Upgrade matrix-reminder-bot and lock it down via the new allowlist setting

2024-01-13 10:22:06 +02:00
parent 48311bb96a
commit 22dce1d4cc
4 changed files with 72 additions and 4 deletions
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@ -1681,11 +1681,16 @@ matrix_bot_matrix_reminder_bot_systemd_required_services_list: |
    (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
  }}

+matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
+
 # Postgres is the default, except if not using internal Postgres server
 matrix_bot_matrix_reminder_bot_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
 matrix_bot_matrix_reminder_bot_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_bot_matrix_reminder_bot_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'reminder.bot.db', rounds=655555) | to_uuid }}"
-matrix_bot_matrix_reminder_bot_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
+
+matrix_bot_matrix_reminder_bot_allowlist_enabled: true
+matrix_bot_matrix_reminder_bot_allowlist_regexes_auto:
+  - "@[a-z0-9-_.]+:{{ matrix_domain }}"

 ######################################################################
 #