Update matrix-registration-bot, improve authentication config (#2723)
* Adjust to new mrb docker versioning * Stabilze authentication * fix lint * Move & document mrb password usage * Add clean cache role * Document clean cache * Fix lint * Update CHANGELOG.md * Automate access tokens * Improve changelog * Make use of mrb's function to fetch API tokens * Adjust changelog * Use ansible.builtin.file to clear directory * Fix typo --------- Co-authored-by: Slavi Pantaleev <slavi@devture.com>
This commit is contained in:
parent
856a328e96
commit
14f7eed932
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,3 +1,14 @@
|
|||||||
|
# 2023-07-24
|
||||||
|
|
||||||
|
## matrix-registration-bot usage changed
|
||||||
|
|
||||||
|
[matrix-registration-bot](docs/configuring-playbook-bot-matrix-registration-bot.md) got some updates and now supports password-only-based login. Therefore the bot now doesn't need any manual configuration except setting a password in your `vars.yml`. The bot will be registered as admin and access tokens will be obtained automatically by the bot.
|
||||||
|
|
||||||
|
**For existing users** You need to set `matrix_bot_matrix_registration_bot_bot_password` if you previously only used `matrix_bot_matrix_registration_bot_bot_access_token`. Please also remove the following deprecated settings
|
||||||
|
|
||||||
|
* `matrix_bot_matrix_registration_bot_bot_access_token`
|
||||||
|
* `matrix_bot_matrix_registration_bot_api_token`
|
||||||
|
|
||||||
# 2023-07-21
|
# 2023-07-21
|
||||||
|
|
||||||
## mautrix-gmessages support
|
## mautrix-gmessages support
|
||||||
|
@ -2,40 +2,30 @@
|
|||||||
|
|
||||||
The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
|
The playbook can install and configure [matrix-registration-bot](https://github.com/moan0s/matrix-registration-bot) for you.
|
||||||
|
|
||||||
The bot allows you to easily **create and manage registration tokens**. It can be used for an invitation-based server,
|
The bot allows you to easily **create and manage registration tokens** aka. invitation codes.
|
||||||
where you invite someone by sending them a registration token. They can register as normal but have to provide a valid
|
It can be used for an invitation-based server,
|
||||||
registration token in a final step of the registration.
|
where you invite someone by sending them a registration token (loook like this: `rbalQ0zkaDSRQCOp`). They can register as normal but have to provide a valid registration token in a final step of the registration.
|
||||||
|
|
||||||
See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
|
See the project's [documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands) to learn what it
|
||||||
does and why it might be useful to you.
|
does and why it might be useful to you.
|
||||||
|
|
||||||
|
|
||||||
## Registering the bot user
|
## Configuration
|
||||||
|
|
||||||
By default, the playbook will set use the bot with a username like this: `@bot.matrix-registration-bot:DOMAIN`.
|
To enable the bot, add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
||||||
|
|
||||||
(to use a different username, adjust the `matrix_bot_matrix_registration_bot_matrix_user_id_localpart` variable).
|
For `matrix_bot_matrix_registration_bot_api_token`you need an access token with the permission to access the admin api. Access to the API is needed for all restricted actions of the bot (list, create etc..). Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
|
||||||
|
|
||||||
For [other bots supported by the playbook](configuring-playbook.md#bots), Matrix bot user accounts are created and put to use automatically. For `matrix-registration-bot`, however, this is not the case - you **need to register the bot user manually** before setting up the bot. You can use the playbook to [register a new user](registering-users.md):
|
|
||||||
|
|
||||||
```
|
|
||||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.matrix-registration-bot password=PASSWORD_FOR_THE_BOT admin=yes' --tags=register-user
|
|
||||||
```
|
|
||||||
|
|
||||||
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
|
|
||||||
|
|
||||||
## Obtaining an admin access token
|
|
||||||
|
|
||||||
In order to use the bot you need to add an admin user's access token token to the configuration. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md).
|
|
||||||
|
|
||||||
## Adjusting the playbook configuration
|
|
||||||
|
|
||||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file:
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
matrix_bot_matrix_registration_bot_enabled: true
|
matrix_bot_matrix_registration_bot_enabled: true
|
||||||
# Token obtained via logging into the bot account (see above)
|
|
||||||
matrix_bot_matrix_registration_bot_bot_access_token: "syt_bW9hbm9z_XXXXXXXXXXXXXr_2kuzbE"
|
#By default, the playbook will set use the bot with a username like
|
||||||
|
## this: `@bot.matrix-registration-bot:DOMAIN`.
|
||||||
|
# To use a different username, uncomment & adjust the variable.
|
||||||
|
# matrix_bot_matrix_registration_bot_matrix_user_id_localpart: bot.matrix-registration-bot
|
||||||
|
|
||||||
|
# Generate a strong password here. Consider generating it with `pwgen -s 64 1`
|
||||||
|
matrix_bot_matrix_registration_bot_password: PASSWORD_FOR_THE_BOT
|
||||||
|
|
||||||
# Enables registration
|
# Enables registration
|
||||||
matrix_synapse_enable_registration: true
|
matrix_synapse_enable_registration: true
|
||||||
@ -44,6 +34,7 @@ matrix_synapse_enable_registration: true
|
|||||||
matrix_synapse_registration_requires_token: true
|
matrix_synapse_registration_requires_token: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The bot account will be automatically created.
|
||||||
|
|
||||||
## Installing
|
## Installing
|
||||||
|
|
||||||
@ -56,10 +47,16 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
|||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
To use the bot, create a **non-encrypted** room and invite `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).
|
To use the bot, message `@bot.matrix-registration-bot:DOMAIN` (where `DOMAIN` is your base domain, not the `matrix.` domain).
|
||||||
|
|
||||||
In this room send `help` and the bot will reply with all options.
|
In this room send `help` and the bot will reply with all options.
|
||||||
|
|
||||||
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
|
You can also refer to the upstream [Usage documentation](https://github.com/moan0s/matrix-registration-bot#supported-commands).
|
||||||
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
|
If you have any questions, or if you need help setting it up, read the [troublshooting guide](https://github.com/moan0s/matrix-registration-bot/blob/main/docs/troubleshooting.md)
|
||||||
or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
|
or join [#matrix-registration-bot:hyteck.de](https://matrix.to/#/#matrix-registration-bot:hyteck.de).
|
||||||
|
|
||||||
|
To clean the cache (session&encryption data) after you changed the bot's username, changed the login methon form access_token to password etc.. you can use
|
||||||
|
|
||||||
|
```bash
|
||||||
|
just run-tags bot-matrix-registration-bot-clean-cache
|
||||||
|
```
|
||||||
|
@ -4123,6 +4123,12 @@ matrix_conduit_systemd_required_services_list: |
|
|||||||
|
|
||||||
matrix_user_creator_users_auto: |
|
matrix_user_creator_users_auto: |
|
||||||
{{
|
{{
|
||||||
|
([{
|
||||||
|
'username': matrix_bot_matrix_registration_bot_matrix_user_id_localpart,
|
||||||
|
'initial_password': matrix_bot_matrix_registration_bot_bot_password,
|
||||||
|
'initial_type': 'admin',
|
||||||
|
}] if matrix_bot_matrix_registration_bot_enabled else [])
|
||||||
|
+
|
||||||
([{
|
([{
|
||||||
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
|
'username': matrix_bot_matrix_reminder_bot_matrix_user_id_localpart,
|
||||||
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
|
'initial_password': matrix_bot_matrix_reminder_bot_matrix_user_password,
|
||||||
|
@ -8,8 +8,10 @@ matrix_bot_matrix_registration_bot_docker_repo: "https://github.com/moan0s/matri
|
|||||||
matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
|
matrix_bot_matrix_registration_bot_docker_repo_version: "{{ matrix_bot_matrix_registration_bot_version if matrix_bot_matrix_registration_bot_version != 'latest' else 'main' }}"
|
||||||
matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
|
matrix_bot_matrix_registration_bot_docker_src_files_path: "{{ matrix_bot_matrix_registration_bot_base_path }}/docker-src"
|
||||||
|
|
||||||
matrix_bot_matrix_registration_bot_version: latest
|
matrix_bot_matrix_registration_bot_version: 1.3.0
|
||||||
matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_version }}"
|
matrix_bot_matrix_registration_bot_docker_iteration: 0
|
||||||
|
matrix_bot_matrix_registration_bot_docker_tag: "{{ matrix_bot_matrix_registration_bot_version }}-{{ matrix_bot_matrix_registration_bot_docker_iteration}}"
|
||||||
|
matrix_bot_matrix_registration_bot_docker_image: "{{ matrix_container_global_registry_prefix }}moanos/matrix-registration-bot:{{ matrix_bot_matrix_registration_bot_docker_tag }}"
|
||||||
matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
|
matrix_bot_matrix_registration_bot_docker_image_force_pull: "{{ matrix_bot_matrix_registration_bot_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
|
matrix_bot_matrix_registration_bot_base_path: "{{ matrix_base_data_path }}/matrix-registration-bot"
|
||||||
@ -19,15 +21,15 @@ matrix_bot_matrix_registration_bot_data_path: "{{ matrix_bot_matrix_registration
|
|||||||
matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
|
matrix_bot_matrix_registration_bot_bot_server: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
|
matrix_bot_matrix_registration_bot_api_base_url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
# The access token that the bot uses to communicate in Matrix chats
|
|
||||||
# This does not necessarily need to be a privileged (admin) access token.
|
|
||||||
matrix_bot_matrix_registration_bot_bot_access_token: ''
|
|
||||||
|
|
||||||
# The access token that the bot uses to call the Matrix API for creating registration tokens.
|
# The bot's password (can also be used to login via a client like element)
|
||||||
# This needs to be a privileged (admin) access token.
|
matrix_bot_matrix_registration_bot_bot_password: ''
|
||||||
# By default, we assume `matrix_bot_matrix_registration_bot_bot_access_token` is such a privileged token and we use it as is.
|
|
||||||
# If necessary, you can define your own other access token here, which might even be for a different Matrix user.
|
# Optional variable that only needs to be set if the bot account is not admin
|
||||||
matrix_bot_matrix_registration_bot_api_token: "{{ matrix_bot_matrix_registration_bot_bot_access_token }}"
|
# Needs to be a valid access token of an admin account
|
||||||
|
matrix_bot_matrix_registration_bot_api_token: ''
|
||||||
|
|
||||||
|
matrix_bot_matrix_registration_bot_device_id: "matrix-docker-ansible-deploy"
|
||||||
|
|
||||||
matrix_bot_matrix_registration_bot_logging_level: info
|
matrix_bot_matrix_registration_bot_logging_level: info
|
||||||
matrix_bot_matrix_registration_environment_variables_extension: ''
|
matrix_bot_matrix_registration_environment_variables_extension: ''
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Delete cache files
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: "{{ item }}"
|
||||||
|
path: "{{ matrix_bot_matrix_registration_bot_data_path }}"
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_groupname }}"
|
||||||
|
with_items:
|
||||||
|
- absent
|
||||||
|
- directory
|
@ -18,3 +18,9 @@
|
|||||||
block:
|
block:
|
||||||
- when: not matrix_bot_matrix_registration_bot_enabled | bool
|
- when: not matrix_bot_matrix_registration_bot_enabled | bool
|
||||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||||
|
|
||||||
|
- tags:
|
||||||
|
- bot-matrix-registration-bot-clean-cache
|
||||||
|
block:
|
||||||
|
- when: matrix_bot_matrix_registration_bot_enabled | bool
|
||||||
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/clean_cache.yml"
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
|
- {path: "{{ matrix_bot_matrix_registration_bot_config_path }}", when: true}
|
||||||
- - {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
|
- {path: "{{ matrix_bot_matrix_registration_bot_data_path }}", when: true}
|
||||||
- {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
|
- {path: "{{ matrix_bot_matrix_registration_bot_docker_src_files_path }}", when: true}
|
||||||
when: "item.when | bool"
|
when: "item.when | bool"
|
||||||
|
|
||||||
|
@ -5,6 +5,13 @@
|
|||||||
msg: >-
|
msg: >-
|
||||||
You need to define a required configuration setting (`{{ item }}`).
|
You need to define a required configuration setting (`{{ item }}`).
|
||||||
when: "vars[item] == ''"
|
when: "vars[item] == ''"
|
||||||
|
with_items:
|
||||||
|
- "matrix_bot_matrix_registration_bot_bot_password"
|
||||||
|
|
||||||
|
- name: (Deprecation) Catch and report old settings
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Your configuration contains a variable, which is deprecated - Please check the documentation on how to configure the matrix-registration-bot.
|
||||||
|
when: "item in vars"
|
||||||
with_items:
|
with_items:
|
||||||
- "matrix_bot_matrix_registration_bot_bot_access_token"
|
- "matrix_bot_matrix_registration_bot_bot_access_token"
|
||||||
- "matrix_bot_matrix_registration_bot_api_token"
|
|
||||||
|
@ -1,12 +1,16 @@
|
|||||||
bot:
|
bot:
|
||||||
server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
|
server: {{ matrix_bot_matrix_registration_bot_bot_server|to_json }}
|
||||||
username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
|
username: {{ matrix_bot_matrix_registration_bot_matrix_user_id_localpart|to_json }}
|
||||||
access_token: {{ matrix_bot_matrix_registration_bot_bot_access_token|to_json }}
|
password: {{ matrix_bot_matrix_registration_bot_bot_password|to_json }}
|
||||||
|
|
||||||
api:
|
api:
|
||||||
# API endpoint of the registration tokens
|
# API endpoint of the registration tokens
|
||||||
base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
|
base_url: {{ matrix_bot_matrix_registration_bot_api_base_url|to_json }}
|
||||||
# Access token of an administrator on the server
|
# Access token of an administrator on the server
|
||||||
|
{% if matrix_bot_matrix_registration_bot_api_token | length > 0 %}
|
||||||
token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
|
token: {{ matrix_bot_matrix_registration_bot_api_token|to_json }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}
|
level: {{ matrix_bot_matrix_registration_bot_logging_level|to_json }}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user