapse state tables using the [rust-synapse-compress-state](https://github.com/matrix-org/rust-synapse-compress-state) tool +- [Synapse maintenance](#synapse-maintenance) + - [Purging unused data with synapse-janitor](#purging-unused-data-with-synapse-janitor) + - [Vacuuming Postgres](#vacuuming-postgres) + - [Purging old data with the Purge History API](#purging-old-data-with-the-purge-history-api) + - [Compressing state with rust-synapse-compress-state](#compressing-state-with-rust-synapse-compress-state) ## Purging unused data with synapse-janitor +**NOTE**: There are [reports](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465) that **synapse-janitor is dangerous to use and causes database corruption**. You may wish to refrain from using it. + When you **leave** and **forget** a room, Synapse can clean up its data, but currently doesn't. This **unused and unreachable data** remains in your database forever. diff --git a/roles/matrix-postgres/tasks/run_synapse_janitor.yml b/roles/matrix-postgres/tasks/run_synapse_janitor.yml index 5591b75a..4562b8ba 100644 --- a/roles/matrix-postgres/tasks/run_synapse_janitor.yml +++ b/roles/matrix-postgres/tasks/run_synapse_janitor.yml @@ -7,6 +7,13 @@ msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot run synapse-janitor." when: "not matrix_postgres_enabled|bool" +- name: Fail if not aware of the risks + fail: + msg: >- + Using Synapse Janitor is considered dangerous and may break your database. + See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/465. + If you'd like to run it anyway, add `--extra-vars='i_know_synapse_janitor_is_dangerous=1'` to your command. + when: "i_know_synapse_janitor_is_dangerous|default('') == ''" # Defaults From 3f4bc9b8818f175982e07cc5ca3cb01abfd7fd44 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Wed, 22 Apr 2020 19:01:56 +0200 Subject: [PATCH 25/34] Move config supprt for unfederated dimension into group_vars --- group_vars/matrix_servers | 9 +++++++++ roles/matrix-dimension/defaults/main.yml | 4 +++- roles/matrix-synapse/defaults/main.yml | 5 +++++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 +----- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index e80d55c3..4c41c3b8 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -402,6 +402,8 @@ matrix_dimension_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_ena matrix_integration_manager_rest_url: "{{ matrix_dimension_integrations_rest_url if matrix_dimension_enabled else None }}" matrix_integration_manager_ui_url: "{{ matrix_dimension_integrations_ui_url if matrix_dimension_enabled else None }}" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:{{ 8048 if matrix_synapse_federation_enabled|bool else 8008 }}" + ###################################################################### # # /matrix-dimension @@ -723,6 +725,13 @@ matrix_synapse_tls_federation_listener_enabled: false matrix_synapse_tls_certificate_path: ~ matrix_synapse_tls_private_key_path: ~ +matrix_synapse_http_listener_resource_names: | + {{ + ["client"] + + + ( ["openid"] if matrix_dimension_enabled and not matrix_synapse_federation_enabled else [] ) + }} + matrix_synapse_email_enabled: "{{ matrix_mailer_enabled }}" matrix_synapse_email_smtp_host: "matrix-mailer" matrix_synapse_email_smtp_port: 8025 diff --git a/roles/matrix-dimension/defaults/main.yml b/roles/matrix-dimension/defaults/main.yml index e9faffa3..fafe289d 100644 --- a/roles/matrix-dimension/defaults/main.yml +++ b/roles/matrix-dimension/defaults/main.yml @@ -32,6 +32,8 @@ matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"] matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi" +matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048" + # Default Dimension configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # @@ -58,7 +60,7 @@ matrix_dimension_configuration_yaml: | # The URL that Dimension should use when trying to communicate with federated APIs on # the homeserver. If not supplied or left empty Dimension will try to resolve the address # through the normal federation process. - federationUrl: "http://matrix-synapse:{{ 8048 if matrix_synapse_federation_enabled|bool else 8008 }}" + federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}" # The URL that Dimension will redirect media requests to for downloading media such as # stickers. If not supplied or left empty Dimension will use the clientServerUrl. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f117fe93..a2fa1bea 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -137,6 +137,11 @@ matrix_synapse_tls_federation_listener_enabled: true matrix_synapse_tls_certificate_path: "/data/{{ matrix_server_fqn_matrix }}.tls.crt" matrix_synapse_tls_private_key_path: "/data/{{ matrix_server_fqn_matrix }}.tls.key" +# Resource names used by the unsecure HTTP listener. Here only the Client API +# is defined, see the homeserver config for a full list of valid resource +# names. +matrix_synapse_http_listener_resource_names: ["client"] + # Enable this to allow Synapse to report utilization statistics about your server to matrix.org # (things like number of users, number of messages sent, uptime, load, etc.) matrix_synapse_report_stats: false diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 7f9eb04f..4479d8fc 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -226,11 +226,7 @@ listeners: x_forwarded: true resources: - - names: - - client -{% if matrix_dimension_enabled and not matrix_synapse_federation_enabled %} - - openid -{% endif %} + - names: {{ matrix_synapse_http_listener_resource_names|to_json }} compress: false {% if matrix_synapse_federation_enabled %} From b08a49d94dc67f930d925b06e428accab6c3ccad Mon Sep 17 00:00:00 2001 From: Rodrigo Belem Date: Wed, 22 Apr 2020 15:26:23 -0400 Subject: [PATCH 26/34] Allow skype more configurations for relay and provisioning --- .../defaults/main.yml | 43 +++++++++++++++---- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index c3276807..8119199d 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -16,9 +16,26 @@ matrix_mx_puppet_skype_docker_src_files_path: "{{ matrix_mx_puppet_skype_base_pa matrix_mx_puppet_skype_appservice_port: "8438" matrix_mx_puppet_skype_homeserver_address: 'http://matrix-synapse:8008' -matrix_mx_puppet_skype_homeserver_domain: '{{ matrix_domain }}' matrix_mx_puppet_skype_appservice_address: 'http://matrix-mx-puppet-skype:{{ matrix_mx_puppet_skype_appservice_port }}' +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_skype_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_skype_provisioning_blacklist: + +# Same as provisioning +matrix_mx_puppet_skype_relay_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Same as provisioning +matrix_mx_puppet_skype_relay_blacklist: + # A list of extra arguments to pass to the container matrix_mx_puppet_skype_container_extra_arguments: [] @@ -48,7 +65,7 @@ matrix_mx_puppet_skype_configuration_yaml: | # Port to host the bridge on which your homeserver will connect to port: {{ matrix_mx_puppet_skype_appservice_port }} # Name of your homeserver - domain: {{ matrix_mx_puppet_skype_homeserver_domain }} + domain: {{ matrix_domain }} # URL where the bridge can connect to your homeserver homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }} # Optionally specify a different media URL used for the media store @@ -60,7 +77,7 @@ matrix_mx_puppet_skype_configuration_yaml: | # yourserver.com: supersecretsharedsecret {% if matrix_mx_puppet_skype_login_shared_secret != '' %} loginSharedSecretMap: - {{ matrix_mx_puppet_skype_homeserver_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} + {{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }} {% endif %} # optionally override the display name of the bridge bot #displayname: Protocol Bot @@ -123,18 +140,23 @@ matrix_mx_puppet_skype_configuration_yaml: | provisioning: # Regex of Matrix IDs allowed to use the puppet bridge whitelist: + whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} # Allow a specific user #- "@user:server\\.com" # Allow users on a specific homeserver - - '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}' + #- "@.*:yourserver\\.com" # Allow anyone #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge #blacklist: # Disallow a specific user #- "@user:server\\.com" # Disallow users on a specific homeserver #- "@.*:yourserver\\.com" + {% if matrix_mx_puppet_skype_provisioning_blacklist %} + blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} + {% endif %} presence: # Bridge online/offline status @@ -150,10 +172,15 @@ matrix_mx_puppet_skype_configuration_yaml: | relay: # Regex of Matrix IDs to allow to use the relay mode # Same format as in provisioning - whitelist: - - '@.*:{{ matrix_mx_puppet_skype_homeserver_domain | regex_escape }}' + #whitelist: + #- "@.*:yourserver\\.com" + whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }} + #blacklist: #- "@user:yourserver\\.com" + {% if matrix_mx_puppet_skype_relay_blacklist %} + blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} + {% endif %} # Map certain homeserver URLs to the C-S API endpoint # Useful for double-puppeting if .well-known is unavailable for some reason @@ -196,11 +223,11 @@ matrix_mx_puppet_skype_registration_yaml: | namespaces: users: - exclusive: true - regex: '@_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}' + regex: '@_skypepuppet_.*:{{ matrix_domain|regex_escape }}' rooms: [] aliases: - exclusive: true - regex: '#_skypepuppet_.*:{{ matrix_mx_puppet_skype_homeserver_domain|regex_escape }}' + regex: '#_skypepuppet_.*:{{ matrix_domain|regex_escape }}' protocols: [] rate_limited: false sender_localpart: _skypepuppet_bot From 0af5a8c4cce8e3b279158e6caa3a6e6d99c12018 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 Apr 2020 22:42:16 +0300 Subject: [PATCH 27/34] Simplify mx-puppet-skype blacklists a bit Related to #466 (Github Pull Request). --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 8119199d..1d21835c 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -27,14 +27,14 @@ matrix_mx_puppet_skype_provisioning_whitelist: # Leave empty to disable blacklist # "@user:server.com" disallow a specific user # "@.*:yourserver.com" disallow users on a specific homeserver -matrix_mx_puppet_skype_provisioning_blacklist: +matrix_mx_puppet_skype_provisioning_blacklist: [] # Same as provisioning matrix_mx_puppet_skype_relay_whitelist: - "@.*:{{ matrix_domain|regex_escape }}" # Same as provisioning -matrix_mx_puppet_skype_relay_blacklist: +matrix_mx_puppet_skype_relay_blacklist: [] # A list of extra arguments to pass to the container matrix_mx_puppet_skype_container_extra_arguments: [] @@ -154,9 +154,7 @@ matrix_mx_puppet_skype_configuration_yaml: | #- "@user:server\\.com" # Disallow users on a specific homeserver #- "@.*:yourserver\\.com" - {% if matrix_mx_puppet_skype_provisioning_blacklist %} blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }} - {% endif %} presence: # Bridge online/offline status @@ -178,9 +176,7 @@ matrix_mx_puppet_skype_configuration_yaml: | #blacklist: #- "@user:yourserver\\.com" - {% if matrix_mx_puppet_skype_relay_blacklist %} blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }} - {% endif %} # Map certain homeserver URLs to the C-S API endpoint # Useful for double-puppeting if .well-known is unavailable for some reason From 4149e03b694286ee887af5ae5cea38a65db89759 Mon Sep 17 00:00:00 2001 From: Rodrigo Belem Date: Sun, 12 Apr 2020 10:17:30 -0400 Subject: [PATCH 28/34] Initial mx-puppet-slack bridge role --- ...iguring-playbook-bridge-mx-puppet-slack.md | 34 ++++ group_vars/matrix_servers | 31 +++ .../defaults/main.yml | 181 ++++++++++++++++++ .../tasks/init.yml | 70 +++++++ .../tasks/main.yml | 21 ++ .../tasks/setup_install.yml | 93 +++++++++ .../tasks/setup_uninstall.yml | 24 +++ .../tasks/validate_config.yml | 10 + .../systemd/matrix-mx-puppet-slack.service.j2 | 41 ++++ setup.yml | 1 + 10 files changed, 506 insertions(+) create mode 100644 docs/configuring-playbook-bridge-mx-puppet-slack.md create mode 100644 roles/matrix-bridge-mx-puppet-slack/defaults/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/init.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/main.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml create mode 100644 roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md new file mode 100644 index 00000000..afc1999b --- /dev/null +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -0,0 +1,34 @@ +# Setting up MX Puppet Slack (optional) + +The playbook can install and configure +[mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) for you. + +See the project page to learn what it does and why it might be useful to you. + +To enable the [Slack](https://www.slack.com/) bridge just use the following +playbook configuration: + + +```yaml +matrix_mx_puppet_slack_enabled: true +matrix_mx_puppet_slack_client_id: "" +matrix_mx_puppet_slack_client_secret: "" +``` + + +## Usage + +Once the bot is enabled you need to start a chat with `Slack Puppet Bridge` with +the handle `@_slackpuppet_bot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base +domain, not the `matrix.` domain). + +Three authentication methods are available, Legacy Token, OAuth and xoxc token. +See mx-puppet-slack [documentation](https://github.com/Sorunome/mx-puppet-slack) +for more information about how to configure the bridge. + +Once logged in, send `list` to the bot user to list the available rooms. + +Clicking rooms in the list will result in you receiving an invitation to the +bridged room. + +Also send `help` to the bot to see the commands available. diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index f24c20fd..1403543f 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -337,6 +337,37 @@ matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_prov ###################################################################### +###################################################################### +# +# matrix-bridge-mx-puppet-slack +# +###################################################################### + +# We don't enable bridges by default. +matrix_mx_puppet_slack_enabled: false + +matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" + +matrix_mx_puppet_slack_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} + +matrix_mx_puppet_slack_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.as.tok') | to_uuid }}" + +matrix_mx_puppet_slack_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mxslk.hs.tok') | to_uuid }}" + +matrix_mx_puppet_slack_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" + +###################################################################### +# +# /matrix-bridge-mx-puppet-slack +# +###################################################################### + + ###################################################################### # # matrix-corporal diff --git a/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml new file mode 100644 index 00000000..7648fafe --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/defaults/main.yml @@ -0,0 +1,181 @@ +# Mx Puppet Slack is a Matrix <-> Slack bridge +# See: https://github.com/Sorunome/mx-puppet-slack + +matrix_mx_puppet_slack_enabled: true + +matrix_mx_puppet_slack_container_image_self_build: false + +matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest" +matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}" + +matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack" +matrix_mx_puppet_slack_config_path: "{{ matrix_mx_puppet_slack_base_path }}/config" +matrix_mx_puppet_slack_data_path: "{{ matrix_mx_puppet_slack_base_path }}/data" +matrix_mx_puppet_slack_docker_src_files_path: "{{ matrix_mx_puppet_slack_base_path }}/docker-src" + +matrix_mx_puppet_slack_appservice_port: "8432" + +matrix_mx_puppet_slack_homeserver_address: 'http://matrix-synapse:8008' +matrix_mx_puppet_slack_homeserver_domain: '{{ matrix_domain }}' +matrix_mx_puppet_slack_appservice_address: 'http://matrix-mx-puppet-slack:{{ matrix_mx_puppet_slack_appservice_port }}' + +matrix_mx_puppet_slack_client_id: '' +matrix_mx_puppet_slack_client_secret: '' +matrix_mx_puppet_slack_redirect_path: '/slack/oauth' +matrix_mx_puppet_slack_redirect_uri: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mx_puppet_slack_redirect_path }}' + +# "@user:server.com" to allow specific user +# "@.*:yourserver.com" to allow users on a specific homeserver +# "@.*" to allow anyone +matrix_mx_puppet_slack_provisioning_whitelist: + - "@.*:{{ matrix_domain|regex_escape }}" + +# Leave empty to disable blacklist +# "@user:server.com" disallow a specific user +# "@.*:yourserver.com" disallow users on a specific homeserver +matrix_mx_puppet_slack_provisioning_blacklist: [] + +# A list of extra arguments to pass to the container +matrix_mx_puppet_slack_container_extra_arguments: [] + +# List of systemd services that matrix-puppet-slack.service depends on. +matrix_mx_puppet_slack_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-puppet-slack.service wants +matrix_mx_puppet_slack_systemd_wanted_services_list: [] + +matrix_mx_puppet_slack_appservice_token: '' +matrix_mx_puppet_slack_homeserver_token: '' + +# Default configuration template which covers the generic use case. +# You can customize it by controlling the various variables inside it. +# +# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`) +# or completely replace this variable with your own template. +matrix_mx_puppet_slack_configuration_yaml: | + #jinja2: lstrip_blocks: "True" + bridge: + # Port to host the bridge on + # Used for communication between the homeserver and the bridge + port: {{ matrix_mx_puppet_slack_appservice_port }} + # The host connections to the bridge's webserver are allowed from + bindAddress: 0.0.0.0 + # Public domain of the homeserver + domain: {{ matrix_mx_puppet_slack_homeserver_domain }} + # Reachable URL of the Matrix homeserver + homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }} + + + # Slack OAuth settings. Create a slack app at https://api.slack.com/apps + oauth: + enabled: false + # Slack app credentials. + # N.B. This must be quoted so YAML wouldn't parse it as a float. + clientId: "{{ matrix_mx_puppet_slack_client_id }}" + clientSecret: {{ matrix_mx_puppet_slack_client_secret }} + # Path where to listen for OAuth redirect callbacks. + redirectPath: {{ matrix_mx_puppet_slack_redirect_path }} + # Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path, + # then set this field and the Slack app redirect URI field to the former. + redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }} + + presence: + # Bridge Discord online/offline status + enabled: true + # How often to send status to the homeserver in milliseconds + interval: 500 + + provisioning: + # Regex of Matrix IDs allowed to use the puppet bridge + whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }} + # Allow a specific user + #- "@user:server\\.com" + # Allow users on a specific homeserver + #- "@.*:yourserver\\.com" + # Allow anyone + #- ".*" + # Regex of Matrix IDs forbidden from using the puppet bridge + #blacklist: + # Disallow a specific user + #- "@user:server\\.com" + # Disallow users on a specific homeserver + #- "@.*:yourserver\\.com" + blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }} + + # Shared secret for the provisioning API for use by integration managers. + # If this is not set, the provisioning API will not be enabled. + #sharedSecret: random string + # Path prefix for the provisioning API. /v1 will be appended to the prefix automatically. + apiPrefix: /_matrix/provision + + database: + # Use Postgres as a database backend + # If set, will be used instead of SQLite3 + # Connection string to connect to the Postgres instance + # with username "user", password "pass", host "localhost" and database name "dbname". + # Modify each value as necessary + #connString: "postgres://user:pass@localhost/dbname?sslmode=disable" + # Use SQLite3 as a database backend + # The name of the database file + filename: /data/database.db + + logging: + # Log level of console output + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + console: info + # Date and time formatting + lineDateFormat: MMM-D HH:mm:ss.SSS + # Logging files + # Log files are rotated daily by default + files: + # Log file path + - file: "/data/bridge.log" + # Log level for this file + # Allowed values starting with most verbose: + # silly, debug, verbose, info, warn, error + level: info + # Date and time formatting + datePattern: YYYY-MM-DD + # Maximum number of logs to keep. + # This can be a number of files or number of days. + # If using days, add 'd' as a suffix + maxFiles: 14d + # Maximum size of the file after which it will rotate. This can be a + # number of bytes, or units of kb, mb, and gb. If using the units, add + # 'k', 'm', or 'g' as the suffix + maxSize: 50m + +matrix_mx_puppet_slack_configuration_extension_yaml: | + # Your custom YAML configuration goes here. + # This configuration extends the default starting configuration (`matrix_mx_puppet_slack_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_mx_puppet_slack_configuration_yaml`. + +matrix_mx_puppet_slack_configuration_extension: "{{ matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml if matrix_mx_puppet_slack_configuration_extension_yaml|from_yaml is mapping else {} }}" + +# Holds the final configuration (a combination of the default and its extension). +# You most likely don't need to touch this variable. Instead, see `matrix_mx_puppet_slack_configuration_yaml`. +matrix_mx_puppet_slack_configuration: "{{ matrix_mx_puppet_slack_configuration_yaml|from_yaml|combine(matrix_mx_puppet_slack_configuration_extension, recursive=True) }}" + +matrix_mx_puppet_slack_registration_yaml: | + as_token: "{{ matrix_mx_puppet_slack_appservice_token }}" + hs_token: "{{ matrix_mx_puppet_slack_homeserver_token }}" + id: slack-puppet + namespaces: + users: + - exclusive: true + regex: '@_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' + rooms: [] + aliases: + - exclusive: true + regex: '#_slackpuppet_.*:{{ matrix_mx_puppet_slack_homeserver_domain|regex_escape }}' + protocols: [] + rate_limited: false + sender_localpart: _slackpuppet_bot + url: {{ matrix_mx_puppet_slack_appservice_address }} + +matrix_mx_puppet_slack_registration: "{{ matrix_mx_puppet_slack_registration_yaml|from_yaml }}" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml new file mode 100644 index 00000000..0b823b2c --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/init.yml @@ -0,0 +1,70 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mx-puppet-slack'] }}" + when: matrix_mx_puppet_slack_enabled|bool + +# If the matrix-synapse role is not used, these variables may not exist. +- set_fact: + matrix_synapse_container_extra_arguments: > + {{ matrix_synapse_container_extra_arguments|default([]) }} + + + ["--mount type=bind,src={{ matrix_mx_puppet_slack_config_path }}/registration.yaml,dst=/matrix-mx-puppet-slack-registration.yaml,ro"] + + matrix_synapse_app_service_config_files: > + {{ matrix_synapse_app_service_config_files|default([]) }} + + + {{ ["/matrix-mx-puppet-slack-registration.yaml"] }} + when: matrix_mx_puppet_slack_enabled|bool + +- block: + - name: Fail if matrix-nginx-proxy role already executed + fail: + msg: >- + Trying to append Slack Appservice's reverse-proxying configuration to matrix-nginx-proxy, + but it's pointless since the matrix-nginx-proxy role had already executed. + To fix this, please change the order of roles in your plabook, + so that the matrix-nginx-proxy role would run after the matrix-mx-puppet-slack role. + when: matrix_nginx_proxy_role_executed|default(False)|bool + + - name: Generate Matrix MX Puppet Slack proxying configuration for matrix-nginx-proxy + set_fact: + matrix_mx_puppet_slack_matrix_nginx_proxy_configuration: | + location {{ matrix_mx_puppet_slack_redirect_path }} { + {% if matrix_nginx_proxy_enabled|default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "{{ matrix_mx_puppet_slack_appservice_address }}"; + proxy_pass $backend; + {% else %} + {# Generic configuration for use outside of our container setup #} + proxy_pass http://127.0.0.1:{{ matrix_mx_puppet_slack_appservice_port }}; + {% endif %} + } + + - name: Register Slack Appservice proxying configuration with matrix-nginx-proxy + set_fact: + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([]) + + + [matrix_mx_puppet_slack_matrix_nginx_proxy_configuration] + }} + tags: + - always + when: matrix_appservice_slack_enabled|bool + +- name: Warn about reverse-proxying if matrix-nginx-proxy not used + debug: + msg: >- + NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy + reverse proxy. + Please make sure that you're proxying the `{{ something }}` + URL endpoint to the matrix-appservice-slack container. + You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable. + when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined" + +# ansible lower than 2.8, does not support docker_image build parameters +# for self buildig it is explicitly needed, so we rather fail here +- name: Fail if running on Ansible lower than 2.8 and trying self building + fail: + msg: "To self build Puppet Slack image, you should usa ansible 2.8 or higher. E.g. pip contains such packages." + when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mx_puppet_slack_container_image_self_build" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml new file mode 100644 index 00000000..6aa0fd0f --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-slack + +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" + when: "run_setup|bool and matrix_mx_puppet_slack_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-slack + +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" + when: "run_setup|bool and not matrix_mx_puppet_slack_enabled|bool" + tags: + - setup-all + - setup-mx-puppet-slack diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml new file mode 100644 index 00000000..f4c9fc8e --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml @@ -0,0 +1,93 @@ +--- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mx-puppet-slack role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + +- name: Ensure MX Puppet Slack image is pulled + docker_image: + name: "{{ matrix_mx_puppet_slack_docker_image }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_mx_puppet_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mx_puppet_slack_docker_image_force_pull }}" + when: matrix_mx_puppet_slack_enabled|bool and not matrix_mx_puppet_slack_container_image_self_build + +- name: Ensure MX Puppet Slack paths exist + file: + path: "{{ item.path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + with_items: + - { path: "{{ matrix_mx_puppet_slack_base_path }}", when: true } + - { path: "{{ matrix_mx_puppet_slack_config_path }}", when: true } + - { path: "{{ matrix_mx_puppet_slack_data_path }}", when: true } + - { path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}", when: "{{ matrix_mx_puppet_slack_container_image_self_build }}" } + when: matrix_mx_puppet_slack_enabled|bool and item.when|bool + +- name: Ensure MX Puppet Slack repository is present on self build + git: + repo: https://github.com/Sorunome/mx-puppet-slack.git + dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" + force: "yes" + when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" + +- name: Ensure MX Puppet Slack Docker image is built + docker_image: + name: "{{ matrix_mx_puppet_slack_docker_image }}" + source: build + build: + dockerfile: Dockerfile + path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}" + pull: yes + when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build" + +- name: Check if an old database file already exists + stat: + path: "{{ matrix_mx_puppet_slack_base_path }}/database.db" + register: matrix_mx_puppet_slack_stat_database + +- name: (Data relocation) Ensure matrix-mx-puppet-slack.service is stopped + service: + name: matrix-mx-puppet-slack + state: stopped + daemon_reload: yes + failed_when: false + when: "matrix_mx_puppet_slack_stat_database.stat.exists" + +- name: (Data relocation) Move mx-puppet-slack database file to ./data directory + command: "mv {{ matrix_mx_puppet_slack_base_path }}/database.db {{ matrix_mx_puppet_slack_data_path }}/database.db" + when: "matrix_mx_puppet_slack_stat_database.stat.exists" + +- name: Ensure mx-puppet-slack config.yaml installed + copy: + content: "{{ matrix_mx_puppet_slack_configuration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_slack_config_path }}/config.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure mx-puppet-slack slack-registration.yaml installed + copy: + content: "{{ matrix_mx_puppet_slack_registration|to_nice_yaml }}" + dest: "{{ matrix_mx_puppet_slack_config_path }}/registration.yaml" + mode: 0644 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- name: Ensure matrix-mx-puppet-slack.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-mx-puppet-slack.service.j2" + dest: "/etc/systemd/system/matrix-mx-puppet-slack.service" + mode: 0644 + register: matrix_mx_puppet_slack_systemd_service_result + +- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service installation + service: + daemon_reload: yes + when: "matrix_mx_puppet_slack_systemd_service_result.changed" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml new file mode 100644 index 00000000..73314a66 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_uninstall.yml @@ -0,0 +1,24 @@ +--- + +- name: Check existence of matrix-mx-puppet-slack service + stat: + path: "/etc/systemd/system/matrix-mx-puppet-slack.service" + register: matrix_mx_puppet_slack_service_stat + +- name: Ensure matrix-mx-puppet-slack is stopped + service: + name: matrix-mx-puppet-slack + state: stopped + daemon_reload: yes + when: "matrix_mx_puppet_slack_service_stat.stat.exists" + +- name: Ensure matrix-mx-puppet-slack.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mx-puppet-slack.service" + state: absent + when: "matrix_mx_puppet_slack_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mx-puppet-slack.service removal + service: + daemon_reload: yes + when: "matrix_mx_puppet_slack_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml b/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml new file mode 100644 index 00000000..3a0bca11 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mx_puppet_slack_appservice_token" + - "matrix_mx_puppet_slack_homeserver_token" diff --git a/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 new file mode 100644 index 00000000..a86c6765 --- /dev/null +++ b/roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2 @@ -0,0 +1,41 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Matrix Mx Puppet Slack server +{% for service in matrix_mx_puppet_slack_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mx_puppet_slack_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} + +[Service] +Type=simple +ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack +ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack + +# Intentional delay, so that the homeserver (we likely depend on) can manage to start. +ExecStartPre=/bin/sleep 5 + +ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --network={{ matrix_docker_network }} \ + -e CONFIG_PATH=/config/config.yaml \ + -e REGISTRATION_PATH=/config/registration.yaml \ + -v {{ matrix_mx_puppet_slack_config_path }}:/config:z \ + -v {{ matrix_mx_puppet_slack_data_path }}:/data:z \ + {% for arg in matrix_mx_puppet_slack_container_extra_arguments %} + {{ arg }} \ + {% endfor %} + {{ matrix_mx_puppet_slack_docker_image }} + +ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack +ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-mx-puppet-slack + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index bca4b240..ff80320a 100755 --- a/setup.yml +++ b/setup.yml @@ -17,6 +17,7 @@ - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-bridge-mx-puppet-skype + - matrix-bridge-mx-puppet-slack - matrix-synapse - matrix-riot-web - matrix-jitsi From 033dfcb26fedad7550e3d8a267c4790263f13d7f Mon Sep 17 00:00:00 2001 From: Rodrigo Belem Date: Wed, 22 Apr 2020 17:28:00 -0400 Subject: [PATCH 29/34] Remove duplicated whitelist entry in skype main.yml --- roles/matrix-bridge-mx-puppet-skype/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml index 1d21835c..9d80ab04 100644 --- a/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml +++ b/roles/matrix-bridge-mx-puppet-skype/defaults/main.yml @@ -139,7 +139,6 @@ matrix_mx_puppet_skype_configuration_yaml: | provisioning: # Regex of Matrix IDs allowed to use the puppet bridge - whitelist: whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }} # Allow a specific user #- "@user:server\\.com" From 4afc46fffe5b005b1fd3e438a58313cf40a54217 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Apr 2020 18:03:36 +0300 Subject: [PATCH 30/34] Announce mx-puppet-slack support Related to #454 (Github Pull Request). --- CHANGELOG.md | 9 +++++++++ README.md | 2 ++ docs/configuring-playbook-bridge-mx-puppet-slack.md | 2 +- docs/configuring-playbook.md | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b849ef35..7cd0b4c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2020-04-23 + +## Slack bridging support + +Thanks to [Rodrigo Belem](https://github.com/rbelem)'s efforts, the playbook now supports bridging to [Slack](https://slack.com) via the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge. + +See our [Setting up MX Puppet Slack bridging](docs/configuring-playbook-bridge-mx-puppet-slack.md) documentation page for getting started. + + # 2020-04-09 ## Skype bridging support diff --git a/README.md b/README.md index 43125026..6f7d25e0 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,8 @@ This playbook sets up your server using the following Docker images: - [sorunome/mx-puppet-skype](https://hub.docker.com/r/sorunome/mx-puppet-skype) - the [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridge to [Skype](https:/www.skype.com) (optional) +- [sorunome/mx-puppet-slack](https://hub.docker.com/r/sorunome/mx-puppet-slack) - the [mx-puppet-slack](https://github.com/Sorunome/mx-puppet-slack) bridge to [Slack](https:/slack.com) (optional) + - [turt2live/matrix-dimension](https://hub.docker.com/r/turt2live/matrix-dimension) - the [Dimension](https://dimension.t2bot.io/) integrations manager (optional) - [jitsi/web](https://hub.docker.com/r/jitsi/web) - the [Jitsi](https://jitsi.org/) web UI (optional) diff --git a/docs/configuring-playbook-bridge-mx-puppet-slack.md b/docs/configuring-playbook-bridge-mx-puppet-slack.md index afc1999b..1f20219f 100644 --- a/docs/configuring-playbook-bridge-mx-puppet-slack.md +++ b/docs/configuring-playbook-bridge-mx-puppet-slack.md @@ -5,7 +5,7 @@ The playbook can install and configure See the project page to learn what it does and why it might be useful to you. -To enable the [Slack](https://www.slack.com/) bridge just use the following +To enable the [Slack](https://slack.com/) bridge just use the following playbook configuration: diff --git a/docs/configuring-playbook.md b/docs/configuring-playbook.md index af00f7c0..7e911095 100644 --- a/docs/configuring-playbook.md +++ b/docs/configuring-playbook.md @@ -99,4 +99,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins - [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) +- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional) + - [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional) From 23bfaa72ecf5451480d8a9286ffc9f6187394a42 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Thu, 23 Apr 2020 13:30:50 -0500 Subject: [PATCH 31/34] Upgrade Synapse (1.12.3 -> 1.12.4) --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index a2fa1bea..8597c751 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -5,7 +5,7 @@ matrix_synapse_enabled: true matrix_synapse_container_image_self_build: false -matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.3" +matrix_synapse_docker_image: "matrixdotorg/synapse:v1.12.4" matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" From 8cdf3a24f9650f91c58c4ff6b77734448200bb7c Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 Apr 2020 22:13:47 +0300 Subject: [PATCH 32/34] Fix variable name typo --- group_vars/matrix_servers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 1403543f..382897fd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -346,7 +346,7 @@ matrix_mx_puppet_skype_login_shared_secret: "{{ matrix_synapse_ext_password_prov # We don't enable bridges by default. matrix_mx_puppet_slack_enabled: false -matrix_mx_puppet_skype_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" +matrix_mx_puppet_slack_container_image_self_build: "{{ matrix_architecture != 'amd64'}}" matrix_mx_puppet_slack_systemd_required_services_list: | {{ From 9cc0c5955ddb6e1498cf382b31ce9532a4866351 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 24 Apr 2020 09:59:30 +0300 Subject: [PATCH 33/34] Use |quote in some command calls --- roles/matrix-synapse/tasks/register_user.yml | 2 +- roles/matrix-synapse/tasks/update_user_password.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index da0e28c3..9c2a3ea0 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -28,4 +28,4 @@ when: "start_result.changed" - name: Register user - shell: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" + command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username|quote }} {{ password|quote }} {{ '1' if admin == 'yes' else '0' }}" diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index 0d77f5dd..1e86bd49 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -36,8 +36,8 @@ when: "start_result.changed or postgres_start_result.changed" - name: Generate password hash - shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}" + shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}" register: password_hash - name: Update user password hash - shell: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'" + command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username|quote }} {{ password_hash.stdout|quote }}" From 438652c732377f92d7af003e82778cffa193f4fe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 27 Apr 2020 10:49:06 +0300 Subject: [PATCH 34/34] Switch Slack image to a working tag We've had reports of the `:latest` tag not working anymore, leading to an error as described here: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/341 --- roles/matrix-bridge-appservice-slack/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-slack/defaults/main.yml b/roles/matrix-bridge-appservice-slack/defaults/main.yml index 58babbc3..d68c1178 100644 --- a/roles/matrix-bridge-appservice-slack/defaults/main.yml +++ b/roles/matrix-bridge-appservice-slack/defaults/main.yml @@ -3,7 +3,7 @@ matrix_appservice_slack_enabled: true -matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:latest" +matrix_appservice_slack_docker_image: "cadair/matrix-appservice-slack:cadair" matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}" matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"