feat: enroll signalgo to nginx proxy

group_vars/matrix_servers

@@ -97,6 +97,8 @@ matrix_homeserver_container_extra_arguments_auto: |
     +
     (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
     +
+    (['--mount type=bind,src=' + matrix_mautrix_signalgo_config_path + '/registration.yaml,dst=/matrix-mautrix-signalgo-registration.yaml,ro'] if matrix_mautrix_signalgo_enabled else [])
+    +
     (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
     +
     (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
@@ -160,6 +162,8 @@ matrix_homeserver_app_service_config_files_auto: |
     +
     (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
     +
+    (['/matrix-mautrix-signalgo-registration.yaml'] if matrix_mautrix_signalgo_enabled else [])
+    +
     (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
     +
     (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
@@ -276,8 +280,12 @@ devture_systemd_service_manager_services_list_auto: |
     +
     ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
     +
+    ([{'name': 'matrix-mautrix-signalgo.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signalgo']}] if matrix_mautrix_signalgo_enabled else [])
+    +
     ([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else [])
     +
+    ([{'name': 'matrix-mautrix-signalgo-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signalgo', 'mautrix-signalgo-daemon']}] if matrix_mautrix_signalgo_enabled else [])
+    +
     ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
     +
     ([{'name': 'matrix-mautrix-twitter.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-twitter']}] if matrix_mautrix_twitter_enabled else [])
@@ -1090,6 +1098,51 @@ matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture
 #
 ######################################################################
 
+######################################################################
+#
+# matrix-bridge-mautrix-signalgo
+#
+######################################################################
+
+# We don't enable bridges by default.
+matrix_mautrix_signalgo_enabled: false
+
+matrix_mautrix_signalgo_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
+
+matrix_mautrix_signalgo_systemd_required_services_list: |
+  {{
+    ['docker.service']
+    +
+    ['matrix-' + matrix_homeserver_implementation + '.service']
+    +
+    ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+    +
+    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+  }}
+
+matrix_mautrix_signalgo_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.as.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_signalgo_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.hs.token', rounds=655555) | to_uuid }}"
+
+matrix_mautrix_signalgo_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
+
+# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
+# - `matrix_mautrix_signalgo_metrics_enabled`
+# - `matrix_mautrix_signalgo_proxying_metrics_enabled`
+# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
+matrix_mautrix_signalgo_metrics_enabled: "{{ prometheus_enabled }}"
+
+# Postgres is the default, except if not using internal Postgres server
+matrix_mautrix_signalgo_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
+matrix_mautrix_signalgo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
+matrix_mautrix_signalgo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mausignalgo.db', rounds=655555) | to_uuid }}"
+
+######################################################################
+#
+# /matrix-bridge-mautrix-signalgo
+#
+######################################################################
+
 ######################################################################
 #
 # matrix-bridge-mautrix-telegram
@@ -3129,6 +3182,12 @@ devture_postgres_managed_databases_auto: |
       'password': matrix_mautrix_signal_database_password,
     }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
     +
+    ([{
+      'name': matrix_mautrix_signalgo_database_name,
+      'username': matrix_mautrix_signalgo_database_username,
+      'password': matrix_mautrix_signalgo_database_password,
+    }] if (matrix_mautrix_signalgo_enabled and matrix_mautrix_signalgo_database_engine == 'postgres' and matrix_mautrix_signalgo_database_hostname == devture_postgres_connection_hostname) else [])
+    +
     ([{
       'name': matrix_mautrix_wsproxy_syncproxy_database_name,
       'username': matrix_mautrix_wsproxy_syncproxy_database_username,