From e067db613c0e849da5a6e0a163114e3bc6c05785 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Thu, 9 May 2019 13:20:26 +0100 Subject: [PATCH 01/39] Fix exception to proxying --- examples/caddy/matrix-synapse | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse index 8cb9805a2..69e140d88 100644 --- a/examples/caddy/matrix-synapse +++ b/examples/caddy/matrix-synapse @@ -22,7 +22,7 @@ https://matrix.DOMAIN { # Synapse Client<>Server API proxy / matrix-synapse:8008 { transparent - without /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search + except /.well-known/ /_matrix/identity/ /_matrix/client/r0/user_directory/search } } From cdac997ddb073411fa5ed8dd67299bc9a4be49ec Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Thu, 9 May 2019 13:22:23 +0100 Subject: [PATCH 02/39] Improve comments for Caddy's TLS instructions --- examples/caddy/matrix-dimension | 2 ++ examples/caddy/matrix-synapse | 1 + 2 files changed, 3 insertions(+) diff --git a/examples/caddy/matrix-dimension b/examples/caddy/matrix-dimension index 6defb0d25..82f12c01a 100644 --- a/examples/caddy/matrix-dimension +++ b/examples/caddy/matrix-dimension @@ -1,4 +1,6 @@ https://dimension.DOMAIN { + # These might differ if you are supplying your own certificates + # If you wish to use Caddy's built-in Let's Encrypt support, you can also supply an email address here tls /matrix/ssl/config/live/dimension.DOMAIN/fullchain.pem /matrix/ssl/config/live/dimension.DOMAIN/privkey.pem proxy / http://127.0.0.1:8134/ { diff --git a/examples/caddy/matrix-synapse b/examples/caddy/matrix-synapse index 69e140d88..30f7c5a23 100644 --- a/examples/caddy/matrix-synapse +++ b/examples/caddy/matrix-synapse @@ -1,5 +1,6 @@ https://matrix.DOMAIN { # If you use your own certificates, your path may differ + # If you wish to use Caddy's built-in Let's Encrypt support, you can also supply an email address here tls /matrix/ssl/config/live/matrix.DOMAIN/fullchain.pem /matrix/ssl/config/live/matrix.DOMAIN/privkey.pem root /matrix/static-files From 51e408bc9473c7e189f94ec7bce2e0e9a55d3eed Mon Sep 17 00:00:00 2001 From: inthewaves <26474149+inthewaves@users.noreply.github.com> Date: Fri, 10 May 2019 05:57:28 +0000 Subject: [PATCH 03/39] Bump riot-web version (1.0.8->1.1.0) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 10c5773a9..f38fb98c1 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.0.8" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.0" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 6163ba5bb171b74a6f4d0da30c2e75fbf9b838b9 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Fri, 10 May 2019 08:02:32 -0500 Subject: [PATCH 04/39] Bump postgres versions --- roles/matrix-postgres/defaults/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/matrix-postgres/defaults/main.yml b/roles/matrix-postgres/defaults/main.yml index 1729a2758..b3dc1e8fd 100644 --- a/roles/matrix-postgres/defaults/main.yml +++ b/roles/matrix-postgres/defaults/main.yml @@ -8,9 +8,9 @@ matrix_postgres_db_name: "" matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" -matrix_postgres_docker_image_v9: "postgres:9.6.12-alpine" -matrix_postgres_docker_image_v10: "postgres:10.7-alpine" -matrix_postgres_docker_image_v11: "postgres:11.2-alpine" +matrix_postgres_docker_image_v9: "postgres:9.6.13-alpine" +matrix_postgres_docker_image_v10: "postgres:10.8-alpine" +matrix_postgres_docker_image_v11: "postgres:11.3-alpine" matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}" # A list of extra arguments to pass to the container From 12b7cccbc656a257af2a8490ec488f54e1bfcfd5 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 10 May 2019 15:33:15 -0500 Subject: [PATCH 05/39] Mention the Synapse User Admin API on updating-users-passwords.md --- docs/updating-users-passwords.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index 72b1f2783..af8d38dcd 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -1,6 +1,14 @@ # Updating users passwords -If you are using the matrix-postgres container(default), you can do it via this Ansible playbook (make sure to edit the `` and `` part below): +## Option 1 + +Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password + +This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). + +## Option 2 (if you are using the default matrix-postgres container): + +You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password=' --tags=update-user-password @@ -8,7 +16,9 @@ If you are using the matrix-postgres container(default), you can do it via this **You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot./`. -If you are NOT using the matrix-postgres container, you can generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)): +## Option 3 (if you are using an external Postgres server): + +You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#starting-the-services)): docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml From 59e05672d058a360b748a014ae9de4851b5a7f69 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 10 May 2019 15:38:22 -0500 Subject: [PATCH 06/39] Convert registering-users.md to use ``` syntax for code blocks The bit about the matrix-make-user-admin script was messed up (it wasn't actually a code block so the "" was hidden). For me at least it seems like the ``` syntax is much harder to accidentally mess up. --- docs/registering-users.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/registering-users.md b/docs/registering-users.md index 9822979de..50dd92a96 100644 --- a/docs/registering-users.md +++ b/docs/registering-users.md @@ -4,11 +4,15 @@ Run this to create a new user account on your Matrix server. You can do it via this Ansible playbook (make sure to edit the `` and `` part below): - ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password= admin=' --tags=register-user +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password= admin=' --tags=register-user +``` **or** using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)): - /usr/local/bin/matrix-synapse-register-user +``` +/usr/local/bin/matrix-synapse-register-user +``` **Note**: `` is just a plain username (like `john`), not your full `@:` identifier. @@ -25,5 +29,6 @@ The script `/usr/local/bin/matrix-make-user-admin` may be used to upgrade a user * log on to your server with ssh * execute with the username: - /usr/local/bin/matrix-make-user-admin - +``` +/usr/local/bin/matrix-make-user-admin +``` From 2d1fbdb51d9ad15a169f6d2ce50948fa8b72a6b8 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 11 May 2019 21:39:31 -0500 Subject: [PATCH 07/39] Move around options on updating-users-passwords.md and provide an example for using the admin API --- docs/updating-users-passwords.md | 38 ++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/docs/updating-users-passwords.md b/docs/updating-users-passwords.md index af8d38dcd..838e20003 100644 --- a/docs/updating-users-passwords.md +++ b/docs/updating-users-passwords.md @@ -1,29 +1,43 @@ # Updating users passwords -## Option 1 - -Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password - -This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). - -## Option 2 (if you are using the default matrix-postgres container): +## Option 1 (if you are using the default matrix-postgres container): You can reset a user's password via the Ansible playbook (make sure to edit the `` and `` part below): - ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password=' --tags=update-user-password +``` +ansible-playbook -i inventory/hosts setup.yml --extra-vars='username= password=' --tags=update-user-password +``` **Note**: `` is just a plain username (like `john`), not your full `@:` identifier. **You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot./`. -## Option 3 (if you are using an external Postgres server): + +## Option 2 (if you are using an external Postgres server): You can manually generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](installing.md#starting-the-services)): - docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml +``` +docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml +``` and then connecting to the postgres server and executing: - UPDATE users SET password_hash = '' WHERE name = '@someone:server.com' - +``` +UPDATE users SET password_hash = '' WHERE name = '@someone:server.com' +``` +` where `` is the hash returned by the docker command above. + + +## Option 3: + +Use the Synapse User Admin API as described here: https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password + +This requires an access token from a server admin account. If you didn't make your account a server admin when you created it, you can use the `/usr/local/bin/matrix-make-user-admin` script as described in [registering-users.md](registering-users.md). Note this method will also log the user out of all of their clients while the other options do not. + +### Example: +To set @user:domain.com's password to `correct_horse_battery_staple` you could use this curl command: +``` +curl -XPOST -d '{ "new_password": "correct_horse_battery_staple" }' "https://matrix./_matrix/client/r0/admin/reset_password/@user:domain.com?access_token=MDA...this_is_my_access_token +``` From 953ae021ba903fe1fff01c47e2da84d66b17d710 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 May 2019 08:22:10 +0900 Subject: [PATCH 08/39] Upgrade mxisd (1.4.2 -> 1.4.3) --- roles/matrix-mxisd/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index dd9e8b718..cabf5baae 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -1,6 +1,6 @@ matrix_mxisd_enabled: true -matrix_mxisd_docker_image: "kamax/mxisd:1.4.2" +matrix_mxisd_docker_image: "kamax/mxisd:1.4.3" matrix_mxisd_base_path: "{{ matrix_base_data_path }}/mxisd" matrix_mxisd_config_path: "{{ matrix_mxisd_base_path }}/config" matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data" From 873c291be6ba8d56eabf21383dacb57179a7286a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 May 2019 08:24:03 +0900 Subject: [PATCH 09/39] Fix appservice-discord configuration-extension merging --- roles/matrix-synapse/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index b5be97d32..e6b702192 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -815,7 +815,7 @@ matrix_appservice_discord_configuration_extension_yaml: | # # fininished handling it, causing us to echo it back to the room) # discordSendDelay: 750 -matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}" +matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml else {} }}" matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" From d114736014210f396031ebb532767b470007d73b Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Tue, 14 May 2019 11:46:07 +0200 Subject: [PATCH 10/39] Add a task to stop services (and remove containers) --- roles/matrix-common-after/tasks/main.yml | 6 +++++- roles/matrix-common-after/tasks/stop.yml | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 roles/matrix-common-after/tasks/stop.yml diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 3b5c54283..ea829fee5 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,4 +1,8 @@ - import_tasks: "{{ role_path }}/tasks/start.yml" when: run_start tags: - - start \ No newline at end of file + - start + +- import_tasks: "{{ role_path }}/tasks/stop.yml" + tags: + - stop diff --git a/roles/matrix-common-after/tasks/stop.yml b/roles/matrix-common-after/tasks/stop.yml new file mode 100644 index 000000000..5ae0afbba --- /dev/null +++ b/roles/matrix-common-after/tasks/stop.yml @@ -0,0 +1,7 @@ +--- + +- name: Ensure Matrix services stopped + service: + name: "{{ item }}" + state: stopped + with_items: "{{ matrix_systemd_services_list }}" From bb816df557c5040fbc59a7935e407df1df677e89 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 May 2019 23:47:22 +0900 Subject: [PATCH 11/39] Move mautrix telegram and whatsapp into separate roles The goal is to move each bridge into its own separate role. This commit starts off the work on this with 2 bridges: - mautrix-telegram - mautrix-whatsapp Each bridge's role (including these 2) is meant to: - depend only on the matrix-base role - integrate nicely with the matrix-synapse role (if available) - integrate nicely with the matrix-nginx-proxy role (if available and if required). mautrix-telegram bridge benefits from integrating with it. - not break if matrix-synapse or matrix-nginx-proxy are not used at all This has been provoked by #174 (Github Issue). --- group_vars/matrix-servers | 37 +++++++++++++ .../defaults/main.yml | 34 ++++++++++++ .../tasks}/init.yml | 2 +- .../tasks/main.yml | 21 ++++++++ .../tasks/setup-install.yml} | 52 ++++++++----------- .../tasks/setup-uninstall.yml | 6 +++ .../tasks/validate_config.yml | 11 ++++ .../templates}/config.yaml.j2 | 10 ++-- .../matrix-mautrix-telegram.service.j2 | 16 ++++-- .../defaults/main.yml | 21 ++++++++ .../tasks}/init.yml | 2 +- .../tasks/main.yml | 15 ++++++ .../tasks/setup-install.yml} | 44 ++++++---------- .../tasks/setup-uninstall.yml | 6 +++ .../templates}/config.yaml.j2 | 8 +-- .../matrix-mautrix-whatsapp.service.j2 | 16 ++++-- roles/matrix-corporal/tasks/init.yml | 2 +- roles/matrix-synapse/defaults/main.yml | 30 ++--------- roles/matrix-synapse/tasks/ext/init.yml | 4 -- roles/matrix-synapse/tasks/ext/setup.yml | 4 -- roles/matrix-synapse/tasks/main.yml | 8 ++- roles/matrix-synapse/vars/main.yml | 3 ++ setup.yml | 2 + 23 files changed, 242 insertions(+), 112 deletions(-) create mode 100644 roles/matrix-bridge-mautrix-telegram/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-telegram => matrix-bridge-mautrix-telegram/tasks}/init.yml (72%) create mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-telegram/setup.yml => matrix-bridge-mautrix-telegram/tasks/setup-install.yml} (74%) create mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml rename roles/{matrix-synapse/templates/ext/mautrix-telegram => matrix-bridge-mautrix-telegram/templates}/config.yaml.j2 (97%) rename roles/{matrix-synapse/templates/ext/mautrix-telegram => matrix-bridge-mautrix-telegram/templates}/systemd/matrix-mautrix-telegram.service.j2 (78%) create mode 100644 roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-whatsapp => matrix-bridge-mautrix-whatsapp/tasks}/init.yml (72%) create mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml => matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml} (63%) create mode 100644 roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml rename roles/{matrix-synapse/templates/ext/mautrix-whatsapp => matrix-bridge-mautrix-whatsapp/templates}/config.yaml.j2 (93%) rename roles/{matrix-synapse/templates/ext/mautrix-whatsapp => matrix-bridge-mautrix-whatsapp/templates}/systemd/matrix-mautrix-whatsapp.service.j2 (68%) diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 44318970e..41cd2e02d 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -48,6 +48,43 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_ ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-telegram +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_telegram_enabled: false + +matrix_mautrix_telegram_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" + +###################################################################### +# +# /matrix-bridge-mautrix-telegram +# +###################################################################### + + +###################################################################### +# +# matrix-bridge-mautrix-whatsapp +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_whatsapp_enabled: false + +matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +###################################################################### +# +# /matrix-bridge-mautrix-whatsapp +# +###################################################################### + ###################################################################### # diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml new file mode 100644 index 000000000..ad6d49a50 --- /dev/null +++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml @@ -0,0 +1,34 @@ +# mautrix-telegram is a Matrix <-> Telegram bridge +# See: https://github.com/tulir/mautrix-telegram + +matrix_mautrix_telegram_enabled: true + +matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1" + +matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" + +# Get your own API keys at https://my.telegram.org/apps +matrix_mautrix_telegram_api_id: '' +matrix_mautrix_telegram_api_hash: '' + +# Mautrix telegram public endpoint to log in to telegram +# Use an uuid so it's not easily discoverable. +# Example: /741a0483-ba17-4682-9900-30bd7269f1cc +matrix_mautrix_telegram_public_endpoint: '' + +matrix_mautrix_telegram_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}' +matrix_mautrix_telegram_homeserver_domain: '{{ matrix_domain }}' +matrix_mautrix_telegram_appservice_address: 'http://matrix-mautrix-telegram:8080' +matrix_mautrix_telegram_appservice_public_external: 'https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }}' + +# Set this to a port number to expose on the host when not using matrix-nginx-proxy +matrix_mautrix_telegram_container_exposed_port_number: ~ + +# A list of extra arguments to pass to the container +matrix_mautrix_telegram_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-telegram.service depends on. +matrix_mautrix_telegram_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-telegram.service wants +matrix_mautrix_telegram_systemd_wanted_services_list: [] diff --git a/roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml similarity index 72% rename from roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml rename to roles/matrix-bridge-mautrix-telegram/tasks/init.yml index 566d7321c..f9956d3d5 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}" - when: matrix_mautrix_telegram_enabled \ No newline at end of file + when: "matrix_mautrix_telegram_enabled" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml new file mode 100644 index 000000000..c16c03f54 --- /dev/null +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup and matrix_mautrix_telegram_enabled" + tags: + - setup-all + - setup-mautrix-telegram + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_mautrix_telegram_enabled" + tags: + - setup-all + - setup-mautrix-telegram + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_mautrix_telegram_enabled" + tags: + - setup-all + - setup-mautrix-telegram diff --git a/roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml similarity index 74% rename from roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml rename to roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml index 02487ddb8..920ff54f8 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml @@ -1,33 +1,38 @@ --- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-telegram role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Mautrix Telegram image is pulled docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" - when: "matrix_mautrix_telegram_enabled" -- name: Ensure Mautrix Telegram configuration path exists +- name: Ensure Mautrix Telegram base directory exists file: path: "{{ matrix_mautrix_telegram_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_telegram_enabled" - name: Check if a mautrix-telegram configuration file exists stat: path: "{{ matrix_mautrix_telegram_base_path }}/config.yaml" register: mautrix_telegram_config_file_stat - when: "matrix_mautrix_telegram_enabled" - name: Ensure Matrix Mautrix telegram config installed template: - src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2" + src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_config_file_stat.stat.exists" + when: "not mautrix_telegram_config_file_stat.stat.exists" - name: (Migration) Fix up old configuration lineinfile: @@ -38,26 +43,24 @@ with_items: - {'regexp': '^(\s+)filename: \./mautrix-telegram.log', 'line': '\1filename: /data/mautrix-telegram.log'} - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-telegram.db'} - when: "matrix_mautrix_telegram_enabled and mautrix_telegram_config_file_stat.stat.exists" + when: "mautrix_telegram_config_file_stat.stat.exists" - name: Ensure matrix-mautrix-telegram.service installed template: - src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-mautrix-telegram.service.j2" dest: "/etc/systemd/system/matrix-mautrix-telegram.service" mode: 0644 register: matrix_mautrix_telegram_systemd_service_result - when: "matrix_mautrix_telegram_enabled" - name: Ensure systemd reloaded after matrix-mautrix-telegram.service installation service: daemon_reload: yes - when: "matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_systemd_service_result.changed" + when: "matrix_mautrix_telegram_systemd_service_result.changed" - name: Check if a mautrix-telegram registration file exists stat: path: "{{ matrix_mautrix_telegram_base_path }}/registration.yaml" register: mautrix_telegram_registration_file_stat - when: "matrix_mautrix_telegram_enabled" - name: Generate matrix-mautrix-telegram registration.yaml if it doesn't exist shell: @@ -70,25 +73,22 @@ -v {{ matrix_mautrix_telegram_base_path }}:/data:z {{ matrix_mautrix_telegram_docker_image }} python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml - when: "matrix_mautrix_telegram_enabled and not mautrix_telegram_registration_file_stat.stat.exists" + when: "not mautrix_telegram_registration_file_stat.stat.exists" - set_fact: matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml' - when: "matrix_mautrix_telegram_enabled" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }} - when: "matrix_mautrix_telegram_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json }} - when: "matrix_mautrix_telegram_enabled" - block: - name: Fail if matrix-nginx-proxy role already executed @@ -97,7 +97,7 @@ Trying to append Mautrix Telegram's reverse-proxying configuration to matrix-nginx-proxy, but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your plabook, - so that the matrix-nginx-proxy role would run after the matrix-synapse role. + so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. when: "matrix_nginx_proxy_role_executed" - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy @@ -124,7 +124,7 @@ [matrix_mautrix_telegram_matrix_nginx_proxy_configuration] }} - when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled|default(False)" + when: "matrix_nginx_proxy_enabled|default(False)" tags: - always @@ -135,14 +135,4 @@ reverse proxy. Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}` URL endpoint to the matrix-mautrix-telegram container. - when: "matrix_mautrix_telegram_enabled and matrix_nginx_proxy_enabled is not defined" - -# -# Tasks related to getting rid of matrix-mautrix-telegram (if it was previously enabled) -# - -- name: Ensure matrix-mautrix-telegram.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mautrix-telegram.service" - state: absent - when: "not matrix_mautrix_telegram_enabled" + when: "matrix_nginx_proxy_enabled is not defined" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml new file mode 100644 index 000000000..4ee46afc9 --- /dev/null +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-mautrix-telegram.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-telegram.service" + state: absent diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml new file mode 100644 index 000000000..fac59c9ff --- /dev/null +++ b/roles/matrix-bridge-mautrix-telegram/tasks/validate_config.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_telegram_api_id" + - "matrix_mautrix_telegram_api_hash" + - "matrix_mautrix_telegram_public_endpoint" diff --git a/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 similarity index 97% rename from roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 rename to roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 index 3fb7796a2..b28546466 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-telegram/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 @@ -2,9 +2,9 @@ # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ matrix_server_fqn_matrix }} + address: {{ matrix_mautrix_telegram_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_domain }} + domain: {{ matrix_mautrix_telegram_homeserver_domain }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -13,7 +13,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: http://matrix-mautrix-telegram:8080 + address: {{ matrix_mautrix_telegram_appservice_address }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -39,7 +39,7 @@ appservice: prefix: {{ matrix_mautrix_telegram_public_endpoint }} # The base URL where the public-facing endpoints are available. The prefix is not added # implicitly. - external: https://{{ matrix_server_fqn_matrix }}{{ matrix_mautrix_telegram_public_endpoint }} + external: {{ matrix_mautrix_telegram_appservice_public_external }} # Provisioning API part of the web server for automated portal creation and fetching information. # Used by things like Dimension (https://dimension.t2bot.io/). @@ -207,7 +207,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_domain }}': full + '{{ matrix_mautrix_telegram_homeserver_domain }}': full # Options related to the message relay Telegram bot. relaybot: diff --git a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 similarity index 78% rename from roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 rename to roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 index 8b162f8cd..846dde7e3 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 @@ -1,10 +1,13 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mautrix Telegram server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_mautrix_telegram_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_telegram_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple @@ -17,6 +20,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -26,8 +30,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ -p 127.0.0.1:{{ matrix_mautrix_telegram_container_exposed_port_number }}:8080 \ {% endif %} -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ + {% for arg in matrix_mautrix_telegram_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram Restart=always diff --git a/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml new file mode 100644 index 000000000..32375b871 --- /dev/null +++ b/roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -0,0 +1,21 @@ +# mautrix-whatsapp is a Matrix <-> Whatsapp bridge +# See: https://github.com/tulir/mautrix-whatsapp + +matrix_mautrix_whatsapp_enabled: true + +matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" + +matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" + +matrix_mautrix_whatsapp_homeserver_address: "https://{{ matrix_server_fqn_matrix }}" +matrix_mautrix_whatsapp_homeserver_domain: "{{ matrix_domain }}" +matrix_mautrix_whatsapp_appservice_address: "http://matrix-mautrix-whatsapp:8080" + +# A list of extra arguments to pass to the container +matrix_mautrix_whatsapp_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-whatsapp.service depends on. +matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-whatsapp.service wants +matrix_mautrix_whatsapp_systemd_wanted_services_list: [] diff --git a/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml similarity index 72% rename from roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml rename to roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index fdc0d1b91..c1e62d877 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}" - when: matrix_mautrix_whatsapp_enabled \ No newline at end of file + when: "matrix_mautrix_whatsapp_enabled" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml new file mode 100644 index 000000000..1f40d8c04 --- /dev/null +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -0,0 +1,15 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_mautrix_whatsapp_enabled" + tags: + - setup-all + - setup-mautrix-whatsapp + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_mautrix_whatsapp_enabled" + tags: + - setup-all + - setup-mautrix-whatsapp diff --git a/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml similarity index 63% rename from roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml rename to roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml index 065ca6733..03bc83086 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml @@ -1,52 +1,55 @@ --- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-whatsapp role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Mautrix Whatsapp image is pulled docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" - when: "matrix_mautrix_whatsapp_enabled" -- name: Ensure Mautrix Whatsapp configuration path exists +- name: Ensure Mautrix Whatsapp base directory exists file: path: "{{ matrix_mautrix_whatsapp_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_whatsapp_enabled" - name: Check if a mautrix-whatsapp configuration file exists stat: path: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" register: mautrix_whatsapp_config_file_stat - when: "matrix_mautrix_whatsapp_enabled" - name: Ensure Matrix Mautrix whatsapp config installed template: - src: "{{ role_path }}/templates/ext/mautrix-whatsapp/config.yaml.j2" + src: "{{ role_path }}/templates//config.yaml.j2" dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_config_file_stat.stat.exists" + when: "not mautrix_whatsapp_config_file_stat.stat.exists" - name: Ensure matrix-mautrix-whatsapp.service installed template: - src: "{{ role_path }}/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-mautrix-whatsapp.service.j2" dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service" mode: 0644 register: matrix_mautrix_whatsapp_systemd_service_result - when: "matrix_mautrix_whatsapp_enabled" - name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service installation service: daemon_reload: yes - when: "matrix_mautrix_whatsapp_enabled and matrix_mautrix_whatsapp_systemd_service_result.changed" + when: "matrix_mautrix_whatsapp_systemd_service_result.changed" - name: Check if a mautrix-whatsapp registration file exists stat: path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml" register: mautrix_whatsapp_registration_file_stat - when: "matrix_mautrix_whatsapp_enabled" - name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist shell: @@ -59,32 +62,19 @@ -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z {{ matrix_mautrix_whatsapp_docker_image }} /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml - when: "matrix_mautrix_whatsapp_enabled and not mautrix_whatsapp_registration_file_stat.stat.exists" + when: "not mautrix_whatsapp_registration_file_stat.stat.exists" - set_fact: matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml' - when: "matrix_mautrix_whatsapp_enabled" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }} - when: "matrix_mautrix_whatsapp_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json }} - when: "matrix_mautrix_whatsapp_enabled" - -# -# Tasks related to getting rid of matrix-mautrix-whatsapp (if it was previously enabled) -# - -- name: Ensure matrix-mautrix-whatsapp.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" - state: absent - when: "not matrix_mautrix_whatsapp_enabled" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml new file mode 100644 index 000000000..0c5078a2f --- /dev/null +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-mautrix-whatsapp.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + state: absent diff --git a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 similarity index 93% rename from roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 rename to roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 index d8561897b..310acb4fe 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 @@ -2,15 +2,15 @@ # Homeserver details. homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ matrix_server_fqn_matrix }} + address: {{ matrix_mautrix_whatsapp_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_domain }} + domain: {{ matrix_mautrix_whatsapp_homeserver_domain }} # Application service host/registration related details. # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: http://matrix-mautrix-whatsapp:8080 + address: {{ matrix_mautrix_whatsapp_appservice_address }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -68,7 +68,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_domain }}': user + '{{ matrix_mautrix_whatsapp_homeserver_domain }}': user # Logging config. logging: diff --git a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 similarity index 68% rename from roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 rename to roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 index d05f73e25..b824cab2c 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2 @@ -1,15 +1,19 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mautrix Whatsapp server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_mautrix_whatsapp_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_whatsapp_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -17,8 +21,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z \ --workdir=/data \ + {% for arg in matrix_mautrix_whatsapp_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp + ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp Restart=always diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index e0d89edf6..b7e0e3f8e 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}" - when: "matrix_corporal_enabled" \ No newline at end of file + when: "matrix_corporal_enabled" diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e6b702192..749806a2c 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,3 +1,8 @@ +# Synapse is a Matrix homeserver +# See: https://github.com/matrix-org/synapse + +matrix_synapse_enabled: true + matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" @@ -239,31 +244,6 @@ matrix_s3_media_store_region: "eu-central-1" # Controls whether the self-check feature should validate SSL certificates. matrix_synapse_self_check_validate_certificates: true -# Matrix mautrix is a Matrix <-> Telegram bridge -# Enable telegram bridge -matrix_mautrix_telegram_enabled: false - -matrix_mautrix_telegram_docker_image: "tulir/mautrix-telegram:v0.5.1" - -matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram" - -# Get your own API keys at https://my.telegram.org/apps -matrix_mautrix_telegram_api_id: YOUR_TELEGRAM_APP_ID -matrix_mautrix_telegram_api_hash: YOUR_TELEGRAM_API_HASH -# Mautrix telegram public endpoint to log in to telegram -# Use an uuid so it's not easily discoverable -matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" -# Set this to a port number to expose on the host when not using the nginx proxy -matrix_mautrix_telegram_container_exposed_port_number: ~ - -# Matrix mautrix is a Matrix <-> Whatsapp bridge -# Enable whatsapp bridge -matrix_mautrix_whatsapp_enabled: false - -matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest" - -matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp" - # Matrix mautrix is a Matrix <-> Facebook bridge # Enable facebook bridge matrix_mautrix_facebook_enabled: false diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml index 9ebaf5e2c..05a967581 100644 --- a/roles/matrix-synapse/tasks/ext/init.yml +++ b/roles/matrix-synapse/tasks/ext/init.yml @@ -1,9 +1,5 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/init.yml" - -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml" - - import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 3b2a61ce3..f5bad3066 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -6,10 +6,6 @@ - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/setup.yml" - -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml" - - import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml" diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 058cf05f2..8404ccf16 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -41,4 +41,10 @@ - import_tasks: "{{ role_path }}/tasks/update_user_password.yml" when: run_update_user_password tags: - - update-user-password \ No newline at end of file + - update-user-password + +- name: Mark matrix-synapse role as executed + set_fact: + matrix_synapse_role_executed: true + tags: + - always diff --git a/roles/matrix-synapse/vars/main.yml b/roles/matrix-synapse/vars/main.yml index f5c400214..3b5ab8544 100644 --- a/roles/matrix-synapse/vars/main.yml +++ b/roles/matrix-synapse/vars/main.yml @@ -4,3 +4,6 @@ matrix_synapse_id_servers_public: ['vector.im', 'matrix.org'] matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions" matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version" + +# Tells whether this role had executed or not. Toggled to `true` during runtime. +matrix_synapse_role_executed: false diff --git a/setup.yml b/setup.yml index e2978f592..d19ece9c3 100755 --- a/setup.yml +++ b/setup.yml @@ -8,6 +8,8 @@ - matrix-mailer - matrix-postgres - matrix-corporal + - matrix-bridge-mautrix-telegram + - matrix-bridge-mautrix-whatsapp - matrix-synapse - matrix-riot-web - matrix-mxisd From 25d3b315de6fff3411f3e05d66e03b4079357e95 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Tue, 14 May 2019 22:38:21 +0200 Subject: [PATCH 12/39] Fix case of the mxisd ldap.connection.baseDNs option in comment --- roles/matrix-mxisd/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-mxisd/defaults/main.yml b/roles/matrix-mxisd/defaults/main.yml index cabf5baae..df2cc78b0 100644 --- a/roles/matrix-mxisd/defaults/main.yml +++ b/roles/matrix-mxisd/defaults/main.yml @@ -152,7 +152,7 @@ matrix_mxisd_configuration_extension_yaml: | # host: ldapHostnameOrIp # tls: false # port: 389 - # baseDns: ['OU=Users,DC=example,DC=org'] + # baseDNs: ['OU=Users,DC=example,DC=org'] # bindDn: CN=My Mxisd User,OU=Users,DC=example,DC=org # bindPassword: TheUserPassword From 5aa7f637d8b111f012cfaffa3c915ec262023212 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Tue, 14 May 2019 23:09:59 +0200 Subject: [PATCH 13/39] Fix matrix_synapse_ext_password_provider_ldap_start_tls (it's boolean) --- roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index acc4f94b7..0755fb406 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -977,7 +977,7 @@ password_providers: config: enabled: true uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }} - start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|string|to_json }} + start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }} base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }} attributes: uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }} From 66388c1f5beb8e92a864850e517a54e8425dd586 Mon Sep 17 00:00:00 2001 From: Marcel Partap Date: Wed, 15 May 2019 01:46:22 +0200 Subject: [PATCH 14/39] Provide a sample rest_auth_endpoint close to actual setup --- docs/configuring-playbook-rest-auth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-rest-auth.md b/docs/configuring-playbook-rest-auth.md index c2363ff4b..6c3e41898 100644 --- a/docs/configuring-playbook-rest-auth.md +++ b/docs/configuring-playbook-rest-auth.md @@ -8,8 +8,8 @@ If you decide that you'd like to let this playbook install it for you, you need ```yaml matrix_synapse_ext_password_provider_rest_auth_enabled: true -matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://change.me.example.com:12345" +matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-mxisd:8090" matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false -``` \ No newline at end of file +``` From 43fd3cc274846a1153a5a238e793cac0d39294e6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 May 2019 09:34:31 +0900 Subject: [PATCH 15/39] Move mautrix-facebook into a separate role --- group_vars/matrix-servers | 18 ++++++ .../defaults/main.yml | 25 +++++++++ .../tasks}/init.yml | 2 +- .../tasks/main.yml | 21 +++++++ .../tasks/setup-install.yml} | 55 ++++++------------- .../tasks/setup-uninstall.yml | 6 ++ .../tasks/validate_config.yml | 10 ++++ .../templates}/config.yaml.j2 | 8 +-- .../matrix-mautrix-facebook.service.j2 | 16 ++++-- roles/matrix-synapse/defaults/main.yml | 12 ---- roles/matrix-synapse/tasks/ext/init.yml | 2 - roles/matrix-synapse/tasks/ext/setup.yml | 2 - setup.yml | 1 + 13 files changed, 115 insertions(+), 63 deletions(-) create mode 100644 roles/matrix-bridge-mautrix-facebook/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/tasks}/init.yml (72%) create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/mautrix-facebook/setup.yml => matrix-bridge-mautrix-facebook/tasks/setup-install.yml} (54%) create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml create mode 100644 roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml rename roles/{matrix-synapse/templates/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/templates}/config.yaml.j2 (94%) rename roles/{matrix-synapse/templates/ext/mautrix-facebook => matrix-bridge-mautrix-facebook/templates}/systemd/matrix-mautrix-facebook.service.j2 (76%) diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 41cd2e02d..4902ffc67 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -48,6 +48,24 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_ ###################################################################### +###################################################################### +# +# matrix-bridge-mautrix-facebook +# +###################################################################### + +# We don't enable bridges by default. +matrix_mautrix_facebook_enabled: false + +matrix_mautrix_facebook_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +###################################################################### +# +# /matrix-bridge-mautrix-facebook +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml new file mode 100644 index 000000000..48740e1e3 --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -0,0 +1,25 @@ +# mautrix-facebook is a Matrix <-> Facebook bridge +# See: https://github.com/tulir/mautrix-facebook + +matrix_mautrix_facebook_enabled: true + +matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" + +matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" + +# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/ +matrix_mautrix_facebook_api_id: '' +matrix_mautrix_facebook_api_hash: '' + +matrix_mautrix_facebook_homeserver_address: 'https://{{ matrix_server_fqn_matrix }}' +matrix_mautrix_facebook_homeserver_domain: '{{ matrix_domain }}' +matrix_mautrix_facebook_appservice_address: 'http://matrix-mautrix-facebook:8080' + +# A list of extra arguments to pass to the container +matrix_mautrix_facebook_container_extra_arguments: [] + +# List of systemd services that matrix-mautrix-facebook.service depends on. +matrix_mautrix_facebook_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-mautrix-facebook.service wants +matrix_mautrix_facebook_systemd_wanted_services_list: [] diff --git a/roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml similarity index 72% rename from roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/init.yml index 3c23eb992..cafdc4d53 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}" - when: matrix_mautrix_facebook_enabled + when: "matrix_mautrix_facebook_enabled" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml new file mode 100644 index 000000000..b53c6b0bd --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup and matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_mautrix_facebook_enabled" + tags: + - setup-all + - setup-mautrix-facebook diff --git a/roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml similarity index 54% rename from roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml index 2c13886ae..f0c29193f 100644 --- a/roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml @@ -1,63 +1,55 @@ --- +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-mautrix-facebook role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Mautrix Facebook image is pulled docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" - when: "matrix_mautrix_facebook_enabled" -- name: Ensure Mautrix Facebook configuration path exists +- name: Ensure Mautrix Facebook base directory exists file: path: "{{ matrix_mautrix_facebook_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_facebook_enabled" - name: Check if a mautrix-facebook configuration file exists stat: path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" register: mautrix_facebook_config_file_stat - when: "matrix_mautrix_facebook_enabled" - name: Ensure Matrix Mautrix facebook config installed template: - src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2" + src: "{{ role_path }}/templates/config.yaml.j2" dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists" - -- name: (Migration) Fix up old configuration - lineinfile: - path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - backrefs: yes - with_items: - - {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'} - - {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'} - when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists" + when: "not mautrix_facebook_config_file_stat.stat.exists" - name: Ensure matrix-mautrix-facebook.service installed template: - src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-mautrix-facebook.service.j2" dest: "/etc/systemd/system/matrix-mautrix-facebook.service" mode: 0644 register: matrix_mautrix_facebook_systemd_service_result - when: "matrix_mautrix_facebook_enabled" - name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation service: daemon_reload: yes - when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed" + when: "matrix_mautrix_facebook_systemd_service_result.changed" - name: Check if a mautrix-facebook registration file exists stat: path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml" register: mautrix_facebook_registration_file_stat - when: "matrix_mautrix_facebook_enabled" - name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist shell: @@ -70,32 +62,19 @@ -v {{ matrix_mautrix_facebook_base_path }}:/data:z {{ matrix_mautrix_facebook_docker_image }} python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml - when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists" + when: "not mautrix_facebook_registration_file_stat.stat.exists" - set_fact: matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml' - when: "matrix_mautrix_facebook_enabled" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }} - when: "matrix_mautrix_facebook_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }} - when: "matrix_mautrix_facebook_enabled" - -# -# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled) -# - -- name: Ensure matrix-mautrix-facebook.service doesn't exist - file: - path: "/etc/systemd/system/matrix-mautrix-facebook.service" - state: absent - when: "not matrix_mautrix_facebook_enabled" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml new file mode 100644 index 000000000..b403e6ecb --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-mautrix-facebook.service doesn't exist + file: + path: "/etc/systemd/system/matrix-mautrix-facebook.service" + state: absent diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml new file mode 100644 index 000000000..6b2240c88 --- /dev/null +++ b/roles/matrix-bridge-mautrix-facebook/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_mautrix_facebook_api_id" + - "matrix_mautrix_facebook_api_hash" diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 similarity index 94% rename from roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 rename to roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 index 714449f6e..86033c3cb 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/config.yaml.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 @@ -2,9 +2,9 @@ # Homeserver details homeserver: # The address that this appservice can use to connect to the homeserver. - address: https://{{ matrix_server_fqn_matrix }} + address: {{ matrix_mautrix_facebook_homeserver_address }} # The domain of the homeserver (for MXIDs, etc). - domain: {{ matrix_domain }} + domain: {{ matrix_mautrix_facebook_homeserver_domain }} # Whether or not to verify the SSL certificate of the homeserver. # Only applies if address starts with https:// verify_ssl: true @@ -13,7 +13,7 @@ homeserver: # Changing these values requires regeneration of the registration. appservice: # The address that the homeserver can use to connect to this appservice. - address: http://matrix-mautrix-facebook:8080 + address: {{ matrix_mautrix_facebook_appservice_address }} # The hostname and port where this appservice should listen. hostname: 0.0.0.0 @@ -73,7 +73,7 @@ bridge: # domain - All users on that homeserver # mxid - Specific user permissions: - '{{ matrix_domain }}': user + '{{ matrix_mautrix_facebook_homeserver_domain }}': user # Python logging configuration. # diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 similarity index 76% rename from roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 rename to roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 index ec5ffadb7..18b183d86 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2 @@ -1,10 +1,13 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Mautrix Facebook server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_mautrix_facebook_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_mautrix_facebook_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple @@ -17,14 +20,19 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --network={{ matrix_docker_network }} \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ + {% for arg in matrix_mautrix_facebook_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook Restart=always diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 749806a2c..2a826d2e3 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -244,18 +244,6 @@ matrix_s3_media_store_region: "eu-central-1" # Controls whether the self-check feature should validate SSL certificates. matrix_synapse_self_check_validate_certificates: true -# Matrix mautrix is a Matrix <-> Facebook bridge -# Enable facebook bridge -matrix_mautrix_facebook_enabled: false - -matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest" - -matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook" - -# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/ -matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID -matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH - # Matrix Appservice IRC is a Matrix <-> IRC bridge # Enable IRC bridge matrix_appservice_irc_enabled: false diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml index 05a967581..f6b1e0dd4 100644 --- a/roles/matrix-synapse/tasks/ext/init.yml +++ b/roles/matrix-synapse/tasks/ext/init.yml @@ -1,7 +1,5 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index f5bad3066..7de0744e2 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -6,8 +6,6 @@ - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml" diff --git a/setup.yml b/setup.yml index d19ece9c3..c342bd2c6 100755 --- a/setup.yml +++ b/setup.yml @@ -8,6 +8,7 @@ - matrix-mailer - matrix-postgres - matrix-corporal + - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp - matrix-synapse From 854cf84aa3329b055d57e86c2aa049cb030df0b8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 15 May 2019 09:50:25 +0900 Subject: [PATCH 16/39] Upgrade riot-web (1.1.0 -> 1.1.1) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index f38fb98c1..629f4649e 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.0" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.1" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From 3339e37ce98ad17f26ce2be7ba71b745a0e4a866 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:07:40 +0900 Subject: [PATCH 17/39] Move matrix-appservice-irc into a separate role --- group_vars/matrix-servers | 69 ++- .../defaults/main.yml | 436 ++++++++++++++++++ .../tasks}/init.yml | 0 .../tasks/main.yml | 21 + .../tasks/setup-install.yml} | 45 +- .../tasks/setup-uninstall.yml | 6 + .../tasks/validate_config.yml | 16 + .../systemd/matrix-appservice-irc.service.j2 | 16 +- roles/matrix-synapse/defaults/main.yml | 433 +---------------- roles/matrix-synapse/tasks/ext/init.yml | 2 - roles/matrix-synapse/tasks/ext/setup.yml | 2 - setup.yml | 1 + 12 files changed, 558 insertions(+), 489 deletions(-) create mode 100644 roles/matrix-bridge-appservice-irc/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/appservice-irc => matrix-bridge-appservice-irc/tasks}/init.yml (100%) create mode 100644 roles/matrix-bridge-appservice-irc/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/appservice-irc/setup.yml => matrix-bridge-appservice-irc/tasks/setup-install.yml} (68%) create mode 100644 roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml create mode 100644 roles/matrix-bridge-appservice-irc/tasks/validate_config.yml rename roles/{matrix-synapse/templates/ext/appservice-irc => matrix-bridge-appservice-irc/templates}/systemd/matrix-appservice-irc.service.j2 (72%) diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 4902ffc67..8d23b32a3 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -9,28 +9,6 @@ # You can also override ANY variable (seen here or in any given role), # by re-defining it in your own configuration file (`inventory/host_vars/matrix.`). -###################################################################### -# -# matrix-appservice-irc -# -###################################################################### - -# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network. -# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose -# matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`). -matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" - -###################################################################### -# -# matrix-appservice-discord -# -###################################################################### - -# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network. -# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose -# matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`). -matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" - ###################################################################### # @@ -40,7 +18,6 @@ matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matri matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_id_servers[0] if matrix_synapse_trusted_third_party_id_servers|length > 0 else None }}" - ###################################################################### # # /matrix-base @@ -48,6 +25,52 @@ matrix_identity_server_url: "{{ 'https://' + matrix_synapse_trusted_third_party_ ###################################################################### +###################################################################### +# +# matrix-bridge-appservice-discord +# +###################################################################### + +# We don't enable bridges by default. +matrix_appservice_discord_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-discord over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`). +matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" + +matrix_appservice_discord_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +###################################################################### +# +# /matrix-bridge-appservice-discord +# +###################################################################### + + +###################################################################### +# +# matrix-bridge-appservice-irc +# +###################################################################### + +# We don't enable bridges by default. +matrix_appservice_irc_enabled: false + +# Normally, matrix-nginx-proxy is enabled and nginx can reach matrix-appservice-irc over the container network. +# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose +# matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`). +matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" + +matrix_appservice_irc_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] + +###################################################################### +# +# /matrix-bridge-appservice-irc +# +###################################################################### + + ###################################################################### # # matrix-bridge-mautrix-facebook diff --git a/roles/matrix-bridge-appservice-irc/defaults/main.yml b/roles/matrix-bridge-appservice-irc/defaults/main.yml new file mode 100644 index 000000000..138fd3691 --- /dev/null +++ b/roles/matrix-bridge-appservice-irc/defaults/main.yml @@ -0,0 +1,436 @@ +# Matrix Appservice IRC is a Matrix <-> IRC bridge +# See: https://github.com/matrix-org/matrix-appservice-irc + +matrix_appservice_irc_enabled: true + +matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest" + +matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" + +# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999). +matrix_appservice_irc_container_expose_client_server_api_port: false + +# A list of extra arguments to pass to the container +matrix_appservice_irc_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-irc.service depends on. +matrix_appservice_irc_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-irc.service wants +matrix_appservice_irc_systemd_wanted_services_list: [] + +matrix_appservice_irc_configuration_yaml: | + #jinja2: lstrip_blocks: True + homeserver: + url: "https://{{ matrix_server_fqn_matrix }}" + domain: "{{ matrix_domain }}" + enablePresence: true + +matrix_appservice_irc_configuration_extension_yaml: | + # Your custom YAML configuration for Appservice IRC servers goes here. + # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`). + # + # You can override individual variables from the default configuration, or introduce new ones. + # + # If you need something more special, you can take full control by + # completely redefining `matrix_appservice_irc_configuration_yaml`. + # + # Example configuration extension follows: + # + # ircService: + # databaseUri: "nedb:///data" # does not typically need modification + # passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification + # matrixHandler: + # eventCacheSize: 4096 + # servers: + # # The address of the server to connect to. + # irc.example.com: + # # A human-readable short name. This is used to label IRC status rooms + # # where matrix users control their connections. + # # E.g. 'ExampleNet IRC Bridge status'. + # # It is also used in the Third Party Lookup API as the instance `desc` + # # property, where each server is an instance. + # name: "ExampleNet" + # + # additionalAddresses: [ "irc2.example.com" ] + # # + # # [DEPRECATED] Use `name`, above, instead. + # # A human-readable description string + # # description: "Example.com IRC network" + # + # # An ID for uniquely identifying this server amongst other servers being bridged. + # # networkId: "example" + # + # # URL to an icon used as the network icon whenever this network appear in + # # a network list. (Like in the riot room directory, for instance.) + # # icon: https://example.com/images/hash.png + # + # # The port to connect to. Optional. + # port: 6697 + # # Whether to use SSL or not. Default: false. + # ssl: true + # # Whether or not IRC server is using a self-signed cert or not providing CA Chain + # sslselfsign: false + # # Should the connection attempt to identify via SASL (if a server or user password is given) + # # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. + # sasl: false + # # Whether to allow expired certs when connecting to the IRC server. + # # Usually this should be off. Default: false. + # allowExpiredCerts: false + # # A specific CA to trust instead of the default CAs. Optional. + # #ca: | + # # -----BEGIN CERTIFICATE----- + # # ... + # # -----END CERTIFICATE----- + # + # # + # # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. + # # password: 'pa$$w0rd' + # # + # # Whether or not to send connection/error notices to real Matrix users. Default: true. + # sendConnectionMessages: true + # + # quitDebounce: + # # Whether parts due to net-splits are debounced for delayMs, to allow + # # time for the netsplit to resolve itself. A netsplit is detected as being + # # a QUIT rate higher than quitsPerSecond. Default: false. + # enabled: false + # # The maximum number of quits per second acceptable above which a netsplit is + # # considered ongoing. Default: 5. + # quitsPerSecond: 5 + # # The time window in which to wait before bridging a QUIT to Matrix that occurred during + # # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS + # # is not sent many requests to leave rooms all at once if a netsplit occurs and many + # # people to not rejoin. + # # If the user with the same IRC nick as the one who sent the quit rejoins a channel + # # they are considered back online and the quit is not bridged, so long as the rejoin + # # occurs before the randomly-jittered timeout is not reached. + # # Default: 3600000, = 1h + # delayMinMs: 3600000 # 1h + # # Default: 7200000, = 2h + # delayMaxMs: 7200000 # 2h + # + # # A map for conversion of IRC user modes to Matrix power levels. This enables bridging + # # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has + # # been given multiple modes, the one that maps to the highest power level will be used. + # modePowerMap: + # o: 50 + # + # botConfig: + # # Enable the presence of the bot in IRC channels. The bot serves as the entity + # # which maps from IRC -> Matrix. You can disable the bot entirely which + # # means IRC -> Matrix chat will be shared by active "M-Nick" connections + # # in the room. If there are no users in the room (or if there are users + # # but their connections are not on IRC) then nothing will be bridged to + # # Matrix. If you're concerned about the bot being treated as a "logger" + # # entity, then you may want to disable the bot. If you want IRC->Matrix + # # but don't want to have TCP connections to IRC unless a Matrix user speaks + # # (because your client connection limit is low), then you may want to keep + # # the bot enabled. Default: true. + # # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned + # # on, else there will be no users and no bot in a channel (meaning no + # # messages to Matrix!) until a Matrix user speaks which makes a client + # # join the target IRC channel. + # # NBB: The bridge bot IRC client will still join the target IRC network so + # # it can service bridge-specific queries from the IRC-side e.g. so + # # real IRC clients have a way to change their Matrix display name. + # # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 + # enabled: true + # # The nickname to give the AS bot. + # nick: "MatrixBot" + # # The password to give to NickServ or IRC Server for this nick. Optional. + # # password: "helloworld" + # # + # # Join channels even if there are no Matrix users on the other side of + # # the bridge. Set to false to prevent the bot from joining channels which have no + # # real matrix users in them, even if there is a mapping for the channel. + # # Default: true + # joinChannelsIfNoUsers: true + # + # # Configuration for PMs / private 1:1 communications between users. + # privateMessages: + # # Enable the ability for PMs to be sent to/from IRC/Matrix. + # # Default: true. + # enabled: true + # # Prevent Matrix users from sending PMs to the following IRC nicks. + # # Optional. Default: []. + # # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED + # + # # Should created Matrix PM rooms be federated? If false, only users on the + # # HS attached to this AS will be able to interact with this room. + # # Optional. Default: true. + # federate: true + # + # # Configuration for mappings not explicitly listed in the 'mappings' + # # section. + # dynamicChannels: + # # Enable the ability for Matrix users to join *any* channel on this IRC + # # network. + # # Default: false. + # enabled: true + # # Should the AS create a room alias for the new Matrix room? The form of + # # the alias can be modified via 'aliasTemplate'. Default: true. + # createAlias: true + # # Should the AS publish the new Matrix room to the public room list so + # # anyone can see it? Default: true. + # published: true + # # What should the join_rule be for the new Matrix room? If 'public', + # # anyone can join the room. If 'invite', only users with an invite can + # # join the room. Note that if an IRC channel has +k or +i set on it, + # # join_rules will be set to 'invite' until these modes are removed. + # # Default: "public". + # joinRule: public + # # This will set the m.room.related_groups state event in newly created rooms + # # with the given groupId. This means flares will show up on IRC users in those rooms. + # # This should be set to the same thing as namespaces.users.group_id in irc_registration. + # # This does not alter existing rooms. + # # Leaving this option empty will not set the event. + # groupId: +myircnetwork:localhost + # # Should created Matrix rooms be federated? If false, only users on the + # # HS attached to this AS will be able to interact with this room. + # # Default: true. + # federate: true + # # The room alias template to apply when creating new aliases. This only + # # applies if createAlias is 'true'. The following variables are exposed: + # # $SERVER => The IRC server address (e.g. "irc.example.com") + # # $CHANNEL => The IRC channel (e.g. "#python") + # # This MUST have $CHANNEL somewhere in it. + # # Default: '#irc_$SERVER_$CHANNEL' + # aliasTemplate: "#irc_$CHANNEL" + # # A list of user IDs which the AS bot will send invites to in response + # # to a !join. Only applies if joinRule is 'invite'. Default: [] + # # whitelist: + # # - "@foo:example.com" + # # - "@bar:example.com" + # # + # # Prevent the given list of channels from being mapped under any + # # circumstances. + # # exclude: ["#foo", "#bar"] + # + # # Configuration for controlling how Matrix and IRC membership lists are + # # synced. + # membershipLists: + # # Enable the syncing of membership lists between IRC and Matrix. This + # # can have a significant effect on performance on startup as the lists are + # # synced. This must be enabled for anything else in this section to take + # # effect. Default: false. + # enabled: false + # + # # Syncing membership lists at startup can result in hundreds of members to + # # process all at once. This timer drip feeds membership entries at the + # # specified rate. Default: 10000. (10s) + # floodDelayMs: 10000 + # + # global: + # ircToMatrix: + # # Get a snapshot of all real IRC users on a channel (via NAMES) and + # # join their virtual matrix clients to the room. + # initial: false + # # Make virtual matrix clients join and leave rooms as their real IRC + # # counterparts join/part channels. Default: false. + # incremental: false + # + # matrixToIrc: + # # Get a snapshot of all real Matrix users in the room and join all of + # # them to the mapped IRC channel on startup. Default: false. + # initial: false + # # Make virtual IRC clients join and leave channels as their real Matrix + # # counterparts join/leave rooms. Make sure your 'maxClients' value is + # # high enough! Default: false. + # incremental: false + # + # # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. + # rooms: + # - room: "!fuasirouddJoxtwfge:localhost" + # matrixToIrc: + # initial: false + # incremental: false + # + # # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. + # channels: + # - channel: "#foo" + # ircToMatrix: + # initial: false + # incremental: false + # + # mappings: + # # 1:many mappings from IRC channels to room IDs on this IRC server. + # # The matrix room must already exist. Your matrix client should expose + # # the room ID in a "settings" page for the room. + # "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] + # + # # Configuration for virtual matrix users. The following variables are + # # exposed: + # # $NICK => The IRC nick + # # $SERVER => The IRC server address (e.g. "irc.example.com") + # matrixClients: + # # The user ID template to use when creating virtual matrix users. This + # # MUST have $NICK somewhere in it. + # # Optional. Default: "@$SERVER_$NICK". + # # Example: "@irc.example.com_Alice:example.com" + # userTemplate: "@irc_$NICK" + # # The display name to use for created matrix clients. This should have + # # $NICK somewhere in it if it is specified. Can also use $SERVER to + # # insert the IRC domain. + # # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)" + # displayName: "$NICK (IRC)" + # # Number of tries a client can attempt to join a room before the request + # # is discarded. You can also use -1 to never retry or 0 to never give up. + # # Optional. Default: -1 + # joinAttempts: -1 + # + # # Configuration for virtual IRC users. The following variables are exposed: + # # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) + # # $USERID => The user ID + # # $DISPLAY => The display name of this user, with excluded characters + # # (e.g. space) removed. If the user has no display name, this + # # falls back to $LOCALPART. + # ircClients: + # # The template to apply to every IRC client nick. This MUST have either + # # $DISPLAY or $USERID or $LOCALPART somewhere in it. + # # Optional. Default: "M-$DISPLAY". Example: "M-Alice". + # nickTemplate: "$DISPLAY[m]" + # # True to allow virtual IRC clients to change their nick on this server + # # by issuing !nick commands to the IRC AS bot. + # # This is completely freeform: it will NOT follow the nickTemplate. + # allowNickChanges: true + # # The max number of IRC clients that will connect. If the limit is + # # reached, the client that spoke the longest time ago will be + # # disconnected and replaced. + # # Optional. Default: 30. + # maxClients: 30 + # # IPv6 configuration. + # ipv6: + # # Optional. Set to true to force IPv6 for outgoing connections. + # only: false + # # Optional. The IPv6 prefix to use for generating unique addresses for each + # # connected user. If not specified, all users will connect from the same + # # (default) address. This may require additional OS-specific work to allow + # # for the node process to bind to multiple different source addresses + # # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library + # # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. + # # prefix: "2001:0db8:85a3::" # modify appropriately + # # + # # The maximum amount of time in seconds that the client can exist + # # without sending another message before being disconnected. Use 0 to + # # not apply an idle timeout. This value is ignored if this IRC server is + # # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) + # idleTimeout: 10800 + # # The number of millseconds to wait between consecutive reconnections if a + # # client gets disconnected. Setting to 0 will cause the scheduling to be + # # disabled, i.e. it will be scheduled immediately (with jitter. + # # Otherwise, the scheduling interval will be used such that one client + # # reconnect for this server will be handled every reconnectIntervalMs ms using + # # a FIFO queue. + # # Default: 5000 (5 seconds) + # reconnectIntervalMs: 5000 + # # The number of concurrent reconnects if a user has been disconnected unexpectedly + # # (e.g. a netsplit). You should set this to a reasonably high number so that + # # bridges are not waiting an eternity to reconnect all its clients if + # # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs + # # setting above which is for connecting on restart of the bridge. Set to 0 to + # # immediately try to reconnect all users. + # # Default: 50 + # concurrentReconnectLimit: 50 + # # The number of lines to allow being sent by the IRC client that has received + # # a large block of text to send from matrix. If the number of lines that would + # # be sent is > lineLimit, the text will instead be uploaded to matrix and the + # # resulting URI is treated as a file. As such, a link will be sent to the IRC + # # side instead of potentially spamming IRC and getting the IRC client kicked. + # # Default: 3. + # lineLimit: 3 + # # A list of user modes to set on every IRC client. For example, "RiG" would set + # # +R, +i and +G on every IRC connection when they have successfully connected. + # # User modes vary wildly depending on the IRC network you're connecting to, + # # so check before setting this value. Some modes may not work as intended + # # through the bridge e.g. caller ID as there is no way to /ACCEPT. + # # Default: "" (no user modes) + # # userModes: "R" + # + # # Configuration for an ident server. If you are running a public bridge it is + # # advised you setup an ident server so IRC mods can ban specific matrix users + # # rather than the application service itself. + # ident: + # # True to listen for Ident requests and respond with the + # # matrix user's user_id (converted to ASCII, respecting RFC 1413). + # # Default: false. + # enabled: false + # # The port to listen on for incoming ident requests. + # # Ports below 1024 require root to listen on, and you may not want this to + # # run as root. Instead, you can get something like an Apache to yank up + # # incoming requests to 113 to a high numbered port. Set the port to listen + # # on instead of 113 here. + # # Default: 113. + # port: 1113 + # # The address to listen on for incoming ident requests. + # # Default: 0.0.0.0 + # address: "::" + # + # # Configuration for logging. Optional. Default: console debug level logging + # # only. + # logging: + # # Level to log on console/logfile. One of error|warn|info|debug + # level: "debug" + # # The file location to log to. This is relative to the project directory. + # logfile: "debug.log" + # # The file location to log errors to. This is relative to the project + # # directory. + # errfile: "errors.log" + # # Whether to log to the console or not. + # toConsole: true + # # The max number of files to keep. Files will be overwritten eventually due + # # to rotations. + # maxFiles: 5 + # + # # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: + # # $ npm install prom-client@6.3.0 + # # Metrics will then be available via GET /metrics on the bridge listening port (-p). + # metrics: + # # Whether to actually enable the metric endpoint. Default: false + # enabled: true + # # When collecting remote user active times, which "buckets" should be used. Defaults are given below. + # # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). + # remoteUserAgeBuckets: + # - "1h" + # - "1d" + # - "1w" + # + # # Configuration options for the debug HTTP API. To access this API, you must + # # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests. + # # + # # The debug API exposes the following endpoints: + # # + # # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID. + # # + # # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection. + # # Format: new line delimited commands as per IRC protocol. + # # + # debugApi: + # # True to enable the HTTP API endpoint. Default: false. + # enabled: false + # # The port to host the HTTP API. + # port: 11100 + # + # # Configuration for the provisioning API. + # # + # # GET /_matrix/provision/link + # # GET /_matrix/provision/unlink + # # GET /_matrix/provision/listlinks + # # + # provisioning: + # # True to enable the provisioning HTTP endpoint. Default: false. + # enabled: false + # # The number of seconds to wait before giving up on getting a response from + # # an IRC channel operator. If the channel operator does not respond within the + # # allotted time period, the provisioning request will fail. + # # Default: 300 seconds (5 mins) + # requestTimeoutSeconds: 300 + # + # # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot + # # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in + # # the database. + # # + +matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}" + +matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-synapse/tasks/ext/appservice-irc/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/appservice-irc/init.yml rename to roles/matrix-bridge-appservice-irc/tasks/init.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml new file mode 100644 index 000000000..9866fce41 --- /dev/null +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup and matrix_appservice_irc_enabled" + tags: + - setup-all + - setup-appservice-irc + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_appservice_irc_enabled" + tags: + - setup-all + - setup-appservice-irc + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_appservice_irc_enabled" + tags: + - setup-all + - setup-appservice-irc diff --git a/roles/matrix-synapse/tasks/ext/appservice-irc/setup.yml b/roles/matrix-bridge-appservice-irc/tasks/setup-install.yml similarity index 68% rename from roles/matrix-synapse/tasks/ext/appservice-irc/setup.yml rename to roles/matrix-bridge-appservice-irc/tasks/setup-install.yml index 5c75554dc..b0266bb18 100644 --- a/roles/matrix-synapse/tasks/ext/appservice-irc/setup.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup-install.yml @@ -1,17 +1,24 @@ --- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-appservice-irc role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Appservice IRC image is pulled docker_image: name: "{{ matrix_appservice_irc_docker_image }}" - when: "matrix_appservice_irc_enabled" -- name: Ensure Appservice IRC configuration path exists +- name: Ensure Appservice IRC base directory exists file: path: "{{ matrix_appservice_irc_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_appservice_irc_enabled" - name: Ensure Matrix Appservice IRC config installed copy: @@ -20,36 +27,32 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_appservice_irc_enabled" - name: Check if matrix-appservice-irc passkey exists stat: path: "{{ matrix_appservice_irc_base_path }}/passkey.pem" register: irc_passkey_file - when: "matrix_appservice_irc_enabled" - name: Generate matrix-appservice-irc passkey if it doesn't exist shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 - when: "matrix_appservice_irc_enabled and not irc_passkey_file.stat.exists" + when: "not irc_passkey_file.stat.exists" - name: Ensure matrix-appservice-irc.service installed template: - src: "{{ role_path }}/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-appservice-irc.service.j2" dest: "/etc/systemd/system/matrix-appservice-irc.service" mode: 0644 register: matrix_appservice_irc_systemd_service_result - when: "matrix_appservice_irc_enabled" - name: Ensure systemd reloaded after matrix-appservice-irc.service installation service: daemon_reload: yes - when: "matrix_appservice_irc_enabled and matrix_appservice_irc_systemd_service_result.changed" + when: "matrix_appservice_irc_systemd_service_result.changed" - name: Check if a matrix-appservice-irc registration file exists stat: path: "{{ matrix_appservice_irc_base_path }}/registration.yaml" register: appservice_irc_registration_file - when: "matrix_appservice_irc_enabled" - name: Generate matrix-appservice-irc registration.yaml if it doesn't exist shell: >- @@ -64,25 +67,22 @@ -u "http://matrix-appservice-irc:9999" -c /data/config.yaml -l irc_bot - when: "matrix_appservice_irc_enabled and not appservice_irc_registration_file.stat.exists" + when: "not appservice_irc_registration_file.stat.exists" - set_fact: matrix_synapse_app_service_config_file_appservice_irc: '/app-registration/appservice-irc.yml' - when: "matrix_appservice_irc_enabled" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_appservice_irc_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_irc }}', 'options': 'ro'}] }} - when: "matrix_appservice_irc_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_appservice_irc }}"] | to_nice_json }} - when: "matrix_appservice_irc_enabled" - name: Ensure IRC configuration directory permissions are correct file: @@ -91,14 +91,3 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" recurse: true - when: "matrix_appservice_irc_enabled" - -# -# Tasks related to getting rid of matrix-appservice-irc (if it was previously enabled) -# - -- name: Ensure matrix-appservice-irc.service doesn't exist - file: - path: "/etc/systemd/system/matrix-appservice-irc.service" - state: absent - when: "not matrix_appservice_irc_enabled" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml new file mode 100644 index 000000000..0b7e6ceb2 --- /dev/null +++ b/roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-appservice-irc.service doesn't exist + file: + path: "/etc/systemd/system/matrix-appservice-irc.service" + state: absent diff --git a/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml new file mode 100644 index 000000000..952487e9c --- /dev/null +++ b/roles/matrix-bridge-appservice-irc/tasks/validate_config.yml @@ -0,0 +1,16 @@ +--- + +# Our base configuration (`matrix_appservice_irc_configuration_yaml`) is not enough to +# let the playbook run without errors. +# +# Unless the final configuration (`matrix_appservice_irc_configuration`) contains an `ircService` definition, +# we'd fail generating the registration.yaml file with a non-helpful error. +# +# This is a safety check to ensure we fail earlier and in a nicer way. +- name: Fail if no additional configuration provided + fail: + msg: >- + Your Appservice IRC configuration is incomplete (lacking an `ircService` key). + You need to define additional configuration in `matrix_appservice_irc_configuration_extension_yaml` or to override `matrix_appservice_irc_configuration`. + when: "matrix_appservice_irc_configuration.ircService|default(none) is none" + diff --git a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 similarity index 72% rename from roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 rename to roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 index 5e5e7cd56..7ee1eaf77 100644 --- a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2 @@ -1,15 +1,19 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Appservice IRC server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_appservice_irc_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_irc_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc + ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -19,8 +23,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ -p 127.0.0.1:9999:9999 \ {% endif %} -v {{ matrix_appservice_irc_base_path }}:/data:z \ + {% for arg in matrix_appservice_irc_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_appservice_irc_docker_image }} \ -c /data/config.yaml -f /data/registration.yaml -p 9999 + ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc Restart=always diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 2a826d2e3..7bdf02210 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -20,12 +20,6 @@ matrix_synapse_container_expose_client_api_port: false # that would be on another port (tcp/8448) controlled by `matrix_synapse_tls_federation_listener_enabled`. matrix_synapse_container_expose_federation_api_port: false -# Controls whether the Appservice IRC container exposes the Client/Server API port (tcp/9999). -matrix_appservice_irc_container_expose_client_server_api_port: false - -# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005). -matrix_appservice_discord_container_expose_client_server_api_port: false - # Controls whether the matrix-synapse container exposes the metrics port (tcp/9100). matrix_synapse_container_expose_metrics_port: false @@ -244,430 +238,6 @@ matrix_s3_media_store_region: "eu-central-1" # Controls whether the self-check feature should validate SSL certificates. matrix_synapse_self_check_validate_certificates: true -# Matrix Appservice IRC is a Matrix <-> IRC bridge -# Enable IRC bridge -matrix_appservice_irc_enabled: false - -matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest" - -matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc" - -matrix_appservice_irc_configuration_yaml: | - #jinja2: lstrip_blocks: True - homeserver: - url: "https://{{ matrix_server_fqn_matrix }}" - domain: "{{ matrix_domain }}" - enablePresence: true - -matrix_appservice_irc_configuration_extension_yaml: | - # Your custom YAML configuration for Appservice IRC servers goes here. - # This configuration extends the default starting configuration (`matrix_appservice_irc_configuration_yaml`). - # - # You can override individual variables from the default configuration, or introduce new ones. - # - # If you need something more special, you can take full control by - # completely redefining `matrix_appservice_irc_configuration_yaml`. - # - # Example configuration extension follows: - # - # ircService: - # databaseUri: "nedb:///data" # does not typically need modification - # passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification - # matrixHandler: - # eventCacheSize: 4096 - # servers: - # # The address of the server to connect to. - # irc.example.com: - # # A human-readable short name. This is used to label IRC status rooms - # # where matrix users control their connections. - # # E.g. 'ExampleNet IRC Bridge status'. - # # It is also used in the Third Party Lookup API as the instance `desc` - # # property, where each server is an instance. - # name: "ExampleNet" - # - # additionalAddresses: [ "irc2.example.com" ] - # # - # # [DEPRECATED] Use `name`, above, instead. - # # A human-readable description string - # # description: "Example.com IRC network" - # - # # An ID for uniquely identifying this server amongst other servers being bridged. - # # networkId: "example" - # - # # URL to an icon used as the network icon whenever this network appear in - # # a network list. (Like in the riot room directory, for instance.) - # # icon: https://example.com/images/hash.png - # - # # The port to connect to. Optional. - # port: 6697 - # # Whether to use SSL or not. Default: false. - # ssl: true - # # Whether or not IRC server is using a self-signed cert or not providing CA Chain - # sslselfsign: false - # # Should the connection attempt to identify via SASL (if a server or user password is given) - # # If false, this will use PASS instead. If SASL fails, we do not fallback to PASS. - # sasl: false - # # Whether to allow expired certs when connecting to the IRC server. - # # Usually this should be off. Default: false. - # allowExpiredCerts: false - # # A specific CA to trust instead of the default CAs. Optional. - # #ca: | - # # -----BEGIN CERTIFICATE----- - # # ... - # # -----END CERTIFICATE----- - # - # # - # # The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional. - # # password: 'pa$$w0rd' - # # - # # Whether or not to send connection/error notices to real Matrix users. Default: true. - # sendConnectionMessages: true - # - # quitDebounce: - # # Whether parts due to net-splits are debounced for delayMs, to allow - # # time for the netsplit to resolve itself. A netsplit is detected as being - # # a QUIT rate higher than quitsPerSecond. Default: false. - # enabled: false - # # The maximum number of quits per second acceptable above which a netsplit is - # # considered ongoing. Default: 5. - # quitsPerSecond: 5 - # # The time window in which to wait before bridging a QUIT to Matrix that occurred during - # # a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS - # # is not sent many requests to leave rooms all at once if a netsplit occurs and many - # # people to not rejoin. - # # If the user with the same IRC nick as the one who sent the quit rejoins a channel - # # they are considered back online and the quit is not bridged, so long as the rejoin - # # occurs before the randomly-jittered timeout is not reached. - # # Default: 3600000, = 1h - # delayMinMs: 3600000 # 1h - # # Default: 7200000, = 2h - # delayMaxMs: 7200000 # 2h - # - # # A map for conversion of IRC user modes to Matrix power levels. This enables bridging - # # of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has - # # been given multiple modes, the one that maps to the highest power level will be used. - # modePowerMap: - # o: 50 - # - # botConfig: - # # Enable the presence of the bot in IRC channels. The bot serves as the entity - # # which maps from IRC -> Matrix. You can disable the bot entirely which - # # means IRC -> Matrix chat will be shared by active "M-Nick" connections - # # in the room. If there are no users in the room (or if there are users - # # but their connections are not on IRC) then nothing will be bridged to - # # Matrix. If you're concerned about the bot being treated as a "logger" - # # entity, then you may want to disable the bot. If you want IRC->Matrix - # # but don't want to have TCP connections to IRC unless a Matrix user speaks - # # (because your client connection limit is low), then you may want to keep - # # the bot enabled. Default: true. - # # NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned - # # on, else there will be no users and no bot in a channel (meaning no - # # messages to Matrix!) until a Matrix user speaks which makes a client - # # join the target IRC channel. - # # NBB: The bridge bot IRC client will still join the target IRC network so - # # it can service bridge-specific queries from the IRC-side e.g. so - # # real IRC clients have a way to change their Matrix display name. - # # See https://github.com/matrix-org/matrix-appservice-irc/issues/55 - # enabled: true - # # The nickname to give the AS bot. - # nick: "MatrixBot" - # # The password to give to NickServ or IRC Server for this nick. Optional. - # # password: "helloworld" - # # - # # Join channels even if there are no Matrix users on the other side of - # # the bridge. Set to false to prevent the bot from joining channels which have no - # # real matrix users in them, even if there is a mapping for the channel. - # # Default: true - # joinChannelsIfNoUsers: true - # - # # Configuration for PMs / private 1:1 communications between users. - # privateMessages: - # # Enable the ability for PMs to be sent to/from IRC/Matrix. - # # Default: true. - # enabled: true - # # Prevent Matrix users from sending PMs to the following IRC nicks. - # # Optional. Default: []. - # # exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED - # - # # Should created Matrix PM rooms be federated? If false, only users on the - # # HS attached to this AS will be able to interact with this room. - # # Optional. Default: true. - # federate: true - # - # # Configuration for mappings not explicitly listed in the 'mappings' - # # section. - # dynamicChannels: - # # Enable the ability for Matrix users to join *any* channel on this IRC - # # network. - # # Default: false. - # enabled: true - # # Should the AS create a room alias for the new Matrix room? The form of - # # the alias can be modified via 'aliasTemplate'. Default: true. - # createAlias: true - # # Should the AS publish the new Matrix room to the public room list so - # # anyone can see it? Default: true. - # published: true - # # What should the join_rule be for the new Matrix room? If 'public', - # # anyone can join the room. If 'invite', only users with an invite can - # # join the room. Note that if an IRC channel has +k or +i set on it, - # # join_rules will be set to 'invite' until these modes are removed. - # # Default: "public". - # joinRule: public - # # This will set the m.room.related_groups state event in newly created rooms - # # with the given groupId. This means flares will show up on IRC users in those rooms. - # # This should be set to the same thing as namespaces.users.group_id in irc_registration. - # # This does not alter existing rooms. - # # Leaving this option empty will not set the event. - # groupId: +myircnetwork:localhost - # # Should created Matrix rooms be federated? If false, only users on the - # # HS attached to this AS will be able to interact with this room. - # # Default: true. - # federate: true - # # The room alias template to apply when creating new aliases. This only - # # applies if createAlias is 'true'. The following variables are exposed: - # # $SERVER => The IRC server address (e.g. "irc.example.com") - # # $CHANNEL => The IRC channel (e.g. "#python") - # # This MUST have $CHANNEL somewhere in it. - # # Default: '#irc_$SERVER_$CHANNEL' - # aliasTemplate: "#irc_$CHANNEL" - # # A list of user IDs which the AS bot will send invites to in response - # # to a !join. Only applies if joinRule is 'invite'. Default: [] - # # whitelist: - # # - "@foo:example.com" - # # - "@bar:example.com" - # # - # # Prevent the given list of channels from being mapped under any - # # circumstances. - # # exclude: ["#foo", "#bar"] - # - # # Configuration for controlling how Matrix and IRC membership lists are - # # synced. - # membershipLists: - # # Enable the syncing of membership lists between IRC and Matrix. This - # # can have a significant effect on performance on startup as the lists are - # # synced. This must be enabled for anything else in this section to take - # # effect. Default: false. - # enabled: false - # - # # Syncing membership lists at startup can result in hundreds of members to - # # process all at once. This timer drip feeds membership entries at the - # # specified rate. Default: 10000. (10s) - # floodDelayMs: 10000 - # - # global: - # ircToMatrix: - # # Get a snapshot of all real IRC users on a channel (via NAMES) and - # # join their virtual matrix clients to the room. - # initial: false - # # Make virtual matrix clients join and leave rooms as their real IRC - # # counterparts join/part channels. Default: false. - # incremental: false - # - # matrixToIrc: - # # Get a snapshot of all real Matrix users in the room and join all of - # # them to the mapped IRC channel on startup. Default: false. - # initial: false - # # Make virtual IRC clients join and leave channels as their real Matrix - # # counterparts join/leave rooms. Make sure your 'maxClients' value is - # # high enough! Default: false. - # incremental: false - # - # # Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect. - # rooms: - # - room: "!fuasirouddJoxtwfge:localhost" - # matrixToIrc: - # initial: false - # incremental: false - # - # # Apply specific rules to IRC channels. Only IRC-to-matrix takes effect. - # channels: - # - channel: "#foo" - # ircToMatrix: - # initial: false - # incremental: false - # - # mappings: - # # 1:many mappings from IRC channels to room IDs on this IRC server. - # # The matrix room must already exist. Your matrix client should expose - # # the room ID in a "settings" page for the room. - # "#thepub": ["!kieouiJuedJoxtVdaG:localhost"] - # - # # Configuration for virtual matrix users. The following variables are - # # exposed: - # # $NICK => The IRC nick - # # $SERVER => The IRC server address (e.g. "irc.example.com") - # matrixClients: - # # The user ID template to use when creating virtual matrix users. This - # # MUST have $NICK somewhere in it. - # # Optional. Default: "@$SERVER_$NICK". - # # Example: "@irc.example.com_Alice:example.com" - # userTemplate: "@irc_$NICK" - # # The display name to use for created matrix clients. This should have - # # $NICK somewhere in it if it is specified. Can also use $SERVER to - # # insert the IRC domain. - # # Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)" - # displayName: "$NICK (IRC)" - # # Number of tries a client can attempt to join a room before the request - # # is discarded. You can also use -1 to never retry or 0 to never give up. - # # Optional. Default: -1 - # joinAttempts: -1 - # - # # Configuration for virtual IRC users. The following variables are exposed: - # # $LOCALPART => The user ID localpart ("alice" in @alice:localhost) - # # $USERID => The user ID - # # $DISPLAY => The display name of this user, with excluded characters - # # (e.g. space) removed. If the user has no display name, this - # # falls back to $LOCALPART. - # ircClients: - # # The template to apply to every IRC client nick. This MUST have either - # # $DISPLAY or $USERID or $LOCALPART somewhere in it. - # # Optional. Default: "M-$DISPLAY". Example: "M-Alice". - # nickTemplate: "$DISPLAY[m]" - # # True to allow virtual IRC clients to change their nick on this server - # # by issuing !nick commands to the IRC AS bot. - # # This is completely freeform: it will NOT follow the nickTemplate. - # allowNickChanges: true - # # The max number of IRC clients that will connect. If the limit is - # # reached, the client that spoke the longest time ago will be - # # disconnected and replaced. - # # Optional. Default: 30. - # maxClients: 30 - # # IPv6 configuration. - # ipv6: - # # Optional. Set to true to force IPv6 for outgoing connections. - # only: false - # # Optional. The IPv6 prefix to use for generating unique addresses for each - # # connected user. If not specified, all users will connect from the same - # # (default) address. This may require additional OS-specific work to allow - # # for the node process to bind to multiple different source addresses - # # e.g IP_FREEBIND on Linux, which requires an LD_PRELOAD with the library - # # https://github.com/matrix-org/freebindfree as Node does not expose setsockopt. - # # prefix: "2001:0db8:85a3::" # modify appropriately - # # - # # The maximum amount of time in seconds that the client can exist - # # without sending another message before being disconnected. Use 0 to - # # not apply an idle timeout. This value is ignored if this IRC server is - # # mirroring matrix membership lists to IRC. Default: 172800 (48 hours) - # idleTimeout: 10800 - # # The number of millseconds to wait between consecutive reconnections if a - # # client gets disconnected. Setting to 0 will cause the scheduling to be - # # disabled, i.e. it will be scheduled immediately (with jitter. - # # Otherwise, the scheduling interval will be used such that one client - # # reconnect for this server will be handled every reconnectIntervalMs ms using - # # a FIFO queue. - # # Default: 5000 (5 seconds) - # reconnectIntervalMs: 5000 - # # The number of concurrent reconnects if a user has been disconnected unexpectedly - # # (e.g. a netsplit). You should set this to a reasonably high number so that - # # bridges are not waiting an eternity to reconnect all its clients if - # # we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs - # # setting above which is for connecting on restart of the bridge. Set to 0 to - # # immediately try to reconnect all users. - # # Default: 50 - # concurrentReconnectLimit: 50 - # # The number of lines to allow being sent by the IRC client that has received - # # a large block of text to send from matrix. If the number of lines that would - # # be sent is > lineLimit, the text will instead be uploaded to matrix and the - # # resulting URI is treated as a file. As such, a link will be sent to the IRC - # # side instead of potentially spamming IRC and getting the IRC client kicked. - # # Default: 3. - # lineLimit: 3 - # # A list of user modes to set on every IRC client. For example, "RiG" would set - # # +R, +i and +G on every IRC connection when they have successfully connected. - # # User modes vary wildly depending on the IRC network you're connecting to, - # # so check before setting this value. Some modes may not work as intended - # # through the bridge e.g. caller ID as there is no way to /ACCEPT. - # # Default: "" (no user modes) - # # userModes: "R" - # - # # Configuration for an ident server. If you are running a public bridge it is - # # advised you setup an ident server so IRC mods can ban specific matrix users - # # rather than the application service itself. - # ident: - # # True to listen for Ident requests and respond with the - # # matrix user's user_id (converted to ASCII, respecting RFC 1413). - # # Default: false. - # enabled: false - # # The port to listen on for incoming ident requests. - # # Ports below 1024 require root to listen on, and you may not want this to - # # run as root. Instead, you can get something like an Apache to yank up - # # incoming requests to 113 to a high numbered port. Set the port to listen - # # on instead of 113 here. - # # Default: 113. - # port: 1113 - # # The address to listen on for incoming ident requests. - # # Default: 0.0.0.0 - # address: "::" - # - # # Configuration for logging. Optional. Default: console debug level logging - # # only. - # logging: - # # Level to log on console/logfile. One of error|warn|info|debug - # level: "debug" - # # The file location to log to. This is relative to the project directory. - # logfile: "debug.log" - # # The file location to log errors to. This is relative to the project - # # directory. - # errfile: "errors.log" - # # Whether to log to the console or not. - # toConsole: true - # # The max number of files to keep. Files will be overwritten eventually due - # # to rotations. - # maxFiles: 5 - # - # # Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`: - # # $ npm install prom-client@6.3.0 - # # Metrics will then be available via GET /metrics on the bridge listening port (-p). - # metrics: - # # Whether to actually enable the metric endpoint. Default: false - # enabled: true - # # When collecting remote user active times, which "buckets" should be used. Defaults are given below. - # # The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks). - # remoteUserAgeBuckets: - # - "1h" - # - "1d" - # - "1w" - # - # # Configuration options for the debug HTTP API. To access this API, you must - # # append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests. - # # - # # The debug API exposes the following endpoints: - # # - # # GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID. - # # - # # POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection. - # # Format: new line delimited commands as per IRC protocol. - # # - # debugApi: - # # True to enable the HTTP API endpoint. Default: false. - # enabled: false - # # The port to host the HTTP API. - # port: 11100 - # - # # Configuration for the provisioning API. - # # - # # GET /_matrix/provision/link - # # GET /_matrix/provision/unlink - # # GET /_matrix/provision/listlinks - # # - # provisioning: - # # True to enable the provisioning HTTP endpoint. Default: false. - # enabled: false - # # The number of seconds to wait before giving up on getting a response from - # # an IRC channel operator. If the channel operator does not respond within the - # # allotted time period, the provisioning request will fail. - # # Default: 300 seconds (5 mins) - # requestTimeoutSeconds: 300 - # - # # WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot - # # send a password hash. As a result, passwords (NOT hashes) are stored encrypted in - # # the database. - # # - -matrix_appservice_irc_configuration_extension: "{{ matrix_appservice_irc_configuration_extension_yaml|from_yaml if matrix_appservice_irc_configuration_extension_yaml|from_yaml else {} }}" - -matrix_appservice_irc_configuration: "{{ matrix_appservice_irc_configuration_yaml|from_yaml|combine(matrix_appservice_irc_configuration_extension, recursive=True) }}" - # Matrix Appservice Discord is a Matrix <-> Discord bridge # Enable Discord bridge @@ -680,6 +250,9 @@ matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-dis matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID" matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" +# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005). +matrix_appservice_discord_container_expose_client_server_api_port: false + matrix_appservice_discord_configuration_yaml: | bridge: domain: "{{ matrix_domain }}" diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml index f6b1e0dd4..ac3fd5baa 100644 --- a/roles/matrix-synapse/tasks/ext/init.yml +++ b/roles/matrix-synapse/tasks/ext/init.yml @@ -1,5 +1,3 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 7de0744e2..33b8dfc4b 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -6,6 +6,4 @@ - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" -- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml" - - import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml" diff --git a/setup.yml b/setup.yml index c342bd2c6..973a062f5 100755 --- a/setup.yml +++ b/setup.yml @@ -8,6 +8,7 @@ - matrix-mailer - matrix-postgres - matrix-corporal + - matrix-bridge-appservice-irc - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-telegram - matrix-bridge-mautrix-whatsapp From 6db10ed6f31bea11c40cadf80db9f77069807b75 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:09:42 +0900 Subject: [PATCH 18/39] Upgrade riot-web (1.1.1 -> 1.1.2) --- roles/matrix-riot-web/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-riot-web/defaults/main.yml b/roles/matrix-riot-web/defaults/main.yml index 629f4649e..7208d1b3a 100644 --- a/roles/matrix-riot-web/defaults/main.yml +++ b/roles/matrix-riot-web/defaults/main.yml @@ -1,6 +1,6 @@ matrix_riot_web_enabled: true -matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.1" +matrix_riot_web_docker_image: "bubuntux/riot-web:v1.1.2" matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web" From cf3117011bdf0170bdbbcb892ac2949fa7e4e5f2 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:20:43 +0900 Subject: [PATCH 19/39] Upgrade Synapse (0.99.3.2 -> 0.99.4) --- roles/matrix-synapse/defaults/main.yml | 2 +- .../templates/synapse/homeserver.yaml.j2 | 66 ++++++++++++++++++- 2 files changed, 64 insertions(+), 4 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e6b702192..5ae62767a 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -1,4 +1,4 @@ -matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2" +matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.4" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 0755fb406..1c889671c 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -60,6 +60,20 @@ public_baseurl: https://{{ matrix_server_fqn_matrix }}/ # use_presence: {{ matrix_synapse_use_presence|to_json }} +# Whether to require authentication to retrieve profile data (avatars, +# display names) of other users through the client API. Defaults to +# 'false'. Note that profile data is also available via the federation +# API, so this setting is of limited value if federation is enabled on +# the server. +# +#require_auth_for_profile_requests: true + +# If set to 'true', requires authentication to access the server's +# public rooms directory through the client API, and forbids any other +# homeserver to fetch it via federation. Defaults to 'false'. +# +#restrict_public_rooms_to_local_users: true + # The GC threshold parameters to pass to `gc.set_threshold`, if defined # #gc_thresholds: [700, 10, 10] @@ -131,8 +145,8 @@ federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_js # # Valid resource names are: # -# client: the client-server API (/_matrix/client). Also implies 'media' and -# 'static'. +# client: the client-server API (/_matrix/client), and the synapse admin +# API (/_synapse/admin). Also implies 'media' and 'static'. # # consent: user consent forms (/_matrix/consent). See # docs/consent_tracking.md. @@ -241,6 +255,11 @@ listeners: # - medium: 'email' # address: 'reserved_user@example.com' +# Whether to require a user to be in the room to add an alias to it. +# Defaults to 'true'. +# +#require_membership_for_aliases: false + ## TLS ## @@ -262,6 +281,40 @@ tls_certificate_path: {{ matrix_synapse_tls_certificate_path|to_json }} # tls_private_key_path: {{ matrix_synapse_tls_private_key_path|to_json }} +# Whether to verify TLS certificates when sending federation traffic. +# +# This currently defaults to `false`, however this will change in +# Synapse 1.0 when valid federation certificates will be required. +# +#federation_verify_certificates: true + +# Skip federation certificate verification on the following whitelist +# of domains. +# +# This setting should only be used in very specific cases, such as +# federation over Tor hidden services and similar. For private networks +# of homeservers, you likely want to use a private CA instead. +# +# Only effective if federation_verify_certicates is `true`. +# +#federation_certificate_verification_whitelist: +# - lon.example.com +# - *.domain.com +# - *.onion + +# List of custom certificate authorities for federation traffic. +# +# This setting should only normally be used within a private network of +# homeservers. +# +# Note that this list will replace those that are provided by your +# operating environment. Certificates must be in PEM format. +# +#federation_custom_ca_list: +# - myCA1.pem +# - myCA2.pem +# - myCA3.pem + # ACME support: This will configure Synapse to request a valid TLS certificate # for your configured `server_name` via Let's Encrypt. # @@ -691,6 +744,10 @@ registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json # - medium: msisdn # pattern: '\+44' +# Enable 3PIDs lookup requests to identity servers from this server. +# +#enable_3pid_lookup: true + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # @@ -914,7 +971,7 @@ password_config: -# Enable sending emails for notification events +# Enable sending emails for notification events or expiry notices # Defining a custom URL for Riot is only needed if email notifications # should contain links to a self-hosted installation of Riot; when set # the "app_name" setting is ignored. @@ -932,6 +989,9 @@ email: app_name: Matrix notif_template_html: notif_mail.html notif_template_text: notif_mail.txt + # Templates for account expiry notices. + expiry_template_html: notice_expiry.html + expiry_template_text: notice_expiry.txt notif_for_new_users: True riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }} {% endif %} From ae7c8d15240c537cf571fb060bd8e2ff6757e302 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 16 May 2019 09:41:45 +0900 Subject: [PATCH 20/39] Use SyslogIdentifier to improve logging Reasoning is the same as for matrix-org/synapse#5023. For us, the journal used to contain `docker` for all services, which is not very helpful when looking at them all together (`journalctl -f`). --- .../templates/systemd/matrix-corporal.service.j2 | 3 +++ .../matrix-coturn/templates/systemd/matrix-coturn.service.j2 | 1 + .../templates/systemd/matrix-dimension.service.j2 | 3 +++ .../matrix-mailer/templates/systemd/matrix-mailer.service.j2 | 3 +++ roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 | 1 + .../templates/systemd/matrix-nginx-proxy.service.j2 | 1 + .../templates/systemd/matrix-postgres.service.j2 | 3 +++ .../templates/systemd/matrix-riot-web.service.j2 | 3 +++ .../systemd/matrix-appservice-discord.service.j2 | 5 +++-- .../appservice-irc/systemd/matrix-appservice-irc.service.j2 | 3 +++ .../systemd/matrix-mautrix-facebook.service.j2 | 3 +++ .../systemd/matrix-mautrix-telegram.service.j2 | 3 +++ .../systemd/matrix-mautrix-whatsapp.service.j2 | 3 +++ .../templates/goofys/systemd/matrix-goofys.service.j2 | 3 +++ .../templates/synapse/systemd/matrix-synapse.service.j2 | 1 + 15 files changed, 37 insertions(+), 2 deletions(-) diff --git a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 index 74de96809..4979166e0 100644 --- a/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 +++ b/roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2 @@ -10,6 +10,7 @@ After={{ service }} Type=simple ExecStartPre=-/usr/bin/docker kill matrix-corporal ExecStartPre=-/usr/bin/docker rm matrix-corporal + ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -28,10 +29,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \ {% endfor %} {{ matrix_corporal_docker_image }} \ /matrix-corporal -config=/etc/matrix-corporal/config.json + ExecStop=-/usr/bin/docker kill matrix-corporal ExecStop=-/usr/bin/docker rm matrix-corporal Restart=always RestartSec=30 +SyslogIdentifier=matrix-corporal [Install] WantedBy=multi-user.target diff --git a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 index e288c0e51..aebaa197c 100644 --- a/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 +++ b/roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2 @@ -43,6 +43,7 @@ ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1 Restart=always RestartSec=30 +SyslogIdentifier=matrix-coturn [Install] WantedBy=multi-user.target diff --git a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 index bd04be185..a95e1ca04 100644 --- a/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 +++ b/roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-dimension ExecStartPre=-/usr/bin/docker rm matrix-dimension + ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ --log-driver=none \ --user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \ @@ -24,10 +25,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \ {{ arg }} \ {% endfor %} {{ matrix_dimension_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-dimension ExecStop=-/usr/bin/docker rm matrix-dimension Restart=always RestartSec=30 +SyslogIdentifier=matrix-dimension [Install] WantedBy=multi-user.target diff --git a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 index 9b07f6c7f..f71c065b6 100644 --- a/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 +++ b/roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-mailer ExecStartPre=-/usr/bin/docker rm matrix-mailer + ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ --log-driver=none \ --user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \ @@ -21,10 +22,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \ {{ arg }} \ {% endfor %} {{ matrix_mailer_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-mailer ExecStop=-/usr/bin/docker rm matrix-mailer Restart=always RestartSec=30 +SyslogIdentifier=matrix-mailer [Install] WantedBy=multi-user.target diff --git a/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 index d30ba718e..892e565c5 100644 --- a/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 +++ b/roles/matrix-mxisd/templates/systemd/matrix-mxisd.service.j2 @@ -37,6 +37,7 @@ ExecStop=-/usr/bin/docker kill matrix-mxisd ExecStop=-/usr/bin/docker rm matrix-mxisd Restart=always RestartSec=30 +SyslogIdentifier=matrix-mxisd [Install] WantedBy=multi-user.target diff --git a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 index 1a154c0da..6d30322a5 100644 --- a/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 +++ b/roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2 @@ -44,6 +44,7 @@ ExecStop=-/usr/bin/docker rm matrix-nginx-proxy ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload Restart=always RestartSec=30 +SyslogIdentifier=matrix-nginx-proxy [Install] WantedBy=multi-user.target diff --git a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 index 2d1c9118e..52fefa8cf 100644 --- a/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 +++ b/roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker stop matrix-postgres ExecStartPre=-/usr/bin/docker rm matrix-postgres + ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -23,10 +24,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \ {{ arg }} \ {% endfor %} {{ matrix_postgres_docker_image_to_use }} + ExecStop=-/usr/bin/docker stop matrix-postgres ExecStop=-/usr/bin/docker rm matrix-postgres Restart=always RestartSec=30 +SyslogIdentifier=matrix-postgres [Install] WantedBy=multi-user.target diff --git a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 index 63a6c7a6e..59bcf340e 100644 --- a/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 +++ b/roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2 @@ -10,6 +10,7 @@ After={{ service }} Type=simple ExecStartPre=-/usr/bin/docker kill matrix-riot-web ExecStartPre=-/usr/bin/docker rm matrix-riot-web + ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -31,10 +32,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \ {{ arg }} \ {% endfor %} {{ matrix_riot_web_docker_image }} + ExecStop=-/usr/bin/docker kill matrix-riot-web ExecStop=-/usr/bin/docker rm matrix-riot-web Restart=always RestartSec=30 +SyslogIdentifier=matrix-riot-web [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 index d34385abc..934491325 100644 --- a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord + ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -20,12 +21,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ {% endif %} -v {{ matrix_appservice_discord_base_path }}:/data \ {{ matrix_appservice_discord_docker_image }} - - + ExecStop=-/usr/bin/docker kill matrix-appservice-discord ExecStop=-/usr/bin/docker rm matrix-appservice-discord Restart=always RestartSec=30 +SyslogIdentifier=matrix-appservice-discord [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 b/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 index 5e5e7cd56..897a0fe6f 100644 --- a/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 +++ b/roles/matrix-synapse/templates/ext/appservice-irc/systemd/matrix-appservice-irc.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc + ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -21,10 +22,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \ -v {{ matrix_appservice_irc_base_path }}:/data:z \ {{ matrix_appservice_irc_docker_image }} \ -c /data/config.yaml -f /data/registration.yaml -p 9999 + ExecStop=-/usr/bin/docker kill matrix-appservice-irc ExecStop=-/usr/bin/docker rm matrix-appservice-irc Restart=always RestartSec=30 +SyslogIdentifier=matrix-appservice-irc [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 index ec5ffadb7..5d16b2a42 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2 @@ -17,6 +17,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -25,10 +26,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \ -v {{ matrix_mautrix_facebook_base_path }}:/data:z \ {{ matrix_mautrix_facebook_docker_image }} \ python3 -m mautrix_facebook -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-facebook [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 index 8b162f8cd..6cd9743ff 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2 @@ -17,6 +17,7 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \ -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ alembic -x config=/data/config.yaml upgrade head + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -28,10 +29,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \ -v {{ matrix_mautrix_telegram_base_path }}:/data:z \ {{ matrix_mautrix_telegram_docker_image }} \ python3 -m mautrix_telegram -c /data/config.yaml + ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-telegram [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 index d05f73e25..6003e8682 100644 --- a/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 +++ b/roles/matrix-synapse/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2 @@ -10,6 +10,7 @@ After=matrix-synapse.service Type=simple ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp + ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -19,10 +20,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \ --workdir=/data \ {{ matrix_mautrix_whatsapp_docker_image }} \ /usr/bin/mautrix-whatsapp + ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp Restart=always RestartSec=30 +SyslogIdentifier=matrix-mautrix-whatsapp [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 index 0ed1220ea..d2cc0b87d 100644 --- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 +++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2 @@ -8,6 +8,7 @@ Requires=docker.service Type=simple ExecStartPre=-/usr/bin/docker kill %n ExecStartPre=-/usr/bin/docker rm %n + ExecStart=/usr/bin/docker run --rm --name %n \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ @@ -22,6 +23,7 @@ ExecStart=/usr/bin/docker run --rm --name %n \ --entrypoint /bin/sh \ {{ matrix_s3_goofys_docker_image }} \ -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' + TimeoutStartSec=5min ExecStop=-/usr/bin/docker stop %n ExecStop=-/usr/bin/docker kill %n @@ -29,6 +31,7 @@ ExecStop=-/usr/bin/docker rm %n ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }} Restart=always RestartSec=5 +SyslogIdentifier=matrix-goofys [Install] WantedBy=multi-user.target diff --git a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 index 987e657e6..f0ea3d061 100644 --- a/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 +++ b/roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2 @@ -58,6 +58,7 @@ ExecStop=-/usr/bin/docker rm matrix-synapse ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1 Restart=always RestartSec=30 +SyslogIdentifier=matrix-synapse [Install] WantedBy=multi-user.target From 663d1add926f5507522e2d34a31851df3b524a28 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 18 May 2019 01:14:12 +0900 Subject: [PATCH 21/39] Move matrix-appservice-discord into a separate role --- .../defaults/main.yml | 131 ++++++++++++++++++ .../tasks}/init.yml | 0 .../tasks/main.yml | 21 +++ .../tasks/setup-install.yml} | 43 +++--- .../tasks/setup-uninstall.yml | 6 + .../tasks/validate_config.yml | 10 ++ .../matrix-appservice-discord.service.j2 | 14 +- roles/matrix-synapse/defaults/main.yml | 123 ---------------- roles/matrix-synapse/tasks/ext/init.yml | 3 - roles/matrix-synapse/tasks/ext/setup.yml | 2 - roles/matrix-synapse/tasks/init.yml | 2 - setup.yml | 1 + 12 files changed, 196 insertions(+), 160 deletions(-) create mode 100644 roles/matrix-bridge-appservice-discord/defaults/main.yml rename roles/{matrix-synapse/tasks/ext/appservice-discord => matrix-bridge-appservice-discord/tasks}/init.yml (100%) create mode 100644 roles/matrix-bridge-appservice-discord/tasks/main.yml rename roles/{matrix-synapse/tasks/ext/appservice-discord/setup.yml => matrix-bridge-appservice-discord/tasks/setup-install.yml} (68%) create mode 100644 roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml create mode 100644 roles/matrix-bridge-appservice-discord/tasks/validate_config.yml rename roles/{matrix-synapse/templates/ext/appservice-discord => matrix-bridge-appservice-discord/templates}/systemd/matrix-appservice-discord.service.j2 (71%) delete mode 100644 roles/matrix-synapse/tasks/ext/init.yml diff --git a/roles/matrix-bridge-appservice-discord/defaults/main.yml b/roles/matrix-bridge-appservice-discord/defaults/main.yml new file mode 100644 index 000000000..d94067745 --- /dev/null +++ b/roles/matrix-bridge-appservice-discord/defaults/main.yml @@ -0,0 +1,131 @@ +# matrix-appservice-discord is a Matrix <-> Discord bridge +# See: https://github.com/Half-Shot/matrix-appservice-discord + +matrix_appservice_discord_enabled: true + +matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest" + +matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" + +# Get your own keys at https://discordapp.com/developers/applications/me/create +matrix_appservice_discord_client_id: '' +matrix_appservice_discord_bot_token: '' + +# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005). +matrix_appservice_discord_container_expose_client_server_api_port: false + +# A list of extra arguments to pass to the container +matrix_appservice_discord_container_extra_arguments: [] + +# List of systemd services that matrix-appservice-discord.service depends on. +matrix_appservice_discord_systemd_required_services_list: ['docker.service'] + +# List of systemd services that matrix-appservice-discord.service wants +matrix_appservice_discord_systemd_wanted_services_list: [] + +matrix_appservice_discord_configuration_yaml: | + bridge: + domain: "{{ matrix_domain }}" + homeserverUrl: "{{ matrix_homeserver_url }}" + auth: + clientID: "{{matrix_appservice_discord_client_id}}" + botToken: "{{matrix_appservice_discord_bot_token}}" + database: + filename: "/data/discord.db" + userStorePath: "/data/user-store.db" + roomStorePath: "/data/room-store.db" + +matrix_appservice_discord_configuration_extension_yaml: | + # This is a sample of the config file showing all avaliable options. + # Where possible we have documented what they do, and all values are the + # default values. + # + #bridge: + # # Domain part of the bridge, e.g. matrix.org + # domain: "localhost" + # # This should be your publically facing URL because Discord may use it to + # # fetch media from the media store. + # homeserverUrl: "http://localhost:8008" + # # Interval at which to process users in the 'presence queue'. If you have + # # 5 users, one user will be processed every 500 milliseconds according to the + # # value below. This has a minimum value of 250. + # # WARNING: This has a high chance of spamming the homeserver with presence + # # updates since it will send one each time somebody changes state or is online. + # presenceInterval: 500 + # # Disable setting presence for 'ghost users' which means Discord users on Matrix + # # will not be shown as away or online. + # disablePresence: false + # # Disable sending typing notifications when somebody on Discord types. + # disableTypingNotifications: false + # # Disable deleting messages on Discord if a message is redacted on Matrix. + # disableDeletionForwarding: false + # # Enable users to bridge rooms using !discord commands. See + # # https://t2bot.io/discord for instructions. + # enableSelfServiceBridging: false + # # Disable sending of read receipts for Matrix events which have been + # # successfully bridged to Discord. + # disableReadReceipts: false + # Authentication configuration for the discord bot. + #auth: + # clientID: "12345" + # botToken: "foobar" + #logging: + # # What level should the logger output to the console at. + # console: "warn" #silly, verbose, info, http, warn, error, silent + # lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format + # files: + # - file: "debug.log" + # disable: + # - "PresenceHandler" # Will not capture presence logging + # - file: "warn.log" # Will capture warnings + # level: "warn" + # - file: "botlogs.log" # Will capture logs from DiscordBot + # level: "info" + # enable: + # - "DiscordBot" + #database: + # userStorePath: "user-store.db" + # roomStorePath: "room-store.db" + # # You may either use SQLite or Postgresql for the bridge database, which contains + # # important mappings for events and user puppeting configurations. + # # Use the filename option for SQLite, or connString for Postgresql. + # # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite + # # WARNING: You will almost certainly be fine with sqlite unless your bridge + # # is in heavy demand and you suffer from IO slowness. + # filename: "discord.db" + # # connString: "postgresql://user:password@localhost/database_name" + #room: + # # Set the default visibility of alias rooms, defaults to "public". + # # One of: "public", "private" + # defaultVisibility: "public" + #channel: + # # Pattern of the name given to bridged rooms. + # # Can use :guild for the guild name and :name for the channel name. + # namePattern: "[Discord] :guild :name" + # # Changes made to rooms when a channel is deleted. + # deleteOptions: + # # Prefix the room name with a string. + # #namePrefix: "[Deleted]" + # # Prefix the room topic with a string. + # #topicPrefix: "This room has been deleted" + # # Disable people from talking in the room by raising the event PL to 50 + # disableMessaging: false + # # Remove the discord alias from the room. + # unsetRoomAlias: true + # # Remove the room from the directory. + # unlistFromDirectory: true + # # Set the room to be unavaliable for joining without an invite. + # setInviteOnly: true + # # Make all the discord users leave the room. + # ghostsLeave: true + #limits: + # # Delay in milliseconds between discord users joining a room. + # roomGhostJoinDelay: 6000 + # # Delay in milliseconds before sending messages to discord to avoid echos. + # # (Copies of a sent message may arrive from discord before we've + # # fininished handling it, causing us to echo it back to the room) + # discordSendDelay: 750 + +matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml else {} }}" + +matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" diff --git a/roles/matrix-synapse/tasks/ext/appservice-discord/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/appservice-discord/init.yml rename to roles/matrix-bridge-appservice-discord/tasks/init.yml diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml new file mode 100644 index 000000000..06e641106 --- /dev/null +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -0,0 +1,21 @@ +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup and matrix_appservice_discord_enabled" + tags: + - setup-all + - setup-appservice-discord + +- import_tasks: "{{ role_path }}/tasks/setup-install.yml" + when: "run_setup and matrix_appservice_discord_enabled" + tags: + - setup-all + - setup-appservice-discord + +- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" + when: "run_setup and not matrix_appservice_discord_enabled" + tags: + - setup-all + - setup-appservice-discord diff --git a/roles/matrix-synapse/tasks/ext/appservice-discord/setup.yml b/roles/matrix-bridge-appservice-discord/tasks/setup-install.yml similarity index 68% rename from roles/matrix-synapse/tasks/ext/appservice-discord/setup.yml rename to roles/matrix-bridge-appservice-discord/tasks/setup-install.yml index 9589477a9..cbeb27b56 100644 --- a/roles/matrix-synapse/tasks/ext/appservice-discord/setup.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup-install.yml @@ -1,17 +1,24 @@ --- + +# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. +# We don't want to fail in such cases. +- name: Fail if matrix-synapse role already executed + fail: + msg: >- + The matrix-bridge-appservice-discord role needs to execute before the matrix-synapse role. + when: "matrix_synapse_role_executed|default(False)" + - name: Ensure Appservice Discord image is pulled docker_image: name: "{{ matrix_appservice_discord_docker_image }}" - when: "matrix_appservice_discord_enabled" -- name: Ensure Appservice Discord configuration path exists +- name: Ensure Appservice Discord base directory exists file: path: "{{ matrix_appservice_discord_base_path }}" state: directory mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_appservice_discord_enabled" - name: Ensure Matrix Appservice Discord config installed copy: @@ -20,26 +27,23 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_appservice_discord_enabled" - name: Ensure matrix-appservice-discord.service installed template: - src: "{{ role_path }}/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2" + src: "{{ role_path }}/templates/systemd/matrix-appservice-discord.service.j2" dest: "/etc/systemd/system/matrix-appservice-discord.service" mode: 0644 register: matrix_appservice_discord_systemd_service_result - when: "matrix_appservice_discord_enabled" - name: Ensure systemd reloaded after matrix-appservice-discord.service installation service: daemon_reload: yes - when: "matrix_appservice_discord_enabled and matrix_appservice_discord_systemd_service_result.changed" + when: "matrix_appservice_discord_systemd_service_result.changed" - name: Check if a matrix-appservice-discord registration file exists stat: path: "{{ matrix_appservice_discord_base_path }}/discord-registration.yaml" register: appservice_discord_registration_file - when: "matrix_appservice_discord_enabled" - name: Generate matrix-appservice-discord discord-registration.yaml if it doesn't exist shell: >- @@ -54,17 +58,15 @@ -c /data/config.yaml -f /data/discord-registration.yaml -l discord_bot - when: "matrix_appservice_discord_enabled and not appservice_discord_registration_file.stat.exists" + when: "not appservice_discord_registration_file.stat.exists" - set_fact: matrix_synapse_app_service_config_file_appservice_discord: '{{ matrix_appservice_discord_base_path }}/discord-registration.yml' - when: "matrix_appservice_discord_enabled" - name: Check if a matrix-appservice-discord invite_link file exists stat: path: "{{ matrix_appservice_discord_base_path }}/invite_link" register: appservice_discord_link_generated - when: "matrix_appservice_discord_enabled" - name: Generate your discord invite link shell: >- @@ -75,28 +77,17 @@ -w /data {{ matrix_appservice_discord_docker_image }} /bin/sh -c "node .././build/tools/addbot.js > invite_link" - when: "matrix_appservice_discord_enabled and not appservice_discord_link_generated.stat.exists" + when: "not appservice_discord_link_generated.stat.exists" +# If the matrix-synapse role is not used, these variables may not exist. - set_fact: matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} + {{ matrix_synapse_container_additional_volumes|default([]) }} + {{ [{'src': '{{ matrix_appservice_discord_base_path }}/discord-registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_appservice_discord }}', 'options': 'ro'}] }} - when: "matrix_appservice_discord_enabled" -- set_fact: matrix_synapse_app_service_config_files: > - {{ matrix_synapse_app_service_config_files }} + {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json }} - when: "matrix_appservice_discord_enabled" -# -# Tasks related to getting rid of matrix-appservice-discord (if it was previously enabled) -# - -- name: Ensure matrix-appservice-discord.service doesn't exist - file: - path: "/etc/systemd/system/matrix-appservice-discord.service" - state: absent - when: "not matrix_appservice_discord_enabled" diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml new file mode 100644 index 000000000..35df8e514 --- /dev/null +++ b/roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-appservice-discord.service doesn't exist + file: + path: "/etc/systemd/system/matrix-appservice-discord.service" + state: absent diff --git a/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml new file mode 100644 index 000000000..0afe9a0d6 --- /dev/null +++ b/roles/matrix-bridge-appservice-discord/tasks/validate_config.yml @@ -0,0 +1,10 @@ +--- + +- name: Fail if required settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_appservice_discord_client_id" + - "matrix_appservice_discord_bot_token" diff --git a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 similarity index 71% rename from roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 rename to roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 index 934491325..627c7ed6e 100644 --- a/roles/matrix-synapse/templates/ext/appservice-discord/systemd/matrix-appservice-discord.service.j2 +++ b/roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2 @@ -1,10 +1,13 @@ #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix Appservice Discord server -After=docker.service -Requires=docker.service -Requires=matrix-synapse.service -After=matrix-synapse.service +{% for service in matrix_appservice_discord_systemd_required_services_list %} +Requires={{ service }} +After={{ service }} +{% endfor %} +{% for service in matrix_appservice_discord_systemd_wanted_services_list %} +Wants={{ service }} +{% endfor %} [Service] Type=simple @@ -20,6 +23,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \ -p 127.0.0.1:9005:9005 \ {% endif %} -v {{ matrix_appservice_discord_base_path }}:/data \ + {% for arg in matrix_appservice_discord_container_extra_arguments %} + {{ arg }} \ + {% endfor %} {{ matrix_appservice_discord_docker_image }} ExecStop=-/usr/bin/docker kill matrix-appservice-discord diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 21a02a0cc..806a879d5 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -238,129 +238,6 @@ matrix_s3_media_store_region: "eu-central-1" # Controls whether the self-check feature should validate SSL certificates. matrix_synapse_self_check_validate_certificates: true - -# Matrix Appservice Discord is a Matrix <-> Discord bridge -# Enable Discord bridge -matrix_appservice_discord_enabled: false - -matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest" - -matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord" - -matrix_appservice_discord_client_id: "YOUR DISCORD APP CLIENT ID" -matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN" - -# Controls whether the Appservice Discord container exposes the Client/Server API port (tcp/9005). -matrix_appservice_discord_container_expose_client_server_api_port: false - -matrix_appservice_discord_configuration_yaml: | - bridge: - domain: "{{ matrix_domain }}" - homeserverUrl: "{{ matrix_homeserver_url }}" - auth: - clientID: "{{matrix_appservice_discord_client_id}}" - botToken: "{{matrix_appservice_discord_bot_token}}" - database: - filename: "/data/discord.db" - userStorePath: "/data/user-store.db" - roomStorePath: "/data/room-store.db" - -matrix_appservice_discord_configuration_extension_yaml: | - # This is a sample of the config file showing all avaliable options. - # Where possible we have documented what they do, and all values are the - # default values. - # - #bridge: - # # Domain part of the bridge, e.g. matrix.org - # domain: "localhost" - # # This should be your publically facing URL because Discord may use it to - # # fetch media from the media store. - # homeserverUrl: "http://localhost:8008" - # # Interval at which to process users in the 'presence queue'. If you have - # # 5 users, one user will be processed every 500 milliseconds according to the - # # value below. This has a minimum value of 250. - # # WARNING: This has a high chance of spamming the homeserver with presence - # # updates since it will send one each time somebody changes state or is online. - # presenceInterval: 500 - # # Disable setting presence for 'ghost users' which means Discord users on Matrix - # # will not be shown as away or online. - # disablePresence: false - # # Disable sending typing notifications when somebody on Discord types. - # disableTypingNotifications: false - # # Disable deleting messages on Discord if a message is redacted on Matrix. - # disableDeletionForwarding: false - # # Enable users to bridge rooms using !discord commands. See - # # https://t2bot.io/discord for instructions. - # enableSelfServiceBridging: false - # # Disable sending of read receipts for Matrix events which have been - # # successfully bridged to Discord. - # disableReadReceipts: false - # Authentication configuration for the discord bot. - #auth: - # clientID: "12345" - # botToken: "foobar" - #logging: - # # What level should the logger output to the console at. - # console: "warn" #silly, verbose, info, http, warn, error, silent - # lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format - # files: - # - file: "debug.log" - # disable: - # - "PresenceHandler" # Will not capture presence logging - # - file: "warn.log" # Will capture warnings - # level: "warn" - # - file: "botlogs.log" # Will capture logs from DiscordBot - # level: "info" - # enable: - # - "DiscordBot" - #database: - # userStorePath: "user-store.db" - # roomStorePath: "room-store.db" - # # You may either use SQLite or Postgresql for the bridge database, which contains - # # important mappings for events and user puppeting configurations. - # # Use the filename option for SQLite, or connString for Postgresql. - # # If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite - # # WARNING: You will almost certainly be fine with sqlite unless your bridge - # # is in heavy demand and you suffer from IO slowness. - # filename: "discord.db" - # # connString: "postgresql://user:password@localhost/database_name" - #room: - # # Set the default visibility of alias rooms, defaults to "public". - # # One of: "public", "private" - # defaultVisibility: "public" - #channel: - # # Pattern of the name given to bridged rooms. - # # Can use :guild for the guild name and :name for the channel name. - # namePattern: "[Discord] :guild :name" - # # Changes made to rooms when a channel is deleted. - # deleteOptions: - # # Prefix the room name with a string. - # #namePrefix: "[Deleted]" - # # Prefix the room topic with a string. - # #topicPrefix: "This room has been deleted" - # # Disable people from talking in the room by raising the event PL to 50 - # disableMessaging: false - # # Remove the discord alias from the room. - # unsetRoomAlias: true - # # Remove the room from the directory. - # unlistFromDirectory: true - # # Set the room to be unavaliable for joining without an invite. - # setInviteOnly: true - # # Make all the discord users leave the room. - # ghostsLeave: true - #limits: - # # Delay in milliseconds between discord users joining a room. - # roomGhostJoinDelay: 6000 - # # Delay in milliseconds before sending messages to discord to avoid echos. - # # (Copies of a sent message may arrive from discord before we've - # # fininished handling it, causing us to echo it back to the room) - # discordSendDelay: 750 - -matrix_appservice_discord_configuration_extension: "{{ matrix_appservice_discord_configuration_extension_yaml|from_yaml if matrix_appservice_discord_configuration_extension_yaml|from_yaml else {} }}" - -matrix_appservice_discord_configuration: "{{ matrix_appservice_discord_configuration_yaml|from_yaml|combine(matrix_appservice_discord_configuration_extension, recursive=True) }}" - - # Controls whether searching the public room list is enabled. matrix_enable_room_list_search: true diff --git a/roles/matrix-synapse/tasks/ext/init.yml b/roles/matrix-synapse/tasks/ext/init.yml deleted file mode 100644 index ac3fd5baa..000000000 --- a/roles/matrix-synapse/tasks/ext/init.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml" diff --git a/roles/matrix-synapse/tasks/ext/setup.yml b/roles/matrix-synapse/tasks/ext/setup.yml index 33b8dfc4b..b3ee9eb65 100644 --- a/roles/matrix-synapse/tasks/ext/setup.yml +++ b/roles/matrix-synapse/tasks/ext/setup.yml @@ -5,5 +5,3 @@ - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml" - import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml" - -- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml" diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index ede7105de..753f32238 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -4,5 +4,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}" when: matrix_s3_media_store_enabled - -- import_tasks: "{{ role_path }}/tasks/ext/init.yml" \ No newline at end of file diff --git a/setup.yml b/setup.yml index 973a062f5..ecb211e30 100755 --- a/setup.yml +++ b/setup.yml @@ -8,6 +8,7 @@ - matrix-mailer - matrix-postgres - matrix-corporal + - matrix-bridge-appservice-discord - matrix-bridge-appservice-irc - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-telegram From e3b4622ac838db4a023400c09bb409dc676fe9b6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 18 May 2019 06:36:54 +0900 Subject: [PATCH 22/39] Split Synapse extension tasks into install/uninstall files --- .../tasks/ext/rest-auth/setup-install.yml | 30 ++++++++++++ .../tasks/ext/rest-auth/setup-uninstall.yml | 6 +++ .../tasks/ext/rest-auth/setup.yml | 49 ++----------------- .../ext/shared-secret-auth/setup-install.yml | 30 ++++++++++++ .../shared-secret-auth/setup-uninstall.yml | 6 +++ .../tasks/ext/shared-secret-auth/setup.yml | 49 ++----------------- 6 files changed, 80 insertions(+), 90 deletions(-) create mode 100644 roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml create mode 100644 roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml create mode 100644 roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml create mode 100644 roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml new file mode 100644 index 000000000..05429ca31 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml @@ -0,0 +1,30 @@ +--- + +- name: Fail if REST Auth endpoint not configured + fail: + msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation." + when: "matrix_synapse_ext_password_provider_rest_auth_endpoint == ''" + +- name: Download matrix-synapse-rest-auth + get_url: + url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- set_fact: + matrix_synapse_password_providers_enabled: true + +- set_fact: + matrix_synapse_container_additional_volumes: > + {{ matrix_synapse_container_additional_volumes }} + + + {{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }} + +- set_fact: + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml new file mode 100644 index 000000000..be8ad600b --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-synapse-rest-auth doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" + state: absent diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml index 9cdb5a2dd..5e546e9fb 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml @@ -1,48 +1,7 @@ --- -# -# Tasks related to setting up matrix-synapse-rest-auth -# +- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup-install.yml" + when: matrix_synapse_ext_password_provider_rest_auth_enabled -- name: Fail if REST Auth enabled, but endpoint not configured - fail: - msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation." - when: "matrix_synapse_ext_password_provider_rest_auth_enabled and matrix_synapse_ext_password_provider_rest_auth_endpoint == ''" - -- name: Download matrix-synapse-rest-auth - get_url: - url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}" - dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" - force: true - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - when: "matrix_synapse_ext_password_provider_rest_auth_enabled" - -- set_fact: - matrix_synapse_password_providers_enabled: true - when: "matrix_synapse_ext_password_provider_rest_auth_enabled" - -- set_fact: - matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} - + - {{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }} - when: "matrix_synapse_ext_password_provider_rest_auth_enabled" - -- set_fact: - matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }} - when: "matrix_synapse_ext_password_provider_rest_auth_enabled" - -# -# Tasks related to getting rid of matrix-synapse-rest-auth (if it was previously enabled) -# - -- name: Ensure matrix-synapse-rest-auth doesn't exist - file: - path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py" - state: absent - when: "not matrix_synapse_ext_password_provider_rest_auth_enabled" \ No newline at end of file +- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup-uninstall.yml" + when: "not matrix_synapse_ext_password_provider_rest_auth_enabled" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml new file mode 100644 index 000000000..128cba3c7 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml @@ -0,0 +1,30 @@ +--- + +- name: Fail if Shared Secret Auth secret not set + fail: + msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" + when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" + +- name: Download matrix-synapse-shared-secret-auth + get_url: + url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" + dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" + force: true + mode: 0440 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_username }}" + +- set_fact: + matrix_synapse_password_providers_enabled: true + +- set_fact: + matrix_synapse_container_additional_volumes: > + {{ matrix_synapse_container_additional_volumes }} + + + {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }} + +- set_fact: + matrix_synapse_additional_loggers: > + {{ matrix_synapse_additional_loggers }} + + + {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml new file mode 100644 index 000000000..e564909e7 --- /dev/null +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml @@ -0,0 +1,6 @@ +--- + +- name: Ensure matrix-synapse-shared-secret-auth doesn't exist + file: + path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" + state: absent diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml index 34680adda..a541ab15b 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml @@ -1,48 +1,7 @@ --- -# -# Tasks related to setting up matrix-synapse-shared-secret-auth -# +- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup-install.yml" + when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled -- name: Fail if Shared Secret Auth enabled, but no secret set - fail: - msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret" - when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled and matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''" - -- name: Download matrix-synapse-shared-secret-auth - get_url: - url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}" - dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" - force: true - mode: 0440 - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_username }}" - when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" - -- set_fact: - matrix_synapse_password_providers_enabled: true - when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" - -- set_fact: - matrix_synapse_container_additional_volumes: > - {{ matrix_synapse_container_additional_volumes }} - + - {{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }} - when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" - -- set_fact: - matrix_synapse_additional_loggers: > - {{ matrix_synapse_additional_loggers }} - + - {{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }} - when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled" - -# -# Tasks related to getting rid of matrix-synapse-shared-secret-auth (if it was previously enabled) -# - -- name: Ensure matrix-synapse-shared-secret-auth doesn't exist - file: - path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py" - state: absent - when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled" \ No newline at end of file +- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup-uninstall.yml" + when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled" From a4bcd7ce8f9186dcc9e6768ebdd879a03913e701 Mon Sep 17 00:00:00 2001 From: Stuart Mumford Date: Mon, 20 May 2019 16:59:58 +0100 Subject: [PATCH 23/39] Add a variable to control the stop tasks --- roles/matrix-base/defaults/main.yml | 1 + roles/matrix-common-after/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/matrix-base/defaults/main.yml b/roles/matrix-base/defaults/main.yml index ab38084b8..544d8b0c1 100644 --- a/roles/matrix-base/defaults/main.yml +++ b/roles/matrix-base/defaults/main.yml @@ -47,6 +47,7 @@ run_setup: true run_import_postgres: true run_upgrade_postgres: true run_start: true +run_stop: true run_register_user: true run_update_user_password: true run_import_sqlite_db: true diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index ea829fee5..4581024ea 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -4,5 +4,6 @@ - start - import_tasks: "{{ role_path }}/tasks/stop.yml" + when: run_stop tags: - stop From 8d654aecdd8aac1ab45585ab6242c89f1d600ca6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 09:57:48 +0900 Subject: [PATCH 24/39] Improve file naming consistency --- roles/matrix-bridge-appservice-discord/tasks/main.yml | 4 ++-- .../tasks/{setup-install.yml => setup_install.yml} | 0 .../tasks/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-bridge-appservice-irc/tasks/main.yml | 4 ++-- .../tasks/{setup-install.yml => setup_install.yml} | 0 .../tasks/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-bridge-mautrix-facebook/tasks/main.yml | 4 ++-- .../tasks/{setup-install.yml => setup_install.yml} | 0 .../tasks/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-bridge-mautrix-telegram/tasks/main.yml | 4 ++-- .../tasks/{setup-install.yml => setup_install.yml} | 0 .../tasks/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml | 4 ++-- .../tasks/{setup-install.yml => setup_install.yml} | 0 .../tasks/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-synapse/tasks/ext/rest-auth/setup.yml | 4 ++-- .../ext/rest-auth/{setup-install.yml => setup_install.yml} | 0 .../rest-auth/{setup-uninstall.yml => setup_uninstall.yml} | 0 roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml | 4 ++-- .../{setup-install.yml => setup_install.yml} | 0 .../{setup-uninstall.yml => setup_uninstall.yml} | 0 21 files changed, 14 insertions(+), 14 deletions(-) rename roles/matrix-bridge-appservice-discord/tasks/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-bridge-appservice-discord/tasks/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-bridge-appservice-irc/tasks/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-bridge-appservice-irc/tasks/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-bridge-mautrix-facebook/tasks/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-bridge-mautrix-facebook/tasks/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-bridge-mautrix-telegram/tasks/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-bridge-mautrix-telegram/tasks/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-bridge-mautrix-whatsapp/tasks/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-bridge-mautrix-whatsapp/tasks/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-synapse/tasks/ext/rest-auth/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-synapse/tasks/ext/rest-auth/{setup-uninstall.yml => setup_uninstall.yml} (100%) rename roles/matrix-synapse/tasks/ext/shared-secret-auth/{setup-install.yml => setup_install.yml} (100%) rename roles/matrix-synapse/tasks/ext/shared-secret-auth/{setup-uninstall.yml => setup_uninstall.yml} (100%) diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index 06e641106..61dfc73b3 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -8,13 +8,13 @@ - setup-all - setup-appservice-discord -- import_tasks: "{{ role_path }}/tasks/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_appservice_discord_enabled" tags: - setup-all - setup-appservice-discord -- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_appservice_discord_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup-install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-appservice-discord/tasks/setup-install.yml rename to roles/matrix-bridge-appservice-discord/tasks/setup_install.yml diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-appservice-discord/tasks/setup-uninstall.yml rename to roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index 9866fce41..a0aa679e6 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -8,13 +8,13 @@ - setup-all - setup-appservice-irc -- import_tasks: "{{ role_path }}/tasks/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_appservice_irc_enabled" tags: - setup-all - setup-appservice-irc -- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_appservice_irc_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup-install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-appservice-irc/tasks/setup-install.yml rename to roles/matrix-bridge-appservice-irc/tasks/setup_install.yml diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-appservice-irc/tasks/setup-uninstall.yml rename to roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index b53c6b0bd..f86fadbef 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -8,13 +8,13 @@ - setup-all - setup-mautrix-facebook -- import_tasks: "{{ role_path }}/tasks/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_mautrix_facebook_enabled" tags: - setup-all - setup-mautrix-facebook -- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_mautrix_facebook_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup-install.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mautrix-facebook/tasks/setup-uninstall.yml rename to roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index c16c03f54..e304aedf3 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -8,13 +8,13 @@ - setup-all - setup-mautrix-telegram -- import_tasks: "{{ role_path }}/tasks/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_mautrix_telegram_enabled" tags: - setup-all - setup-mautrix-telegram -- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_mautrix_telegram_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup-install.yml rename to roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mautrix-telegram/tasks/setup-uninstall.yml rename to roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml index 1f40d8c04..f74eca0ab 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/main.yml @@ -2,13 +2,13 @@ tags: - always -- import_tasks: "{{ role_path }}/tasks/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/setup_install.yml" when: "run_setup and matrix_mautrix_whatsapp_enabled" tags: - setup-all - setup-mautrix-whatsapp -- import_tasks: "{{ role_path }}/tasks/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" when: "run_setup and not matrix_mautrix_whatsapp_enabled" tags: - setup-all diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup-install.yml rename to roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml similarity index 100% rename from roles/matrix-bridge-mautrix-whatsapp/tasks/setup-uninstall.yml rename to roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml index 5e546e9fb..31efa5f29 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" when: matrix_synapse_ext_password_provider_rest_auth_enabled -- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" when: "not matrix_synapse_ext_password_provider_rest_auth_enabled" diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup-install.yml rename to roles/matrix-synapse/tasks/ext/rest-auth/setup_install.yml diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/rest-auth/setup-uninstall.yml rename to roles/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml index a541ab15b..ac4434107 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml @@ -1,7 +1,7 @@ --- -- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup-install.yml" +- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled -- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup-uninstall.yml" +- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-install.yml rename to roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml similarity index 100% rename from roles/matrix-synapse/tasks/ext/shared-secret-auth/setup-uninstall.yml rename to roles/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml From fc7ba153b17a7b15f17ada93c8d493b3b72fe92d Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 10:46:49 +0900 Subject: [PATCH 25/39] Make matrix-synapse role respect matrix_synapse_enabled flag --- roles/matrix-synapse/tasks/goofys/setup.yml | 7 ++ .../tasks/goofys/setup_install.yml | 38 ++++++++ .../tasks/goofys/setup_uninstall.yml | 33 +++++++ roles/matrix-synapse/tasks/init.yml | 1 + roles/matrix-synapse/tasks/main.yml | 2 +- .../tasks/self_check_client_api.yml | 4 +- .../tasks/self_check_federation_api.yml | 7 +- ...etup_synapse_pre.yml => setup_synapse.yml} | 9 +- .../tasks/setup_synapse_entrypoint.yml | 9 -- .../tasks/setup_synapse_goofys.yml | 87 ------------------- roles/matrix-synapse/tasks/synapse/setup.yml | 7 ++ .../setup_install.yml} | 0 .../tasks/synapse/setup_uninstall.yml | 28 ++++++ .../matrix-synapse/tasks/validate_config.yml | 2 +- 14 files changed, 131 insertions(+), 103 deletions(-) create mode 100644 roles/matrix-synapse/tasks/goofys/setup.yml create mode 100644 roles/matrix-synapse/tasks/goofys/setup_install.yml create mode 100644 roles/matrix-synapse/tasks/goofys/setup_uninstall.yml rename roles/matrix-synapse/tasks/{setup_synapse_pre.yml => setup_synapse.yml} (66%) delete mode 100644 roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml delete mode 100644 roles/matrix-synapse/tasks/setup_synapse_goofys.yml create mode 100644 roles/matrix-synapse/tasks/synapse/setup.yml rename roles/matrix-synapse/tasks/{setup_synapse_main.yml => synapse/setup_install.yml} (100%) create mode 100644 roles/matrix-synapse/tasks/synapse/setup_uninstall.yml diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/matrix-synapse/tasks/goofys/setup.yml new file mode 100644 index 000000000..56a792f01 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" + when: matrix_s3_media_store_enabled + +- import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" + when: "not matrix_s3_media_store_enabled" diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml new file mode 100644 index 000000000..86d228b00 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -0,0 +1,38 @@ +- name: Ensure Goofys Docker image is pulled + docker_image: + name: "{{ matrix_s3_goofys_docker_image }}" + +# This will throw a Permission Denied error if already mounted +- name: Check Matrix Goofys external storage mountpoint path + stat: + path: "{{ matrix_synapse_media_store_path }}" + register: local_path_matrix_synapse_media_store_path_stat + ignore_errors: yes + +- name: Ensure Matrix Goofys external storage mountpoint exists + file: + path: "{{ matrix_synapse_media_store_path }}" + state: directory + mode: 0750 + owner: "{{ matrix_user_uid }}" + group: "{{ matrix_user_gid }}" + when: "not local_path_matrix_synapse_media_store_path_stat.failed and not local_path_matrix_synapse_media_store_path_stat.stat.exists" + +- name: Ensure goofys environment variables file created + template: + src: "{{ role_path }}/templates/goofys/env-goofys.j2" + dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" + owner: root + mode: 0600 + +- name: Ensure matrix-goofys.service installed + template: + src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" + dest: "/etc/systemd/system/matrix-goofys.service" + mode: 0644 + register: matrix_goofys_systemd_service_result + +- name: Ensure systemd reloaded after matrix-goofys.service installation + service: + daemon_reload: yes + when: "matrix_goofys_systemd_service_result.changed" diff --git a/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml new file mode 100644 index 000000000..076f9a375 --- /dev/null +++ b/roles/matrix-synapse/tasks/goofys/setup_uninstall.yml @@ -0,0 +1,33 @@ +- name: Check existence of matrix-goofys service + stat: + path: "/etc/systemd/system/matrix-goofys.service" + register: matrix_goofys_service_stat + +- name: Ensure matrix-goofys is stopped + service: + name: matrix-goofys + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure matrix-goofys.service doesn't exist + file: + path: "/etc/systemd/system/matrix-goofys.service" + state: absent + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-goofys.service removal + service: + daemon_reload: yes + when: "matrix_goofys_service_stat.stat.exists" + +- name: Ensure goofys environment variables file doesn't exist + file: + path: "{{ matrix_synapse_config_dir_path }}/env-goofys" + state: absent + +- name: Ensure Goofys Docker image doesn't exist + docker_image: + name: "{{ matrix_s3_goofys_docker_image }}" + state: absent diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index 753f32238..d8ff42a15 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,5 +1,6 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse'] }}" + when: matrix_synapse_enabled - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}" diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 8404ccf16..f51b2416d 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -8,7 +8,7 @@ - setup-all - setup-synapse -- import_tasks: "{{ role_path }}/tasks/setup_synapse_entrypoint.yml" +- import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" when: run_setup tags: - setup-all diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 888ff2109..2fdc3e066 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,12 +7,14 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true + when: matrix_synapse_enabled - name: Fail if Matrix Client API not working fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" - when: "result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api" + when: "matrix_synapse_enabled and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" - name: Report working Matrix Client API debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" + when: matrix_synapse_enabled diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index db3070f72..034d91aee 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,18 +7,19 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true + when: matrix_synapse_enabled - name: Fail if Matrix Federation API not working fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" - when: "matrix_synapse_federation_enabled and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" + when: "matrix_synapse_enabled and matrix_synapse_federation_enabled and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." - when: "matrix_synapse_federation_enabled == false and not result_matrix_synapse_federation_api.failed" + when: "matrix_synapse_enabled and not matrix_synapse_federation_enabled and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" - when: "matrix_synapse_federation_enabled" + when: "matrix_synapse_enabled and matrix_synapse_federation_enabled" diff --git a/roles/matrix-synapse/tasks/setup_synapse_pre.yml b/roles/matrix-synapse/tasks/setup_synapse.yml similarity index 66% rename from roles/matrix-synapse/tasks/setup_synapse_pre.yml rename to roles/matrix-synapse/tasks/setup_synapse.yml index f95c3eb2a..754ab1d9c 100644 --- a/roles/matrix-synapse/tasks/setup_synapse_pre.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -15,6 +15,13 @@ - "{{ matrix_synapse_config_dir_path }}" - "{{ matrix_synapse_run_path }}" - "{{ matrix_synapse_ext_path }}" - # We handle matrix_synapse_media_store_path elsewhere (in setup_synapse_main.yml), + # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. + when: "matrix_synapse_enabled or matrix_s3_media_store_enabled" + +- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/synapse/setup.yml" + +- import_tasks: "{{ role_path }}/tasks/goofys/setup.yml" diff --git a/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml b/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml deleted file mode 100644 index 46639cddb..000000000 --- a/roles/matrix-synapse/tasks/setup_synapse_entrypoint.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_pre.yml" - -- import_tasks: "{{ role_path }}/tasks/ext/setup.yml" - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_main.yml" - -- import_tasks: "{{ role_path }}/tasks/setup_synapse_goofys.yml" diff --git a/roles/matrix-synapse/tasks/setup_synapse_goofys.yml b/roles/matrix-synapse/tasks/setup_synapse_goofys.yml deleted file mode 100644 index 7cb1d5135..000000000 --- a/roles/matrix-synapse/tasks/setup_synapse_goofys.yml +++ /dev/null @@ -1,87 +0,0 @@ -# -# Tasks related to setting up Goofys -# - -- name: Ensure Goofys Docker image is pulled - docker_image: - name: "{{ matrix_s3_goofys_docker_image }}" - when: matrix_s3_media_store_enabled - -# This will throw a Permission Denied error if already mounted -- name: Check Matrix Goofys external storage mountpoint path - stat: - path: "{{ matrix_synapse_media_store_path }}" - register: local_path_matrix_synapse_media_store_path_stat - ignore_errors: yes - when: matrix_s3_media_store_enabled - -- name: Ensure Matrix Goofys external storage mountpoint exists - file: - path: "{{ matrix_synapse_media_store_path }}" - state: directory - mode: 0750 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" - when: "matrix_s3_media_store_enabled and not local_path_matrix_synapse_media_store_path_stat.failed and not local_path_matrix_synapse_media_store_path_stat.stat.exists" - -- name: Ensure goofys environment variables file created - template: - src: "{{ role_path }}/templates/goofys/env-goofys.j2" - dest: "{{ matrix_synapse_config_dir_path }}/env-goofys" - owner: root - mode: 0600 - when: matrix_s3_media_store_enabled - -- name: Ensure matrix-goofys.service installed - template: - src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2" - dest: "/etc/systemd/system/matrix-goofys.service" - mode: 0644 - register: matrix_goofys_systemd_service_result - when: matrix_s3_media_store_enabled - -- name: Ensure systemd reloaded after matrix-goofys.service installation - service: - daemon_reload: yes - when: "matrix_s3_media_store_enabled and matrix_goofys_systemd_service_result.changed" - -# -# Tasks related to getting rid of goofys (if it was previously enabled) -# - -- name: Check existence of matrix-goofys service - stat: - path: "/etc/systemd/system/matrix-goofys.service" - register: matrix_goofys_service_stat - when: "not matrix_s3_media_store_enabled" - -- name: Ensure matrix-goofys is stopped - service: - name: matrix-goofys - state: stopped - daemon_reload: yes - register: stopping_result - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure matrix-goofys.service doesn't exist - file: - path: "/etc/systemd/system/matrix-goofys.service" - state: absent - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure systemd reloaded after matrix-goofys.service removal - service: - daemon_reload: yes - when: "not matrix_s3_media_store_enabled and matrix_goofys_service_stat.stat.exists" - -- name: Ensure goofys environment variables file doesn't exist - file: - path: "{{ matrix_synapse_config_dir_path }}/env-goofys" - state: absent - when: "not matrix_s3_media_store_enabled" - -- name: Ensure Goofys Docker image doesn't exist - docker_image: - name: "{{ matrix_s3_goofys_docker_image }}" - state: absent - when: "not matrix_s3_media_store_enabled" diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/matrix-synapse/tasks/synapse/setup.yml new file mode 100644 index 000000000..227369a8e --- /dev/null +++ b/roles/matrix-synapse/tasks/synapse/setup.yml @@ -0,0 +1,7 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" + when: matrix_synapse_enabled + +- import_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" + when: "not matrix_synapse_enabled" diff --git a/roles/matrix-synapse/tasks/setup_synapse_main.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml similarity index 100% rename from roles/matrix-synapse/tasks/setup_synapse_main.yml rename to roles/matrix-synapse/tasks/synapse/setup_install.yml diff --git a/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml new file mode 100644 index 000000000..241c69379 --- /dev/null +++ b/roles/matrix-synapse/tasks/synapse/setup_uninstall.yml @@ -0,0 +1,28 @@ +- name: Check existence of matrix-synapse service + stat: + path: "/etc/systemd/system/matrix-synapse.service" + register: matrix_synapse_service_stat + +- name: Ensure matrix-synapse is stopped + service: + name: matrix-synapse + state: stopped + daemon_reload: yes + register: stopping_result + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure matrix-synapse.service doesn't exist + file: + path: "/etc/systemd/system/matrix-synapse.service" + state: absent + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-synapse.service removal + service: + daemon_reload: yes + when: "matrix_synapse_service_stat.stat.exists" + +- name: Ensure Synapse Docker image doesn't exist + docker_image: + name: "{{ matrix_synapse_docker_image }}" + state: absent diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index 657789675..b02abd295 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -2,7 +2,7 @@ - name: Fail if required Synapse settings not defined fail: - msg: > + msg: >- You need to define a required configuration setting (`{{ item }}`) for using Synapse. when: "vars[item] == ''" with_items: From a21b410c51b4a30c702c6e07cf0e1e7b95a60c30 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 11:04:58 +0900 Subject: [PATCH 26/39] Update README and changelog --- CHANGELOG.md | 22 ++++++++++++++++++++++ README.md | 4 ++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c48d2cb1..096810a71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,25 @@ +# 2019-05-21 + +## Synapse no longer required + +The playbook no longer insists on installing [Synapse](https://github.com/matrix-org/synapse) via the `matrix-synapse` role. + +If you would prefer to install Synapse another way and just use the playbook to install other services, it should be possible (`matrix_synapse_enabled: false`). + +Note that it won't necessarily be the best experience, since the playbook wires things to Synapse by default. +If you're using your own Synapse instance (especially one not running in a container), you may have to override many variables to point them to the correct place. + +Having Synapse not be a required component potentially opens the door for installing alternative Matrix homeservers. + + +## Bridges are now separate from the Synapse role + +Bridges are no longer part of the `matrix-synapse` role. +Each bridge now lives in its own separate role (`roles/matrix-bridge-*`). + +These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook). + + # 2019-05-09 Besides a myriad of bug fixes and minor improvements, here are the more notable (bigger) features we can announce today. diff --git a/README.md b/README.md index 840af1d31..3f35081dc 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ That is, it lets you join the Matrix network with your own `@: Date: Tue, 21 May 2019 11:13:52 +0900 Subject: [PATCH 27/39] Make bridges not depend on matrix-synapse.service if not enabled --- group_vars/matrix-servers | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/group_vars/matrix-servers b/group_vars/matrix-servers index 8d23b32a3..9defecaef 100755 --- a/group_vars/matrix-servers +++ b/group_vars/matrix-servers @@ -39,7 +39,12 @@ matrix_appservice_discord_enabled: false # matrix-appservice-discord's client-server port to the local host (`127.0.0.1:9005`). matrix_appservice_discord_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" -matrix_appservice_discord_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] +matrix_appservice_discord_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} ###################################################################### # @@ -62,7 +67,12 @@ matrix_appservice_irc_enabled: false # matrix-appservice-irc's client-server port to the local host (`127.0.0.1:9999`). matrix_appservice_irc_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}" -matrix_appservice_irc_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] +matrix_appservice_irc_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} ###################################################################### # @@ -80,7 +90,12 @@ matrix_appservice_irc_systemd_required_services_list: ['docker.service', 'matrix # We don't enable bridges by default. matrix_mautrix_facebook_enabled: false -matrix_mautrix_facebook_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] +matrix_mautrix_facebook_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} ###################################################################### # @@ -98,7 +113,12 @@ matrix_mautrix_facebook_systemd_required_services_list: ['docker.service', 'matr # We don't enable bridges by default. matrix_mautrix_telegram_enabled: false -matrix_mautrix_telegram_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] +matrix_mautrix_telegram_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'telegram') | to_uuid }}" @@ -118,7 +138,12 @@ matrix_mautrix_telegram_public_endpoint: "/{{ matrix_synapse_macaroon_secret_key # We don't enable bridges by default. matrix_mautrix_whatsapp_enabled: false -matrix_mautrix_whatsapp_systemd_required_services_list: ['docker.service', 'matrix-synapse.service'] +matrix_mautrix_whatsapp_systemd_required_services_list: | + {{ + ['docker.service'] + + + (['matrix-synapse.service'] if matrix_synapse_enabled else []) + }} ###################################################################### # From a1e9818356a9ed6d0ad711861164d88c910ddf21 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 11:25:32 +0900 Subject: [PATCH 28/39] Update comment --- roles/matrix-synapse/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 806a879d5..92772155e 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -158,9 +158,9 @@ matrix_synapse_container_additional_volumes: [] # Contains definition objects like this: `{"name": "..", "level": "DEBUG"} matrix_synapse_additional_loggers: [] -# A list of service config files +# A list of appservice config files (in-container filesystem paths). # This list gets populated dynamically based on Synapse extensions that have been enabled. -# Contains fs paths +# You may wish to use this together with `matrix_synapse_container_additional_volumes`. matrix_synapse_app_service_config_files: [] # This is set dynamically during execution depending on whether From 3250df67658cfd9e8b597b5eee849dbdbab015d8 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 11:27:05 +0900 Subject: [PATCH 29/39] Make bridge uninstallation stop services Fixes #155 (Github Issue) --- .../tasks/setup_uninstall.yml | 18 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 18 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 18 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 18 ++++++++++++++++++ .../tasks/setup_uninstall.yml | 18 ++++++++++++++++++ 5 files changed, 90 insertions(+) diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml index 35df8e514..6790f2035 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_uninstall.yml @@ -1,6 +1,24 @@ --- +- name: Check existence of matrix-appservice-discord service + stat: + path: "/etc/systemd/system/matrix-appservice-discord.service" + register: matrix_appservice_discord_service_stat + +- name: Ensure matrix-appservice-discord is stopped + service: + name: matrix-appservice-discord + state: stopped + daemon_reload: yes + when: "matrix_appservice_discord_service_stat.stat.exists" + - name: Ensure matrix-appservice-discord.service doesn't exist file: path: "/etc/systemd/system/matrix-appservice-discord.service" state: absent + when: "matrix_appservice_discord_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-appservice-discord.service removal + service: + daemon_reload: yes + when: "matrix_appservice_discord_service_stat.stat.exists" diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml index 0b7e6ceb2..ce65d0e6c 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_uninstall.yml @@ -1,6 +1,24 @@ --- +- name: Check existence of matrix-appservice-irc service + stat: + path: "/etc/systemd/system/matrix-appservice-irc.service" + register: matrix_appservice_irc_service_stat + +- name: Ensure matrix-appservice-irc is stopped + service: + name: matrix-appservice-irc + state: stopped + daemon_reload: yes + when: "matrix_appservice_irc_service_stat.stat.exists" + - name: Ensure matrix-appservice-irc.service doesn't exist file: path: "/etc/systemd/system/matrix-appservice-irc.service" state: absent + when: "matrix_appservice_irc_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-appservice-irc.service removal + service: + daemon_reload: yes + when: "matrix_appservice_irc_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml index b403e6ecb..06c9b4992 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_uninstall.yml @@ -1,6 +1,24 @@ --- +- name: Check existence of matrix-mautrix-facebook service + stat: + path: "/etc/systemd/system/matrix-mautrix-facebook.service" + register: matrix_mautrix_facebook_service_stat + +- name: Ensure matrix-mautrix-facebook is stopped + service: + name: matrix-mautrix-facebook + state: stopped + daemon_reload: yes + when: "matrix_mautrix_facebook_service_stat.stat.exists" + - name: Ensure matrix-mautrix-facebook.service doesn't exist file: path: "/etc/systemd/system/matrix-mautrix-facebook.service" state: absent + when: "matrix_mautrix_facebook_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-facebook.service removal + service: + daemon_reload: yes + when: "matrix_mautrix_facebook_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml index 4ee46afc9..190c18401 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_uninstall.yml @@ -1,6 +1,24 @@ --- +- name: Check existence of matrix-mautrix-telegram service + stat: + path: "/etc/systemd/system/matrix-mautrix-telegram.service" + register: matrix_mautrix_telegram_service_stat + +- name: Ensure matrix-mautrix-telegram is stopped + service: + name: matrix-mautrix-telegram + state: stopped + daemon_reload: yes + when: "matrix_mautrix_telegram_service_stat.stat.exists" + - name: Ensure matrix-mautrix-telegram.service doesn't exist file: path: "/etc/systemd/system/matrix-mautrix-telegram.service" state: absent + when: "matrix_mautrix_telegram_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-telegram.service removal + service: + daemon_reload: yes + when: "matrix_mautrix_telegram_service_stat.stat.exists" diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml index 0c5078a2f..7f5e65594 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_uninstall.yml @@ -1,6 +1,24 @@ --- +- name: Check existence of matrix-mautrix-whatsapp service + stat: + path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" + register: matrix_mautrix_whatsapp_service_stat + +- name: Ensure matrix-mautrix-whatsapp is stopped + service: + name: matrix-mautrix-whatsapp + state: stopped + daemon_reload: yes + when: "matrix_mautrix_whatsapp_service_stat.stat.exists" + - name: Ensure matrix-mautrix-whatsapp.service doesn't exist file: path: "/etc/systemd/system/matrix-mautrix-whatsapp.service" state: absent + when: "matrix_mautrix_whatsapp_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-mautrix-whatsapp.service removal + service: + daemon_reload: yes + when: "matrix_mautrix_whatsapp_service_stat.stat.exists" From 5c821b581a5b1f3f784b8a82bb23c34c7882b716 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 11:58:18 +0900 Subject: [PATCH 30/39] Check fullchain.pem, not cert.pem While using certbot means we'll have both files retrieved, it's actually the fullchain.pem file that we use in nginx configuration. Using that one for the check makes more sense. --- .../tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index 946b5731e..dde5a6dae 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -2,7 +2,7 @@ msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}" - set_fact: - domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/cert.pem" + domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem" - name: Check if a certificate for the domain already exists stat: From affb99003c688d059297ba1d1ce959066ac3c598 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 21 May 2019 12:09:38 +0900 Subject: [PATCH 31/39] Improve Synapse variable naming consistency --- CHANGELOG.md | 9 +++++++++ roles/matrix-synapse/defaults/main.yml | 6 +++--- roles/matrix-synapse/tasks/validate_config.yml | 3 +++ .../matrix-synapse/templates/synapse/homeserver.yaml.j2 | 6 +++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 096810a71..6ab43b919 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,15 @@ Each bridge now lives in its own separate role (`roles/matrix-bridge-*`). These bridge roles are independent of the `matrix-synapse` role, so it should be possible to use them with a Synapse instance installed another way (not through the playbook). +## Renaming inconsistently-named Synapse variables + +For better consistency, the following variables have been renamed: + +- `matrix_enable_room_list_search` was renamed to `matrix_synapse_enable_room_list_search` +- `matrix_alias_creation_rules` was renamed to `matrix_synapse_alias_creation_rules` +- `matrix_nginx_proxy_matrix_room_list_publication_rulesdata_path` was renamed to `matrix_synapse_room_list_publication_rules` + + # 2019-05-09 Besides a myriad of bug fixes and minor improvements, here are the more notable (bigger) features we can announce today. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 92772155e..e450d6177 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -239,17 +239,17 @@ matrix_s3_media_store_region: "eu-central-1" matrix_synapse_self_check_validate_certificates: true # Controls whether searching the public room list is enabled. -matrix_enable_room_list_search: true +matrix_synapse_enable_room_list_search: true # Controls who's allowed to create aliases on this server. -matrix_alias_creation_rules: +matrix_synapse_alias_creation_rules: - user_id: "*" alias: "*" room_id: "*" action: allow # Controls who can publish and which rooms can be published in the public room list. -matrix_room_list_publication_rules: +matrix_synapse_room_list_publication_rules: - user_id: "*" alias: "*" room_id: "*" diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index b02abd295..cdc649cc1 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -17,3 +17,6 @@ with_items: - {'old': 'matrix_synapse_container_expose_api_port', 'new': 'matrix_synapse_container_expose_client_api_port'} - {'old': 'matrix_synapse_no_tls', 'new': ''} + - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'} + - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'} + - {'old': 'matrix_room_list_publication_rules', 'new': 'matrix_synapse_room_list_publication_rules'} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 1c889671c..ce2f16774 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1179,7 +1179,7 @@ push: # #enable_room_list_search: false -enable_room_list_search: {{ matrix_enable_room_list_search|to_json }} +enable_room_list_search: {{ matrix_synapse_enable_room_list_search|to_json }} # The `alias_creation` option controls who's allowed to create aliases # on this server. @@ -1209,7 +1209,7 @@ enable_room_list_search: {{ matrix_enable_room_list_search|to_json }} # room_id: "*" # action: allow -alias_creation_rules: {{ matrix_alias_creation_rules|to_json }} +alias_creation_rules: {{ matrix_synapse_alias_creation_rules|to_json }} # The `room_list_publication_rules` option controls who can publish and # which rooms can be published in the public room list. @@ -1240,4 +1240,4 @@ alias_creation_rules: {{ matrix_alias_creation_rules|to_json }} # room_id: "*" # action: allow -room_list_publication_rules: {{ matrix_room_list_publication_rules|to_json }} +room_list_publication_rules: {{ matrix_synapse_room_list_publication_rules|to_json }} From 3982f114af764f8b41df727fc8972ec6b8ac124c Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 21 May 2019 10:25:59 -0500 Subject: [PATCH 32/39] Fix CONDITIONAL_BARE_VARS deprecation warning in ansible 2.8 --- roles/matrix-base/tasks/main.yml | 10 ++--- roles/matrix-base/tasks/self_check_dns.yml | 2 +- roles/matrix-base/tasks/setup_well_known.yml | 4 +- .../tasks/init.yml | 2 +- .../tasks/main.yml | 6 +-- .../tasks/init.yml | 2 +- .../tasks/main.yml | 6 +-- .../tasks/init.yml | 2 +- .../tasks/main.yml | 6 +-- .../tasks/init.yml | 2 +- .../tasks/main.yml | 6 +-- .../tasks/setup_install.yml | 2 +- .../tasks/init.yml | 2 +- roles/matrix-common-after/tasks/main.yml | 4 +- roles/matrix-corporal/tasks/init.yml | 2 +- roles/matrix-corporal/tasks/main.yml | 8 ++-- .../matrix-corporal/tasks/setup_corporal.yml | 22 +++++----- .../matrix-corporal/tasks/validate_config.yml | 2 +- roles/matrix-coturn/tasks/init.yml | 2 +- roles/matrix-coturn/tasks/main.yml | 6 +-- roles/matrix-coturn/tasks/setup_coturn.yml | 30 ++++++------- roles/matrix-dimension/tasks/init.yml | 2 +- roles/matrix-dimension/tasks/main.yml | 6 +-- .../tasks/setup_dimension.yml | 22 +++++----- .../tasks/validate_config.yml | 2 +- roles/matrix-mailer/tasks/init.yml | 2 +- roles/matrix-mailer/tasks/main.yml | 4 +- roles/matrix-mailer/tasks/setup_mailer.yml | 22 +++++----- roles/matrix-mxisd/tasks/init.yml | 2 +- roles/matrix-mxisd/tasks/main.yml | 4 +- roles/matrix-mxisd/tasks/setup_mxisd.yml | 22 +++++----- roles/matrix-nginx-proxy/tasks/init.yml | 2 +- roles/matrix-nginx-proxy/tasks/main.yml | 8 ++-- .../tasks/self_check_well_known.yml | 2 +- .../tasks/setup_nginx_proxy.yml | 44 +++++++++---------- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 4 +- ...tup_ssl_lets_encrypt_obtain_for_domain.yml | 2 +- .../matrix-postgres/tasks/import_postgres.yml | 6 +-- .../tasks/import_sqlite_db.yml | 4 +- roles/matrix-postgres/tasks/init.yml | 2 +- roles/matrix-postgres/tasks/main.yml | 10 ++--- .../matrix-postgres/tasks/setup_postgres.yml | 36 +++++++-------- .../tasks/upgrade_postgres.yml | 4 +- .../util/detect_existing_postgres_version.yml | 6 +-- roles/matrix-riot-web/tasks/init.yml | 2 +- roles/matrix-riot-web/tasks/main.yml | 8 ++-- .../matrix-riot-web/tasks/setup_riot_web.yml | 22 +++++----- .../tasks/ext/ldap-auth/setup.yml | 5 +-- .../tasks/ext/rest-auth/setup.yml | 4 +- .../tasks/ext/shared-secret-auth/setup.yml | 4 +- roles/matrix-synapse/tasks/goofys/setup.yml | 4 +- .../tasks/import_media_store.yml | 6 +-- roles/matrix-synapse/tasks/init.yml | 4 +- roles/matrix-synapse/tasks/main.yml | 14 +++--- roles/matrix-synapse/tasks/register_user.yml | 2 +- .../tasks/self_check_client_api.yml | 6 +-- .../tasks/self_check_federation_api.yml | 8 ++-- roles/matrix-synapse/tasks/setup_synapse.yml | 2 +- roles/matrix-synapse/tasks/synapse/setup.yml | 4 +- .../tasks/synapse/setup_install.yml | 3 +- .../tasks/update_user_password.yml | 6 +-- 61 files changed, 224 insertions(+), 226 deletions(-) diff --git a/roles/matrix-base/tasks/main.yml b/roles/matrix-base/tasks/main.yml index 892cd7d1b..6587d81dd 100644 --- a/roles/matrix-base/tasks/main.yml +++ b/roles/matrix-base/tasks/main.yml @@ -3,22 +3,22 @@ - always - import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - import_tasks: "{{ role_path }}/tasks/setup_server_base.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - import_tasks: "{{ role_path }}/tasks/setup_well_known.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-mxisd @@ -28,6 +28,6 @@ - import_tasks: "{{ role_path }}/tasks/self_check_dns.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check + when: run_self_check|bool tags: - self-check diff --git a/roles/matrix-base/tasks/self_check_dns.yml b/roles/matrix-base/tasks/self_check_dns.yml index 36c146314..ceab00dab 100644 --- a/roles/matrix-base/tasks/self_check_dns.yml +++ b/roles/matrix-base/tasks/self_check_dns.yml @@ -19,7 +19,7 @@ - name: Determine domains that we require certificates for (mxisd) set_fact: dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_mxisd] }}" - when: "matrix_mxisd_enabled" + when: matrix_mxisd_enabled|bool - name: Perform DNS SRV checks include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml" diff --git a/roles/matrix-base/tasks/setup_well_known.yml b/roles/matrix-base/tasks/setup_well_known.yml index 06e626175..36706df47 100644 --- a/roles/matrix-base/tasks/setup_well_known.yml +++ b/roles/matrix-base/tasks/setup_well_known.yml @@ -27,10 +27,10 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: matrix_well_known_matrix_server_enabled + when: matrix_well_known_matrix_server_enabled|bool - name: Ensure Matrix /.well-known/matrix/server file deleted file: path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server" state: absent - when: "not matrix_well_known_matrix_server_enabled" + when: "not matrix_well_known_matrix_server_enabled|bool" diff --git a/roles/matrix-bridge-appservice-discord/tasks/init.yml b/roles/matrix-bridge-appservice-discord/tasks/init.yml index ee6fe1ffa..9d7b1939b 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/init.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-discord'] }}" - when: matrix_appservice_discord_enabled + when: matrix_appservice_discord_enabled|bool diff --git a/roles/matrix-bridge-appservice-discord/tasks/main.yml b/roles/matrix-bridge-appservice-discord/tasks/main.yml index 61dfc73b3..bad5e3203 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/main.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/main.yml @@ -3,19 +3,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_appservice_discord_enabled" + when: "run_setup|bool and matrix_appservice_discord_enabled|bool" tags: - setup-all - setup-appservice-discord - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_appservice_discord_enabled" + when: "run_setup|bool and matrix_appservice_discord_enabled|bool" tags: - setup-all - setup-appservice-discord - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_appservice_discord_enabled" + when: "run_setup|bool and not matrix_appservice_discord_enabled|bool" tags: - setup-all - setup-appservice-discord diff --git a/roles/matrix-bridge-appservice-irc/tasks/init.yml b/roles/matrix-bridge-appservice-irc/tasks/init.yml index e4dd1d984..2bd8c2a71 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/init.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-appservice-irc'] }}" - when: matrix_appservice_irc_enabled + when: matrix_appservice_irc_enabled|bool diff --git a/roles/matrix-bridge-appservice-irc/tasks/main.yml b/roles/matrix-bridge-appservice-irc/tasks/main.yml index a0aa679e6..da92ecf0c 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/main.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/main.yml @@ -3,19 +3,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_appservice_irc_enabled" + when: "run_setup|bool and matrix_appservice_irc_enabled|bool" tags: - setup-all - setup-appservice-irc - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_appservice_irc_enabled" + when: "run_setup|bool and matrix_appservice_irc_enabled|bool" tags: - setup-all - setup-appservice-irc - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_appservice_irc_enabled" + when: "run_setup|bool and not matrix_appservice_irc_enabled|bool" tags: - setup-all - setup-appservice-irc diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml index cafdc4d53..b19c90cd9 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}" - when: "matrix_mautrix_facebook_enabled" + when: matrix_mautrix_facebook_enabled|bool diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml index f86fadbef..54fb6f9df 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/main.yml @@ -3,19 +3,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_mautrix_facebook_enabled" + when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" tags: - setup-all - setup-mautrix-facebook - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_facebook_enabled" + when: "run_setup|bool and matrix_mautrix_facebook_enabled|bool" tags: - setup-all - setup-mautrix-facebook - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_facebook_enabled" + when: "run_setup|bool and not matrix_mautrix_facebook_enabled|bool" tags: - setup-all - setup-mautrix-facebook diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml index f9956d3d5..27a84f1f6 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}" - when: "matrix_mautrix_telegram_enabled" + when: matrix_mautrix_telegram_enabled|bool diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml index e304aedf3..8a218ed8d 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/main.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/main.yml @@ -3,19 +3,19 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_mautrix_telegram_enabled" + when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" tags: - setup-all - setup-mautrix-telegram - import_tasks: "{{ role_path }}/tasks/setup_install.yml" - when: "run_setup and matrix_mautrix_telegram_enabled" + when: "run_setup|bool and matrix_mautrix_telegram_enabled|bool" tags: - setup-all - setup-mautrix-telegram - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" - when: "run_setup and not matrix_mautrix_telegram_enabled" + when: "run_setup|bool and not matrix_mautrix_telegram_enabled|bool" tags: - setup-all - setup-mautrix-telegram diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 920ff54f8..967366cce 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -98,7 +98,7 @@ but it's pointless since the matrix-nginx-proxy role had already executed. To fix this, please change the order of roles in your plabook, so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-telegram role. - when: "matrix_nginx_proxy_role_executed" + when: matrix_nginx_proxy_role_executed|bool - name: Generate Mautrix Telegram proxying configuration for matrix-nginx-proxy set_fact: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml index c1e62d877..4b67e2ba4 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}" - when: "matrix_mautrix_whatsapp_enabled" + when: matrix_mautrix_whatsapp_enabled|bool diff --git a/roles/matrix-common-after/tasks/main.yml b/roles/matrix-common-after/tasks/main.yml index 4581024ea..fb9425537 100644 --- a/roles/matrix-common-after/tasks/main.yml +++ b/roles/matrix-common-after/tasks/main.yml @@ -1,9 +1,9 @@ - import_tasks: "{{ role_path }}/tasks/start.yml" - when: run_start + when: run_start|bool tags: - start - import_tasks: "{{ role_path }}/tasks/stop.yml" - when: run_stop + when: run_stop|bool tags: - stop diff --git a/roles/matrix-corporal/tasks/init.yml b/roles/matrix-corporal/tasks/init.yml index b7e0e3f8e..e20018447 100644 --- a/roles/matrix-corporal/tasks/init.yml +++ b/roles/matrix-corporal/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-corporal'] }}" - when: "matrix_corporal_enabled" + when: matrix_corporal_enabled|bool diff --git a/roles/matrix-corporal/tasks/main.yml b/roles/matrix-corporal/tasks/main.yml index c4d109b85..90c8105c3 100644 --- a/roles/matrix-corporal/tasks/main.yml +++ b/roles/matrix-corporal/tasks/main.yml @@ -3,13 +3,13 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_corporal_enabled" + when: "run_setup|bool and matrix_corporal_enabled|bool" tags: - setup-all - setup-corporal - import_tasks: "{{ role_path }}/tasks/setup_corporal.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-corporal @@ -17,6 +17,6 @@ - import_tasks: "{{ role_path }}/tasks/self_check_corporal.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check and matrix_corporal_enabled" + when: "run_self_check|bool and matrix_corporal_enabled|bool" tags: - - self-check \ No newline at end of file + - self-check diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 816f05c12..1fd2356b7 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -15,19 +15,19 @@ - "{{ matrix_corporal_config_dir_path }}" - "{{ matrix_corporal_cache_dir_path }}" - "{{ matrix_corporal_var_dir_path }}" - when: "matrix_corporal_enabled" + when: matrix_corporal_enabled|bool - name: Ensure Matrix Corporal Docker image is pulled docker_image: name: "{{ matrix_corporal_docker_image }}" - when: "matrix_corporal_enabled" + when: matrix_corporal_enabled|bool - name: Ensure Matrix Corporal config installed template: src: "{{ role_path }}/templates/config.json.j2" dest: "{{ matrix_corporal_config_dir_path }}/config.json" mode: 0644 - when: "matrix_corporal_enabled" + when: matrix_corporal_enabled|bool - name: Ensure matrix-corporal.service installed template: @@ -35,12 +35,12 @@ dest: "/etc/systemd/system/matrix-corporal.service" mode: 0644 register: matrix_corporal_systemd_service_result - when: "matrix_corporal_enabled" + when: matrix_corporal_enabled|bool - name: Ensure systemd reloaded after matrix-corporal.service installation service: daemon_reload: yes - when: "matrix_corporal_enabled and matrix_corporal_systemd_service_result.changed" + when: "matrix_corporal_enabled|bool and matrix_corporal_systemd_service_result.changed" # @@ -51,7 +51,7 @@ stat: path: "/etc/systemd/system/matrix-corporal.service" register: matrix_corporal_service_stat - when: "not matrix_corporal_enabled" + when: "not matrix_corporal_enabled|bool" - name: Ensure matrix-corporal is stopped service: @@ -59,18 +59,18 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal.service doesn't exist file: path: "/etc/systemd/system/matrix-corporal.service" state: absent - when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-corporal.service removal service: daemon_reload: yes - when: "not matrix_corporal_enabled and matrix_corporal_service_stat.stat.exists" + when: "not matrix_corporal_enabled|bool and matrix_corporal_service_stat.stat.exists" - name: Ensure matrix-corporal files don't exist file: @@ -79,10 +79,10 @@ with_items: - /etc/systemd/system/matrix-corporal.service - "{{ matrix_corporal_config_dir_path }}/config.json" - when: "not matrix_corporal_enabled" + when: "not matrix_corporal_enabled|bool" - name: Ensure Matrix Corporal Docker image doesn't exist docker_image: name: "{{ matrix_corporal_docker_image }}" state: absent - when: "not matrix_corporal_enabled" + when: "not matrix_corporal_enabled|bool" diff --git a/roles/matrix-corporal/tasks/validate_config.yml b/roles/matrix-corporal/tasks/validate_config.yml index db84f9d9d..ace2eb1fd 100644 --- a/roles/matrix-corporal/tasks/validate_config.yml +++ b/roles/matrix-corporal/tasks/validate_config.yml @@ -14,4 +14,4 @@ - name: Fail if HTTP API enabled, but no token set fail: msg: "The Matrix Corporal HTTP API is enabled (`matrix_corporal_http_api_enabled`), but no auth token has been set in `matrix_corporal_http_api_auth_token`" - when: "matrix_corporal_http_api_enabled and matrix_corporal_http_api_auth_token == ''" + when: "matrix_corporal_http_api_enabled|bool and matrix_corporal_http_api_auth_token == ''" diff --git a/roles/matrix-coturn/tasks/init.yml b/roles/matrix-coturn/tasks/init.yml index 7d19d48d0..603b536ab 100644 --- a/roles/matrix-coturn/tasks/init.yml +++ b/roles/matrix-coturn/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-coturn'] }}" - when: "matrix_coturn_enabled" + when: matrix_coturn_enabled|bool diff --git a/roles/matrix-coturn/tasks/main.yml b/roles/matrix-coturn/tasks/main.yml index e12aeca30..007a7edec 100644 --- a/roles/matrix-coturn/tasks/main.yml +++ b/roles/matrix-coturn/tasks/main.yml @@ -3,13 +3,13 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_coturn_enabled" + when: "run_setup|bool and matrix_coturn_enabled|bool" tags: - setup-all - setup-coturn - import_tasks: "{{ role_path }}/tasks/setup_coturn.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - - setup-coturn \ No newline at end of file + - setup-coturn diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 9f79f4c82..4ee6596b6 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -7,7 +7,7 @@ - name: Ensure Coturn image is pulled docker_image: name: "{{ matrix_coturn_docker_image }}" - when: matrix_coturn_enabled + when: matrix_coturn_enabled|bool - name: Ensure Coturn configuration path exists file: @@ -16,14 +16,14 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: matrix_coturn_enabled + when: matrix_coturn_enabled|bool - name: Ensure turnserver.conf installed template: src: "{{ role_path }}/templates/turnserver.conf.j2" dest: "{{ matrix_coturn_config_path }}" mode: 0644 - when: matrix_coturn_enabled + when: matrix_coturn_enabled|bool # `docker_network` doesn't work as expected when the given network # is a substring of a network that already exists. @@ -34,12 +34,12 @@ cmd: "docker network ls -q --filter='name=^{{ matrix_coturn_docker_network }}$'" register: matrix_coturn_result_docker_network changed_when: false - when: matrix_coturn_enabled + when: matrix_coturn_enabled|bool - name: Create Coturn network in Docker shell: cmd: "docker network create --driver=bridge {{ matrix_coturn_docker_network }}" - when: "matrix_coturn_enabled and matrix_coturn_result_docker_network.stdout == ''" + when: "matrix_coturn_enabled|bool and matrix_coturn_result_docker_network.stdout == ''" - name: Ensure matrix-coturn.service installed template: @@ -47,12 +47,12 @@ dest: "/etc/systemd/system/matrix-coturn.service" mode: 0644 register: matrix_coturn_systemd_service_result - when: matrix_coturn_enabled + when: matrix_coturn_enabled|bool - name: Ensure systemd reloaded after matrix-coturn.service installation service: daemon_reload: yes - when: "matrix_coturn_enabled and matrix_coturn_systemd_service_result.changed" + when: "matrix_coturn_enabled|bool and matrix_coturn_systemd_service_result.changed" # This may be unnecessary when more long-lived certificates are used. # We optimize for the common use-case though (short-lived Let's Encrypt certificates). @@ -67,7 +67,7 @@ minute: 20 day: "*/5" job: /bin/systemctl reload matrix-coturn.service - when: matrix_coturn_enabled and matrix_coturn_tls_enabled + when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" # @@ -79,13 +79,13 @@ user: root cron_file: matrix-coturn-ssl-reload state: absent - when: "not matrix_coturn_enabled or not matrix_coturn_tls_enabled" + when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool" - name: Check existence of matrix-coturn service stat: path: "/etc/systemd/system/matrix-coturn.service" register: matrix_coturn_service_stat - when: "not matrix_coturn_enabled" + when: "not matrix_coturn_enabled|bool" - name: Ensure matrix-coturn is stopped service: @@ -93,27 +93,27 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists" + when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists" - name: Ensure matrix-coturn.service doesn't exist file: path: "/etc/systemd/system/matrix-coturn.service" state: absent - when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists" + when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-coturn.service removal service: daemon_reload: yes - when: "not matrix_coturn_enabled and matrix_coturn_service_stat.stat.exists" + when: "not matrix_coturn_enabled|bool and matrix_coturn_service_stat.stat.exists" - name: Ensure Matrix coturn paths don't exist file: path: "{{ matrix_coturn_base_path }}" state: absent - when: "not matrix_coturn_enabled" + when: "not matrix_coturn_enabled|bool" - name: Ensure coturn Docker image doesn't exist docker_image: name: "{{ matrix_coturn_docker_image }}" state: absent - when: "not matrix_coturn_enabled" + when: "not matrix_coturn_enabled|bool" diff --git a/roles/matrix-dimension/tasks/init.yml b/roles/matrix-dimension/tasks/init.yml index 3e98de9db..e1d946830 100644 --- a/roles/matrix-dimension/tasks/init.yml +++ b/roles/matrix-dimension/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-dimension'] }}" - when: "matrix_dimension_enabled" \ No newline at end of file + when: matrix_dimension_enabled|bool diff --git a/roles/matrix-dimension/tasks/main.yml b/roles/matrix-dimension/tasks/main.yml index dd3bfc516..1888f9452 100644 --- a/roles/matrix-dimension/tasks/main.yml +++ b/roles/matrix-dimension/tasks/main.yml @@ -3,13 +3,13 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-dimension - import_tasks: "{{ role_path }}/tasks/setup_dimension.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - - setup-dimension \ No newline at end of file + - setup-dimension diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index e8dea9eae..04c1bd7b6 100644 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -11,7 +11,7 @@ mode: 0770 owner: "{{ matrix_user_username }}" group: "{{ matrix_dimension_user_gid }}" - when: matrix_dimension_enabled + when: matrix_dimension_enabled|bool - name: Ensure Dimension config installed copy: @@ -20,12 +20,12 @@ mode: 0640 owner: "{{ matrix_user_username }}" group: "{{ matrix_dimension_user_gid }}" - when: matrix_dimension_enabled + when: matrix_dimension_enabled|bool - name: Ensure Dimension image is pulled docker_image: name: "{{ matrix_dimension_docker_image }}" - when: matrix_dimension_enabled + when: matrix_dimension_enabled|bool - name: Ensure matrix-dimension.service installed template: @@ -33,12 +33,12 @@ dest: "/etc/systemd/system/matrix-dimension.service" mode: 0644 register: matrix_dimension_systemd_service_result - when: matrix_dimension_enabled + when: matrix_dimension_enabled|bool - name: Ensure systemd reloaded after matrix-dimension.service installation service: daemon_reload: yes - when: "matrix_dimension_enabled and matrix_dimension_systemd_service_result.changed" + when: "matrix_dimension_enabled|bool and matrix_dimension_systemd_service_result.changed" # # Tasks related to getting rid of the dimension (if it was previously enabled) @@ -48,7 +48,7 @@ stat: path: "/etc/systemd/system/matrix-dimension.service" register: matrix_dimension_service_stat - when: not matrix_dimension_enabled + when: "not matrix_dimension_enabled|bool" - name: Ensure matrix-dimension is stopped service: @@ -56,27 +56,27 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists" + when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists" - name: Ensure matrix-dimension.service doesn't exist file: path: "/etc/systemd/system/matrix-dimension.service" state: absent - when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists" + when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-dimension.service removal service: daemon_reload: yes - when: "not matrix_dimension_enabled and matrix_dimension_service_stat.stat.exists" + when: "not matrix_dimension_enabled|bool and matrix_dimension_service_stat.stat.exists" - name: Ensure Dimension environment variables path doesn't exist file: path: "{{ matrix_dimension_base_path }}" state: absent - when: "not matrix_dimension_enabled" + when: "not matrix_dimension_enabled|bool" - name: Ensure Dimension Docker image doesn't exist docker_image: name: "{{ matrix_dimension_docker_image }}" state: absent - when: "not matrix_dimension_enabled" + when: "not matrix_dimension_enabled|bool" diff --git a/roles/matrix-dimension/tasks/validate_config.yml b/roles/matrix-dimension/tasks/validate_config.yml index 69971a9b4..59a4c0506 100644 --- a/roles/matrix-dimension/tasks/validate_config.yml +++ b/roles/matrix-dimension/tasks/validate_config.yml @@ -12,4 +12,4 @@ You need to enable Matrix Federation to use Dimension. Set `{{ item }}` to 'true'. with_items: - "matrix_synapse_federation_enabled" - when: "matrix_dimension_enabled and matrix_synapse_federation_enabled == false" + when: "matrix_dimension_enabled|bool and not matrix_synapse_federation_enabled|bool" diff --git a/roles/matrix-mailer/tasks/init.yml b/roles/matrix-mailer/tasks/init.yml index c5f51ffe8..1557bc64d 100644 --- a/roles/matrix-mailer/tasks/init.yml +++ b/roles/matrix-mailer/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mailer'] }}" - when: "matrix_mailer_enabled" \ No newline at end of file + when: matrix_mailer_enabled|bool diff --git a/roles/matrix-mailer/tasks/main.yml b/roles/matrix-mailer/tasks/main.yml index d2f574ad7..f636614e0 100644 --- a/roles/matrix-mailer/tasks/main.yml +++ b/roles/matrix-mailer/tasks/main.yml @@ -3,7 +3,7 @@ - always - import_tasks: "{{ role_path }}/tasks/setup_mailer.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - - setup-mailer \ No newline at end of file + - setup-mailer diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 46445092c..2bd4cbcc4 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -11,19 +11,19 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: matrix_mailer_enabled + when: matrix_mailer_enabled|bool - name: Ensure mailer environment variables file created template: src: "{{ role_path }}/templates/env-mailer.j2" dest: "{{ matrix_mailer_base_path }}/env-mailer" mode: 0640 - when: matrix_mailer_enabled + when: matrix_mailer_enabled|bool - name: Ensure mailer image is pulled docker_image: name: "{{ matrix_mailer_docker_image }}" - when: matrix_mailer_enabled + when: matrix_mailer_enabled|bool - name: Ensure matrix-mailer.service installed template: @@ -31,12 +31,12 @@ dest: "/etc/systemd/system/matrix-mailer.service" mode: 0644 register: matrix_mailer_systemd_service_result - when: matrix_mailer_enabled + when: matrix_mailer_enabled|bool - name: Ensure systemd reloaded after matrix-mailer.service installation service: daemon_reload: yes - when: "matrix_mailer_enabled and matrix_mailer_systemd_service_result.changed" + when: "matrix_mailer_enabled|bool and matrix_mailer_systemd_service_result.changed" # # Tasks related to getting rid of the mailer (if it was previously enabled) @@ -46,7 +46,7 @@ stat: path: "/etc/systemd/system/matrix-mailer.service" register: matrix_mailer_service_stat - when: "not matrix_mailer_enabled" + when: "not matrix_mailer_enabled|bool" - name: Ensure matrix-mailer is stopped service: @@ -54,27 +54,27 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure matrix-mailer.service doesn't exist file: path: "/etc/systemd/system/matrix-mailer.service" state: absent - when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mailer.service removal service: daemon_reload: yes - when: "not matrix_mailer_enabled and matrix_mailer_service_stat.stat.exists" + when: "not matrix_mailer_enabled|bool and matrix_mailer_service_stat.stat.exists" - name: Ensure Matrix mailer environment variables path doesn't exist file: path: "{{ matrix_mailer_base_path }}" state: absent - when: "not matrix_mailer_enabled" + when: "not matrix_mailer_enabled|bool" - name: Ensure mailer Docker image doesn't exist docker_image: name: "{{ matrix_mailer_docker_image }}" state: absent - when: "not matrix_mailer_enabled" + when: "not matrix_mailer_enabled|bool" diff --git a/roles/matrix-mxisd/tasks/init.yml b/roles/matrix-mxisd/tasks/init.yml index b41ad7e36..94543b355 100644 --- a/roles/matrix-mxisd/tasks/init.yml +++ b/roles/matrix-mxisd/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mxisd'] }}" - when: "matrix_mxisd_enabled" \ No newline at end of file + when: matrix_mxisd_enabled|bool diff --git a/roles/matrix-mxisd/tasks/main.yml b/roles/matrix-mxisd/tasks/main.yml index c0e863d44..31970db42 100644 --- a/roles/matrix-mxisd/tasks/main.yml +++ b/roles/matrix-mxisd/tasks/main.yml @@ -3,7 +3,7 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_mxisd_enabled" + when: "run_setup|bool and matrix_mxisd_enabled|bool" tags: - setup-all - setup-mxisd @@ -16,6 +16,6 @@ - import_tasks: "{{ role_path }}/tasks/self_check_mxisd.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check and matrix_mxisd_enabled" + when: "run_self_check|bool and matrix_mxisd_enabled|bool" tags: - self-check diff --git a/roles/matrix-mxisd/tasks/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml index e5b950dee..ee7c65a78 100644 --- a/roles/matrix-mxisd/tasks/setup_mxisd.yml +++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml @@ -14,12 +14,12 @@ with_items: - "{{ matrix_mxisd_config_path }}" - "{{ matrix_mxisd_data_path }}" - when: matrix_mxisd_enabled + when: matrix_mxisd_enabled|bool - name: Ensure mxisd image is pulled docker_image: name: "{{ matrix_mxisd_docker_image }}" - when: matrix_mxisd_enabled + when: matrix_mxisd_enabled|bool - name: Ensure mxisd config installed copy: @@ -28,7 +28,7 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: matrix_mxisd_enabled + when: matrix_mxisd_enabled|bool - name: Ensure custom templates are installed if any copy: @@ -42,7 +42,7 @@ - {value: "{{ matrix_mxisd_threepid_medium_email_custom_session_validation_template }}", location: 'validate-template.eml'} - {value: "{{ matrix_mxisd_threepid_medium_email_custom_unbind_fraudulent_template }}", location: 'unbind-fraudulent.eml'} - {value: "{{ matrix_mxisd_threepid_medium_email_custom_matrixid_template }}", location: 'mxid-template.eml'} - when: matrix_mxisd_enabled and matrix_mxisd_threepid_medium_email_custom_templates_enabled and item.value + when: "matrix_mxisd_enabled|bool and matrix_mxisd_threepid_medium_email_custom_templates_enabled|bool and item.value" - name: Ensure matrix-mxisd.service installed template: @@ -50,12 +50,12 @@ dest: "/etc/systemd/system/matrix-mxisd.service" mode: 0644 register: matrix_mxisd_systemd_service_result - when: matrix_mxisd_enabled + when: matrix_mxisd_enabled|bool - name: Ensure systemd reloaded after matrix-mxisd.service installation service: daemon_reload: yes - when: "matrix_mxisd_enabled and matrix_mxisd_systemd_service_result.changed" + when: "matrix_mxisd_enabled|bool and matrix_mxisd_systemd_service_result.changed" # # Tasks related to getting rid of mxisd (if it was previously enabled) @@ -72,27 +72,27 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists" + when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists" - name: Ensure matrix-mxisd.service doesn't exist file: path: "/etc/systemd/system/matrix-mxisd.service" state: absent - when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists" + when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-mxisd.service removal service: daemon_reload: yes - when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists" + when: "not matrix_mxisd_enabled|bool and matrix_mxisd_service_stat.stat.exists" - name: Ensure Matrix mxisd paths don't exist file: path: "{{ matrix_mxisd_base_path }}" state: absent - when: "not matrix_mxisd_enabled" + when: "not matrix_mxisd_enabled|bool" - name: Ensure mxisd Docker image doesn't exist docker_image: name: "{{ matrix_mxisd_docker_image }}" state: absent - when: "not matrix_mxisd_enabled" + when: "not matrix_mxisd_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/init.yml b/roles/matrix-nginx-proxy/tasks/init.yml index dc27f789a..c968d093d 100644 --- a/roles/matrix-nginx-proxy/tasks/init.yml +++ b/roles/matrix-nginx-proxy/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}" - when: "matrix_nginx_proxy_enabled" \ No newline at end of file + when: matrix_nginx_proxy_enabled|bool diff --git a/roles/matrix-nginx-proxy/tasks/main.yml b/roles/matrix-nginx-proxy/tasks/main.yml index 08a71400f..ad1119511 100644 --- a/roles/matrix-nginx-proxy/tasks/main.yml +++ b/roles/matrix-nginx-proxy/tasks/main.yml @@ -6,20 +6,20 @@ # This role performs actions even if the role is disabled, so we need # to ensure there's a valid configuration in any case. - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-nginx-proxy - import_tasks: "{{ role_path }}/tasks/ssl/main.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-nginx-proxy - setup-ssl - import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-nginx-proxy @@ -27,7 +27,7 @@ - import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check + when: run_self_check|bool tags: - self-check diff --git a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml index 5f2138a4b..72be0f412 100644 --- a/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml +++ b/roles/matrix-nginx-proxy/tasks/self_check_well_known.yml @@ -21,7 +21,7 @@ - name: Determine domains that we require certificates for (mxisd) set_fact: well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}" - when: "matrix_well_known_matrix_server_enabled" + when: matrix_well_known_matrix_server_enabled|bool - name: Perform well-known checks include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml" diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 9f8345605..d343b1d38 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -27,7 +27,7 @@ src: "{{ role_path }}/templates/nginx/nginx.conf.j2" dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" mode: 0644 - when: "matrix_nginx_proxy_enabled" + when: matrix_nginx_proxy_enabled|bool - name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI) template: @@ -36,35 +36,35 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" mode: 0400 - when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics" + when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool" - name: Ensure Matrix nginx-proxy configured (generic) template: src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf" mode: 0644 - when: "matrix_nginx_proxy_enabled" + when: matrix_nginx_proxy_enabled|bool - name: Ensure Matrix nginx-proxy configuration for matrix domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" mode: 0644 - when: "matrix_nginx_proxy_proxy_matrix_enabled" + when: matrix_nginx_proxy_proxy_matrix_enabled|bool - name: Ensure Matrix nginx-proxy configuration for riot domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" mode: 0644 - when: "matrix_nginx_proxy_proxy_riot_enabled" + when: matrix_nginx_proxy_proxy_riot_enabled|bool - name: Ensure Matrix nginx-proxy configuration for dimension domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" mode: 0644 - when: "matrix_nginx_proxy_proxy_dimension_enabled" + when: matrix_nginx_proxy_proxy_dimension_enabled|bool - name: Ensure Matrix nginx-proxy data directory for base domain exists file: @@ -73,7 +73,7 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_nginx_proxy_base_domain_serving_enabled" + when: matrix_nginx_proxy_base_domain_serving_enabled|bool - name: Ensure Matrix nginx-proxy homepage for base domain exists copy: @@ -82,14 +82,14 @@ mode: 0644 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: "matrix_nginx_proxy_base_domain_serving_enabled" + when: matrix_nginx_proxy_base_domain_serving_enabled|bool - name: Ensure Matrix nginx-proxy configuration for base domain exists template: src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2" dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" mode: 0644 - when: "matrix_nginx_proxy_base_domain_serving_enabled" + when: matrix_nginx_proxy_base_domain_serving_enabled|bool # # Tasks related to setting up matrix-nginx-proxy @@ -97,7 +97,7 @@ - name: Ensure nginx Docker image is pulled docker_image: name: "{{ matrix_nginx_proxy_docker_image }}" - when: matrix_nginx_proxy_enabled + when: matrix_nginx_proxy_enabled|bool - name: Ensure matrix-nginx-proxy.service installed template: @@ -105,7 +105,7 @@ dest: "/etc/systemd/system/matrix-nginx-proxy.service" mode: 0644 register: matrix_nginx_proxy_systemd_service_result - when: matrix_nginx_proxy_enabled + when: matrix_nginx_proxy_enabled|bool - name: Ensure systemd reloaded after matrix-nginx-proxy.service installation service: @@ -121,7 +121,7 @@ stat: path: "/etc/systemd/system/matrix-nginx-proxy.service" register: matrix_nginx_proxy_service_stat - when: "not matrix_nginx_proxy_enabled" + when: "not matrix_nginx_proxy_enabled|bool" - name: Ensure matrix-nginx-proxy is stopped service: @@ -129,57 +129,57 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure matrix-nginx-proxy.service doesn't exist file: path: "/etc/systemd/system/matrix-nginx-proxy.service" state: absent - when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-nginx-proxy.service removal service: daemon_reload: yes - when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists" + when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists" - name: Ensure Matrix nginx-proxy configuration for matrix domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf" state: absent - when: "not matrix_nginx_proxy_proxy_matrix_enabled" + when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for riot domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf" state: absent - when: "not matrix_nginx_proxy_proxy_riot_enabled" + when: "not matrix_nginx_proxy_proxy_riot_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for dimension domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf" state: absent - when: "not matrix_nginx_proxy_proxy_dimension_enabled" + when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool" - name: Ensure Matrix nginx-proxy homepage for base domain deleted file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html" state: absent - when: "not matrix_nginx_proxy_base_domain_serving_enabled" + when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for base domain deleted file: path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf" state: absent - when: "not matrix_nginx_proxy_base_domain_serving_enabled" + when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool" - name: Ensure Matrix nginx-proxy configuration for main config override deleted file: path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf" state: absent - when: "not matrix_nginx_proxy_enabled" + when: "not matrix_nginx_proxy_enabled|bool" - name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI) file: path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" state: absent - when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics" + when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 629f24c77..ee9849f6f 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -82,7 +82,7 @@ minute: 20 day: "*" job: /bin/systemctl reload matrix-nginx-proxy.service - when: matrix_nginx_proxy_enabled + when: matrix_nginx_proxy_enabled|bool when: "matrix_ssl_retrieval_method == 'lets-encrypt'" @@ -98,7 +98,7 @@ cron_file: matrix-ssl-lets-encrypt name: matrix-nginx-proxy-reload state: absent - when: "not matrix_nginx_proxy_enabled" + when: "not matrix_nginx_proxy_enabled|bool" # When Let's Encrypt is not used at all, remove all cronjobs in that cron file. - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml index dde5a6dae..85afce2c9 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml @@ -35,7 +35,7 @@ --agree-tos --email={{ matrix_ssl_lets_encrypt_support_email }} -d {{ domain_name }} - when: "domain_name_needs_cert" + when: domain_name_needs_cert|bool register: result_certbot_direct ignore_errors: true diff --git a/roles/matrix-postgres/tasks/import_postgres.yml b/roles/matrix-postgres/tasks/import_postgres.yml index 67d7f86c5..bbed1c95f 100644 --- a/roles/matrix-postgres/tasks/import_postgres.yml +++ b/roles/matrix-postgres/tasks/import_postgres.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" - name: Fail if playbook called incorrectly fail: @@ -20,7 +20,7 @@ - name: Fail if provided Postgres dump file doesn't exists fail: msg: "File cannot be found on the server at {{ server_path_postgres_dump }}" - when: not result_server_path_postgres_dump_stat.stat.exists + when: "not result_server_path_postgres_dump_stat.stat.exists" # Defaults @@ -54,7 +54,7 @@ - name: Abort, if no existing Postgres version detected fail: msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing" + when: "not matrix_postgres_detected_existing|bool" - name: Generate Postgres database import command set_fact: diff --git a/roles/matrix-postgres/tasks/import_sqlite_db.yml b/roles/matrix-postgres/tasks/import_sqlite_db.yml index d5fc832fa..5953557b2 100644 --- a/roles/matrix-postgres/tasks/import_sqlite_db.yml +++ b/roles/matrix-postgres/tasks/import_sqlite_db.yml @@ -5,7 +5,7 @@ - name: Fail if Postgres not enabled fail: msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot import." - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" - name: Fail if playbook called incorrectly fail: @@ -20,7 +20,7 @@ - name: Fail if provided SQLite homeserver.db file doesn't exist fail: msg: "File cannot be found on the server at {{ server_path_homeserver_db }}" - when: not result_server_path_homeserver_db_stat.stat.exists + when: "not result_server_path_homeserver_db_stat.stat.exists" # Defaults diff --git a/roles/matrix-postgres/tasks/init.yml b/roles/matrix-postgres/tasks/init.yml index a8544e0f7..6b8e40ba0 100644 --- a/roles/matrix-postgres/tasks/init.yml +++ b/roles/matrix-postgres/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres'] }}" - when: matrix_postgres_enabled \ No newline at end of file + when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/main.yml b/roles/matrix-postgres/tasks/main.yml index 397924eef..ef9b770e9 100644 --- a/roles/matrix-postgres/tasks/main.yml +++ b/roles/matrix-postgres/tasks/main.yml @@ -3,28 +3,28 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_postgres_enabled" + when: "run_setup|bool and matrix_postgres_enabled|bool" tags: - setup-all - setup-postgres - import_tasks: "{{ role_path }}/tasks/setup_postgres.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-postgres - import_tasks: "{{ role_path }}/tasks/import_postgres.yml" - when: run_import_postgres + when: run_import_postgres|bool tags: - import-postgres - import_tasks: "{{ role_path }}/tasks/import_sqlite_db.yml" - when: run_import_sqlite_db + when: run_import_sqlite_db|bool tags: - import-sqlite-db - import_tasks: "{{ role_path }}/tasks/upgrade_postgres.yml" - when: run_upgrade_postgres + when: run_upgrade_postgres|bool tags: - upgrade-postgres diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 659650db7..86ba4f4d6 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -5,10 +5,10 @@ # - import_tasks: "{{ role_path }}/tasks/migrate_postgres_data_directory.yml" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool # If we have found an existing version (installed from before), we use its corresponding Docker image. # If not, we install using the latest Postgres. @@ -16,18 +16,18 @@ # Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). - set_fact: matrix_postgres_docker_image_to_use: "{{ matrix_postgres_docker_image_latest if matrix_postgres_detected_version_corresponding_docker_image == '' else matrix_postgres_detected_version_corresponding_docker_image }}" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - name: Warn if on an old version of Postgres debug: msg: "NOTE: Your setup is on an old Postgres version ({{ matrix_postgres_docker_image_to_use }}), while {{ matrix_postgres_docker_image_latest }} is supported. You can upgrade using --tags=upgrade-postgres" - when: "matrix_postgres_enabled and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest" + when: "matrix_postgres_enabled|bool and matrix_postgres_docker_image_to_use != matrix_postgres_docker_image_latest" # Even if we don't run the internal server, we still need this for running the CLI - name: Ensure postgres Docker image is pulled docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool # We always create these directories, even if an external Postgres is used, # because we store environment variable files there. @@ -41,7 +41,7 @@ with_items: - "{{ matrix_postgres_base_path }}" - "{{ matrix_postgres_data_path }}" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - name: Ensure Postgres environment variables file created template: @@ -51,21 +51,21 @@ with_items: - "env-postgres-psql" - "env-postgres-server" - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - name: Ensure matrix-postgres-cli script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-cli.j2" dest: "/usr/local/bin/matrix-postgres-cli" mode: 0750 - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - name: Ensure matrix-make-user-admin script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-make-user-admin.j2" dest: "/usr/local/bin/matrix-make-user-admin" mode: 0750 - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool # # Tasks related to setting up an internal postgres server @@ -77,12 +77,12 @@ dest: "/etc/systemd/system/matrix-postgres.service" mode: 0644 register: matrix_postgres_systemd_service_result - when: matrix_postgres_enabled + when: matrix_postgres_enabled|bool - name: Ensure systemd reloaded after matrix-postgres.service installation service: daemon_reload: yes - when: "matrix_postgres_enabled and matrix_postgres_systemd_service_result.changed" + when: "matrix_postgres_enabled|bool and matrix_postgres_systemd_service_result.changed" # # Tasks related to getting rid of the internal postgres server (if it was previously enabled) @@ -92,41 +92,41 @@ stat: path: "/etc/systemd/system/matrix-postgres.service" register: matrix_postgres_service_stat - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" - name: Ensure matrix-postgres is stopped service: name: matrix-postgres state: stopped daemon_reload: yes - when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure matrix-postgres.service doesn't exist file: path: "/etc/systemd/system/matrix-postgres.service" state: absent - when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-postgres.service removal service: daemon_reload: yes - when: "not matrix_postgres_enabled and matrix_postgres_service_stat.stat.exists" + when: "not matrix_postgres_enabled|bool and matrix_postgres_service_stat.stat.exists" - name: Check existence of matrix-postgres local data path stat: path: "{{ matrix_postgres_data_path }}" register: matrix_postgres_data_path_stat - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" # We just want to notify the user. Deleting data is too destructive. - name: Notify if matrix-postgres local data remains debug: msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it." - when: "not matrix_postgres_enabled and matrix_postgres_data_path_stat.stat.exists" + when: "not matrix_postgres_enabled|bool and matrix_postgres_data_path_stat.stat.exists" - name: Ensure matrix-postgres-update-user-password-hash script created template: src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2" dest: "/usr/local/bin/matrix-postgres-update-user-password-hash" mode: 0750 - when: matrix_postgres_enabled \ No newline at end of file + when: matrix_postgres_enabled|bool diff --git a/roles/matrix-postgres/tasks/upgrade_postgres.yml b/roles/matrix-postgres/tasks/upgrade_postgres.yml index c32634b90..64f3d64b4 100644 --- a/roles/matrix-postgres/tasks/upgrade_postgres.yml +++ b/roles/matrix-postgres/tasks/upgrade_postgres.yml @@ -23,7 +23,7 @@ - name: Fail, if trying to upgrade external Postgres database fail: msg: "Your configuration indicates that you're not using Postgres from this role. There is nothing to upgrade." - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" - name: Check Postgres auto-upgrade backup data directory stat: @@ -40,7 +40,7 @@ - name: Abort, if no existing Postgres version detected fail: msg: "Could not find existing Postgres installation" - when: "not matrix_postgres_detected_existing" + when: "not matrix_postgres_detected_existing|bool" - name: Abort, if already at latest Postgres version fail: diff --git a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml index a3fbe33e9..524763534 100644 --- a/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml +++ b/roles/matrix-postgres/tasks/util/detect_existing_postgres_version.yml @@ -23,12 +23,12 @@ slurp: src: "{{ matrix_postgres_detection_pg_version_path }}" register: result_pg_version - when: "matrix_postgres_detected_existing" + when: matrix_postgres_detected_existing|bool - name: Determine existing Postgres version (make sense of PG_VERSION file) set_fact: matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" - when: "matrix_postgres_detected_existing" + when: matrix_postgres_detected_existing|bool - name: Determine corresponding Docker image to detected version (assume default of latest) set_fact: @@ -43,4 +43,4 @@ - name: Determine corresponding Docker image to detected version (use 10.x, if detected) set_fact: matrix_postgres_detected_version_corresponding_docker_image: "{{ matrix_postgres_docker_image_v10 }}" - when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" \ No newline at end of file + when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" diff --git a/roles/matrix-riot-web/tasks/init.yml b/roles/matrix-riot-web/tasks/init.yml index 1fd0c7eb6..52c096eea 100644 --- a/roles/matrix-riot-web/tasks/init.yml +++ b/roles/matrix-riot-web/tasks/init.yml @@ -1,3 +1,3 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-riot-web'] }}" - when: matrix_riot_web_enabled \ No newline at end of file + when: matrix_riot_web_enabled|bool diff --git a/roles/matrix-riot-web/tasks/main.yml b/roles/matrix-riot-web/tasks/main.yml index a2fd2c8ef..5792517e3 100644 --- a/roles/matrix-riot-web/tasks/main.yml +++ b/roles/matrix-riot-web/tasks/main.yml @@ -3,13 +3,13 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: "run_setup and matrix_riot_web_enabled" + when: "run_setup|bool and matrix_riot_web_enabled|bool" tags: - setup-all - setup-riot-web - import_tasks: "{{ role_path }}/tasks/setup_riot_web.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-riot-web @@ -17,6 +17,6 @@ - import_tasks: "{{ role_path }}/tasks/self_check_riot_web.yml" delegate_to: 127.0.0.1 become: false - when: "run_self_check and matrix_riot_web_enabled" + when: "run_self_check|bool and matrix_riot_web_enabled|bool" tags: - - self-check \ No newline at end of file + - self-check diff --git a/roles/matrix-riot-web/tasks/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml index 62eb750b0..e64538d61 100644 --- a/roles/matrix-riot-web/tasks/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -11,12 +11,12 @@ mode: 0750 owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" - when: matrix_riot_web_enabled + when: matrix_riot_web_enabled|bool - name: Ensure riot-web Docker image is pulled docker_image: name: "{{ matrix_riot_web_docker_image }}" - when: matrix_riot_web_enabled + when: matrix_riot_web_enabled|bool - name: Ensure Matrix riot-web config files installed template: @@ -30,7 +30,7 @@ - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} - {src: "{{ role_path }}/templates/welcome.html.j2", name: "welcome.html"} - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"} - when: "matrix_riot_web_enabled and item.src is not none" + when: "matrix_riot_web_enabled|bool and item.src is not none" - name: Ensure Matrix riot-web config files removed file: @@ -38,7 +38,7 @@ state: absent with_items: - {src: "{{ matrix_riot_web_embedded_pages_home_path }}", name: "home.html"} - when: "matrix_riot_web_enabled and item.src is none" + when: "matrix_riot_web_enabled|bool and item.src is none" - name: Ensure matrix-riot-web.service installed template: @@ -46,7 +46,7 @@ dest: "/etc/systemd/system/matrix-riot-web.service" mode: 0644 register: matrix_riot_web_systemd_service_result - when: matrix_riot_web_enabled + when: matrix_riot_web_enabled|bool - name: Ensure systemd reloaded after matrix-riot-web.service installation service: @@ -61,7 +61,7 @@ stat: path: "/etc/systemd/system/matrix-riot-web.service" register: matrix_riot_web_service_stat - when: "not matrix_riot_web_enabled" + when: "not matrix_riot_web_enabled|bool" - name: Ensure matrix-riot-web is stopped service: @@ -69,27 +69,27 @@ state: stopped daemon_reload: yes register: stopping_result - when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists" + when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists" - name: Ensure matrix-riot-web.service doesn't exist file: path: "/etc/systemd/system/matrix-riot-web.service" state: absent - when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists" + when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists" - name: Ensure systemd reloaded after matrix-riot-web.service removal service: daemon_reload: yes - when: "not matrix_riot_web_enabled and matrix_riot_web_service_stat.stat.exists" + when: "not matrix_riot_web_enabled|bool and matrix_riot_web_service_stat.stat.exists" - name: Ensure Matrix riot-web paths doesn't exist file: path: "{{ matrix_riot_web_data_path }}" state: absent - when: "not matrix_riot_web_enabled" + when: "not matrix_riot_web_enabled|bool" - name: Ensure riot-web Docker image doesn't exist docker_image: name: "{{ matrix_riot_web_docker_image }}" state: absent - when: "not matrix_riot_web_enabled" + when: "not matrix_riot_web_enabled|bool" diff --git a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml index 8c87e8e5a..f4290ac26 100644 --- a/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml @@ -1,11 +1,10 @@ - set_fact: matrix_synapse_password_providers_enabled: true - when: "matrix_synapse_ext_password_provider_ldap_enabled" + when: matrix_synapse_ext_password_provider_ldap_enabled|bool - set_fact: matrix_synapse_additional_loggers: > {{ matrix_synapse_additional_loggers }} + {{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }} - when: "matrix_synapse_ext_password_provider_ldap_enabled" - + when: matrix_synapse_ext_password_provider_ldap_enabled|bool diff --git a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml index 31efa5f29..0270784ad 100644 --- a/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/rest-auth/setup.yml @@ -1,7 +1,7 @@ --- - import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_rest_auth_enabled + when: matrix_synapse_ext_password_provider_rest_auth_enabled|bool - import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_rest_auth_enabled" + when: "not matrix_synapse_ext_password_provider_rest_auth_enabled|bool" diff --git a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml index ac4434107..ed8d01978 100644 --- a/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml +++ b/roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml @@ -1,7 +1,7 @@ --- - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml" - when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled + when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled|bool - import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml" - when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled" + when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled|bool" diff --git a/roles/matrix-synapse/tasks/goofys/setup.yml b/roles/matrix-synapse/tasks/goofys/setup.yml index 56a792f01..6370408d0 100644 --- a/roles/matrix-synapse/tasks/goofys/setup.yml +++ b/roles/matrix-synapse/tasks/goofys/setup.yml @@ -1,7 +1,7 @@ --- - import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml" - when: matrix_s3_media_store_enabled + when: matrix_s3_media_store_enabled|bool - import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml" - when: "not matrix_s3_media_store_enabled" + when: "not matrix_s3_media_store_enabled|bool" diff --git a/roles/matrix-synapse/tasks/import_media_store.yml b/roles/matrix-synapse/tasks/import_media_store.yml index 8d9647157..db68f22d1 100644 --- a/roles/matrix-synapse/tasks/import_media_store.yml +++ b/roles/matrix-synapse/tasks/import_media_store.yml @@ -10,7 +10,7 @@ - name: Fail if media store is on Amazon S3 fail: msg: "Your media store is on Amazon S3. Due to technical limitations, restoring is not supported." - when: "matrix_s3_media_store_enabled" + when: matrix_s3_media_store_enabled|bool - name: Check if the provided media store directory exists stat: @@ -68,7 +68,7 @@ owner: "{{ matrix_user_username }}" group: "{{ matrix_user_username }}" recurse: yes - when: "not matrix_s3_media_store_enabled" + when: "not matrix_s3_media_store_enabled|bool" # We don't chown for Goofys, because due to the way it's mounted, # all files become owned by whoever needs to own them. @@ -78,6 +78,6 @@ name: "{{ item }}" state: started daemon_reload: yes - when: stopping_result.changed + when: "stopping_result.changed" with_items: - matrix-synapse diff --git a/roles/matrix-synapse/tasks/init.yml b/roles/matrix-synapse/tasks/init.yml index d8ff42a15..d5f648623 100644 --- a/roles/matrix-synapse/tasks/init.yml +++ b/roles/matrix-synapse/tasks/init.yml @@ -1,7 +1,7 @@ - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse'] }}" - when: matrix_synapse_enabled + when: matrix_synapse_enabled|bool - set_fact: matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys'] }}" - when: matrix_s3_media_store_enabled + when: matrix_s3_media_store_enabled|bool diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index f51b2416d..57bf8b7c7 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -3,43 +3,43 @@ - always - import_tasks: "{{ role_path }}/tasks/validate_config.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-synapse - import_tasks: "{{ role_path }}/tasks/setup_synapse.yml" - when: run_setup + when: run_setup|bool tags: - setup-all - setup-synapse - import_tasks: "{{ role_path }}/tasks/import_media_store.yml" - when: run_import_media_store + when: run_import_media_store|bool tags: - import-media-store - import_tasks: "{{ role_path }}/tasks/register_user.yml" - when: run_register_user + when: run_register_user|bool tags: - register-user - import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check + when: run_self_check|bool tags: - self-check - import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml" delegate_to: 127.0.0.1 become: false - when: run_self_check + when: run_self_check|bool tags: - self-check - import_tasks: "{{ role_path }}/tasks/update_user_password.yml" - when: run_update_user_password + when: run_update_user_password|bool tags: - update-user-password diff --git a/roles/matrix-synapse/tasks/register_user.yml b/roles/matrix-synapse/tasks/register_user.yml index c476adfeb..5f0cd9fff 100644 --- a/roles/matrix-synapse/tasks/register_user.yml +++ b/roles/matrix-synapse/tasks/register_user.yml @@ -25,7 +25,7 @@ - name: Wait a while, so that Synapse can manage to start pause: seconds: 7 - when: start_result.changed + when: "start_result.changed" - name: Register user shell: "/usr/local/bin/matrix-synapse-register-user {{ username }} {{ password }} {{ '1' if admin == 'yes' else '0' }}" diff --git a/roles/matrix-synapse/tasks/self_check_client_api.yml b/roles/matrix-synapse/tasks/self_check_client_api.yml index 2fdc3e066..50d0f4efc 100644 --- a/roles/matrix-synapse/tasks/self_check_client_api.yml +++ b/roles/matrix-synapse/tasks/self_check_client_api.yml @@ -7,14 +7,14 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_client_api ignore_errors: true - when: matrix_synapse_enabled + when: matrix_synapse_enabled|bool - name: Fail if Matrix Client API not working fail: msg: "Failed checking Matrix Client API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`). Is Synapse running? Is port 443 open in your firewall? Full error: {{ result_matrix_synapse_client_api }}" - when: "matrix_synapse_enabled and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" + when: "matrix_synapse_enabled|bool and (result_matrix_synapse_client_api.failed or 'json' not in result_matrix_synapse_client_api)" - name: Report working Matrix Client API debug: msg: "The Matrix Client API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_client_api_url_endpoint_public }}`) is working" - when: matrix_synapse_enabled + when: matrix_synapse_enabled|bool diff --git a/roles/matrix-synapse/tasks/self_check_federation_api.yml b/roles/matrix-synapse/tasks/self_check_federation_api.yml index 034d91aee..b584cb351 100644 --- a/roles/matrix-synapse/tasks/self_check_federation_api.yml +++ b/roles/matrix-synapse/tasks/self_check_federation_api.yml @@ -7,19 +7,19 @@ validate_certs: "{{ matrix_synapse_self_check_validate_certificates }}" register: result_matrix_synapse_federation_api ignore_errors: true - when: matrix_synapse_enabled + when: matrix_synapse_enabled|bool - name: Fail if Matrix Federation API not working fail: msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}" - when: "matrix_synapse_enabled and matrix_synapse_federation_enabled and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" + when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)" - name: Fail if Matrix Federation API unexpectedly enabled fail: msg: "Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) despite being disabled." - when: "matrix_synapse_enabled and not matrix_synapse_federation_enabled and not result_matrix_synapse_federation_api.failed" + when: "matrix_synapse_enabled|bool and not matrix_synapse_federation_enabled|bool and not result_matrix_synapse_federation_api.failed" - name: Report working Matrix Federation API debug: msg: "The Matrix Federation API at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`) is working" - when: "matrix_synapse_enabled and matrix_synapse_federation_enabled" + when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool" diff --git a/roles/matrix-synapse/tasks/setup_synapse.yml b/roles/matrix-synapse/tasks/setup_synapse.yml index 754ab1d9c..60b02d559 100644 --- a/roles/matrix-synapse/tasks/setup_synapse.yml +++ b/roles/matrix-synapse/tasks/setup_synapse.yml @@ -18,7 +18,7 @@ # We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml), # because if it's using Goofys and it's already mounted (from before), # trying to chown/chmod it here will cause trouble. - when: "matrix_synapse_enabled or matrix_s3_media_store_enabled" + when: "matrix_synapse_enabled|bool or matrix_s3_media_store_enabled|bool" - import_tasks: "{{ role_path }}/tasks/ext/setup.yml" diff --git a/roles/matrix-synapse/tasks/synapse/setup.yml b/roles/matrix-synapse/tasks/synapse/setup.yml index 227369a8e..b5d27c36c 100644 --- a/roles/matrix-synapse/tasks/synapse/setup.yml +++ b/roles/matrix-synapse/tasks/synapse/setup.yml @@ -1,7 +1,7 @@ --- - import_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml" - when: matrix_synapse_enabled + when: matrix_synapse_enabled|bool - import_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml" - when: "not matrix_synapse_enabled" + when: "not matrix_synapse_enabled|bool" diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index 6e56b659f..f0fc0dca5 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -71,11 +71,10 @@ - name: Ensure systemd reloaded after matrix-synapse.service installation service: daemon_reload: yes - when: matrix_synapse_systemd_service_result.changed + when: "matrix_synapse_systemd_service_result.changed" - name: Ensure matrix-synapse-register-user script created template: src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2" dest: "/usr/local/bin/matrix-synapse-register-user" mode: 0750 - diff --git a/roles/matrix-synapse/tasks/update_user_password.yml b/roles/matrix-synapse/tasks/update_user_password.yml index d28adfb4b..e3bc97b7d 100644 --- a/roles/matrix-synapse/tasks/update_user_password.yml +++ b/roles/matrix-synapse/tasks/update_user_password.yml @@ -13,7 +13,7 @@ - name: Fail if not using matrix-postgres container fail: msg: "This command is working only when matrix-postgres container is being used" - when: "not matrix_postgres_enabled" + when: "not matrix_postgres_enabled|bool" - name: Ensure matrix-synapse is started service: @@ -33,12 +33,12 @@ - name: Wait a while, so that Matrix Synapse can manage to start pause: seconds: 7 - when: start_result.changed + when: "start_result.changed" - name: Wait a while, so that Matrix Postgres can manage to start pause: seconds: 7 - when: postgres_start_result.changed + when: "postgres_start_result.changed" - name: Generate password hash shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}" From db15791819b277bce307cf1b41ca0846157b65ab Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 21 May 2019 10:29:12 -0500 Subject: [PATCH 33/39] Add source option to docker_image to fix deprecation warning --- roles/matrix-bridge-appservice-discord/tasks/setup_install.yml | 2 +- roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 1 + roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 1 + roles/matrix-corporal/tasks/setup_corporal.yml | 1 + roles/matrix-coturn/tasks/setup_coturn.yml | 1 + roles/matrix-dimension/tasks/setup_dimension.yml | 1 + roles/matrix-mailer/tasks/setup_mailer.yml | 1 + roles/matrix-mxisd/tasks/setup_mxisd.yml | 1 + roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 1 + roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml | 1 + roles/matrix-postgres/tasks/setup_postgres.yml | 1 + roles/matrix-riot-web/tasks/setup_riot_web.yml | 1 + roles/matrix-synapse/tasks/goofys/setup_install.yml | 1 + roles/matrix-synapse/tasks/synapse/setup_install.yml | 1 + 16 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index cbeb27b56..84811722c 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -11,6 +11,7 @@ - name: Ensure Appservice Discord image is pulled docker_image: name: "{{ matrix_appservice_discord_docker_image }}" + source: "pull" - name: Ensure Appservice Discord base directory exists file: @@ -90,4 +91,3 @@ {{ matrix_synapse_app_service_config_files|default([]) }} + {{ ["{{ matrix_synapse_app_service_config_file_appservice_discord }}"] | to_nice_json }} - diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index b0266bb18..00fe7dd3a 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -11,6 +11,7 @@ - name: Ensure Appservice IRC image is pulled docker_image: name: "{{ matrix_appservice_irc_docker_image }}" + source: "pull" - name: Ensure Appservice IRC base directory exists file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index f0c29193f..4c74fe38c 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -11,6 +11,7 @@ - name: Ensure Mautrix Facebook image is pulled docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" + source: "pull" - name: Ensure Mautrix Facebook base directory exists file: diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 967366cce..8460f195e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -11,6 +11,7 @@ - name: Ensure Mautrix Telegram image is pulled docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" + source: "pull" - name: Ensure Mautrix Telegram base directory exists file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index 03bc83086..f7e1d41e8 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -11,6 +11,7 @@ - name: Ensure Mautrix Whatsapp image is pulled docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" + source: "pull" - name: Ensure Mautrix Whatsapp base directory exists file: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 1fd2356b7..876def961 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -20,6 +20,7 @@ - name: Ensure Matrix Corporal Docker image is pulled docker_image: name: "{{ matrix_corporal_docker_image }}" + source: "pull" when: matrix_corporal_enabled|bool - name: Ensure Matrix Corporal config installed diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 4ee6596b6..876946f56 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -7,6 +7,7 @@ - name: Ensure Coturn image is pulled docker_image: name: "{{ matrix_coturn_docker_image }}" + source: "pull" when: matrix_coturn_enabled|bool - name: Ensure Coturn configuration path exists diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index 04c1bd7b6..011f7e1a0 100644 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -25,6 +25,7 @@ - name: Ensure Dimension image is pulled docker_image: name: "{{ matrix_dimension_docker_image }}" + source: "pull" when: matrix_dimension_enabled|bool - name: Ensure matrix-dimension.service installed diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index 2bd4cbcc4..bb4e89b12 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -23,6 +23,7 @@ - name: Ensure mailer image is pulled docker_image: name: "{{ matrix_mailer_docker_image }}" + source: "pull" when: matrix_mailer_enabled|bool - name: Ensure matrix-mailer.service installed diff --git a/roles/matrix-mxisd/tasks/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml index ee7c65a78..a8e7edc64 100644 --- a/roles/matrix-mxisd/tasks/setup_mxisd.yml +++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml @@ -19,6 +19,7 @@ - name: Ensure mxisd image is pulled docker_image: name: "{{ matrix_mxisd_docker_image }}" + source: "pull" when: matrix_mxisd_enabled|bool - name: Ensure mxisd config installed diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index d343b1d38..5bc565662 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -97,6 +97,7 @@ - name: Ensure nginx Docker image is pulled docker_image: name: "{{ matrix_nginx_proxy_docker_image }}" + source: "pull" when: matrix_nginx_proxy_enabled|bool - name: Ensure matrix-nginx-proxy.service installed diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index ee9849f6f..1061e9483 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -36,6 +36,7 @@ - name: Ensure certbot Docker image is pulled docker_image: name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}" + source: "pull" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: Obtain Let's Encrypt certificates diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index 86ba4f4d6..cc5ae1bc1 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -27,6 +27,7 @@ - name: Ensure postgres Docker image is pulled docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" + source: "pull" when: matrix_postgres_enabled|bool # We always create these directories, even if an external Postgres is used, diff --git a/roles/matrix-riot-web/tasks/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml index e64538d61..6e061c324 100644 --- a/roles/matrix-riot-web/tasks/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -16,6 +16,7 @@ - name: Ensure riot-web Docker image is pulled docker_image: name: "{{ matrix_riot_web_docker_image }}" + source: "pull" when: matrix_riot_web_enabled|bool - name: Ensure Matrix riot-web config files installed diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index 86d228b00..dc8c8d713 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,6 +1,7 @@ - name: Ensure Goofys Docker image is pulled docker_image: name: "{{ matrix_s3_goofys_docker_image }}" + source: "pull" # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index f0fc0dca5..a63a3c804 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -21,6 +21,7 @@ - name: Ensure Synapse Docker image is pulled docker_image: name: "{{ matrix_synapse_docker_image }}" + source: "pull" - name: Check if a Synapse signing key exists stat: From fa38c84be24583c70e836708e9f07df98e1f929f Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 21 May 2019 10:37:05 -0500 Subject: [PATCH 34/39] Fix casting int to string warning --- roles/matrix-coturn/tasks/setup_coturn.yml | 4 ++-- .../tasks/ssl/setup_ssl_lets_encrypt.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index 876946f56..ddc201ed7 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -64,8 +64,8 @@ cron_file: matrix-coturn-ssl-reload name: matrix-coturn-ssl-reload state: present - hour: 4 - minute: 20 + hour: "4" + minute: "20" day: "*/5" job: /bin/systemctl reload matrix-coturn.service when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool" diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 1061e9483..1b6f34c4b 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -68,8 +68,8 @@ cron_file: matrix-ssl-lets-encrypt name: matrix-ssl-lets-encrypt-certificates-renew state: present - hour: 4 - minute: 15 + hour: "4" + minute: "15" day: "*" job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew @@ -79,8 +79,8 @@ cron_file: matrix-ssl-lets-encrypt name: matrix-nginx-proxy-reload state: present - hour: 5 - minute: 20 + hour: "5" + minute: "20" day: "*" job: /bin/systemctl reload matrix-nginx-proxy.service when: matrix_nginx_proxy_enabled|bool From 093859d926c378713e5837c98e3b58383776b3b6 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Tue, 21 May 2019 10:39:33 -0500 Subject: [PATCH 35/39] Fix TRANSFORM_INVALID_GROUP_CHARS deprecation warning --- examples/hosts | 2 +- group_vars/{matrix-servers => matrix_servers} | 0 setup.yml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename group_vars/{matrix-servers => matrix_servers} (100%) diff --git a/examples/hosts b/examples/hosts index 67dc35193..7c1e29cc3 100644 --- a/examples/hosts +++ b/examples/hosts @@ -7,5 +7,5 @@ # For improved Ansible performance, SSH pipelining is enabled by default (`ansible_ssh_pipelining=yes`). # If this causes SSH connection troubles, feel free to disable it. -[matrix-servers] +[matrix_servers] matrix. ansible_host= ansible_ssh_user=root ansible_ssh_pipelining=yes diff --git a/group_vars/matrix-servers b/group_vars/matrix_servers similarity index 100% rename from group_vars/matrix-servers rename to group_vars/matrix_servers diff --git a/setup.yml b/setup.yml index ecb211e30..341840a27 100755 --- a/setup.yml +++ b/setup.yml @@ -1,6 +1,6 @@ --- - name: "Set up a Matrix server" - hosts: "{{ target if target is defined else 'matrix-servers' }}" + hosts: "{{ target if target is defined else 'matrix_servers' }}" become: true roles: From 1e1c7933e27ead4168db0becf50bf9bf42f8392a Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 22 May 2019 09:17:33 +0900 Subject: [PATCH 36/39] Mention Postgres + SSL in the docs Refers to #89 (Github Issue) --- docs/configuring-playbook-external-postgres.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/configuring-playbook-external-postgres.md b/docs/configuring-playbook-external-postgres.md index a028d1cb6..c988cfeca 100644 --- a/docs/configuring-playbook-external-postgres.md +++ b/docs/configuring-playbook-external-postgres.md @@ -19,4 +19,6 @@ matrix_synapse_database_database: "your-postgres-server-database-name" The database (as specified in `matrix_synapse_database_database`) must exist and be accessible with the given credentials. It must be empty or contain a valid Synapse database. If empty, Synapse would populate it the first time it runs. -**Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible. \ No newline at end of file +**Note**: the external server that you specify in `matrix_synapse_database_host` must be accessible from within the `matrix-synapse` Docker container (and possibly other containers too). This means that it either needs to be a publicly accessible hostname or that it's a hostname on the same Docker network where all containers installed by this playbook run (a network called `matrix` by default). Using a local PostgreSQL instance on the host (running on the same machine, but not in a container) is not possible. + +The connection to your external Postgres server **will not be SSL encrypted**, as [we don't support that yet](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/89). From 9c23d877fe67f46dbe3aca1914209b7ce6c8fe02 Mon Sep 17 00:00:00 2001 From: Dan Arnfield Date: Wed, 22 May 2019 05:43:33 -0500 Subject: [PATCH 37/39] Fix docker_image option for ansible < 2.8 --- roles/matrix-bridge-appservice-discord/tasks/setup_install.yml | 2 +- roles/matrix-bridge-appservice-irc/tasks/setup_install.yml | 2 +- roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml | 2 +- roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml | 2 +- roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml | 2 +- roles/matrix-corporal/tasks/setup_corporal.yml | 2 +- roles/matrix-coturn/tasks/setup_coturn.yml | 2 +- roles/matrix-dimension/tasks/setup_dimension.yml | 2 +- roles/matrix-mailer/tasks/setup_mailer.yml | 2 +- roles/matrix-mxisd/tasks/setup_mxisd.yml | 2 +- roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml | 2 +- roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml | 2 +- roles/matrix-postgres/tasks/setup_postgres.yml | 2 +- roles/matrix-riot-web/tasks/setup_riot_web.yml | 2 +- roles/matrix-synapse/tasks/goofys/setup_install.yml | 2 +- roles/matrix-synapse/tasks/synapse/setup_install.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml index 84811722c..59dd8d018 100644 --- a/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-discord/tasks/setup_install.yml @@ -11,7 +11,7 @@ - name: Ensure Appservice Discord image is pulled docker_image: name: "{{ matrix_appservice_discord_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Ensure Appservice Discord base directory exists file: diff --git a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml index 00fe7dd3a..2825ac6b7 100644 --- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml +++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml @@ -11,7 +11,7 @@ - name: Ensure Appservice IRC image is pulled docker_image: name: "{{ matrix_appservice_irc_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Ensure Appservice IRC base directory exists file: diff --git a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml index 4c74fe38c..a13321872 100644 --- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml @@ -11,7 +11,7 @@ - name: Ensure Mautrix Facebook image is pulled docker_image: name: "{{ matrix_mautrix_facebook_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Ensure Mautrix Facebook base directory exists file: diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml index 8460f195e..59b95550e 100644 --- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml @@ -11,7 +11,7 @@ - name: Ensure Mautrix Telegram image is pulled docker_image: name: "{{ matrix_mautrix_telegram_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Ensure Mautrix Telegram base directory exists file: diff --git a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml index f7e1d41e8..7c090e9b4 100644 --- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml +++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml @@ -11,7 +11,7 @@ - name: Ensure Mautrix Whatsapp image is pulled docker_image: name: "{{ matrix_mautrix_whatsapp_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Ensure Mautrix Whatsapp base directory exists file: diff --git a/roles/matrix-corporal/tasks/setup_corporal.yml b/roles/matrix-corporal/tasks/setup_corporal.yml index 876def961..9c65b11c4 100644 --- a/roles/matrix-corporal/tasks/setup_corporal.yml +++ b/roles/matrix-corporal/tasks/setup_corporal.yml @@ -20,7 +20,7 @@ - name: Ensure Matrix Corporal Docker image is pulled docker_image: name: "{{ matrix_corporal_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_corporal_enabled|bool - name: Ensure Matrix Corporal config installed diff --git a/roles/matrix-coturn/tasks/setup_coturn.yml b/roles/matrix-coturn/tasks/setup_coturn.yml index ddc201ed7..6a7a9f184 100644 --- a/roles/matrix-coturn/tasks/setup_coturn.yml +++ b/roles/matrix-coturn/tasks/setup_coturn.yml @@ -7,7 +7,7 @@ - name: Ensure Coturn image is pulled docker_image: name: "{{ matrix_coturn_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_coturn_enabled|bool - name: Ensure Coturn configuration path exists diff --git a/roles/matrix-dimension/tasks/setup_dimension.yml b/roles/matrix-dimension/tasks/setup_dimension.yml index 011f7e1a0..436bdd6d8 100644 --- a/roles/matrix-dimension/tasks/setup_dimension.yml +++ b/roles/matrix-dimension/tasks/setup_dimension.yml @@ -25,7 +25,7 @@ - name: Ensure Dimension image is pulled docker_image: name: "{{ matrix_dimension_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_dimension_enabled|bool - name: Ensure matrix-dimension.service installed diff --git a/roles/matrix-mailer/tasks/setup_mailer.yml b/roles/matrix-mailer/tasks/setup_mailer.yml index bb4e89b12..b60d031db 100644 --- a/roles/matrix-mailer/tasks/setup_mailer.yml +++ b/roles/matrix-mailer/tasks/setup_mailer.yml @@ -23,7 +23,7 @@ - name: Ensure mailer image is pulled docker_image: name: "{{ matrix_mailer_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_mailer_enabled|bool - name: Ensure matrix-mailer.service installed diff --git a/roles/matrix-mxisd/tasks/setup_mxisd.yml b/roles/matrix-mxisd/tasks/setup_mxisd.yml index a8e7edc64..4f9fdca8d 100644 --- a/roles/matrix-mxisd/tasks/setup_mxisd.yml +++ b/roles/matrix-mxisd/tasks/setup_mxisd.yml @@ -19,7 +19,7 @@ - name: Ensure mxisd image is pulled docker_image: name: "{{ matrix_mxisd_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_mxisd_enabled|bool - name: Ensure mxisd config installed diff --git a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 5bc565662..b775c3332 100644 --- a/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -97,7 +97,7 @@ - name: Ensure nginx Docker image is pulled docker_image: name: "{{ matrix_nginx_proxy_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_nginx_proxy_enabled|bool - name: Ensure matrix-nginx-proxy.service installed diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 1b6f34c4b..970ecc948 100644 --- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -36,7 +36,7 @@ - name: Ensure certbot Docker image is pulled docker_image: name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: Obtain Let's Encrypt certificates diff --git a/roles/matrix-postgres/tasks/setup_postgres.yml b/roles/matrix-postgres/tasks/setup_postgres.yml index cc5ae1bc1..3df4c6e00 100644 --- a/roles/matrix-postgres/tasks/setup_postgres.yml +++ b/roles/matrix-postgres/tasks/setup_postgres.yml @@ -27,7 +27,7 @@ - name: Ensure postgres Docker image is pulled docker_image: name: "{{ matrix_postgres_docker_image_to_use }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_postgres_enabled|bool # We always create these directories, even if an external Postgres is used, diff --git a/roles/matrix-riot-web/tasks/setup_riot_web.yml b/roles/matrix-riot-web/tasks/setup_riot_web.yml index 6e061c324..1d4201778 100644 --- a/roles/matrix-riot-web/tasks/setup_riot_web.yml +++ b/roles/matrix-riot-web/tasks/setup_riot_web.yml @@ -16,7 +16,7 @@ - name: Ensure riot-web Docker image is pulled docker_image: name: "{{ matrix_riot_web_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" when: matrix_riot_web_enabled|bool - name: Ensure Matrix riot-web config files installed diff --git a/roles/matrix-synapse/tasks/goofys/setup_install.yml b/roles/matrix-synapse/tasks/goofys/setup_install.yml index dc8c8d713..0a73d45ee 100644 --- a/roles/matrix-synapse/tasks/goofys/setup_install.yml +++ b/roles/matrix-synapse/tasks/goofys/setup_install.yml @@ -1,7 +1,7 @@ - name: Ensure Goofys Docker image is pulled docker_image: name: "{{ matrix_s3_goofys_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" # This will throw a Permission Denied error if already mounted - name: Check Matrix Goofys external storage mountpoint path diff --git a/roles/matrix-synapse/tasks/synapse/setup_install.yml b/roles/matrix-synapse/tasks/synapse/setup_install.yml index a63a3c804..56747c1d0 100644 --- a/roles/matrix-synapse/tasks/synapse/setup_install.yml +++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml @@ -21,7 +21,7 @@ - name: Ensure Synapse Docker image is pulled docker_image: name: "{{ matrix_synapse_docker_image }}" - source: "pull" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - name: Check if a Synapse signing key exists stat: From 7a08c9b7cc4fef9092b54bc132d0e56b6a64f7a9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 May 2019 08:52:12 +0900 Subject: [PATCH 38/39] Update changelog --- CHANGELOG.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ab43b919..27e83dc4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# 2019-05-23 + +## Ansible 2.8 compatibility + +Thanks to [@danbob](https://github.com/danbob), the playbook now [supports the new Ansible 2.8](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/187). + +A manual change is required to the `inventory/hosts` file, changing the group name from `matrix-servers` to `matrix_servers` (dash to underscore). + +To avoid doing it manually, run this: +- Linux: `sed -i 's/matrix-servers/matrix_servers/g' inventory/hosts` +- Mac: `sed -i '' 's/matrix-servers/matrix_servers/g' inventory/hosts` + + # 2019-05-21 ## Synapse no longer required From a8b633561daffc5f6ce20def13682a7f8d6aa8e9 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 23 May 2019 09:23:04 +0900 Subject: [PATCH 39/39] Upgrade Synapse (v0.99.4 -> v0.99.5.1) --- roles/matrix-synapse/defaults/main.yml | 19 +-- .../matrix-synapse/tasks/validate_config.yml | 7 ++ .../templates/synapse/homeserver.yaml.j2 | 119 +++++++++++++----- 3 files changed, 104 insertions(+), 41 deletions(-) diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index e450d6177..1a854f2f4 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -3,7 +3,7 @@ matrix_synapse_enabled: true -matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.4" +matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.5.1" matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse" matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config" @@ -67,8 +67,9 @@ matrix_synapse_storage_sql_log_level: "INFO" matrix_synapse_root_log_level: "INFO" # Rate limits -matrix_synapse_rc_messages_per_second: 0.2 -matrix_synapse_rc_message_burst_count: 10.0 +matrix_synapse_rc_message: + per_second: 0.2 + burst_count: 10 matrix_synapse_rc_registration: per_second: 0.17 @@ -85,11 +86,13 @@ matrix_synapse_rc_login: per_second: 0.17 burst_count: 3 -matrix_synapse_federation_rc_window_size: 1000 -matrix_synapse_federation_rc_sleep_limit: 10 -matrix_synapse_federation_rc_sleep_delay: 500 -matrix_synapse_federation_rc_reject_limit: 50 -matrix_synapse_federation_rc_concurrent: 3 +matrix_synapse_rc_federation: + window_size: 1000 + sleep_limit: 10 + sleep_delay: 500 + reject_limit: 50 + concurrent: 3 + matrix_synapse_federation_rr_transactions_per_room_per_second: 50 # Controls whether the TLS federation listener is enabled (tcp/8448). diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index cdc649cc1..d4efad9da 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -20,3 +20,10 @@ - {'old': 'matrix_enable_room_list_search', 'new': 'matrix_synapse_enable_room_list_search'} - {'old': 'matrix_alias_creation_rules', 'new': 'matrix_synapse_alias_creation_rules'} - {'old': 'matrix_room_list_publication_rules', 'new': 'matrix_synapse_room_list_publication_rules'} + - {'old': 'matrix_synapse_rc_messages_per_second', 'new': ''} + - {'old': 'matrix_synapse_rc_message_burst_count', 'new': ''} + - {'old': 'matrix_synapse_federation_rc_window_size', 'new': ''} + - {'old': 'matrix_synapse_federation_rc_sleep_limit', 'new': ''} + - {'old': 'matrix_synapse_federation_rc_sleep_delay', 'new': ''} + - {'old': 'matrix_synapse_federation_rc_reject_limit', 'new': ''} + - {'old': 'matrix_synapse_federation_rc_concurrent', 'new': ''} diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index ce2f16774..c51a60a01 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -110,6 +110,24 @@ use_presence: {{ matrix_synapse_use_presence|to_json }} federation_domain_whitelist: {{ matrix_synapse_federation_domain_whitelist|to_json }} {% endif %} +# Prevent federation requests from being sent to the following +# blacklist IP address CIDR ranges. If this option is not specified, or +# specified with an empty list, no ip range blacklist will be enforced. +# +# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly +# listed here, since they correspond to unroutable addresses.) +# +federation_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' + # List of ports that Synapse should listen on, their purpose and their # configuration. # @@ -260,6 +278,12 @@ listeners: # #require_membership_for_aliases: false +# Whether to allow per-room membership profiles through the send of membership +# events with profile information that differ from the target's global profile. +# Defaults to 'true'. +# +#allow_per_room_profiles: false + ## TLS ## @@ -433,21 +457,15 @@ log_config: "/data/{{ matrix_server_fqn_matrix }}.log.config" ## Ratelimiting ## -# Number of messages a client can send per second -# -rc_messages_per_second: {{ matrix_synapse_rc_messages_per_second }} - -# Number of message a client can send before being throttled -# -rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }} - -# Ratelimiting settings for registration and login. +# Ratelimiting settings for client actions (registration, login, messaging). # # Each ratelimiting configuration is made of two parameters: # - per_second: number of requests a client can send per second. # - burst_count: number of requests a client can send before being throttled. # # Synapse currently uses the following configurations: +# - one for messages that ratelimits sending based on the account the client +# is using # - one for registration that ratelimits registration requests based on the # client's IP address. # - one for login that ratelimits login requests based on the client's IP @@ -460,6 +478,12 @@ rc_message_burst_count: {{ matrix_synapse_rc_message_burst_count }} # # The defaults are as shown below. # +#rc_message: +# per_second: 0.2 +# burst_count: 10 +# +rc_message: {{ matrix_synapse_rc_message|to_json }} +# #rc_registration: # per_second: 0.17 # burst_count: 3 @@ -477,34 +501,29 @@ rc_registration: {{ matrix_synapse_rc_registration|to_json }} # burst_count: 3 rc_login: {{ matrix_synapse_rc_login|to_json }} -# The federation window size in milliseconds -# -#federation_rc_window_size: 1000 -federation_rc_window_size: {{ matrix_synapse_federation_rc_window_size }} -# The number of federation requests from a single server in a window -# before the server will delay processing the request. +# Ratelimiting settings for incoming federation # -#federation_rc_sleep_limit: 10 -federation_rc_sleep_limit: {{ matrix_synapse_federation_rc_sleep_limit }} - -# The duration in milliseconds to delay processing events from -# remote servers by if they go over the sleep limit. +# The rc_federation configuration is made up of the following settings: +# - window_size: window size in milliseconds +# - sleep_limit: number of federation requests from a single server in +# a window before the server will delay processing the request. +# - sleep_delay: duration in milliseconds to delay processing events +# from remote servers by if they go over the sleep limit. +# - reject_limit: maximum number of concurrent federation requests +# allowed from a single server +# - concurrent: number of federation requests to concurrently process +# from a single server # -#federation_rc_sleep_delay: 500 -federation_rc_sleep_delay: {{ matrix_synapse_federation_rc_sleep_delay }} - -# The maximum number of concurrent federation requests allowed -# from a single server +# The defaults are as shown below. # -#federation_rc_reject_limit: 50 -federation_rc_reject_limit: {{ matrix_synapse_federation_rc_reject_limit }} - -# The number of federation requests to concurrently process from a -# single server -# -#federation_rc_concurrent: 3 -federation_rc_concurrent: {{ matrix_synapse_federation_rc_concurrent }} +#rc_federation: +# window_size: 1000 +# sleep_limit: 10 +# sleep_delay: 500 +# reject_limit: 50 +# concurrent: 3 +rc_federation: {{ matrix_synapse_rc_federation|to_json }} # Target outgoing federation transaction frequency for sending read-receipts, # per-room. @@ -719,6 +738,40 @@ turn_allow_guests: False # enable_registration: {{ matrix_synapse_enable_registration|to_json }} +# Optional account validity configuration. This allows for accounts to be denied +# any request after a given period. +# +# ``enabled`` defines whether the account validity feature is enabled. Defaults +# to False. +# +# ``period`` allows setting the period after which an account is valid +# after its registration. When renewing the account, its validity period +# will be extended by this amount of time. This parameter is required when using +# the account validity feature. +# +# ``renew_at`` is the amount of time before an account's expiry date at which +# Synapse will send an email to the account's email address with a renewal link. +# This needs the ``email`` and ``public_baseurl`` configuration sections to be +# filled. +# +# ``renew_email_subject`` is the subject of the email sent out with the renewal +# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter +# from the ``email`` section. +# +# Once this feature is enabled, Synapse will look for registered users without an +# expiration date at startup and will add one to every account it found using the +# current settings at that time. +# This means that, if a validity period is set, and Synapse is restarted (it will +# then derive an expiration date from the current validity period), and some time +# after that the validity period changes and Synapse is restarted, the users' +# expiration dates won't be updated unless their account is manually renewed. +# +#account_validity: +# enabled: True +# period: 6w +# renew_at: 1w +# renew_email_subject: "Renew your %(app)s account" + # The user must provide all of the below types of 3PID when registering. # #registrations_require_3pid: