Add Pantalaimon support

This is actually authored by Julian Foad here (https://lab.trax.im/matrix/matrix-docker-ansible-deploy), but was in need of a rebase and various adjustments caused by huge playbook refactoring that landed in the past months. This rework is completely untested. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/266
2024-03-24 18:25:19 +02:00
parent d25d0572fb
commit 0049ddf002
19 changed files with 414 additions and 38 deletions
--- a/roles/custom/matrix-bot-draupnir/defaults/main.yml
+++ b/roles/custom/matrix-bot-draupnir/defaults/main.yml
@ -37,15 +37,34 @@ matrix_bot_draupnir_systemd_required_services_list_custom: []
 # List of systemd services that matrix-bot-draupnir.service wants
 matrix_bot_draupnir_systemd_wanted_services_list: []

-# The access token for the bot user
+# Whether Draupnir should talk to the homeserver through Pantalaimon
+# If true, then other variables must be provided including pointing
+# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL.
+matrix_bot_draupnir_pantalaimon_use: false
+
+# The access token for the bot user. Required when NOT using Pantalaimon.
+# (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.)
 matrix_bot_draupnir_access_token: ""

+# User name and password for the bot. Required when using Pantalaimon.
+# (Otherwise provide `matrix_bot_draupnir_access_token` instead.)
+matrix_bot_draupnir_pantalaimon_username: "bot.draupnir"
+matrix_bot_draupnir_pantalaimon_password: ""
+
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
 # Note: draupnir is fairly verbose - expect a lot of messages from it.
 matrix_bot_draupnir_management_room: ""

+# Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API).
+# Set this to the pantalaimon URL if you're using that.
+matrix_bot_draupnir_homeserver_url: ""
+
+# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
+# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
+matrix_bot_draupnir_raw_homeserver_url: ""
+
 # Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot.
 # This setting is described the following way in the Configuration.
 #
--- a/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
+++ b/roles/custom/matrix-bot-draupnir/tasks/validate_config.yml
@ -2,9 +2,20 @@

 - name: Fail if required matrix-bot-draupnir variables are undefined
  ansible.builtin.fail:
-    msg: "The `{{ item }}` variable must be defined and have a non-null value."
+    msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
  with_items:
-    - "matrix_bot_draupnir_access_token"
-    - "matrix_bot_draupnir_management_room"
-    - "matrix_bot_draupnir_container_network"
-  when: "vars[item] == '' or vars[item] is none"
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_management_room', when: true}
+    - {'name': 'matrix_bot_draupnir_container_network', when: true}
+    - {'name': 'matrix_bot_draupnir_homeserver_url', when: true}
+    - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true}
+    - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+  when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
+
+- name: Fail if inappropriate variables are defined
+  ansible.builtin.fail:
+    msg: "The `{{ item.name }}` variable must be undefined or have a null value."
+  with_items:
+    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+  when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"
--- a/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
+++ b/roles/custom/matrix-bot-draupnir/templates/production.yaml.j2
@ -1,32 +1,34 @@
 # Endpoint URL that Draupnir uses to interact with the matrix homeserver (client-server API),
 # set this to the pantalaimon URL if you're using that.
-homeserverUrl: "{{ matrix_homeserver_url }}"
+homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}

 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
 # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-rawHomeserverUrl: "{{ matrix_homeserver_url }}"
+rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}

 # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
-accessToken: "{{ matrix_bot_draupnir_access_token }}"
+accessToken: {{ matrix_bot_draupnir_access_token | to_json }}

+{% if matrix_bot_draupnir_pantalaimon_use %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
-#pantalaimon:
-#  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
-#  # set to `true` if you're using pantalaimon.
-#  #
-#  # Be sure to point homeserverUrl to the pantalaimon instance.
-#  #
-#  # Draupnir will log in using the given username and password once,
-#  # then store the resulting access token in a file under dataPath.
-#  use: false
-#
-#  # The username to login with.
-#  username: draupnir
-#
-#  # The password Draupnir will login with.
-#  #
-#  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
-#  password: your_password
+pantalaimon:
+  # Whether or not Draupnir will use pantalaimon to access the matrix homeserver,
+  # set to `true` if you're using pantalaimon.
+  #
+  # Be sure to point homeserverUrl to the pantalaimon instance.
+  #
+  # Draupnir will log in using the given username and password once,
+  # then store the resulting access token in a file under dataPath.
+  use: true
+
+  # The username to login with.
+  username: {{ matrix_bot_draupnir_pantalaimon_username | to_json }}
+
+  # The password Draupnir will login with.
+  #
+  # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
+  password: {{ matrix_bot_draupnir_pantalaimon_password | to_json }}
+{% endif %}

 # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
@ -49,7 +51,7 @@ recordIgnoredInvites: false
 #
 # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
 # (see verboseLogging to adjust this a bit.)
-managementRoom: "{{ matrix_bot_draupnir_management_room }}"
+managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}

 # Deprecated and will be removed in a future version.
 # Running with verboseLogging is unsupported.
@ -77,7 +79,7 @@ noop: false

 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
-disableServerACL: "{{ matrix_bot_draupnir_disable_server_acl }}"
+disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}

 # Whether Draupnir should check member lists quicker (by using a different endpoint),
 # keep in mind that enabling this will miss invited (but not joined) users.
@ -161,7 +163,7 @@ commands:

  # The default reasons to be prompted with if the reason is missing from a ban command.
  ban:
-    defaultReasons: 
+    defaultReasons:
      - "spam"
      - "brigading"
      - "harassment"