finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into pr-jitsi-matrix-authentication

Browse Source
This commit is contained in:
Slavi Pantaleev
2023-02-10 14:12:47 +02:00
parent 6a205a83f6 600aaa0bc7
commit 01ccec2dbe
118 changed files with 2564 additions and 566 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/custom/matrix-backup-borg/defaults/main.yml
View File

@ -11,8 +11,11 @@ matrix_backup_borg_docker_repo: "https://gitlab.com/etke.cc/borgmatic"
matrix_backup_borg_docker_repo_version: main
matrix_backup_borg_docker_src_files_path: "{{ matrix_backup_borg_base_path }}/docker-src"
# version determined automatically, based on postgres server version (if enabled), otherwise latest is used
# image and postgres version determined automatically, based on detected postgres server version (if enabled), otherwise latest is used
matrix_backup_borg_version: ""
matrix_backup_borg_postgres_version: ""
matrix_backup_borg_borg_version: 1.2.3
matrix_backup_borg_borgmatic_version: 1.7.6
matrix_backup_borg_docker_image: "{{ matrix_backup_borg_docker_image_name_prefix }}etke.cc/borgmatic:{{ matrix_backup_borg_version }}"
matrix_backup_borg_docker_image_name_prefix: "{{ 'localhost/' if matrix_backup_borg_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_backup_borg_docker_image_force_pull: "{{ matrix_backup_borg_docker_image.endswith(':latest') or matrix_backup_borg_version | default('') == '' }}"

32
roles/custom/matrix-backup-borg/tasks/setup_install.yml
View File

@ -2,25 +2,25 @@
- when: matrix_backup_borg_postgresql_enabled | bool and matrix_backup_borg_version == ''
block:
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not devture_postgres_enabled
- name: Fail with matrix_backup_borg_version advice if Postgres not enabled
ansible.builtin.fail:
msg: >-
You are not running a built-in Postgres server (`devture_postgres_enabled: false`), so auto-detecting its version and setting `matrix_backup_borg_version` automatically based on that cannot happen.
Consider setting `matrix_backup_borg_version` to your Postgres version manually.
when: not devture_postgres_enabled
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: detect_existing_postgres_version
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: detect_existing_postgres_version
- name: Fail if detected Postgres version is unsupported
ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Fail if detected Postgres version is unsupported
ansible.builtin.fail:
msg: "You cannot use borg backup with such an old version ({{ devture_postgres_detected_version }}) of Postgres. Consider upgrading - link to docs for upgrading Postgres: docs/maintenance-postgres.md#upgrading-postgresql"
when: "devture_postgres_detected_version not in matrix_backup_borg_supported_postgres_versions"
- name: Set the correct borg backup version to use
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}"
- name: Set the correct borg backup version to use
ansible.builtin.set_fact:
matrix_backup_borg_version: "{{ devture_postgres_detected_version }}-{{ matrix_backup_borg_borg_version }}-{{ matrix_backup_borg_borgmatic_version }}"
- name: Ensure borg paths exist
ansible.builtin.file:

6
roles/custom/matrix-bot-buscarron/defaults/main.yml
View File

@ -9,9 +9,9 @@ matrix_bot_buscarron_docker_repo: "https://gitlab.com/etke.cc/buscarron.git"
matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
matrix_bot_buscarron_version: v1.3.0
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_buscarron_version: v1.3.1
matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etke.cc/buscarron:{{ matrix_bot_buscarron_version }}"
matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
matrix_bot_buscarron_base_path: "{{ matrix_base_data_path }}/buscarron"

83
roles/custom/matrix-bot-chatgpt/defaults/main.yml Normal file
View File

@ -0,0 +1,83 @@
---
# chatgpt is a bot for chatting to openAI chatgpt matrix bot
# Project source code URL: https://github.com/matrixgpt/matrix-chatgpt-bot
matrix_bot_chatgpt_enabled: true
matrix_bot_chatgpt_container_image_self_build: false
matrix_bot_chatgpt_docker_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
matrix_bot_chatgpt_docker_repo_version: "{{ 'latest' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_src_files_path: "{{ matrix_base_data_path }}/chatgpt/docker-src"
matrix_bot_chatgpt_version: 2.2.1
matrix_bot_chatgpt_docker_image: "{{ matrix_bot_chatgpt_docker_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_version }}"
matrix_bot_chatgpt_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_chatgpt_docker_image_force_pull: "{{ matrix_bot_chatgpt_docker_image.endswith(':latest') }}"
matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt"
matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"
matrix_bot_chatgpt_data_path: "{{ matrix_bot_chatgpt_base_path }}/data"
# A list of extra arguments to pass to the container
matrix_bot_chatgpt_container_extra_arguments: []
# List of systemd services that matrix-bot-chatgpt.service depends on
matrix_bot_chatgpt_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-chatgpt.service wants
matrix_bot_chatgpt_systemd_wanted_services_list: []
# ChatGPT Settings
matrix_bot_chatgpt_openai_api_key: ''
matrix_bot_chatgpt_context: 'thread' # CHATGPT_CONTEXT="thread"
matrix_bot_chatgpt_keyv_backend: 'file'
matrix_bot_chatgpt_keyv_url: ''
matrix_bot_chatgpt_keyv_bot_encryption: false
matrix_bot_chatgpt_keyv_bot_storage: true
# Matrix Static Settings (required, see notes)
# Defaults to "https://matrix.org"
matrix_bot_chatgpt_matrix_homeserver_url: "{{ matrix_homeserver_container_url }}" # MATRIX_HOMESERVER_URL=
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN, needs to be set, created manually beforehand.
matrix_bot_chatgpt_matrix_bot_username_localpart: 'bot.chatgpt'
matrix_bot_chatgpt_matrix_bot_username: "@{{ matrix_bot_chatgpt_matrix_bot_username_localpart }}:{{ matrix_domain }}" # MATRIX_BOT_USERNAME=
# Set `MATRIX_BOT_PASSWORD` the bot will print an `MATRIX_ACCESS_TOKEN` to the terminal
# or https://webapps.stackexchange.com/questions/131056/how-to-get-an-access-token-for-element-riot-matrix
matrix_bot_chatgpt_matrix_access_token: '' # MATRIX_ACCESS_TOKEN=
# Once `MATRIX_BOT_ACCESS_TOKEN` is set this is no longer used.
matrix_bot_chatgpt_matrix_bot_password: '' # MATRIX_BOT_PASSWORD=
# Matrix Configurable Settings Defaults (optional)
matrix_bot_chatgpt_matrix_default_prefix: "!chatgpt " # MATRIX_DEFAULT_PREFIX= Leave prefix blank to reply to all messages, trailing space matters
matrix_bot_chatgpt_matrix_default_prefix_reply: false # MATRIX_DEFAULT_PREFIX_REPLY=
# Matrix Access Control (optional)
matrix_bot_chatgpt_matrix_blacklist: ''
matrix_bot_chatgpt_matrix_whitelist: ':{{ matrix_domain }}'
# Matrix Feature Flags (optional)
matrix_bot_chatgpt_matrix_autojoin: true # MATRIX_AUTOJOIN=true
matrix_bot_chatgpt_matrix_encryption: true # MATRIX_ENCRYPTION=true
matrix_bot_chatgpt_matrix_threads: true # MATRIX_THREADS=true
matrix_bot_chatgpt_matrix_rich_text: true # MATRIX_RICH_TEXT=true
# A list of admins
# Example set of rules:
# matrix_bot_chatgpt_admins:
# - @someone:example.com
# - @another:example.com
# - @bot.*:example.com
# - @*:another.com
# matrix_bot_chatgpt_admins: "{{ [matrix_admin] if matrix_admin else [] }}"
# Log level
# matrix_bot_chatgpt_loglevel: 'INFO'
# Additional environment variables to pass to the chatgpt container
#
# Example:
# matrix_bot_chatgpt_environment_variables_extension: |
# chatgpt_TEXT_DONE=Done
matrix_bot_chatgpt_environment_variables_extension: ''

20
roles/custom/matrix-bot-chatgpt/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- block:
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-chatgpt
- install-all
- install-bot-chatgpt
- block:
- when: not matrix_bot_chatgpt_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-chatgpt

63
roles/custom/matrix-bot-chatgpt/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,63 @@
---
- name: Ensure chatgpt paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_chatgpt_config_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_data_path }}", when: true}
- {path: "{{ matrix_bot_chatgpt_docker_src_files_path }}", when: matrix_bot_chatgpt_container_image_self_build}
when: "item.when | bool"
- name: Ensure chatgpt environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_bot_chatgpt_config_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0640
- name: Ensure chatgpt image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_chatgpt_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_chatgpt_docker_image_force_pull }}"
when: "not matrix_bot_chatgpt_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure chatgpt repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_chatgpt_docker_repo }}"
version: "{{ matrix_bot_chatgpt_docker_repo_version }}"
dest: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_chatgpt_git_pull_results
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure chatgpt image is built
community.docker.docker_image:
name: "{{ matrix_bot_chatgpt_docker_image }}"
source: build
force_source: "{{ matrix_bot_chatgpt_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_chatgpt_docker_src_files_path }}"
pull: true
when: "matrix_bot_chatgpt_container_image_self_build | bool"
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-chatgpt.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
mode: 0644
register: matrix_bot_chatgpt_systemd_service_result

25
roles/custom/matrix-bot-chatgpt/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-chatgpt service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
register: matrix_bot_chatgpt_service_stat
- when: matrix_bot_chatgpt_service_stat.stat.exists | bool
block:
- name: Ensure matrix-chatgpt is stopped
ansible.builtin.service:
name: matrix-bot-chatgpt
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-chatgpt.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-chatgpt.service"
state: absent
- name: Ensure Matrix chatgpt paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_chatgpt_base_path }}"
state: absent

22
roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Fail if required Chatgpt settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_bot_chatgpt_openai_api_key', when: true}
- {'name': 'matrix_bot_chatgpt_matrix_bot_username', when: true}
- name: Fail if OpenAI configuration not up-to-date.
ansible.builtin.fail:
msg: >-
Your configuration contains a varible that is no longer used.
Please change your configuration to remove the variable (`{{ item.name }}`).
when: "item.name in vars"
with_items:
- {'name': 'matrix_bot_chatgpt_openai_email'}
- {'name': 'matrix_bot_chatgpt_openai_password'}
- {'name': 'matrix_bot_chatgpt_openai_login_type'}

29
roles/custom/matrix-bot-chatgpt/templates/env.j2 Normal file
View File

@ -0,0 +1,29 @@
MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }}
MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }}
OPENAI_API_KEY={{ matrix_bot_chatgpt_openai_api_key }}
CHATGPT_CONTEXT={{ matrix_bot_chatgpt_context }}
KEYV_BACKEND={{ matrix_bot_chatgpt_keyv_backend }}
KEYV_URL={{ matrix_bot_chatgpt_keyv_url }}
KEYV_BOT_ENCRYPTION={{ matrix_bot_chatgpt_keyv_bot_encryption|lower }}
KEYV_BOT_STORAGE={{ matrix_bot_chatgpt_keyv_bot_storage|lower }}
# With the @ and :DOMAIN, ie @SOMETHING:DOMAIN
MATRIX_BOT_USERNAME={{ matrix_bot_chatgpt_matrix_bot_username }}
MATRIX_BOT_PASSWORD={{ matrix_bot_chatgpt_matrix_bot_password }}
MATRIX_DEFAULT_PREFIX={{ matrix_bot_chatgpt_matrix_default_prefix }}
MATRIX_DEFAULT_PREFIX_REPLY={{ matrix_bot_chatgpt_matrix_default_prefix_reply|lower }}
MATRIX_BLACKLIST={{ matrix_bot_chatgpt_matrix_blacklist }}
MATRIX_WHITELIST={{ matrix_bot_chatgpt_matrix_whitelist }}
MATRIX_AUTOJOIN={{ matrix_bot_chatgpt_matrix_autojoin|lower }}
MATRIX_ENCRYPTION={{ matrix_bot_chatgpt_matrix_encryption|lower }}
MATRIX_THREADS={{ matrix_bot_chatgpt_matrix_threads|lower }}
MATRIX_RICH_TEXT={{ matrix_bot_chatgpt_matrix_rich_text|lower }}
DATA_PATH=/data/
{{ matrix_bot_chatgpt_environment_variables_extension }}

33
roles/custom/matrix-prometheus-postgres-exporter/templates/systemd/matrix-prometheus-postgres-exporter.service.j2 → roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2
View File

@ -1,11 +1,11 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=matrix-prometheus-postgres-exporter
{% for service in matrix_prometheus_postgres_exporter_systemd_required_services_list %}
Description=Matrix chatgpt bot
{% for service in matrix_bot_chatgpt_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_prometheus_postgres_exporter_systemd_wanted_services_list %}
{% for service in matrix_bot_chatgpt_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
@ -13,30 +13,29 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-postgres-exporter \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-chatgpt \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
{% for arg in matrix_prometheus_postgres_exporter_container_extra_arguments %}
--tmpfs /tmp \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_bot_chatgpt_config_path }}/env \
--mount type=bind,src={{ matrix_bot_chatgpt_data_path }},dst=/data \
--env HOME=/data/home \
{% for arg in matrix_bot_chatgpt_container_extra_arguments %}
{{ arg }} \
{% endfor %}
--network={{ matrix_docker_network }} \
{% if matrix_prometheus_postgres_exporter_container_http_host_bind_port %}
-p {{ matrix_prometheus_postgres_exporter_container_http_host_bind_port }}:{{matrix_prometheus_postgres_exporter_port}} \
{% endif %}
--pid=host \
{{ matrix_prometheus_postgres_exporter_docker_image }}
{{ matrix_bot_chatgpt_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-postgres-exporter 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-postgres-exporter 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-chatgpt 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-prometheus-postgres-exporter
SyslogIdentifier=matrix-bot-chatgpt
[Install]
WantedBy=multi-user.target

59
roles/custom/matrix-bot-draupnir/defaults/main.yml Normal file
View File

@ -0,0 +1,59 @@
---
# A moderation tool for Matrix
# Project source code URL: https://github.com/Gnuxie/Draupnir
matrix_bot_draupnir_enabled: true
matrix_bot_draupnir_version: "v1.80.0-beta.0"
matrix_bot_draupnir_container_image_self_build: false
matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/Gnuxie/Draupnir.git"
matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
# A list of extra arguments to pass to the container
matrix_bot_draupnir_container_extra_arguments: []
# List of systemd services that matrix-bot-draupnir.service depends on
matrix_bot_draupnir_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-bot-draupnir.service wants
matrix_bot_draupnir_systemd_wanted_services_list: []
# The access token for the bot user
matrix_bot_draupnir_access_token: ""
# The room ID where people can use the bot. The bot has no access controls, so
# anyone in this room can use the bot - secure your room!
# This should be a room alias or room ID - not a matrix.to URL.
# Note: draupnir is fairly verbose - expect a lot of messages from it.
matrix_bot_draupnir_management_room: ""
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_bot_draupnir_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_bot_draupnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}"
matrix_bot_draupnir_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_bot_draupnir_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_bot_draupnir_configuration_yaml`.
matrix_bot_draupnir_configuration_extension: "{{ matrix_bot_draupnir_configuration_extension_yaml | from_yaml if matrix_bot_draupnir_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_bot_draupnir_configuration_yaml`.
matrix_bot_draupnir_configuration: "{{ matrix_bot_draupnir_configuration_yaml | from_yaml | combine(matrix_bot_draupnir_configuration_extension, recursive=True) }}"

20
roles/custom/matrix-bot-draupnir/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- block:
- when: matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-bot-draupnir
- install-all
- install-bot-draupnir
- block:
- when: not matrix_bot_draupnir_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-bot-draupnir

74
roles/custom/matrix-bot-draupnir/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,74 @@
---
- ansible.builtin.set_fact:
matrix_bot_draupnir_requires_restart: false
- name: Ensure matrix-bot-draupnir paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_bot_draupnir_base_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_config_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_data_path }}", when: true}
- {path: "{{ matrix_bot_draupnir_docker_src_files_path }}", when: "{{ matrix_bot_draupnir_container_image_self_build }}"}
when: "item.when | bool"
- name: Ensure draupnir Docker image is pulled
community.docker.docker_image:
name: "{{ matrix_bot_draupnir_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_bot_draupnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_draupnir_docker_image_force_pull }}"
when: "not matrix_bot_draupnir_container_image_self_build | bool"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure draupnir repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_bot_draupnir_container_image_self_build_repo }}"
dest: "{{ matrix_bot_draupnir_docker_src_files_path }}"
version: "{{ matrix_bot_draupnir_docker_image.split(':')[1] }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_bot_draupnir_git_pull_results
when: "matrix_bot_draupnir_container_image_self_build | bool"
- name: Ensure draupnir Docker image is built
community.docker.docker_image:
name: "{{ matrix_bot_draupnir_docker_image }}"
source: build
force_source: "{{ matrix_bot_draupnir_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_bot_draupnir_docker_src_files_path }}"
pull: true
when: "matrix_bot_draupnir_container_image_self_build | bool"
- name: Ensure matrix-bot-draupnir config installed
ansible.builtin.copy:
content: "{{ matrix_bot_draupnir_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_bot_draupnir_config_path }}/production.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-bot-draupnir.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-bot-draupnir.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
mode: 0644
register: matrix_bot_draupnir_systemd_service_result
- name: Ensure matrix-bot-draupnir.service restarted, if necessary
ansible.builtin.service:
name: "matrix-bot-draupnir.service"
state: restarted
daemon_reload: true
when: "matrix_bot_draupnir_requires_restart | bool"

25
roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-bot-draupnir service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
register: matrix_bot_draupnir_service_stat
- when: matrix_bot_draupnir_service_stat.stat.exists | bool
block:
- name: Ensure matrix-bot-draupnir is stopped
ansible.builtin.service:
name: matrix-bot-draupnir
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-bot-draupnir.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-bot-draupnir.service"
state: absent
- name: Ensure matrix-bot-draupnir paths don't exist
ansible.builtin.file:
path: "{{ matrix_bot_draupnir_base_path }}"
state: absent

9
roles/custom/matrix-bot-draupnir/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Fail if required variables are undefined
ansible.builtin.fail:
msg: "The `{{ item }}` variable must be defined and have a non-null value."
with_items:
- "matrix_bot_draupnir_access_token"
- "matrix_bot_draupnir_management_room"
when: "vars[item] == '' or vars[item] is none"

247
roles/custom/matrix-bot-draupnir/templates/production.yaml.j2 Normal file
View File

@ -0,0 +1,247 @@
# Endpoint URL that draupnir uses to interact with the matrix homeserver (client-server API),
# set this to the pantalaimon URL if you're using that.
homeserverUrl: "{{ matrix_homeserver_url }}"
# Endpoint URL that draupnir could use to fetch events related to reports (client-server API and /_synapse/),
# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
rawHomeserverUrl: "{{ matrix_homeserver_url }}"
# Matrix Access Token to use, draupnir will only use this if pantalaimon.use is false.
accessToken: "{{ matrix_bot_draupnir_access_token }}"
# Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
#pantalaimon:
# # Whether or not draupnir will use pantalaimon to access the matrix homeserver,
# # set to `true` if you're using pantalaimon.
# #
# # Be sure to point homeserverUrl to the pantalaimon instance.
# #
# # draupnir will log in using the given username and password once,
# # then store the resulting access token in a file under dataPath.
# use: false
#
# # The username to login with.
# username: draupnir
#
# # The password draupnir will login with.
# #
# # After successfully logging in once, this will be ignored, so this value can be blanked after first startup.
# password: your_password
# The path draupnir will store its state/data in, leave default ("/data/storage") when using containers.
dataPath: "/data"
# If true (the default), draupnir will only accept invites from users present in managementRoom.
autojoinOnlyIfManager: true
# If `autojoinOnlyIfManager` is false, only the members in this space can invite
# the bot to new rooms.
#acceptInvitesFromSpace: "!example:example.org"
# Whether draupnir should report ignored invites to the management room (if autojoinOnlyIfManager is true).
recordIgnoredInvites: false
# The room ID (or room alias) of the management room, anyone in this room can issue commands to draupnir.
#
# draupnir has no more granular access controls other than this, be sure you trust everyone in this room - secure it!
#
# This should be a room alias or room ID - not a matrix.to URL.
#
# Note: By default, draupnir is fairly verbose - expect a lot of messages in this room.
# (see verboseLogging to adjust this a bit.)
managementRoom: "{{ matrix_bot_draupnir_management_room }}"
# Whether draupnir should log a lot more messages in the room,
# mainly involves "all-OK" messages, and debugging messages for when draupnir checks bans in a room.
verboseLogging: false
# The log level of terminal (or container) output,
# can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
#
# This should be at INFO or DEBUG in order to get support for draupnir problems.
logLevel: "INFO"
# Whether or not draupnir should synchronize policy lists immediately after startup.
# Equivalent to running '!draupnir sync'.
syncOnStartup: true
# Whether or not draupnir should check moderation permissions in all protected rooms on startup.
# Equivalent to running `!draupnir verify`.
verifyPermissionsOnStartup: true
# Whether or not draupnir should actually apply bans and policy lists,
# turn on to trial some untrusted configuration or lists.
noop: false
# Whether draupnir should check member lists quicker (by using a different endpoint),
# keep in mind that enabling this will miss invited (but not joined) users.
#
# Turn on if your bot is in (very) large rooms, or in large amounts of rooms.
fasterMembershipChecks: false
# A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
#
# If the bot sees you ban a user with a reason that is an (exact case-insensitive) match to this list,
# it will also remove the user's messages automatically.
#
# Typically this is useful to avoid having to give two commands to the bot.
# Advanced: Use asterisks to have the reason match using "globs"
# (f.e. "spam*testing" would match "spam for testing" as well as "spamtesting").
#
# See here for more info: https://www.digitalocean.com/community/tools/glob
# Note: Keep in mind that glob is NOT regex!
automaticallyRedactForReasons:
- "spam"
- "advertising"
# A list of rooms to protect. draupnir will add this to the list it knows from its account data.
#
# It won't, however, add it to the account data.
# Manually add the room via '!draupnir rooms add' to have it stay protected regardless if this config value changes.
#
# Note: These must be matrix.to URLs
#protectedRooms:
# - "https://matrix.to/#/#yourroom:example.org"
# Whether or not to add all joined rooms to the "protected rooms" list
# (excluding the management room and watched policy list rooms, see below).
#
# Note that this effectively makes the protectedRooms and associated commands useless
# for regular rooms.
#
# Note: the management room is *excluded* from this condition.
# Explicitly add it as a protected room to protect it.
#
# Note: Ban list rooms the bot is watching but didn't create will not be protected.
# Explicitly add these rooms as a protected room list if you want them protected.
protectAllJoinedRooms: false
# Increase this delay to have Mjölnir wait longer between two consecutive backgrounded
# operations. The total duration of operations will be longer, but the homeserver won't
# be affected as much. Conversely, decrease this delay to have Mjölnir chain operations
# faster. The total duration of operations will generally be shorter, but the performance
# of the homeserver may be more impacted.
backgroundDelayMS: 500
# Server administration commands, these commands will only work if draupnir is
# a global server administrator, and the bot's server is a Synapse instance.
#admin:
# # Whether or not draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
# # (with enough permissions) to "make" a user an admin.
# #
# # This only works if a local user with enough admin permissions is present in the room.
# enableMakeRoomAdminCommand: false
# Misc options for command handling and commands
commands:
# Whether or not the `!draupnir` prefix is necessary to submit commands.
#
# If `true`, will allow commands like `!ban`, `!help`, etc.
#
# Note: draupnir can also be pinged by display name instead of having to use
# the !draupnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
# will address only my_moderator_bot.
allowNoPrefix: false
# Any additional bot prefixes that draupnir will listen to. i.e. adding `mod` will allow `!mod help`.
additionalPrefixes:
- "draupnir_bot"
- "draupnir"
# Whether or not commands with a wildcard (*) will require an additional `--force` argument
# in the command to be able to be submitted.
confirmWildcardBan: true
# Configuration specific to certain toggle-able protections
#protections:
# # Configuration for the wordlist plugin, which can ban users based if they say certain
# # blocked words shortly after joining.
# wordlist:
# # A list of case-insensitive keywords that the WordList protection will watch for from new users.
# #
# # WordList will ban users who use these words when first joining a room, so take caution when selecting them.
# #
# # For advanced usage, regex can also be used, see the following links for more information;
# # - https://www.digitalocean.com/community/tutorials/an-introduction-to-regular-expressions
# # - https://regexr.com/
# # - https://regexone.com/
# words:
# - "LoReM"
# - "IpSuM"
# - "DoLoR"
# - "aMeT"
#
# # For how long (in minutes) the user is "new" to the WordList plugin.
# #
# # After this time, the user will no longer be banned for using a word in the above wordlist.
# #
# # Set to zero to disable the timeout and make users *always* appear "new".
# # (users will always be banned if they say a bad word)
# minutesBeforeTrusting: 20
# Options for advanced monitoring of the health of the bot.
health:
# healthz options. These options are best for use in container environments
# like Kubernetes to detect how healthy the service is. The bot will report
# that it is unhealthy until it is able to process user requests. Typically
# this means that it'll flag itself as unhealthy for a number of minutes
# before saying "Now monitoring rooms" and flagging itself healthy.
#
# Health is flagged through HTTP status codes, defined below.
healthz:
# Whether the healthz integration should be enabled (default false)
enabled: false
# The port to expose the webserver on. Defaults to 8080.
port: 8080
# The address to listen for requests on. Defaults to all addresses.
address: "0.0.0.0"
# The path to expose the monitoring endpoint at. Defaults to `/healthz`
endpoint: "/healthz"
# The HTTP status code which reports that the bot is healthy/ready to
# process requests. Typically this should not be changed. Defaults to
# 200.
healthyStatus: 200
# The HTTP status code which reports that the bot is not healthy/ready.
# Defaults to 418.
unhealthyStatus: 418
# Options for exposing web APIs.
#web:
# # Whether to enable web APIs.
# enabled: false
#
# # The port to expose the webserver on. Defaults to 8080.
# port: 8080
#
# # The address to listen for requests on. Defaults to only the current
# # computer.
# address: localhost
#
# # Alternative setting to open to the entire web. Be careful,
# # as this will increase your security perimeter:
# #
# # address: "0.0.0.0"
#
# # A web API designed to intercept Matrix API
# # POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}
# # and display readable abuse reports in the moderation room.
# #
# # If you wish to take advantage of this feature, you will need
# # to configure a reverse proxy, see e.g. test/nginx.conf
# abuseReporting:
# # Whether to enable this feature.
# enabled: false
# Whether or not to actively poll synapse for abuse reports, to be used
# instead of intercepting client calls to synapse's abuse endpoint, when that
# isn't possible/practical.
pollReports: false
# Whether or not new reports, received either by webapi or polling,
# should be printed to our managementRoom.
displayReports: false

34
roles/custom/matrix-prometheus-node-exporter/templates/systemd/matrix-prometheus-node-exporter.service.j2 → roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2
View File

@ -1,11 +1,11 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=matrix-prometheus-node-exporter
{% for service in matrix_prometheus_node_exporter_systemd_required_services_list %}
Description=Matrix Draupnir bot
{% for service in matrix_bot_draupnir_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_prometheus_node_exporter_systemd_wanted_services_list %}
{% for service in matrix_bot_draupnir_systemd_required_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
@ -13,32 +13,30 @@ DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-prometheus-node-exporter \
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-bot-draupnir \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
{% for arg in matrix_prometheus_node_exporter_container_extra_arguments %}
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_bot_draupnir_config_path }},dst=/data/config,ro \
--mount type=bind,src={{ matrix_bot_draupnir_data_path }},dst=/data \
{% for arg in matrix_bot_draupnir_container_extra_arguments %}
{{ arg }} \
{% endfor %}
--network={{ matrix_docker_network }} \
{% if matrix_prometheus_node_exporter_container_http_host_bind_port %}
-p {{ matrix_prometheus_node_exporter_container_http_host_bind_port }}:9100 \
{% endif %}
--pid=host \
--mount type=bind,src=/,dst=/host,ro,bind-propagation=rslave \
{{ matrix_prometheus_node_exporter_docker_image }} \
--path.rootfs=/host {{ matrix_prometheus_node_exporter_process_extra_arguments|join(' ') }}
{{ matrix_bot_draupnir_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-prometheus-node-exporter 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-prometheus-node-exporter 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-bot-draupnir 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-prometheus-node-exporter
SyslogIdentifier=matrix-bot-draupnir
[Install]
WantedBy=multi-user.target

4
roles/custom/matrix-bot-honoroit/defaults/main.yml
View File

@ -10,8 +10,8 @@ matrix_bot_honoroit_docker_repo_version: "{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_src_files_path: "{{ matrix_base_data_path }}/honoroit/docker-src"
matrix_bot_honoroit_version: v0.9.16
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_honoroit_docker_image: "{{ matrix_bot_honoroit_docker_image_name_prefix }}etke.cc/honoroit:{{ matrix_bot_honoroit_version }}"
matrix_bot_honoroit_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_honoroit_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_honoroit_docker_image_force_pull: "{{ matrix_bot_honoroit_docker_image.endswith(':latest') }}"
matrix_bot_honoroit_base_path: "{{ matrix_base_data_path }}/honoroit"

5
roles/custom/matrix-bot-maubot/defaults/main.yml
View File

@ -10,8 +10,9 @@ matrix_bot_maubot_docker_src_files_path: "{{ matrix_bot_maubot_base_path }}/dock
matrix_bot_maubot_docker_repo_version: "{{ 'master' if matrix_bot_maubot_version == 'latest' else matrix_bot_maubot_version }}"
matrix_bot_maubot_version: v0.3.1
matrix_bot_maubot_docker_image: "dock.mau.dev/maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_version: v0.4.0
matrix_bot_maubot_docker_image: "{{ matrix_bot_maubot_docker_image_name_prefix }}maubot/maubot:{{ matrix_bot_maubot_version }}"
matrix_bot_maubot_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_maubot_container_image_self_build else 'dock.mau.dev/' }}"
matrix_bot_maubot_docker_image_force_pull: "{{ matrix_bot_maubot_docker_image.endswith(':latest') }}"
matrix_bot_maubot_base_path: "{{ matrix_base_data_path }}/maubot"

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@ -4,7 +4,7 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.6.1"
matrix_bot_mjolnir_version: "v1.6.4"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

6
roles/custom/matrix-bot-postmoogle/defaults/main.yml
View File

@ -9,9 +9,9 @@ matrix_bot_postmoogle_docker_repo: "https://gitlab.com/etke.cc/postmoogle.git"
matrix_bot_postmoogle_docker_repo_version: "{{ 'main' if matrix_bot_postmoogle_version == 'latest' else matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_src_files_path: "{{ matrix_base_data_path }}/postmoogle/docker-src"
matrix_bot_postmoogle_version: v0.9.10
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/etke.cc/' }}"
matrix_bot_postmoogle_version: v0.9.12
matrix_bot_postmoogle_docker_image: "{{ matrix_bot_postmoogle_docker_image_name_prefix }}etke.cc/postmoogle:{{ matrix_bot_postmoogle_version }}"
matrix_bot_postmoogle_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_postmoogle_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_bot_postmoogle_docker_image_force_pull: "{{ matrix_bot_postmoogle_docker_image.endswith(':latest') }}"
matrix_bot_postmoogle_base_path: "{{ matrix_base_data_path }}/postmoogle"

2
roles/custom/matrix-bot-postmoogle/templates/systemd/matrix-bot-postmoogle.service.j2
View File

@ -1,6 +1,6 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix helpdesk bot
Description=Matrix Postmoogle bot
{% for service in matrix_bot_postmoogle_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}

2
roles/custom/matrix-bridge-heisenbridge/defaults/main.yml
View File

@ -4,7 +4,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.14.0
matrix_heisenbridge_version: 1.14.2
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.5.0
matrix_hookshot_version: 2.7.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

2
roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
View File

@ -8,7 +8,7 @@ matrix_mautrix_discord_container_image_self_build: false
matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix/discord.git"
matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
matrix_mautrix_discord_version: latest
matrix_mautrix_discord_version: v0.1.0
# See: https://mau.dev/mautrix/discord/container_registry
matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
matrix_mautrix_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_discord_container_image_self_build else 'dock.mau.dev/' }}"

10
roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml
View File

@ -46,6 +46,16 @@ matrix_mautrix_facebook_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_facebook_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_facebook_metrics_proxying_enabled`.
matrix_mautrix_facebook_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-facebook`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_facebook_metrics_proxying_enabled: false
matrix_mautrix_facebook_bridge_permissions: |
{{
{matrix_mautrix_facebook_homeserver_domain: 'user'}

25
roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml
View File

@ -42,3 +42,28 @@
URL endpoint to the matrix-mautrix-facebook container.
You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable.
when: "not matrix_nginx_proxy_enabled | default(False) | bool"
- when: matrix_mautrix_facebook_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
ansible.builtin.set_fact:
matrix_mautrix_facebook_nginx_metrics_configuration_block: |
location /metrics/mautrix-facebook {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-facebook:8000";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_facebook_nginx_metrics_configuration_block]
}}

2
roles/custom/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View File

@ -62,7 +62,7 @@ appservice:
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
enabled: {{ matrix_mautrix_facebook_metrics_enabled | to_json }}
listen_port: 8000
# Bridge config

10
roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml
View File

@ -47,6 +47,16 @@ matrix_mautrix_instagram_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_instagram_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_instagram_metrics_proxying_enabled`.
matrix_mautrix_instagram_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-instagram`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_instagram_metrics_proxying_enabled: false
# Database-related configuration fields.
#
# To use Postgres:

35
roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- when: matrix_mautrix_instagram_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
ansible.builtin.set_fact:
matrix_mautrix_instagram_nginx_metrics_configuration_block: |
location /metrics/mautrix-instagram {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-instagram:8000";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_instagram_nginx_metrics_configuration_block]
}}

9
roles/custom/matrix-bridge-mautrix-instagram/tasks/main.yml
View File

@ -1,5 +1,14 @@
---
- block:
- when: matrix_mautrix_instagram_enabled | bool and matrix_mautrix_instagram_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_mautrix_instagram_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

2
roles/custom/matrix-bridge-mautrix-instagram/templates/config.yaml.j2
View File

@ -57,7 +57,7 @@ appservice:
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
enabled: {{ matrix_mautrix_instagram_metrics_enabled | to_json }}
listen_port: 8000
instagram:

16
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@ -12,7 +12,8 @@ matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautri
matrix_mautrix_signal_version: v0.4.2
matrix_mautrix_signal_daemon_version: 0.23.1
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "dock.mau.dev/mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_daemon_container_image_self_build: false
@ -20,7 +21,8 @@ matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald"
matrix_mautrix_signal_daemon_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_daemon_version == 'latest' else matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
matrix_mautrix_signal_daemon_docker_image: "{{ matrix_mautrix_signal_daemon_docker_image_name_prefix }}signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
matrix_mautrix_signal_daemon_docker_image_name_prefix: "docker.io/"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}"
matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}"
@ -68,6 +70,16 @@ matrix_mautrix_signal_logging_level: WARNING
# If false, created portal rooms will never be federated.
matrix_mautrix_signal_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.
matrix_mautrix_signal_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_signal_metrics_proxying_enabled: false
# Database-related configuration fields
#
# This bridge only supports postgres.

35
roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- when: matrix_mautrix_signal_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
ansible.builtin.set_fact:
matrix_mautrix_signal_nginx_metrics_configuration_block: |
location /metrics/mautrix-signal {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-signal:8000";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_signal_nginx_metrics_configuration_block]
}}

9
roles/custom/matrix-bridge-mautrix-signal/tasks/main.yml
View File

@ -1,5 +1,14 @@
---
- block:
- when: matrix_mautrix_signal_enabled | bool and matrix_mautrix_signal_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_mautrix_signal_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

2
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View File

@ -67,7 +67,7 @@ appservice:
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
enabled: {{ matrix_mautrix_signal_metrics_enabled | to_json }}
listen_port: 8000
# Manhole config.

138
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml Normal file
View File

@ -0,0 +1,138 @@
---
# mautrix-slack is a Matrix <-> Slack bridge
# Project source code URL: https://github.com/mautrix/slack
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_container_image_self_build: false
matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/slack.git"
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
matrix_mautrix_slack_version: latest
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_slack_docker_image_force_pull: "{{ matrix_mautrix_slack_docker_image.endswith(':latest') }}"
matrix_mautrix_slack_base_path: "{{ matrix_base_data_path }}/mautrix-slack"
matrix_mautrix_slack_config_path: "{{ matrix_mautrix_slack_base_path }}/config"
matrix_mautrix_slack_data_path: "{{ matrix_mautrix_slack_base_path }}/data"
matrix_mautrix_slack_docker_src_files_path: "{{ matrix_mautrix_slack_base_path }}/docker-src"
matrix_mautrix_slack_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_slack_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_slack_appservice_address: "http://matrix-mautrix-slack:8080"
matrix_mautrix_slack_command_prefix: "!slack"
matrix_mautrix_slack_bridge_permissions: |
{{
{matrix_mautrix_slack_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_slack_container_extra_arguments: []
# List of systemd services that matrix-mautrix-slack.service depends on.
matrix_mautrix_slack_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-slack.service wants
matrix_mautrix_slack_systemd_wanted_services_list: []
matrix_mautrix_slack_appservice_token: ''
matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn'
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_slack_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_slack_database_*` variables
matrix_mautrix_slack_database_engine: 'sqlite'
matrix_mautrix_slack_sqlite_database_path_local: "{{ matrix_mautrix_slack_data_path }}/mautrix-slack.db"
matrix_mautrix_slack_sqlite_database_path_in_container: "/data/mautrix-slack.db"
matrix_mautrix_slack_database_username: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_password: 'some-password'
matrix_mautrix_slack_database_hostname: ''
matrix_mautrix_slack_database_port: 5432
matrix_mautrix_slack_database_name: 'matrix_mautrix_slack'
matrix_mautrix_slack_database_connection_string: 'postgresql://{{ matrix_mautrix_slack_database_username }}:{{ matrix_mautrix_slack_database_password }}@{{ matrix_mautrix_slack_database_hostname }}:{{ matrix_mautrix_slack_database_port }}/{{ matrix_mautrix_slack_database_name }}?sslmode=disable'
matrix_mautrix_slack_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_mautrix_slack_database_engine]
}}"
matrix_mautrix_slack_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_slack_sqlite_database_path_in_container,
'postgres': matrix_mautrix_slack_database_connection_string,
}[matrix_mautrix_slack_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_slack_login_shared_secret: ''
matrix_mautrix_slack_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_slack_homeserver_domain: matrix_mautrix_slack_login_shared_secret} if matrix_mautrix_slack_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_slack_bridge_double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain : matrix_mautrix_slack_homeserver_address }}"
# Default mautrix-slack configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_slack_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration_extension: "{{ matrix_mautrix_slack_configuration_extension_yaml | from_yaml if matrix_mautrix_slack_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_slack_configuration_yaml`.
matrix_mautrix_slack_configuration: "{{ matrix_mautrix_slack_configuration_yaml | from_yaml | combine(matrix_mautrix_slack_configuration_extension, recursive=True) }}"
matrix_mautrix_slack_registration_yaml: |
id: slack
url: {{ matrix_mautrix_slack_appservice_address }}
as_token: "{{ matrix_mautrix_slack_appservice_token }}"
hs_token: "{{ matrix_mautrix_slack_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_slack_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@slack_[a-z-A-Z0-9\-]+:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_slack_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_slack_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_slack_bridge_encryption_allow: false
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"

20
roles/custom/matrix-bridge-mautrix-slack/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- block:
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-mautrix-slack
- install-all
- install-mautrix-slack
- block:
- when: not matrix_mautrix_slack_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-mautrix-slack

108
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,108 @@
---
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: false
- when: "matrix_mautrix_slack_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
register: matrix_mautrix_slack_sqlite_database_path_local_stat_result
- when: "matrix_mautrix_slack_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_slack_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-slack.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.set_fact:
matrix_mautrix_slack_requires_restart: true
- name: Ensure Mautrix Slack paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_slack_base_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_config_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_data_path }}", when: true}
- {path: "{{ matrix_mautrix_slack_docker_src_files_path }}", when: "{{ matrix_mautrix_slack_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix Slack image is pulled
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_slack_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_docker_image_force_pull }}"
when: not matrix_mautrix_slack_container_image_self_build
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure Mautrix slack repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_slack_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_slack_docker_src_files_path }}"
version: "{{ matrix_mautrix_slack_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_slack_git_pull_results
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure Mautrix slack Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_slack_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_slack_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_slack_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_slack_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_slack_container_image_self_build | bool"
- name: Ensure mautrix-slack config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-slack registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_slack_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_slack_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-slack.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
mode: 0644
register: matrix_mautrix_slack_systemd_service_result
- name: Ensure matrix-mautrix-slack.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-slack.service"
state: restarted
daemon_reload: true
when: "matrix_mautrix_slack_requires_restart | bool"

20
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Check existence of matrix-mautrix-slack service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
register: matrix_mautrix_slack_service_stat
- when: matrix_mautrix_slack_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-slack is stopped
ansible.builtin.service:
name: matrix-mautrix-slack
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-slack.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-slack.service"
state: absent

20
roles/custom/matrix-bridge-mautrix-slack/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Fail if required mautrix-slack settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_mautrix_slack_appservice_token', when: true}
- {'name': 'matrix_mautrix_slack_homeserver_token', when: true}
- {'name': 'matrix_mautrix_slack_database_hostname', when: "{{ matrix_mautrix_slack_database_engine == 'postgres' }}"}
- name: Fail if appservice-slack and mautrix-slack have conflicting bot usernames
when: matrix_appservice_slack_enabled | default(False) | bool and matrix_mautrix_slack_appservice_bot_username == matrix_appservice_slack_bot_name | default ('')
ansible.builtin.fail:
msg: |
The appservice-slack and mautrix-slack components are both enabled and use the same bot username ({{ matrix_mautrix_slack_appservice_bot_username }}), as per their default configuration, which causes a conflcit.
To resolve the conflict, make one of these components use a different username.
Consider either changing `matrix_mautrix_slack_appservice_bot_username` (the bot username for the mautrix-slack component) or `matrix_appservice_slack_bot_name` (the bot username for the appservice-slack component).
We recommend that you change the username for the newly-added (and yet unused) component.

240
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,240 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_slack_homeserver_address | to_json }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_slack_homeserver_domain | to_json }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's slack connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_slack_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_slack_appservice_database_type|to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_slack_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: slack
# Appservice bot details.
bot:
# Username of the appservice bot.
username: {{ matrix_mautrix_slack_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Slack bridge bot
avatar: mxc://maunium.net/pVtzLmChZejGxLqmXtQjFxem
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_slack_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Bridge config
bridge:
# Localpart template of MXIDs for Slack users.
# {{ '{{.}}' }} is replaced with the internal ID of the Slack user.
username_template: "{{ 'slack_{{.}}' }}"
# Displayname template for Slack users.
# TODO: document variables
displayname_template: "{{ '{{.RealName}} (S)' }}"
bot_displayname_template: "{{ '{{.Name}} (bot)' }}"
channel_name_template: "{{ '#{{.Name}} ({{.TeamName}})' }}"
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Slack?
delivery_receipts: true
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge sync with double puppeting to receive EDUs that aren't normally sent to appservices.
sync_with_custom_puppets: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_slack_homeserver_domain }}": {{ matrix_mautrix_slack_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_slack_bridge_login_shared_secret_map|to_json }}
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: 10s
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 60s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_slack_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Slack bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help, or `login-token` or `login-password` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
backfill:
# Allow backfilling at all? Requires MSC2716 support on homeserver.
enable: false
# If a backfilled chat is older than this number of hours, mark it as read even if it's unread on Slack.
# Set to -1 to let any chat be unread.
unread_hours_threshold: 720
# Number of messages to immediately backfill when creating a portal.
immediate_messages: 10
# Settings for incremental backfill of history.
incremental:
# Maximum number of messages to backfill per batch.
messages_per_batch: 100
# The number of seconds to wait after backfilling the batch of messages.
post_batch_delay: 20
# The maximum number of messages to backfill per portal, split by the chat type.
# If set to -1, all messages in the chat will eventually be backfilled.
max_messages:
# Channels
channel: -1
# Group direct messages
group_dm: -1
# 1:1 direct messages
dm: -1
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_slack_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_slack_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow|to_json }}
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Slack account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_slack_bridge_permissions|to_json }}
logging:
directory: ./logs
file_name_format: ''
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: {{ matrix_mautrix_slack_logging_level | to_json }}
print_json: false
file_json: false

43
roles/custom/matrix-bridge-mautrix-slack/templates/systemd/matrix-mautrix-slack.service.j2 Normal file
View File

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Slack bridge
{% for service in matrix_mautrix_slack_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_slack_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_mautrix_slack_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_slack_data_path }},dst=/data \
--workdir=/data \
{% for arg in matrix_mautrix_slack_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_slack_docker_image }} \
/usr/bin/mautrix-slack -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-mautrix-slack 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-slack 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-slack
[Install]
WantedBy=multi-user.target

6
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -9,7 +9,8 @@ matrix_telegram_lottieconverter_container_image_self_build_mask_arch: false
matrix_telegram_lottieconverter_docker_repo: "https://mau.dev/tulir/lottieconverter.git"
matrix_telegram_lottieconverter_docker_repo_version: "master"
matrix_telegram_lottieconverter_docker_src_files_path: "{{ matrix_base_data_path }}/lotticonverter/docker-src"
matrix_telegram_lottieconverter_docker_image: "dock.mau.dev/tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image: "{{ matrix_telegram_lottieconverter_docker_image_name_prefix }}tulir/lottieconverter:alpine-3.16" # needs to be adjusted according to the FROM clause of Dockerfile of mautrix-telegram
matrix_telegram_lottieconverter_docker_image_name_prefix: "{{ 'localhost/' if matrix_telegram_lottieconverter_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_telegram_container_image_self_build: false
matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git"
@ -18,7 +19,8 @@ matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/maut
matrix_mautrix_telegram_version: v0.12.2
# See: https://mau.dev/mautrix/telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

10
roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
View File

@ -78,6 +78,16 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot
# Specifies the default log level for all bridge loggers.
matrix_mautrix_twitter_logging_level: WARNING
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`.
matrix_mautrix_twitter_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_twitter_metrics_proxying_enabled: false
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

35
roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- when: matrix_mautrix_twitter_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
ansible.builtin.set_fact:
matrix_mautrix_twitter_nginx_metrics_configuration_block: |
location /metrics/mautrix-twitter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-twitter:8000";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_twitter_nginx_metrics_configuration_block]
}}

9
roles/custom/matrix-bridge-mautrix-twitter/tasks/main.yml
View File

@ -1,5 +1,14 @@
---
- block:
- when: matrix_mautrix_twitter_enabled | bool and matrix_mautrix_twitter_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_mautrix_twitter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

2
roles/custom/matrix-bridge-mautrix-twitter/templates/config.yaml.j2
View File

@ -65,7 +65,7 @@ appservice:
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
enabled: {{ matrix_mautrix_twitter_metrics_enabled | to_json }}
listen_port: 8000
# Bridge config

18
roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.8.0
matrix_mautrix_whatsapp_version: v0.8.1
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@ -47,6 +47,16 @@ matrix_mautrix_whatsapp_logging_level: 'warn'
# If false, created portal rooms will never be federated.
matrix_mautrix_whatsapp_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_whatsapp_metrics_proxying_enabled`.
matrix_mautrix_whatsapp_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-whatsapp`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_whatsapp_metrics_proxying_enabled: false
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
@ -102,6 +112,12 @@ matrix_mautrix_whatsapp_bridge_permissions: |
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Enable bridge relay functionality
matrix_mautrix_whatsapp_bridge_relay_enabled: false
# Only allow admins on this home server to set themselves as a relay user
matrix_mautrix_whatsapp_bridge_relay_admin_only: true
# Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

35
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- when: matrix_mautrix_whatsapp_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
ansible.builtin.set_fact:
matrix_mautrix_whatsapp_nginx_metrics_configuration_block: |
location /metrics/mautrix-whatsapp {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-whatsapp:8001";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_whatsapp_nginx_metrics_configuration_block]
}}

9
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/main.yml
View File

@ -1,5 +1,14 @@
---
- block:
- when: matrix_mautrix_whatsapp_enabled | bool and matrix_mautrix_whatsapp_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_mautrix_whatsapp_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"

8
roles/custom/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View File

@ -67,9 +67,9 @@ segment_key: null
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: false
enabled: {{ matrix_mautrix_whatsapp_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: 127.0.0.1:8001
listen: 0.0.0.0:8001
# Config for things that are directly sent to WhatsApp.
whatsapp:
@ -396,9 +396,9 @@ bridge:
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
enabled: {{ matrix_mautrix_whatsapp_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: true
admin_only: {{ matrix_mautrix_whatsapp_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"

6
roles/custom/matrix-cactus-comments/defaults/main.yml
View File

@ -31,10 +31,12 @@ matrix_cactus_comments_version: 0.9.0
matrix_cactus_comments_docker_image: "{{ matrix_container_global_registry_prefix }}cactuscomments/cactus-appservice:{{ matrix_cactus_comments_version }}"
matrix_cactus_comments_docker_image_force_pull: "{{ matrix_cactus_comments_docker_image.endswith(':latest') }}"
# matrix_cactus_comments_client_version specifies the version of the cactus-client release to use.
# The released & compiled client is uploaded to a URL that changes per commit. Therefore it is necessary to check the
# available versions and adjust the url manually.
# For available versions, see: https://gitlab.com/cactus-comments/cactus-client/-/releases
# Also see: `matrix_cactus_comments_client_local_dir`
matrix_cactus_comments_client_version: "0.13.0"
matrix_cactus_comments_webclient_js_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/cactus.js"
matrix_cactus_comments_webclient_css_url: "https://gateway.pinata.cloud/ipfs/QmSiWN27KZZ1XE32jKwifBnS3nWTUcFGNArKzur2nmDgoL/v0.13.0/style.css"
# matrix_cactus_comments_client_local_dir specifies a local directory (on the Ansible controller, not on the remote server) with cactus-client files to use.
# This is an alternative to `matrix_cactus_comments_client_version`, to be used when you'd like to

31
roles/custom/matrix-cactus-comments/tasks/setup_install.yml
View File

@ -67,37 +67,16 @@
- when: matrix_cactus_comments_client_local_dir | length == 0
block:
- name: Download client binary to local folder
- name: Download web client js
ansible.builtin.get_url:
url: "https://gitlab.com/cactus-comments/cactus-client/-/archive/v{{ matrix_cactus_comments_client_version }}/cactus-client-v{{ matrix_cactus_comments_client_version }}.tar.gz"
dest: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz"
mode: '0644'
register: _download_client
until: _download_client is succeeded
retries: 5
delay: 2
check_mode: false
- name: Unpack client
ansible.builtin.unarchive:
src: "/tmp/cactus-comments-{{ matrix_cactus_comments_client_version }}.tar.gz"
dest: "/tmp/"
remote_src: true
mode: 0600
check_mode: false
- name: Propagate client javascript file
ansible.builtin.copy:
src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/cactus.js"
remote_src: true
url: "{{ matrix_cactus_comments_webclient_js_url }}"
dest: "{{ matrix_cactus_comments_client_path }}/cactus.js"
mode: "{{ matrix_cactus_comments_client_file_permissions }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Propagate client style file
ansible.builtin.copy:
src: "/tmp/cactus-client-v{{ matrix_cactus_comments_client_version }}/src/style.css"
remote_src: true
- name: Download web client css
ansible.builtin.get_url:
url: "{{ matrix_cactus_comments_webclient_css_url }}"
dest: "{{ matrix_cactus_comments_client_path }}/style.css"
mode: "{{ matrix_cactus_comments_client_file_permissions }}"
owner: "{{ matrix_user_username }}"

2
roles/custom/matrix-client-cinny/defaults/main.yml
View File

@ -6,7 +6,7 @@ matrix_client_cinny_enabled: true
matrix_client_cinny_container_image_self_build: false
matrix_client_cinny_container_image_self_build_repo: "https://github.com/ajbura/cinny.git"
matrix_client_cinny_version: v2.2.2
matrix_client_cinny_version: v2.2.4
matrix_client_cinny_docker_image: "{{ matrix_client_cinny_docker_image_name_prefix }}ajbura/cinny:{{ matrix_client_cinny_version }}"
matrix_client_cinny_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_cinny_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_cinny_docker_image_force_pull: "{{ matrix_client_cinny_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -10,7 +10,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.11.17
matrix_client_element_version: v1.11.22
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

40
roles/custom/matrix-client-element/tasks/prepare_themes.yml
View File

@ -9,29 +9,29 @@
delegate_to: 127.0.0.1
become: false
block:
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
version: "{{ matrix_client_element_themes_repository_version }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Ensure Element themes repository is pulled
ansible.builtin.git:
repo: "{{ matrix_client_element_themes_repository_url }}"
version: "{{ matrix_client_element_themes_repository_version }}"
dest: "{{ role_path }}/files/scratchpad/themes"
- name: Find all Element theme files
ansible.builtin.find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Find all Element theme files
ansible.builtin.find:
paths: "{{ role_path }}/files/scratchpad/themes"
patterns: "*.json"
recurse: true
register: matrix_client_element_theme_file_list
- name: Read Element theme
ansible.builtin.slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Read Element theme
ansible.builtin.slurp:
path: "{{ item.path }}"
register: "matrix_client_element_theme_file_contents"
with_items: "{{ matrix_client_element_theme_file_list.files }}"
- name: Load Element theme
ansible.builtin.set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
- name: Load Element theme
ansible.builtin.set_fact:
matrix_client_element_settingDefaults_custom_themes: "{{ matrix_client_element_settingDefaults_custom_themes + [item['content'] | b64decode | from_json] }}" # noqa var-naming
with_items: "{{ matrix_client_element_theme_file_contents.results }}"
#
# Tasks related to getting rid of Element themes (if it was previously enabled)

63
roles/custom/matrix-coturn/defaults/main.yml
View File

@ -8,7 +8,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.6.1-r0
matrix_coturn_version: 4.6.1-r1
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
@ -20,6 +20,13 @@ matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith('
#
# Setting up deny/allow rules with `matrix_coturn_allowed_peer_ips`/`matrix_coturn_denied_peer_ips` is also
# possible for achieving such isolation, but is more complicated due to the dynamic nature of Docker networking.
#
# Setting `matrix_coturn_docker_network` to 'host' will run the container with host networking,
# which will drastically improve performance when thousands of ports are opened due to Docker not having to set up forwarding rules for each port.
# Running with host networking can be dangerous, as it potentially exposes your local network and its services to Coturn peers.
# Regardless of the networking mode, we apply a deny list which via `matrix_coturn_denied_peer_ips`,
# which hopefully prevents access to such private network ranges.
# When running in host-networking mode, you need to adjust the firewall yourself, so that ports are opened.
matrix_coturn_docker_network: "matrix-coturn"
matrix_coturn_base_path: "{{ matrix_base_data_path }}/coturn"
@ -41,20 +48,20 @@ matrix_coturn_container_extra_arguments: []
# Controls whether the Coturn container exposes its plain STUN port (tcp/3478 and udp/3478 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:3478"), or empty string to not expose.
matrix_coturn_container_stun_plain_host_bind_port: '3478'
matrix_coturn_container_stun_plain_host_bind_port: "{{ '3478' if matrix_coturn_docker_network != 'host' else '' }}"
# Controls whether the Coturn container exposes its TLS STUN port (tcp/5349 and udp/5349 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5349"), or empty string to not expose.
matrix_coturn_container_stun_tls_host_bind_port: '5349'
matrix_coturn_container_stun_tls_host_bind_port: "{{ '5349' if matrix_coturn_docker_network != 'host' else '' }}"
# Controls whether the Coturn container exposes its TURN UDP port range and which interface to do it on.
#
# Takes an interface "<ip address>" (e.g. "127.0.0.1"), or empty string to listen on all interfaces.
# Takes a null/none value (`~`) to prevent listening.
# Takes a null/none value (`~`) or 'none' (as a string) to prevent listening.
#
# The UDP port-range itself is specified using `matrix_coturn_turn_udp_min_port` and `matrix_coturn_turn_udp_max_port`.
matrix_coturn_container_turn_range_listen_interface: ''
matrix_coturn_container_turn_range_listen_interface: "{{ '' if matrix_coturn_docker_network != 'host' else 'none' }}"
# UDP port-range to use for TURN
matrix_coturn_turn_udp_min_port: 49152
@ -69,10 +76,54 @@ matrix_coturn_turn_external_ip_address: ''
matrix_coturn_turn_external_ip_addresses: ["{{ matrix_coturn_turn_external_ip_address }}"]
matrix_coturn_allowed_peer_ips: []
matrix_coturn_denied_peer_ips: []
# We block loopback interfaces and private networks by default to prevent private resources from being accessible.
# This is especially important when Coturn does not run within a container network (e.g. `matrix_coturn_docker_network: host`).
#
# Learn more: https://www.rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/
#
# If you're running Coturn for local network peers, you may wish to override these rules.
matrix_coturn_denied_peer_ips:
- 0.0.0.0-0.255.255.255
- 10.0.0.0-10.255.255.255
- 100.64.0.0-100.127.255.255
- 127.0.0.0-127.255.255.255
- 169.254.0.0-169.254.255.255
- 172.16.0.0-172.31.255.255
- 192.0.0.0-192.0.0.255
- 192.0.2.0-192.0.2.255
- 192.88.99.0-192.88.99.255
- 192.168.0.0-192.168.255.255
- 198.18.0.0-198.19.255.255
- 198.51.100.0-198.51.100.255
- 203.0.113.0-203.0.113.255
- 240.0.0.0-255.255.255.255
- ::1
- 64:ff9b::-64:ff9b::ffff:ffff
- ::ffff:0.0.0.0-::ffff:255.255.255.255
- 100::-100::ffff:ffff:ffff:ffff
- 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
- 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
matrix_coturn_user_quota: null
matrix_coturn_total_quota: null
# Controls whether `no-tcp-relay` is added to the configuration
matrix_coturn_no_tcp_relay_enabled: true
# Controls whether `no-multicast-peers` is added to the configuration
matrix_coturn_no_multicast_peers_enabled: true
# Additional configuration to be passed to turnserver.conf
# Example:
# matrix_coturn_additional_configuration: |
# simple-log
# aux-server=1.2.3.4
# relay-ip=4.3.2.1
matrix_coturn_additional_configuration: ''
# To enable TLS, you need to provide paths to certificates.
# Paths defined in `matrix_coturn_tls_cert_path` and `matrix_coturn_tls_key_path` are in-container paths.
# Files on the host can be mounted into the container using `matrix_coturn_container_additional_volumes`.

3
roles/custom/matrix-coturn/tasks/setup_install.yml
View File

@ -62,7 +62,8 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure Coturn network is created in Docker
- when: matrix_coturn_docker_network not in ['', 'host']
name: Ensure Coturn network is created in Docker
community.docker.docker_network:
name: "{{ matrix_coturn_docker_network }}"
driver: bridge

2
roles/custom/matrix-coturn/templates/systemd/matrix-coturn.service.j2
View File

@ -30,7 +30,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349 \
-p {{ matrix_coturn_container_stun_tls_host_bind_port }}:5349/udp \
{% endif %}
{% if matrix_coturn_container_turn_range_listen_interface is not none %}
{% if matrix_coturn_container_turn_range_listen_interface is not in [none, 'none'] %}
-p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
{% endif %}
--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \

9
roles/custom/matrix-coturn/templates/turnserver.conf.j2
View File

@ -30,7 +30,10 @@ no-dtls
{% endif %}
prod
{% if matrix_coturn_no_tcp_relay_enabled %}
no-tcp-relay
{% endif %}
{% if matrix_coturn_user_quota != None %}
user-quota={{ matrix_coturn_user_quota }}
@ -39,9 +42,15 @@ user-quota={{ matrix_coturn_user_quota }}
total-quota={{ matrix_coturn_total_quota }}
{% endif %}
{% if matrix_coturn_no_multicast_peers_enabled %}
no-multicast-peers
{% endif %}
{% for ip_range in matrix_coturn_denied_peer_ips %}
denied-peer-ip={{ ip_range }}
{% endfor %}
{% for ip_range in matrix_coturn_allowed_peer_ips %}
allowed-peer-ip={{ ip_range }}
{% endfor %}
{{ matrix_coturn_additional_configuration }}

2
roles/custom/matrix-dendrite/defaults/main.yml
View File

@ -6,7 +6,7 @@ matrix_dendrite_enabled: true
matrix_dendrite_docker_image: "{{ matrix_dendrite_docker_image_name_prefix }}matrixdotorg/dendrite-monolith:{{ matrix_dendrite_docker_image_tag }}"
matrix_dendrite_docker_image_name_prefix: "docker.io/"
matrix_dendrite_docker_image_tag: "v0.10.8"
matrix_dendrite_docker_image_tag: "v0.11.0"
matrix_dendrite_docker_image_force_pull: "{{ matrix_dendrite_docker_image.endswith(':latest') }}"
matrix_dendrite_base_path: "{{ matrix_base_data_path }}/dendrite"

2
roles/custom/matrix-grafana/defaults/main.yml
View File

@ -5,7 +5,7 @@
matrix_grafana_enabled: true
matrix_grafana_version: 9.3.2
matrix_grafana_version: 9.3.6
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

7
roles/custom/matrix-jitsi/defaults/main.yml
View File

@ -91,7 +91,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-8138-1
matrix_jitsi_version: stable-8252
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@ -313,3 +313,8 @@ matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''
#
# The setting requires an integer to be set for usage and allows a user to specify the max number of particpants on a conference.
matrix_prosody_jitsi_max_participants: ''
# Allows abailty to set XMPP AUTH user if using JIGASI
matrix_jitsi_jigasi_xmpp_user: ''
# Allows abailty to set XMPP AUTH pasword if using JIGASI
matrix_jitsi_jigasi_xmpp_password: ''

4
roles/custom/matrix-jitsi/templates/prosody/env.j2
View File

@ -15,8 +15,8 @@ JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_COMPONENT_SECRET
JIGASI_XMPP_USER=
JIGASI_XMPP_PASSWORD=
JIGASI_XMPP_USER={{ matrix_jitsi_jigasi_xmpp_user }}
JIGASI_XMPP_PASSWORD={{ matrix_jitsi_jigasi_xmpp_password }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JWT_APP_ID

8
roles/custom/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
View File

@ -18,7 +18,9 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_s
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-ma1sd \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-ma1sd \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -39,9 +41,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
{{ matrix_ma1sd_docker_image }}
{% for network in matrix_ma1sd_container_additional_networks %}
ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-ma1sd; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ma1sd
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-ma1sd 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true'
Restart=always

4
roles/custom/matrix-nginx-proxy/defaults/main.yml
View File

@ -21,6 +21,10 @@ matrix_nginx_proxy_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-nginx-proxy.service wants
matrix_nginx_proxy_systemd_wanted_services_list: []
# The base container network.
# Also see: matrix_nginx_proxy_container_additional_networks
matrix_nginx_proxy_container_network: "{{ matrix_docker_network }}"
# A list of additional container networks that matrix-nginx-proxy would be connected to.
# The playbook does not create these networks, so make sure they already exist.
#

2
roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2
View File

@ -12,7 +12,7 @@ docker run \
--name=matrix-certbot \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network="{{ matrix_docker_network }}" \
--network="{{ matrix_nginx_proxy_container_network }}" \
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \

10
roles/custom/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
View File

@ -16,13 +16,15 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-nginx-proxy \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-nginx-proxy \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
--network={{ matrix_docker_network }} \
--network={{ matrix_nginx_proxy_container_network }} \
{% if matrix_nginx_proxy_container_http_host_bind_port %}
-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
{% endif %}
@ -48,9 +50,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
{{ matrix_nginx_proxy_docker_image }}
{% for network in matrix_nginx_proxy_container_additional_networks %}
ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-nginx-proxy; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-nginx-proxy
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-nginx-proxy
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-nginx-proxy 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null || true'
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload

67
roles/custom/matrix-prometheus-node-exporter/defaults/main.yml
View File

@ -1,67 +0,0 @@
---
# matrix-prometheus-node-exporter is an Prometheus exporter for machine metrics
# See: https://prometheus.io/docs/guides/node-exporter/
# Project source code URL: https://github.com/prometheus/node_exporter
matrix_prometheus_node_exporter_enabled: false
matrix_prometheus_node_exporter_version: v1.5.0
matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}"
matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container
matrix_prometheus_node_exporter_container_extra_arguments: []
# A list of extra arguments to pass to the node_exporter process
#
# Example:
# matrix_prometheus_node_exporter_process_extra_arguments:
# - "--collector.systemd"
# - "--collector.logind"
#
# Note: the above is just an example. Various collectors may require various tweaks to be able to run.
# Running the systemd collector requires the following `matrix_prometheus_node_exporter_container_extra_arguments`:
# - the socket to be mounted as well (`--mount type=bind,src=/var/run/dbus/system_bus_socket,dst=/var/run/dbus/system_bus_socket,ro,bind-propagation=rslave`)
# - (on AppArmor-based distros) disabling AppArmor protection (`--security-opt apparmor=unconfined`)
matrix_prometheus_node_exporter_process_extra_arguments: []
# List of systemd services that matrix-prometheus.service depends on
matrix_prometheus_node_exporter_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-prometheus.service wants
matrix_prometheus_node_exporter_systemd_wanted_services_list: []
# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_prometheus_node_exporter_metrics_proxying_enabled: false
# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9100 in the container).
#
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9100"), just a port number or empty string to not expose.
#
# You likely don't need to do this. See `matrix_prometheus_node_exporter_metrics_proxying_enabled`.
#
# Official recommendations are to run this container with `--net=host`,
# but we don't do that, since it:
# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008)
# - or listens on a loopback interface only (--net=host and 127.0.0.1:9100), which is not reachable from another container (like `matrix-prometheus`)
#
# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both,
# but that's trickier to accomplish and won't necessarily work (hasn't been tested).
#
# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate),
# because node-exporter can't see all interfaces, etc.
# For now, we'll live with that, until someone develops a better solution.
matrix_prometheus_node_exporter_container_http_host_bind_port: ''
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If matrix_prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else (matrix_prometheus_node_exporter_container_http_host_bind_port if matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
# matrix_prometheus_node_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_prometheus_node_exporter_dashboard_urls:
- https://raw.githubusercontent.com/rfrail3/grafana-dashboards/master/prometheus/node-exporter-full.json

26
roles/custom/matrix-prometheus-node-exporter/tasks/main.yml
View File

@ -1,26 +0,0 @@
---
- block:
- when: matrix_prometheus_node_exporter_enabled | bool and matrix_prometheus_node_exporter_metrics_proxying_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_prometheus_node_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-prometheus-node-exporter
- install-all
- install-prometheus-node-exporter
- block:
- when: not matrix_prometheus_node_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-prometheus-node-exporter

19
roles/custom/matrix-prometheus-node-exporter/tasks/setup_install.yml
View File

@ -1,19 +0,0 @@
---
- name: Ensure matrix-prometheus-node-exporter image is pulled
community.docker.docker_image:
name: "{{ matrix_prometheus_node_exporter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_prometheus_node_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_node_exporter_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-prometheus-node-exporter.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-prometheus-node-exporter.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
mode: 0644
register: matrix_prometheus_node_exporter_systemd_service_result

20
roles/custom/matrix-prometheus-node-exporter/tasks/setup_uninstall.yml
View File

@ -1,20 +0,0 @@
---
- name: Check existence of matrix-prometheus-node-exporter service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
register: matrix_prometheus_node_exporter_service_stat
- when: matrix_prometheus_node_exporter_service_stat.stat.exists | bool
block:
- name: Ensure matrix-prometheus-node-exporter is stopped
ansible.builtin.service:
name: matrix-prometheus-node-exporter
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-prometheus-node-exporter.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-node-exporter.service"
state: absent

5
roles/custom/matrix-prometheus-node-exporter/vars/main.yml
View File

@ -1,5 +0,0 @@
---
# `matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_node_exporter_container_http_host_bind_port`,
# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234')
matrix_prometheus_node_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_node_exporter_container_http_host_bind_port == '' else (matrix_prometheus_node_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_node_exporter_container_http_host_bind_port else matrix_prometheus_node_exporter_container_http_host_bind_port) }}"

64
roles/custom/matrix-prometheus-postgres-exporter/defaults/main.yml
View File

@ -1,64 +0,0 @@
---
# matrix-prometheus-postgres-exporter is an Prometheus exporter for postgres metrics
# Project source code URL: https://github.com/prometheus-community/postgres_exporter
matrix_prometheus_postgres_exporter_enabled: false
matrix_prometheus_postgres_exporter_version: v0.11.1
matrix_prometheus_postgres_exporter_port: 9187
matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}"
matrix_prometheus_postgres_exporter_docker_image_force_pull: "{{ matrix_prometheus_postgres_exporter_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container
matrix_prometheus_postgres_exporter_container_extra_arguments: ["-e PG_EXPORTER_AUTO_DISCOVER_DATABASES=true",
"-e PG_EXPORTER_WEB_LISTEN_ADDRESS=\":{{ matrix_prometheus_postgres_exporter_port }}\"",
"-e DATA_SOURCE_NAME=\"postgresql://{{ matrix_prometheus_postgres_exporter_database_username }}:{{ matrix_prometheus_postgres_exporter_database_password }}@{{ matrix_prometheus_postgres_exporter_database_hostname }}:5432/{{ matrix_prometheus_postgres_exporter_database_name }}?sslmode=disable\""]
# List of systemd services that matrix-prometheus-postgres-exporter.service depends on
matrix_prometheus_postgres_exporter_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-prometheus-postgres-exporter.service wants
matrix_prometheus_postgres_exporter_systemd_wanted_services_list: []
# details for connecting to the database
matrix_prometheus_postgres_exporter_database_username: 'matrix_prometheus_postgres_exporter'
matrix_prometheus_postgres_exporter_database_password: 'some-password'
matrix_prometheus_postgres_exporter_database_hostname: ''
matrix_prometheus_postgres_exporter_database_port: 5432
matrix_prometheus_postgres_exporter_database_name: 'matrix_prometheus_postgres_exporter'
# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_prometheus_postgres_exporter_metrics_proxying_enabled: false
# Controls whether the matrix-prometheus container exposes its HTTP port (tcp/9187 in the container).
#
# Takes an "<ip>:<port>" value (e.g. "127.0.0.1:9187"), just a port number or an empty string to not expose.
#
# You likely don't need to do this. See `matrix_prometheus_postgres_exporter_metrics_proxying_enabled`.
#
# Official recommendations are to run this container with `--net=host`,
# but we don't do that, since it:
# - likely exposes the metrics web server way too publicly (before applying https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008)
# - or listens on a loopback interface only (--net=host and 127.0.0.1:9187), which is not reachable from another container (like `matrix-prometheus`)
#
# Using `--net=host` and binding to Docker's `matrix` bridge network may be a solution to both,
# but that's trickier to accomplish and won't necessarily work (hasn't been tested).
#
# Not using `--net=host` means that our network statistic reports are likely broken (inaccurate),
# because node-exporter can't see all interfaces, etc.
# For now, we'll live with that, until someone develops a better solution.
matrix_prometheus_postgres_exporter_container_http_host_bind_port: ''
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If matrix_prometheus_postgres_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else (matrix_prometheus_postgres_exporter_container_http_host_bind_port if matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
# matrix_prometheus_postgres_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions.
# If the Grafana role is enabled, these dashboards will be downloaded.
matrix_prometheus_postgres_exporter_dashboard_urls:
- "https://grafana.com/api/dashboards/9628/revisions/7/download"

29
roles/custom/matrix-prometheus-postgres-exporter/tasks/main.yml
View File

@ -1,29 +0,0 @@
---
- block:
- when: matrix_prometheus_postgres_exporter_enabled | bool and matrix_prometheus_postgres_exporter_metrics_proxying_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: matrix_prometheus_postgres_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_prometheus_postgres_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
tags:
- setup-all
- setup-prometheus-postgres-exporter
- install-all
- install-prometheus-postgres-exporter
- block:
- when: not matrix_prometheus_postgres_exporter_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
tags:
- setup-all
- setup-prometheus-postgres-exporter

19
roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_install.yml
View File

@ -1,19 +0,0 @@
---
- name: Ensure matrix-prometheus-postgres-exporter image is pulled
community.docker.docker_image:
name: "{{ matrix_prometheus_postgres_exporter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_prometheus_postgres_exporter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_prometheus_postgres_exporter_docker_image_force_pull }}"
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure matrix-prometheus-postgres-exporter.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-prometheus-postgres-exporter.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
mode: 0644
register: matrix_prometheus_postgres_exporter_systemd_service_result

20
roles/custom/matrix-prometheus-postgres-exporter/tasks/setup_uninstall.yml
View File

@ -1,20 +0,0 @@
---
- name: Check existence of matrix-prometheus-postgres-exporter service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
register: matrix_prometheus_postgres_exporter_service_stat
- when: matrix_prometheus_postgres_exporter_service_stat.stat.exists | bool
block:
- name: Ensure matrix-prometheus-postgres-exporter is stopped
ansible.builtin.service:
name: matrix-prometheus-postgres-exporter
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-prometheus-postgres-exporter.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-prometheus-postgres-exporter.service"
state: absent

9
roles/custom/matrix-prometheus-postgres-exporter/tasks/validate_config.yml
View File

@ -1,9 +0,0 @@
---
- name: Fail if required prometheus-postgres-exporter settings not defined
ansible.builtin.fail:
msg: >
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- matrix_prometheus_postgres_exporter_database_hostname

5
roles/custom/matrix-prometheus-postgres-exporter/vars/main.yml
View File

@ -1,5 +0,0 @@
---
# `matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw` contains the raw port number extracted from `matrix_prometheus_postgres_exporter_container_http_host_bind_port`,
# which can contain values like this: ('1234', '127.0.0.1:1234', '0.0.0.0:1234')
matrix_prometheus_postgres_exporter_container_http_host_bind_port_number_raw: "{{ '' if matrix_prometheus_postgres_exporter_container_http_host_bind_port == '' else (matrix_prometheus_postgres_exporter_container_http_host_bind_port.split(':')[1] if ':' in matrix_prometheus_postgres_exporter_container_http_host_bind_port else matrix_prometheus_postgres_exporter_container_http_host_bind_port) }}"

27
roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
# matrix-prometheus-services-proxy-connect is a role which helps integrate
# the various Prometheus roles, which may live outside this Matrix playbook, into it.
# Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled: false
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_node_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_node_exporter_container_http_host_bind_port else (prometheus_node_exporter_container_http_host_bind_port if prometheus_node_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"
# Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled: false
# If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an "<ip>:<port>" value for the containers to bind to on your host.
# If prometheus_node_exporter_container_http_host_bind_port is set to just a port number, this will default to "127.0.0.1:<port>"
# If prometheus_node_exporter_container_http_host_bind_port is set to an IP that is not 0.0.0.0 and a port, that "<ip>:<port>" value will be used
# Otherwise this value will be empty and you will have to manually configure your NGINX config file. (If you are using the config files generated by this playbook, you will have to edit matrix-domain.conf)
matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host: "{{ '127.0.0.1' + prometheus_postgres_exporter_container_http_host_bind_port_number_raw if not ':' in prometheus_postgres_exporter_container_http_host_bind_port else (prometheus_postgres_exporter_container_http_host_bind_port if prometheus_postgres_exporter_container_http_host_bind_port.split(':')[0] != '0.0.0.0' else '') }}"

28
roles/custom/matrix-prometheus-services-proxy-connect/tasks/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Fail if matrix-nginx-proxy role executed before matrix-prometheus-services-proxy-connect
ansible.builtin.fail:
msg: >-
Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-services-proxy-connect role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- block:
- when: prometheus_node_exporter_enabled | bool and matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
- block:
- when: prometheus_node_exporter_enabled | bool and matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml"
tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy

19
roles/custom/matrix-prometheus-node-exporter/tasks/inject_into_nginx_proxy.yml → roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml
View File

@ -1,25 +1,16 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append node-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-node-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate node-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter)
ansible.builtin.set_fact:
matrix_prometheus_node_exporter_nginx_metrics_configuration_block: |
matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block: |
location /metrics/node-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-node-exporter:9100";
set $backend "{{ prometheus_node_exporter_identifier }}:9100";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% elif matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
@ -31,5 +22,5 @@
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_node_exporter_nginx_metrics_configuration_block]
[matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block]
}}

19
roles/custom/matrix-prometheus-postgres-exporter/tasks/inject_into_nginx_proxy.yml → roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml
View File

@ -1,25 +1,16 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append postgres-exporter's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-prometheus-postgres-exporter role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate postgres-exporter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter)
ansible.builtin.set_fact:
matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block: |
matrix_prometheus_services_proxy_connect_postgres_exporter_nginx_metrics_configuration_block: |
location /metrics/postgres-exporter {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-prometheus-postgres-exporter:9187";
set $backend "{{ prometheus_postgres_exporter_identifier }}:{{ prometheus_postgres_exporter_port }}";
proxy_pass http://$backend/metrics;
{% elif matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% elif matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host != '' %}
proxy_pass http://{{ matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_matrix_nginx_proxy_not_enabled_proxy_pass_host }}/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
@ -31,5 +22,5 @@
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_prometheus_postgres_exporter_nginx_metrics_configuration_block]
[matrix_prometheus_services_proxy_connect_postgres_exporter_nginx_metrics_configuration_block]
}}

2
roles/custom/matrix-prometheus/defaults/main.yml
View File

@ -5,7 +5,7 @@
matrix_prometheus_enabled: false
matrix_prometheus_version: v2.41.0
matrix_prometheus_version: v2.42.0
matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}"
matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-synapse-admin/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesom
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
matrix_synapse_admin_version: 0.8.5
matrix_synapse_admin_version: 0.8.7
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"

2
roles/custom/matrix-synapse-reverse-proxy-companion/tasks/setup_uninstall.yml
View File

@ -9,7 +9,7 @@
block:
- name: Ensure matrix-synapse-reverse-proxy-companion.service is stopped
ansible.builtin.service:
name: matrix_synapse_reverse_proxy_companion_service_stat
name: matrix-synapse-reverse-proxy-companion
state: stopped
enabled: false
daemon_reload: true

6
roles/custom/matrix-synapse-reverse-proxy-companion/templates/systemd/matrix-synapse-reverse-proxy-companion.service.j2
View File

@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
--rm \
--name=matrix-synapse-reverse-proxy-companion \
--log-driver=none \
@ -39,9 +39,11 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run \
{{ matrix_synapse_reverse_proxy_companion_container_image }}
{% for network in matrix_synapse_reverse_proxy_companion_container_additional_networks %}
ExecStartPost={{ devture_systemd_docker_base_host_command_sh }} -c 'container_name=matrix-synapse-reverse-proxy-companion; network_name={{ network }}; attempt=0; while [ $attempt -le 29 ]; do attempt=$(( $attempt + 1 )); if [ "`{{ devture_systemd_docker_base_host_command_docker }} inspect -f {{ '{{.State.Running}}' }} $container_name 2> /dev/null`" = "true" ]; then break; fi; sleep 1; done; {{ devture_systemd_docker_base_host_command_docker }} network connect $network_name $container_name'
ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-synapse-reverse-proxy-companion
{% endfor %}
ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-synapse-reverse-proxy-companion
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} kill matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-synapse-reverse-proxy-companion 2>/dev/null || true'
ExecReload={{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse-reverse-proxy-companion /usr/sbin/nginx -s reload

18
roles/custom/matrix-synapse/defaults/main.yml
View File

@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.74.0
matrix_synapse_version: v1.76.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -123,7 +123,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list: []
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.9/site-packages"
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste
@ -725,6 +725,7 @@ matrix_synapse_ext_password_provider_shared_secret_config_yaml: |
matrix_synapse_ext_password_provider_ldap_enabled: false
matrix_synapse_ext_password_provider_ldap_uri: "ldap://ldap.mydomain.tld:389"
matrix_synapse_ext_password_provider_ldap_start_tls: true
matrix_synapse_ext_password_provider_ldap_mode: "search"
matrix_synapse_ext_password_provider_ldap_base: ""
matrix_synapse_ext_password_provider_ldap_attributes_uid: "uid"
matrix_synapse_ext_password_provider_ldap_attributes_mail: "mail"
@ -791,7 +792,7 @@ matrix_synapse_ext_encryption_config_yaml: |
# Installing it requires building a customized Docker image for Synapse (see `matrix_synapse_container_image_customizations_enabled`).
# Enabling this will enable customizations and inject the appropriate Dockerfile clauses for installing synapse-s3-storage-provider.
matrix_synapse_ext_synapse_s3_storage_provider_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_version: 1.1.2
matrix_synapse_ext_synapse_s3_storage_provider_version: 1.2.0
# Controls whether media from this (local) server is stored in s3-storage-provider
matrix_synapse_ext_synapse_s3_storage_provider_store_local: true
# Controls whether media from remote servers is stored in s3-storage-provider
@ -806,6 +807,9 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_region_name: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: false
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ''
matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: 'AES256'
matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD
matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size: 40
# matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count is a day value (number) for the `s3_media_upload update-db` command.
@ -815,7 +819,8 @@ matrix_synapse_ext_synapse_s3_storage_provider_update_db_day_count: 0
matrix_s3_media_store_enabled: false
matrix_s3_media_store_custom_endpoint_enabled: false
matrix_s3_goofys_docker_image: "ewoutp/goofys:latest"
matrix_s3_goofys_docker_image: "{{ matrix_s3_goofys_docker_image_name_prefix }}ewoutp/goofys:latest"
matrix_s3_goofys_docker_image_name_prefix: "docker.io/"
matrix_s3_goofys_docker_image_force_pull: "{{ matrix_s3_goofys_docker_image.endswith(':latest') }}"
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
matrix_s3_media_store_bucket_name: "your-bucket-name"
@ -844,7 +849,7 @@ matrix_synapse_room_list_publication_rules:
room_id: "*"
action: allow
matrix_synapse_default_room_version: "9"
matrix_synapse_default_room_version: "10"
# Controls the Synapse `spam_checker` setting.
#
@ -891,7 +896,8 @@ matrix_synapse_redaction_retention_period: 7d
matrix_synapse_user_ips_max_age: 28d
matrix_synapse_rust_synapse_compress_state_docker_image: "registry.gitlab.com/mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix }}mb-saces/rust-synapse-compress-state:latest"
matrix_synapse_rust_synapse_compress_state_docker_image_name_prefix: "registry.gitlab.com/"
matrix_synapse_rust_synapse_compress_state_docker_image_force_pull: "{{ matrix_synapse_rust_synapse_compress_state_docker_image.endswith(':latest') }}"
matrix_synapse_rust_synapse_compress_state_base_path: "{{ matrix_base_data_path }}/rust-synapse-compress-state"

5
roles/custom/matrix-synapse/tasks/synapse/workers/init.yml
View File

@ -46,7 +46,7 @@
id: "federation-sender-{{ item }}"
name: "matrix-synapse-worker-federation-sender-{{ item }}"
type: 'federation_sender'
app: 'federation_sender'
app: 'generic_worker'
webserving: false
port: 0
metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}"
@ -58,14 +58,13 @@
matrix_synapse_federation_sender_instances: "{{ matrix_synapse_federation_sender_instances + [item.ansible_facts.worker.name] }}"
with_items: "{{ matrix_synapse_workers_list_results_federation_sender_workers.results }}"
# This type of worker can only have a count of 1, at most
- name: Build pusher workers
ansible.builtin.set_fact:
worker:
id: "pusher-{{ item }}"
name: "matrix-synapse-worker-pusher-{{ item }}"
type: 'pusher'
app: 'pusher'
app: 'generic_worker'
webserving: false
port: 0
metrics_port: "{{ matrix_synapse_workers_pusher_workers_metrics_range_start + item }}"

2
roles/custom/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
View File

@ -17,7 +17,7 @@ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name
--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
--mount type=bind,src=/etc/group,dst=/etc/group,ro \
--mount type=bind,src={{ matrix_s3_media_store_path }},dst=/s3,bind-propagation=shared \
--security-opt apparmor:unconfined \
--security-opt apparmor=unconfined \
--cap-add mknod \
--cap-add sys_admin \
--device=/dev/fuse \

2
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/bin/migrate.j2
View File

@ -10,4 +10,4 @@
--network={{ matrix_docker_network }} \
--entrypoint=/bin/bash \
{{ matrix_synapse_docker_image_final }} \
-c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT'
-c 's3_media_upload update-db $UPDATE_DB_DURATION && s3_media_upload --no-progress check-deleted $MEDIA_PATH && s3_media_upload --no-progress upload $MEDIA_PATH $BUCKET --delete --storage-class $STORAGE_CLASS --endpoint-url $ENDPOINT {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}--sse-customer-algo $SSE_CUSTOMER_ALGO --sse-customer-key $SSE_CUSTOMER_KEY{% endif %}'

6
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2
View File

@ -4,6 +4,12 @@ AWS_DEFAULT_REGION={{ matrix_synapse_ext_synapse_s3_storage_provider_config_regi
ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }}
BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }}
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }}
SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }}
{% endif %}
STORAGE_CLASS={{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class }}
MEDIA_PATH=/matrix-media-store-parent/{{ matrix_synapse_media_store_directory_name }}

5
roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2
View File

@ -9,6 +9,11 @@ config:
access_key_id: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id | to_json }}
secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }}
{% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }}
sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }}
{% endif %}
storage_class: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class | to_json }}
threadpool_size: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_threadpool_size | to_json }}

1
roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -2511,6 +2511,7 @@ password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
mode: {{ matrix_synapse_ext_password_provider_ldap_mode | string | to_json }}
uri: {{ matrix_synapse_ext_password_provider_ldap_uri | string|to_json }}
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }}
base: {{ matrix_synapse_ext_password_provider_ldap_base | string|to_json }}

7
roles/custom/matrix_playbook_migration/defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
# Controls if (`matrix_prometheus_node_exporter` -> `prometheus_node_exporter`) validation will run.
matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled: true
# Controls if (`matrix_prometheus_postgres_exporter` -> `prometheus_postgres_exporter`) validation will run.
matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_validation_enabled: true

32
roles/custom/matrix_playbook_migration/tasks/validate_config.yml
View File

@ -34,6 +34,8 @@
- {'old': 'matrix_systemd_services_list', 'new': 'devture_systemd_service_manager_services_list_additional'}
- {'old': 'matrix_common_after_systemd_service_start_wait_for_timeout_seconds', 'new': 'devture_systemd_service_manager_up_verification_delay_seconds'}
- {'old': 'matrix_systemd_services_autostart_enabled', 'new': 'devture_systemd_service_manager_services_autostart_enabled'}
- {'old': 'matrix_prometheus_node_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled'}
- {'old': 'matrix_prometheus_postgres_exporter_metrics_proxying_enabled', 'new': 'matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled'}
- name: (Deprecation) Catch and report matrix_postgres variables
ansible.builtin.fail:
@ -48,3 +50,33 @@
The following variables in your configuration need to be renamed: {{ vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | map (attribute='key') | join(', ') }}
when: "vars | dict2items | selectattr('key', 'match', 'matrix_postgres_.*') | list | items2dict"
- when: matrix_playbook_migration_matrix_prometheus_node_exporter_migration_validation_enabled | bool
block:
- ansible.builtin.set_fact:
matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_prometheus_node_exporter_.*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_prometheus_node_exporter variables
ansible.builtin.fail:
msg: >-
The matrix-prometheus-node-exporter role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/prometheus_node_exporter.
The new role is compatible with the old one, but uses different names for its variables.
Please change your configuration (vars.yml) to rename all variables (`matrix_prometheus_node_exporter_` -> `prometheus_node_exporter_`).
We found usage of the following variables: {{ matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_matrix_prometheus_node_exporter_migration_vars | length > 0"
- when: matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_validation_enabled | bool
block:
- ansible.builtin.set_fact:
matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars: |-
{{ vars | dict2items | selectattr('key', 'match', 'matrix_prometheus_postgres_exporter_.*') | list | items2dict }}
- name: (Deprecation) Catch and report matrix_prometheus_postgres_exporter variables
ansible.builtin.fail:
msg: >-
The matrix-prometheus-postgres-exporter role that used to be part of this playbook has been replaced by https://gitlab.com/etke.cc/roles/prometheus_postgres_exporter.
The new role is compatible with the old one, but uses different names for its variables.
Please change your configuration (vars.yml) to rename all variables (`matrix_prometheus_postgres_exporter_` -> `prometheus_postgres_exporter_`).
We found usage of the following variables: {{ matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars.keys() | join(', ') }}
when: "matrix_playbook_migration_matrix_prometheus_postgres_exporter_migration_vars | length > 0"