Add appservice-double-puppet service for better bridge double-puppeting
Bridges will be switched to this new method in future patches.
This commit is contained in:
Slavi Pantaleev
@ -0,0 +1,38 @@
|
||||
matrix_appservice_double_puppet_enabled: true
|
||||
|
||||
matrix_appservice_double_puppet_base_path: "{{ matrix_base_data_path }}/appservice-double-puppet"
|
||||
matrix_appservice_double_puppet_config_path: "{{ matrix_appservice_double_puppet_base_path }}/config"
|
||||
|
||||
matrix_appservice_double_puppet_registration_id: double-puppet
|
||||
matrix_appservice_double_puppet_registration_url: ~
|
||||
matrix_appservice_double_puppet_registration_as_token: ''
|
||||
matrix_appservice_double_puppet_registration_hs_token: ''
|
||||
matrix_appservice_double_puppet_registration_sender_localpart: appservice-double-puppet
|
||||
|
||||
matrix_appservice_double_puppet_registration_namespace_user_regex: "{{ '@.*:' + (matrix_domain | regex_escape) }}"
|
||||
|
||||
# Default matrix-appservice-double-puppet registration configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_appservice_double_puppet_registration_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_appservice_double_puppet_registration_configuration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}"
|
||||
|
||||
matrix_appservice_double_puppet_registration_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for matrix-appservice-double-puppet goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_appservice_double_puppet_registration_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_appservice_double_puppet_registration_configuration_yaml`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# rate_limited: true
|
||||
|
||||
matrix_appservice_double_puppet_registration_configuration_extension: "{{ matrix_appservice_double_puppet_registration_configuration_extension_yaml | from_yaml if matrix_appservice_double_puppet_registration_configuration_extension_yaml | from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final matrix-appservice-double-puppet configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_appservice_double_puppet_registration_configuration_yaml`.
|
||||
matrix_appservice_double_puppet_registration_configuration: "{{ matrix_appservice_double_puppet_registration_configuration_yaml | from_yaml | combine(matrix_appservice_double_puppet_registration_configuration_extension, recursive=True) }}"
|
||||
@ -0,0 +1,23 @@
|
||||
---
|
||||
|
||||
- name: Ensure matrix-appservice-double-puppet paths exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- path: "{{ matrix_appservice_double_puppet_base_path }}"
|
||||
when: true
|
||||
- path: "{{ matrix_appservice_double_puppet_config_path }}"
|
||||
when: true
|
||||
when: item.when | bool
|
||||
|
||||
- name: Ensure matrix-appservice-double-puppet registration configuration installed
|
||||
ansible.builtin.copy:
|
||||
content: "{{ matrix_appservice_double_puppet_registration_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
||||
dest: "{{ matrix_appservice_double_puppet_config_path }}/registration.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
20
roles/custom/matrix-appservice-double-puppet/tasks/main.yml
Normal file
20
roles/custom/matrix-appservice-double-puppet/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-appservice-double-puppet
|
||||
- install-all
|
||||
- install-appservice-double-puppet
|
||||
block:
|
||||
- when: matrix_appservice_double_puppet_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
|
||||
- when: matrix_appservice_double_puppet_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/install.yml"
|
||||
|
||||
- tags:
|
||||
- setup-all
|
||||
- setup-appservice-double-puppet
|
||||
block:
|
||||
- when: not matrix_appservice_double_puppet_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/uninstall.yml"
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: Ensure matrix-appservice-double-puppet paths don't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_appservice_double_puppet_base_path }}"
|
||||
state: absent
|
||||
@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: Fail if required matrix-appservice-double-puppet settings not defined
|
||||
ansible.builtin.fail:
|
||||
msg: >
|
||||
You need to define a required configuration setting (`{{ item.name }}`).
|
||||
when: "item.when | bool and vars[item.name] == ''"
|
||||
with_items:
|
||||
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
|
||||
- {'name': 'matrix_appservice_double_puppet_registration_as_token', when: true}
|
||||
- {'name': 'matrix_appservice_double_puppet_registration_sender_localpart', when: true}
|
||||
@ -0,0 +1,21 @@
|
||||
# The ID doesn't really matter, put whatever you want.
|
||||
id: {{ matrix_appservice_double_puppet_registration_id | to_json }}
|
||||
# The URL is intentionally left empty (null), as the homeserver shouldn't
|
||||
# push events anywhere for this extra appservice. If you use a
|
||||
# non-spec-compliant server, you may need to put some fake URL here.
|
||||
url: {{ matrix_appservice_double_puppet_registration_url | to_json }}
|
||||
# Generate random strings for these three fields. Only the as_token really
|
||||
# matters, hs_token is never used because there's no url, and the default
|
||||
# user (sender_localpart) is never used either.
|
||||
as_token: {{ matrix_appservice_double_puppet_registration_as_token | to_json }}
|
||||
hs_token: {{ matrix_appservice_double_puppet_registration_hs_token | to_json }}
|
||||
sender_localpart: {{ matrix_appservice_double_puppet_registration_sender_localpart | to_json}}
|
||||
# Bridges don't like ratelimiting. This should only apply when using the
|
||||
# as_token, normal user tokens will still be ratelimited.
|
||||
rate_limited: false
|
||||
namespaces:
|
||||
users:
|
||||
# Replace your\.domain with your server name (escape dots for regex)
|
||||
- regex: {{ matrix_appservice_double_puppet_registration_namespace_user_regex | to_json }}
|
||||
# This must be false so the appservice doesn't take over all users completely.
|
||||
exclusive: false
|
||||
Reference in New Issue
Block a user