refactor: remove signalgo and update signal to 'after merge'

This commit is contained in:
Pierre 'McFly' Marty 2023-12-18 16:38:52 +01:00
parent 0e4c878ee3
commit 2f6525ccb3
No known key found for this signature in database
GPG Key ID: 6545FB494B671D7C
24 changed files with 379 additions and 1362 deletions

View File

@ -111,8 +111,7 @@ Bridges can be used to connect your matrix installation with third-party communi
| [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) | | [mautrix-hangouts](https://github.com/mautrix/hangouts) | x | Bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) | [Link](docs/configuring-playbook-bridge-mautrix-hangouts.md) |
| [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) | | [mautrix-googlechat](https://github.com/mautrix/googlechat) | x | Bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) | [Link](docs/configuring-playbook-bridge-mautrix-googlechat.md) |
| [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) | | [mautrix-instagram](https://github.com/mautrix/instagram) | x | Bridge to [Instagram](https://instagram.com/) | [Link](docs/configuring-playbook-bridge-mautrix-instagram.md) |
| (Deprecated) [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) | | [mautrix-signal](https://github.com/mautrix/signal) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signal.md) |
| [mautrix-signalgo](https://github.com/mautrix/signalgo) | x | Bridge to [Signal](https://www.signal.org/) | [Link](docs/configuring-playbook-bridge-mautrix-signalgo.md) |
| [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) | | [beeper-linkedin](https://github.com/beeper/linkedin) | x | Bridge to [LinkedIn](https://www.linkedin.com/) | [Link](docs/configuring-playbook-bridge-beeper-linkedin.md) |
| [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) | | [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) | x | Bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | [Link](docs/configuring-playbook-bridge-appservice-irc.md) |
| [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) | | [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) | x | Bridge to [Discord](https://discordapp.com/) | [Link](docs/configuring-playbook-bridge-appservice-discord.md) |

View File

@ -1,6 +1,4 @@
# Setting up Mautrix Signal (Deprected) (optional) # Setting up Mautrix signal (optional)
**This legacy bridge is known to be not working. The documentation and the setup remain available but we do encourage one to proceed with [Mautrix Signalgo](configuring-playbook-bridge-mautrix-signalgo.md).**
The playbook can install and configure [mautrix-signal](https://github.com/mautrix/signal) for you. The playbook can install and configure [mautrix-signal](https://github.com/mautrix/signal) for you.
@ -8,6 +6,8 @@ See the project's [documentation](https://docs.mau.fi/bridges/python/signal/inde
**Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signal_database_*`). **Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signal_database_*`).
**Note**: This revamped version of the [mautrix-signal (legacy)](configuring-playbook-bridge-mautrix-signal.md) may increase the CPU usage of your homeserver.
Use the following playbook configuration: Use the following playbook configuration:
```yaml ```yaml
@ -16,14 +16,7 @@ matrix_mautrix_signal_enabled: true
There are some additional things you may wish to configure about the bridge before you continue. There are some additional things you may wish to configure about the bridge before you continue.
The relay bot functionality is off by default. If you would like to enable the relay bot, add the following to your `vars.yml` file:
```yaml
matrix_mautrix_signal_relaybot_enabled: true
```
If you want to activate the relay bot in a room, use `!signal set-relay`.
Use `!signal unset-relay` to deactivate.
By default, any user on your homeserver will be able to use the bridge. By default, any user on your homeserver will be able to use the bridge.
If you enable the relay bot functionality, it will relay every user's messages in a portal room - no matter which homeserver they're from.
Different levels of permission can be granted to users: Different levels of permission can be granted to users:
@ -48,7 +41,7 @@ matrix_mautrix_signal_configuration_extension_yaml: |
'@YOUR_USERNAME:YOUR_DOMAIN': admin '@YOUR_USERNAME:YOUR_DOMAIN': admin
``` ```
This will add the admin permission to the specific user, while keepting the default permissions. This will add the admin permission to the specific user, while keeping the default permissions.
In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file: In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file:
```yaml ```yaml
@ -79,7 +72,7 @@ When using this method, **each user** that wishes to enable Double Puppeting nee
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE` - send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Signal` device some time in the future, as that would break the Double Puppeting feature - make sure you don't log out the `Mautrix-signal` device some time in the future, as that would break the Double Puppeting feature
## Usage ## Usage

View File

@ -1,80 +0,0 @@
# Setting up Mautrix Signalgo (optional)
The playbook can install and configure [mautrix-signalgo](https://github.com/mautrix/signalgo) for you.
See the project's [documentation](https://docs.mau.fi/bridges/python/signalgo/index.html) to learn what it does and why it might be useful to you.
**Note/Prerequisite**: If you're running with the Postgres database server integrated by the playbook (which is the default), you don't need to do anything special and can easily proceed with installing. However, if you're [using an external Postgres server](configuring-playbook-external-postgres.md), you'd need to manually prepare a Postgres database for this bridge and adjust the variables related to that (`matrix_mautrix_signalgo_database_*`).
**Note**: This revamped version of the [mautrix-signal (legacy)](configuring-playbook-bridge-mautrix-signal.md) may increase the CPU usage of your homeserver.
Use the following playbook configuration:
```yaml
matrix_mautrix_signalgo_enabled: true
```
There are some additional things you may wish to configure about the bridge before you continue.
By default, any user on your homeserver will be able to use the bridge.
Different levels of permission can be granted to users:
* relay - Allowed to be relayed through the bridge, no access to commands;
* user - Use the bridge with puppeting;
* admin - Use and administer the bridge.
The permissions are following the sequence: nothing < relay < user < admin.
The default permissions are set as follows:
```yaml
permissions:
'*': relay
YOUR_DOMAIN: user
```
If you want to augment the preset permissions, you might want to set the additional permissions with the following settings in your `vars.yml` file:
```yaml
matrix_mautrix_signalgo_configuration_extension_yaml: |
bridge:
permissions:
'@YOUR_USERNAME:YOUR_DOMAIN': admin
```
This will add the admin permission to the specific user, while keeping the default permissions.
In case you want to replace the default permissions settings **completely**, populate the following item within your `vars.yml` file:
```yaml
matrix_mautrix_signalgo_bridge_permissions: |
'@ADMIN:YOUR_DOMAIN': admin
'@USER:YOUR_DOMAIN' : user
```
You may wish to look at `roles/custom/matrix-bridge-mautrix-signalgo/templates/config.yaml.j2` to find more information on the permissions settings and other options you would like to configure.
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).
When using this method, **each user** that wishes to enable Double Puppeting needs to follow the following steps:
- retrieve a Matrix access token for yourself. Refer to the documentation on [how to do that](obtaining-access-tokens.md).
- send the access token to the bot. Example: `login-matrix MATRIX_ACCESS_TOKEN_HERE`
- make sure you don't log out the `Mautrix-Signalgo` device some time in the future, as that would break the Double Puppeting feature
## Usage
You then need to start a chat with `@signalgobot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).

View File

@ -130,9 +130,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional) - [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
- ~~[Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md)~~ (Deprecated) (optional) - Replaced by [Signalgo](configuring-playbook-bridge-mautrix-signalgo.md). - [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
- [Setting up Mautrix Signalgo bridging](configuring-playbook-bridge-mautrix-signalgo.md) (optional)
- [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) (optional) - [Setting up Mautrix wsproxy for bridging Android SMS or Apple iMessage](configuring-playbook-bridge-mautrix-wsproxy.md) (optional)

View File

@ -97,8 +97,6 @@ matrix_homeserver_container_extra_arguments_auto: |
+ +
(['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_signal_config_path + '/registration.yaml,dst=/matrix-mautrix-signal-registration.yaml,ro'] if matrix_mautrix_signal_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_mautrix_signalgo_config_path + '/registration.yaml,dst=/matrix-mautrix-signalgo-registration.yaml,ro'] if matrix_mautrix_signalgo_enabled else [])
+
(['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_telegram_config_path + '/registration.yaml,dst=/matrix-mautrix-telegram-registration.yaml,ro'] if matrix_mautrix_telegram_enabled else [])
+ +
(['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else []) (['--mount type=bind,src=' + matrix_mautrix_twitter_config_path + '/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro'] if matrix_mautrix_twitter_enabled else [])
@ -162,8 +160,6 @@ matrix_homeserver_app_service_config_files_auto: |
+ +
(['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else []) (['/matrix-mautrix-signal-registration.yaml'] if matrix_mautrix_signal_enabled else [])
+ +
(['/matrix-mautrix-signalgo-registration.yaml'] if matrix_mautrix_signalgo_enabled else [])
+
(['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else []) (['/matrix-mautrix-telegram-registration.yaml'] if matrix_mautrix_telegram_enabled else [])
+ +
(['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else []) (['/matrix-mautrix-twitter-registration.yaml'] if matrix_mautrix_twitter_enabled else [])
@ -278,11 +274,7 @@ devture_systemd_service_manager_services_list_auto: |
+ +
([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else []) ([{'name': 'matrix-mautrix-instagram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-instagram']}] if matrix_mautrix_instagram_enabled else [])
+ +
([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else []) ([{'name': 'matrix-mautrix-signal.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal']}] if matrix_mautrix_signal_enabled else [])
+
([{'name': 'matrix-mautrix-signal-daemon.service', 'priority': 1900, 'groups': ['matrix', 'bridges', 'mautrix-signal', 'mautrix-signal-daemon']}] if matrix_mautrix_signal_enabled else [])
+
([{'name': 'matrix-mautrix-signalgo.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-signalgo', 'mautrix-signalgo']}] if matrix_mautrix_signalgo_enabled else [])
+ +
([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else []) ([{'name': 'matrix-mautrix-telegram.service', 'priority': 2000, 'groups': ['matrix', 'bridges', 'mautrix-telegram']}] if matrix_mautrix_telegram_enabled else [])
+ +
@ -1044,7 +1036,6 @@ matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-bridge-mautrix-signal # matrix-bridge-mautrix-signal
@ -1054,6 +1045,8 @@ matrix_mautrix_instagram_database_password: "{{ '%s' | format(matrix_homeserver_
# We don't enable bridges by default. # We don't enable bridges by default.
matrix_mautrix_signal_enabled: false matrix_mautrix_signal_enabled: false
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_signal_systemd_required_services_list: | matrix_mautrix_signal_systemd_required_services_list: |
{{ {{
['docker.service'] ['docker.service']
@ -1063,17 +1056,15 @@ matrix_mautrix_signal_systemd_required_services_list: |
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else []) ([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+ +
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
+
['matrix-mautrix-signal-daemon.service']
}} }}
matrix_mautrix_signal_homeserver_domain: '{{ matrix_domain }}' matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}" matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.hs.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'si.as.token', rounds=655555) | to_uuid }}" matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
@ -1083,67 +1074,16 @@ matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provi
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` # - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled }}" matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_signal_database_engine: 'postgres' matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}" matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}"
matrix_mautrix_signal_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_signal_daemon_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
###################################################################### ######################################################################
# #
# /matrix-bridge-mautrix-signal # /matrix-bridge-mautrix-signal
# #
###################################################################### ######################################################################
######################################################################
#
# matrix-bridge-mautrix-signalgo
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_signalgo_enabled: false
matrix_mautrix_signalgo_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
matrix_mautrix_signalgo_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
([devture_postgres_identifier ~ '.service'] if devture_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_signalgo_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signalgo_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signalgo_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.hs.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signalgo_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'sigo.as.token', rounds=655555) | to_uuid }}"
matrix_mautrix_signalgo_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely:
# - `matrix_mautrix_signalgo_metrics_enabled`
# - `matrix_mautrix_signalgo_proxying_metrics_enabled`
# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled`
matrix_mautrix_signalgo_metrics_enabled: "{{ prometheus_enabled }}"
matrix_mautrix_signalgo_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}"
matrix_mautrix_signalgo_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_mautrix_signalgo_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signalgo.db', rounds=655555) | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-signalgo
#
######################################################################
###################################################################### ######################################################################
# #
# matrix-bridge-mautrix-telegram # matrix-bridge-mautrix-telegram
@ -3195,12 +3135,6 @@ devture_postgres_managed_databases_auto: |
'password': matrix_mautrix_signal_database_password, 'password': matrix_mautrix_signal_database_password,
}] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else []) }] if (matrix_mautrix_signal_enabled and matrix_mautrix_signal_database_engine == 'postgres' and matrix_mautrix_signal_database_hostname == devture_postgres_connection_hostname) else [])
+ +
([{
'name': matrix_mautrix_signalgo_database_name,
'username': matrix_mautrix_signalgo_database_username,
'password': matrix_mautrix_signalgo_database_password,
}] if (matrix_mautrix_signalgo_enabled and matrix_mautrix_signalgo_database_engine == 'postgres' and matrix_mautrix_signalgo_database_hostname == devture_postgres_connection_hostname) else [])
+
([{ ([{
'name': matrix_mautrix_wsproxy_syncproxy_database_name, 'name': matrix_mautrix_wsproxy_syncproxy_database_name,
'username': matrix_mautrix_wsproxy_syncproxy_database_username, 'username': matrix_mautrix_wsproxy_syncproxy_database_username,

View File

@ -1,72 +1,55 @@
--- ---
# mautrix-signal is a Matrix <-> Signal bridge # mautrix-signal is a Matrix <-> signal bridge
# Project source code URL: https://github.com/mautrix/signal # Project source code URL: https://github.com/mautrix/signal
matrix_mautrix_signal_enabled: true matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_image_self_build: false matrix_mautrix_signal_container_image_self_build: false
matrix_mautrix_signal_docker_repo: "https://mau.dev/mautrix/signal.git" matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/signal.git"
matrix_mautrix_signal_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}" matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signal/docker-src"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.4.3 matrix_mautrix_signal_version: 6e7faa2a6583ab324826e1c1d9e34794abfafb9f-amd64
# renovate: datasource=docker depName=signald/signald
matrix_mautrix_signal_daemon_version: 0.23.2
# See: https://mau.dev/mautrix/signal/container_registry # See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}" matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_version }}"
matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}" matrix_mautrix_signal_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signal_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}" matrix_mautrix_signal_docker_image_force_pull: "{{ matrix_mautrix_signal_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_daemon_container_image_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://gitlab.com/signald/signald"
matrix_mautrix_signal_daemon_docker_repo_version: "{{ 'master' if matrix_mautrix_signal_daemon_version == 'latest' else matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "{{ matrix_mautrix_signal_daemon_docker_image_name_prefix }}signald/signald:{{ matrix_mautrix_signal_daemon_docker_image_tag }}"
matrix_mautrix_signal_daemon_docker_image_name_prefix: "docker.io/"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image_tag.endswith(':latest') }}"
matrix_mautrix_signal_daemon_docker_image_tag: "{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal" matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"
matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/bridge" matrix_mautrix_signal_config_path: "{{ matrix_mautrix_signal_base_path }}/config"
matrix_mautrix_signal_daemon_path: "{{ matrix_mautrix_signal_base_path }}/signald" matrix_mautrix_signal_data_path: "{{ matrix_mautrix_signal_base_path }}/data"
matrix_mautrix_signal_docker_src_files_path: "{{ matrix_mautrix_signal_base_path }}/docker-src"
matrix_mautrix_signal_homeserver_address: '' matrix_mautrix_signal_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signal_homeserver_domain: '' matrix_mautrix_signal_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signal_appservice_address: 'http://matrix-mautrix-signal:29328' matrix_mautrix_signal_appservice_address: "http://matrix-mautrix-signal:8080"
matrix_mautrix_signal_command_prefix: "!signal" matrix_mautrix_signal_command_prefix: "!signal"
# Controls whether the matrix-mautrix-signal container exposes its port (tcp/29328 in the container). matrix_mautrix_signal_bridge_permissions: |
# {{
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9006"), or empty string to not expose. {'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'}
matrix_mautrix_signal_container_http_host_bind_port: '' | combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_mautrix_signal_container_extra_arguments: [] matrix_mautrix_signal_container_extra_arguments: []
# List of systemd services that matrix-mautrix-signal.service depends on. # List of systemd services that matrix-mautrix-signal.service depends on.
matrix_mautrix_signal_systemd_required_services_list: matrix_mautrix_signal_systemd_required_services_list: ['docker.service']
- 'docker.service'
- 'matrix-mautrix-signal-daemon.service'
# List of systemd services that matrix-mautrix-signal.service wants # List of systemd services that matrix-mautrix-signal.service wants
matrix_mautrix_signal_systemd_wanted_services_list: [] matrix_mautrix_signal_systemd_wanted_services_list: []
# List of systemd services that matrix-mautrix-signal-daemon.service depends on.
matrix_mautrix_signal_daemon_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-signal-daemon.service wants
matrix_mautrix_signal_daemon_systemd_wanted_services_list: []
matrix_mautrix_signal_appservice_token: '' matrix_mautrix_signal_appservice_token: ''
matrix_mautrix_signal_homeserver_token: '' matrix_mautrix_signal_homeserver_token: ''
matrix_mautrix_signal_appservice_bot_username: signalbot matrix_mautrix_signal_appservice_bot_username: signalbot
# Specifies the default log level for all bridge loggers. # Minimum severity of journal log messages.
matrix_mautrix_signal_logging_level: WARNING # Options: debug, info, warn, error, fatal
matrix_mautrix_signal_logging_level: 'warn'
# Whether or not created rooms should have federation enabled. # Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
@ -82,50 +65,51 @@ matrix_mautrix_signal_metrics_enabled: false
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. # See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_signal_metrics_proxying_enabled: false matrix_mautrix_signal_metrics_proxying_enabled: false
# Database-related configuration fields # Database-related configuration fields.
# #
# This bridge only supports postgres. # To use SQLite, stick to these defaults.
# #
matrix_mautrix_signal_database_engine: 'postgres' # To use Postgres:
# - change the engine (`matrix_mautrix_signal_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_signal_database_*` variables
matrix_mautrix_signal_database_engine: 'sqlite'
matrix_mautrix_signal_sqlite_database_path_local: "{{ matrix_mautrix_signal_data_path }}/mautrix-signal.db"
matrix_mautrix_signal_sqlite_database_path_in_container: "/data/mautrix-signal.db?_txlock=immediate"
matrix_mautrix_signal_database_username: 'matrix_mautrix_signal' matrix_mautrix_signal_database_username: 'matrix_mautrix_signal'
matrix_mautrix_signal_database_password: 'some-password' matrix_mautrix_signal_database_password: 'some-password'
matrix_mautrix_signal_database_hostname: '' matrix_mautrix_signal_database_hostname: ''
matrix_mautrix_signal_database_port: 5432 matrix_mautrix_signal_database_port: 5432
matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' matrix_mautrix_signal_database_name: 'matrix_mautrix_signal'
matrix_mautrix_signal_database_sslmode: disable
matrix_mautrix_signal_database_connection_string: 'postgres://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}' matrix_mautrix_signal_database_connection_string: 'postgresql://{{ matrix_mautrix_signal_database_username }}:{{ matrix_mautrix_signal_database_password }}@{{ matrix_mautrix_signal_database_hostname }}:{{ matrix_mautrix_signal_database_port }}/{{ matrix_mautrix_signal_database_name }}?sslmode={{ matrix_mautrix_signal_database_sslmode }}'
matrix_mautrix_signal_appservice_database: "{{ matrix_mautrix_signal_appservice_database_type: "{{
{ {
'sqlite': 'sqlite3-fk-wal',
'postgres':'postgres',
}[matrix_mautrix_signal_database_engine]
}}"
matrix_mautrix_signal_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_signal_sqlite_database_path_in_container,
'postgres': matrix_mautrix_signal_database_connection_string, 'postgres': matrix_mautrix_signal_database_connection_string,
}[matrix_mautrix_signal_database_engine] }[matrix_mautrix_signal_database_engine]
}}" }}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_signal_login_shared_secret: '' matrix_mautrix_signal_login_shared_secret: ''
matrix_mautrix_signal_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_signal_homeserver_domain: matrix_mautrix_signal_login_shared_secret} if matrix_mautrix_signal_login_shared_secret else {} }}"
# Enable bridge relay bot functionality # Servers to always allow double puppeting from
matrix_mautrix_signal_relaybot_enabled: "{{ matrix_bridges_relay_enabled }}" matrix_mautrix_signal_bridge_double_puppet_server_map:
"{{ matrix_mautrix_signal_homeserver_domain : matrix_mautrix_signal_homeserver_address }}"
# Permissions for using the bridge. # Default mautrix-signal configuration template which covers the generic use case.
# Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands.
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
#
# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary.
matrix_mautrix_signal_bridge_permissions: |
{{
{'*': 'relay', matrix_mautrix_signal_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it. # You can customize it by controlling the various variables inside it.
# #
# For a more advanced customization, you can extend the default (see `matrix_mautrix_signal_configuration_extension_yaml`) # For a more advanced customization, you can extend the default (see `matrix_mautrix_signal_configuration_extension_yaml`)
@ -147,19 +131,29 @@ matrix_mautrix_signal_configuration_extension: "{{ matrix_mautrix_signal_configu
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`. # You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signal_configuration_yaml`.
matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml | from_yaml | combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}" matrix_mautrix_signal_configuration: "{{ matrix_mautrix_signal_configuration_yaml | from_yaml | combine(matrix_mautrix_signal_configuration_extension, recursive=True) }}"
matrix_mautrix_signal_registration_yaml: "{{ lookup('template', 'templates/registration.yaml.j2') }}" matrix_mautrix_signal_registration_yaml: |
id: signal
url: {{ matrix_mautrix_signal_appservice_address }}
as_token: "{{ matrix_mautrix_signal_appservice_token }}"
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@signal_[-a-f0-9]+:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_signal_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml | from_yaml }}" matrix_mautrix_signal_registration: "{{ matrix_mautrix_signal_registration_yaml | from_yaml }}"
matrix_mautrix_signal_log_level: 'DEBUG' # Enable End-to-bridge encryption
matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}" matrix_mautrix_signal_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_default: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}" matrix_mautrix_signal_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signal_bridge_encryption_allow }}"
# Additional environment variables to pass to the Signal Daemon container # On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
# # Setting this to false fixed the issue.
# Example: matrix_mautrix_signal_bridge_restricted_rooms: true
# matrix_mautrix_signal_daemon_environment_variables_extension: |
# SIGNALD_TRUST_NEW_KEYS=true
matrix_mautrix_signal_daemon_environment_variables_extension: ''

View File

@ -3,7 +3,7 @@
- name: Fail if matrix-nginx-proxy role already executed - name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
Trying to append mautrix-whatapp-metrics's reverse-proxying configuration to matrix-nginx-proxy, Trying to append mautrix-signal-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed. but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook, To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role. so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role.
@ -18,7 +18,7 @@
{% if matrix_nginx_proxy_enabled | default(False) %} {% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #} {# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s; resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-signal:8000"; set $backend "matrix-mautrix-signal:8001";
proxy_pass http://$backend/metrics; proxy_pass http://$backend/metrics;
{% else %} {% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";

View File

@ -1,30 +1,71 @@
--- ---
- name: Ensure Mautrix Signal image is pulled - ansible.builtin.set_fact:
matrix_mautrix_signal_requires_restart: false
- when: "matrix_mautrix_signal_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_signal_sqlite_database_path_local }}"
register: matrix_mautrix_signal_sqlite_database_path_local_stat_result
- when: "matrix_mautrix_signal_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_signal_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_signal_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-signal.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.set_fact:
matrix_mautrix_signal_requires_restart: true
- name: Ensure Mautrix signal paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_signal_base_path }}", when: true}
- {path: "{{ matrix_mautrix_signal_config_path }}", when: true}
- {path: "{{ matrix_mautrix_signal_data_path }}", when: true}
- {path: "{{ matrix_mautrix_signal_docker_src_files_path }}", when: "{{ matrix_mautrix_signal_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix signal image is pulled
community.docker.docker_image: community.docker.docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}" name: "{{ matrix_mautrix_signal_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_mautrix_signal_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_docker_image_force_pull }}"
when: "not matrix_mautrix_signal_container_image_self_build | bool" when: not matrix_mautrix_signal_container_image_self_build
register: result register: result
retries: "{{ devture_playbook_help_container_retries_count }}" retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}" delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed until: result is not failed
- name: Ensure Mautrix signal repository is present on self-build
- name: Ensure Mautrix Signal repository is present on self-build
ansible.builtin.git: ansible.builtin.git:
repo: "{{ matrix_mautrix_signal_docker_repo }}" repo: "{{ matrix_mautrix_signal_container_image_self_build_repo }}"
version: "{{ matrix_mautrix_signal_docker_repo_version }}"
dest: "{{ matrix_mautrix_signal_docker_src_files_path }}" dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
version: "{{ matrix_mautrix_signal_container_image_self_build_branch }}"
force: "yes" force: "yes"
become: true become: true
become_user: "{{ matrix_user_username }}" become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_signal_git_pull_results register: matrix_mautrix_signal_git_pull_results
when: "matrix_mautrix_signal_container_image_self_build | bool" when: "matrix_mautrix_signal_container_image_self_build | bool"
- name: Ensure Mautrix Signal image is built - name: Ensure Mautrix signal Docker image is built
community.docker.docker_image: community.docker.docker_image:
name: "{{ matrix_mautrix_signal_docker_image }}" name: "{{ matrix_mautrix_signal_docker_image }}"
source: build source: build
@ -36,62 +77,38 @@
pull: true pull: true
when: "matrix_mautrix_signal_container_image_self_build | bool" when: "matrix_mautrix_signal_container_image_self_build | bool"
- name: Check if an old database file exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_signal_base_path }}/mautrix-signal.db"
register: matrix_mautrix_signal_stat_database
- name: Ensure Mautrix Signal Daemon image is pulled - name: Check if an old matrix state file exists
community.docker.docker_image: ansible.builtin.stat:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}" path: "{{ matrix_mautrix_signal_base_path }}/mx-state.json"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" register: matrix_mautrix_signal_stat_mx_state
force_source: "{{ matrix_mautrix_signal_daemon_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_docker_image_force_pull }}"
when: matrix_mautrix_signal_enabled and not matrix_mautrix_signal_daemon_container_image_self_build | bool
register: matrix_mautrix_signal_daemon_pull_results
- name: Ensure Mautrix Signal Daemon repository is present on self-build - name: (Data relocation) Ensure matrix-mautrix-signal.service is stopped
ansible.builtin.git: ansible.builtin.service:
repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}" name: matrix-mautrix-signal
version: "{{ matrix_mautrix_signal_daemon_docker_repo_version }}" state: stopped
dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}" enabled: false
force: "yes" daemon_reload: true
become: true failed_when: false
become_user: "{{ matrix_user_username }}" when: "matrix_mautrix_signal_stat_database.stat.exists"
register: matrix_mautrix_signal_daemon_git_pull_results
when: "matrix_mautrix_signal_daemon_container_image_self_build | bool"
- name: Ensure Mautrix Signal Daemon image is built - name: (Data relocation) Move mautrix-signal database file to ./data directory
community.docker.docker_image: ansible.builtin.command:
name: "{{ matrix_mautrix_signal_daemon_docker_image }}" cmd: "mv {{ matrix_mautrix_signal_base_path }}/mautrix-signal.db {{ matrix_mautrix_signal_data_path }}/mautrix-signal.db"
source: build creates: "{{ matrix_mautrix_signal_data_path }}/mautrix-signal.db"
force_source: "{{ matrix_mautrix_signal_daemon_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" removes: "{{ matrix_mautrix_signal_base_path }}/mautrix-signal.db"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signal_daemon_git_pull_results.changed }}" when: "matrix_mautrix_signal_stat_database.stat.exists"
build:
dockerfile: Containerfile
path: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_signal_daemon_container_image_self_build | bool"
- name: Ensure Mautrix Signal paths exist - name: (Data relocation) Move mautrix-signal mx-state file to ./data directory
ansible.builtin.file: ansible.builtin.command:
path: "{{ item }}" cmd: "mv {{ matrix_mautrix_signal_base_path }}/mx-state.json {{ matrix_mautrix_signal_data_path }}/mx-state.json"
state: directory creates: "{{ matrix_mautrix_signal_data_path }}/mx-state.json"
mode: 0750 removes: "{{ matrix_mautrix_signal_base_path }}/mx-state.json"
owner: "{{ matrix_user_username }}" when: "matrix_mautrix_signal_stat_mx_state.stat.exists"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_mautrix_signal_base_path }}"
- "{{ matrix_mautrix_signal_config_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}"
- "{{ matrix_mautrix_signal_daemon_path }}/avatars"
- "{{ matrix_mautrix_signal_daemon_path }}/attachments"
- "{{ matrix_mautrix_signal_daemon_path }}/data"
- name: Ensure mautrix-signal-daemon environment variables file created
ansible.builtin.template:
src: "{{ role_path }}/templates/env.j2"
dest: "{{ matrix_mautrix_signal_daemon_path }}/env"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
mode: 0644
- name: Ensure mautrix-signal config.yaml installed - name: Ensure mautrix-signal config.yaml installed
ansible.builtin.copy: ansible.builtin.copy:
@ -109,15 +126,15 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-signal-daemon.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal-daemon.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
mode: 0644
register: matrix_mautrix_signal_daemon_systemd_service_result
- name: Ensure matrix-mautrix-signal.service installed - name: Ensure matrix-mautrix-signal.service installed
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2" src: "{{ role_path }}/templates/systemd/matrix-mautrix-signal.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"
mode: 0644 mode: 0644
- name: Ensure matrix-mautrix-signal.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-signal.service"
state: restarted
daemon_reload: true
when: "matrix_mautrix_signal_requires_restart | bool"

View File

@ -1,26 +1,5 @@
--- ---
# Signal daemon service
- name: Check existence of matrix-mautrix-signal-daemon service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
register: matrix_mautrix_signal_daemon_service_stat
- when: matrix_mautrix_signal_daemon_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-signal-daemon is stopped
ansible.builtin.service:
name: matrix-mautrix-signal-daemon
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-signal-daemon.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal-daemon.service"
state: absent
# Bridge service
- name: Check existence of matrix-mautrix-signal service - name: Check existence of matrix-mautrix-signal service
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service" path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signal.service"

View File

@ -6,35 +6,15 @@
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- {'name': 'matrix_mautrix_signal_homeserver_domain', when: true}
- {'name': 'matrix_mautrix_signal_homeserver_address', when: true}
- {'name': 'matrix_mautrix_signal_homeserver_token', when: true}
- {'name': 'matrix_mautrix_signal_appservice_token', when: true} - {'name': 'matrix_mautrix_signal_appservice_token', when: true}
- {'name': 'matrix_mautrix_signal_homeserver_token', when: true}
- {'name': 'matrix_mautrix_signal_database_hostname', when: "{{ matrix_mautrix_signal_database_engine == 'postgres' }}"} - {'name': 'matrix_mautrix_signal_database_hostname', when: "{{ matrix_mautrix_signal_database_engine == 'postgres' }}"}
- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary - name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string.
The playbook now expects a hashmap/dictionary in this variable.
Change your configuration like this:
matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }}
when: "matrix_mautrix_signal_bridge_permissions is string"
- name: (Deprecation) Catch and report renamed Signal variables
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
Your configuration contains a variable, which now has a different name. Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars" when: "item.old in vars"
with_items: with_items:
- {'old': 'matrix_mautrix_signal_container_exposed_port_number', 'new': '<superseded by matrix_mautrix_signal_container_http_host_bind_port>'} - {'old': 'matrix_mautrix_signal_log_level', 'new': 'matrix_mautrix_signal_logging_level'}
- {'old': 'matrix_mautrix_signal_db_user', 'new': 'matrix_mautrix_signal_database_username'}
- {'old': 'matrix_mautrix_signal_db_password', 'new': 'matrix_mautrix_signal_database_password'}
- {'old': 'matrix_mautrix_signal_db_database', 'new': 'matrix_mautrix_signal_database_name'}
- {'old': 'matrix_mautrix_signal_db_host', 'new': 'matrix_mautrix_signal_database_hostname'}
- {'old': 'matrix_mautrix_signal_db_port', 'new': 'matrix_mautrix_signal_database_port'}
- {'old': 'matrix_mautrix_signal_db_url', 'new': 'matrix_mautrix_signal_database_connection_string'}
- {'old': 'matrix_mautrix_signal_configuration_permissions', 'new': '<superseded by matrix_mautrix_signal_configuration_extension_yaml>'}
- {'old': 'matrix_mautrix_signal_container_self_build', 'new': 'matrix_mautrix_signal_container_image_self_build'}
- {'old': 'matrix_mautrix_signal_daemon_container_self_build', 'new': 'matrix_mautrix_signal_daemon_container_image_self_build'}

View File

@ -5,269 +5,258 @@ homeserver:
address: {{ matrix_mautrix_signal_homeserver_address }} address: {{ matrix_mautrix_signal_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc). # The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_signal_homeserver_domain }} domain: {{ matrix_mautrix_signal_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https:// # What software is the homeserver running?
verify_ssl: true # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
asmux: false software: standard
# Number of retries for all HTTP requests if the homeserver isn't reachable.
http_retry_count: 4
# The URL to push real-time bridge status to. # The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's Signal connection state changes. # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests. # The bridge will use the appservice as_token to authorize requests.
status_endpoint: null status_endpoint: null
# Endpoint for reporting per-message status. # Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Application service host/registration related details # Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket: false
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration. # Changing these values requires regeneration of the registration.
appservice: appservice:
# The address that the homeserver can use to connect to this appservice. # The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_signal_appservice_address }} address: {{ matrix_mautrix_signal_appservice_address | to_json }}
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen. # The hostname and port where this appservice should listen.
hostname: 0.0.0.0 hostname: 0.0.0.0
port: 29328 port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are supported. # Database config.
# Format examples: database:
# SQLite: sqlite:///filename.db # The database type. "sqlite3-fk-wal" and "postgres" are supported.
# Postgres: postgres://username:password@hostname/dbname type: {{ matrix_mautrix_signal_appservice_database_type|to_json }}
database: {{ matrix_mautrix_signal_database_connection_string }} # The database URI.
# Additional arguments for asyncpg.create_pool() or sqlite3.connect() # SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool # https://github.com/mattn/go-sqlite3#connection-string
# https://docs.python.org/3/library/sqlite3.html#sqlite3.connect # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# For sqlite, min_size is used as the connection thread pool size and max_size is ignored. # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
database_opts: uri: {{ matrix_mautrix_signal_appservice_database_uri|to_json }}
min_size: 5 # Maximum number of connections. Mostly relevant for Postgres.
max_size: 10 max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice. # The unique ID of this appservice.
id: signal id: signal
# Appservice bot details.
bot:
# Username of the appservice bot. # Username of the appservice bot.
bot_username: {{ matrix_mautrix_signal_appservice_bot_username|to_json }} username: signalbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is. # to leave display name/avatar as-is.
bot_displayname: Signal bridge bot displayname: signal bridge bot
bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions. # Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+). # Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled. ephemeral_events: true
ephemeral_events: false
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_signal_appservice_token }}" as_token: {{ matrix_mautrix_signal_appservice_token | to_json }}
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}" hs_token: {{ matrix_mautrix_signal_homeserver_token | to_json }}
# Prometheus telemetry config. Requires prometheus-client to be installed. # Prometheus config.
metrics: metrics:
enabled: {{ matrix_mautrix_signal_metrics_enabled | to_json }} # Enable prometheus metrics?
listen_port: 8000
# Manhole config.
manhole:
# Whether or not opening the manhole is allowed.
enabled: false enabled: false
# The path for the unix socket. # IP and port where the metrics listener should be. The path is always /metrics
path: /var/tmp/mautrix-signal.manhole listen: 127.0.0.1:8000
# The list of UIDs who can be added to the whitelist.
# If empty, any UIDs can be specified in the open-manhole command.
whitelist:
- 0
signal:
# Path to signald unix socket
socket_path: /signald/signald.sock
# Directory for temp files when sending files to Signal. This should be an
# absolute path that signald can read. For attachments in the other direction,
# make sure signald is configured to use an absolute path as the data directory.
outgoing_attachment_dir: /signald/attachments
# Directory where signald stores avatars for groups.
avatar_dir: /signald/avatars
# Directory where signald stores auth data. Used to delete data when logging out.
data_dir: /signald/data
# Whether or not unknown signald accounts should be deleted when the bridge is started.
# When this is enabled, any UserInUse errors should be resolved by restarting the bridge.
delete_unknown_accounts_on_start: false
# Whether or not message attachments should be removed from disk after they're bridged.
remove_file_after_handling: true
# Whether or not users can register a primary device
registration_enabled: true
# Bridge config # Bridge config
bridge: bridge:
# Localpart template of MXIDs for Signal users. # Localpart template of MXIDs for Signal users.
# {userid} is replaced with an identifier for the Signal user. # {{ '{{.}}' }} is replaced with the internal ID of the Signal user.
username_template: "signal_{userid}" username_template: "{{ 'signal_{{.}}' }}"
# Displayname template for Signal users. # Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {displayname} is replaced with the displayname of the Signal user, which is the first # Available variables: TODO
# available variable in displayname_preference. The variables in displayname_preference displayname_template: "{{ '{{.ProfileName}} (Signal)' }}"
# can also be used here directly. # Whether to explicitly set the avatar and room name for private chat portal rooms.
displayname_template: "{displayname} (Signal)" # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# Whether or not contact list displaynames should be used. # If set to `always`, all DM rooms will have explicit names and avatars set.
# Possible values: disallow, allow, prefer # If set to `never`, DM rooms will never have names and avatars set.
# private_chat_portal_meta: default
# Multi-user instances are recommended to disallow contact list names, as otherwise there can
# be conflicts between names from different users' contact lists.
contact_list_names: disallow
# Available variables: full_name, first_name, last_name, phone, uuid
displayname_preference:
- full_name
- phone
# Whether or not to create portals for all groups on login/connect. portal_message_buffer: 128
autocreate_group_portal: true
# Whether or not to create portals for all contacts on login/connect. # Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal?
autocreate_contact_portal: false delivery_receipts: false
# Whether or not to use /sync to get read receipts and typing notifications # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
# when double puppeting is enabled message_status_events: false
sync_with_custom_puppets: true # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
# Whether or not to update the m.direct account data event when double puppeting is enabled. message_error_notices: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux) # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions. # and is therefore prone to race conditions.
sync_direct_chat_list: false sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file. # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
double_puppet_allow_discovery: false # This field will automatically be changed back to false after it, except if the config file is not writable.
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false. resend_bridge_info: false
double_puppet_server_map: {}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map:
{{ matrix_mautrix_signal_homeserver_domain }}: {{ matrix_mautrix_signal_login_shared_secret|to_json }}
# Whether or not created rooms should have federation enabled. # Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated. # If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }} federate_rooms: {{ matrix_mautrix_signal_federate_rooms|to_json }}
# End-to-bridge encryption support options. You must install the e2be optional dependency for # Servers to always allow double puppeting from
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption double_puppet_server_map:
"{{ matrix_mautrix_signal_homeserver_domain }}": {{ matrix_mautrix_signal_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_signal_bridge_login_shared_secret_map|to_json }}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: null
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 120s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_signal_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption: encryption:
# Allow encryption, work in group chat rooms with e2ee enabled # Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }} allow: {{ matrix_mautrix_signal_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates # Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly. # This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }} default: {{ matrix_mautrix_signal_bridge_encryption_default|to_json }}
# Options for automatic key sharing. # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
key_sharing: appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature. # You must use a client that supports requesting keys from other users to use this feature.
allow: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }} allow_key_sharing: {{ matrix_mautrix_signal_bridge_encryption_key_sharing_allow|to_json }}
# Require the requesting device to have a valid cross-signing signature? # Options for deleting megolm sessions from the bridge.
# This doesn't require that the bridge has verified the device, only that the user has verified it. delete_keys:
# Not yet implemented. # Beeper-specific: delete outbound sessions when hungryserv confirms
require_cross_signing: false # that the user has uploaded the key to key backup.
# Require devices to be verified by the bridge? delete_outbound_on_ack: false
# Verification by the bridge is not yet implemented. # Don't store outbound sessions in the inbound table.
require_verification: true dont_store_outbound: false
# Whether or not to explicitly set the avatar and room name for private # Ratchet megolm sessions forward after decrypting messages.
# chat portal rooms. This will be implicitly enabled if encryption.default is true. ratchet_on_decrypt: false
private_chat_portal_meta: false # Delete fully used keys (index >= max_messages) after decrypting messages.
# Whether or not the bridge should send a read receipt from the bridge bot when a message has delete_fully_used_on_decrypt: false
# been sent to Signal. This let's you check manually whether the bridge is receiving your # Delete previous megolm sessions from same device when receiving a new one.
# messages. delete_prev_on_new_session: false
# Note that this is not related to Signal delivery receipts. # Delete megolm sessions received from a device when the device is deleted.
delivery_receipts: false delete_on_device_delete: false
# Whether or not delivery errors should be reported as messages in the Matrix room. (not yet implemented) # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
delivery_error_reports: true periodically_delete_expired: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. # Delete inbound megolm sessions that don't have the received_at field used for
# This field will automatically be changed back to false after it, # automatic ratcheting and expired session deletion. This is meant as a migration
# except if the config file is not writable. # to delete old keys prior to the bridge update.
resend_bridge_info: false delete_outdated_inbound: false
# Interval at which to resync contacts (in seconds). # What level of device verification should be required from users?
periodic_sync: 0 #
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Provisioning API part of the web server for automated portal creation and fetching information. # Disable rotating keys when a user's devices change?
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). # You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning: provisioning:
# Whether or not the provisioning API should be enabled. # Prefix for the provisioning API paths.
enabled: true prefix: /_matrix/provision
# The prefix to use in the provisioning API endpoints. # Shared secret for authentication. If set to "generate", a random secret will be generated,
prefix: /_matrix/provision/v1 # or if set to "disable", the provisioning API will be disabled.
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate shared_secret: generate
# Enable debug API at /debug with provisioning authentication.
# The prefix for commands. Only required in non-management rooms. debug_endpoints: false
command_prefix: "{{ matrix_mautrix_signal_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signal bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `register` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# Send each message separately (for readability in some clients)
management_room_multiple_messages: false
# Permissions for using the bridge. # Permissions for using the bridge.
# Permitted values: # Permitted values:
# relay - Allowed to be relayed through the bridge, no access to commands. # relay - Talk through the relaybot (if enabled), no access otherwise
# user - Use the bridge with puppeting. # user - Access to use the bridge to chat with a Signal account.
# admin - Use and administrate the bridge. # admin - User level and some additional administration tools
# Permitted keys: # Permitted keys:
# * - All Matrix users # * - All Matrix users
# domain - All users on that homeserver # domain - All users on that homeserver
# mxid - Specific user # mxid - Specific user
permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }} permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }}
relay: # Logging config. See https://github.com/tulir/zeroconfig for details.
# Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_signal_relaybot_enabled }}
# The formats to use when sending messages to Signal via a relay user.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content
message_formats:
m.text: '$sender_displayname: $message'
m.notice: '$sender_displayname: $message'
m.emote: '* $sender_displayname $message'
m.file: '$sender_displayname sent a file'
m.image: '$sender_displayname sent an image'
m.audio: '$sender_displayname sent an audio file'
m.video: '$sender_displayname sent a video'
m.location: '$sender_displayname sent a location'
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging: logging:
version: 1 directory: ./logs
formatters: file_name_format: ''
colored: file_date_format: "2006-01-02"
(): mautrix_signal.util.ColorFormatter file_mode: 384
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" timestamp_format: Jan _2, 2006 15:04:05
normal: print_level: {{ matrix_mautrix_signal_logging_level | to_json }}
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" print_json: false
handlers: file_json: false
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: {{ matrix_mautrix_signal_logging_level|to_json }}
aiohttp:
level: {{ matrix_mautrix_signal_logging_level|to_json }}
root:
level: {{ matrix_mautrix_signal_logging_level|to_json }}
handlers: [console]

View File

@ -1 +0,0 @@
{{ matrix_mautrix_signal_daemon_environment_variables_extension }}

View File

@ -1,18 +0,0 @@
#jinja2: lstrip_blocks: "True"
id: signal
as_token: "{{ matrix_mautrix_signal_appservice_token }}"
hs_token: "{{ matrix_mautrix_signal_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@signal_.+:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_signal_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
aliases:
- exclusive: true
regex: '^#signal_.+:{{ matrix_mautrix_signal_homeserver_domain | regex_escape }}$'
url: {{ matrix_mautrix_signal_appservice_address }}
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_signal_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true

View File

@ -1,52 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Signal daemon
{% for service in matrix_mautrix_signal_daemon_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_signal_daemon_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
# Migration task required by the 0.19.0 upgrade
ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
{{ matrix_mautrix_signal_daemon_docker_image }} \
--migrate-data
# We can't use `--read-only` for this bridge.
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal-daemon \
--log-driver=none \
--env-file={{ matrix_mautrix_signal_daemon_path }}/env \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
{{ matrix_mautrix_signal_daemon_docker_image }}
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal-daemon 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal-daemon 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-signal-daemon
[Install]
WantedBy=multi-user.target

View File

@ -1,15 +1,14 @@
#jinja2: lstrip_blocks: "True" #jinja2: lstrip_blocks: "True"
[Unit] [Unit]
Description=Matrix Mautrix Signal server Description=Matrix Mautrix signal bridge
{% for service in matrix_mautrix_signal_systemd_required_services_list %} {% for service in matrix_mautrix_signal_systemd_required_services_list %}
Requires={{ service }} Requires={{ service }}
After={{ service }} After={{ service }}
{% endfor %} {% endfor %}
{% for service in matrix_mautrix_signal_systemd_wanted_services_list %} {% for service in matrix_mautrix_signal_systemd_wanted_services_list %}
Wants={{ service }} Wants={{ service }}
{% endfor %} {% endfor %}
DefaultDependencies=no
[Service] [Service]
Type=simple Type=simple
@ -22,25 +21,20 @@ ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal \ ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signal \
--log-driver=none \ --log-driver=none \
--network={{ matrix_docker_network }} \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \ --cap-drop=ALL \
--read-only \ --network={{ matrix_docker_network }} \
--tmpfs /tmp \ --mount type=bind,src={{ matrix_mautrix_signal_config_path }},dst=/config,ro \
{% if matrix_mautrix_signal_container_http_host_bind_port %} --mount type=bind,src={{ matrix_mautrix_signal_data_path }},dst=/data \
-p {{ matrix_mautrix_signal_container_http_host_bind_port }}:29328 \ --workdir=/data \
{% endif %}
-v {{ matrix_mautrix_signal_daemon_path }}:/signald:z \
-v {{ matrix_mautrix_signal_config_path }}:/config:z \
{% for arg in matrix_mautrix_signal_container_extra_arguments %} {% for arg in matrix_mautrix_signal_container_extra_arguments %}
{{ arg }} \ {{ arg }} \
{% endfor %} {% endfor %}
{{ matrix_mautrix_signal_docker_image }} \ {{ matrix_mautrix_signal_docker_image }} \
python3 -m mautrix_signal -c /config/config.yaml --no-update /usr/bin/mautrix-signal -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signal 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signal 2>/dev/null || true'
Restart=always Restart=always
RestartSec=30 RestartSec=30
SyslogIdentifier=matrix-mautrix-signal SyslogIdentifier=matrix-mautrix-signal

View File

@ -1,159 +0,0 @@
---
# mautrix-signalgo is a Matrix <-> signalgo bridge
# Project source code URL: https://github.com/mautrix/signalgo
matrix_mautrix_signalgo_enabled: true
matrix_mautrix_signalgo_container_image_self_build: false
matrix_mautrix_signalgo_container_image_self_build_repo: "https://mau.dev/mautrix/signalgo.git"
matrix_mautrix_signalgo_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signalgo_version == 'latest' else matrix_mautrix_signalgo_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signalgo
matrix_mautrix_signalgo_version: 63b24c86d1bcd87f20e830d7134cbb39f8de4e3f-amd64
# See: https://mau.dev/mautrix/signalgo/container_registry
matrix_mautrix_signalgo_docker_image: "{{ matrix_mautrix_signalgo_docker_image_name_prefix }}mautrix/signalgo:{{ matrix_mautrix_signalgo_version }}"
matrix_mautrix_signalgo_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_signalgo_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_signalgo_docker_image_force_pull: "{{ matrix_mautrix_signalgo_docker_image.endswith(':latest') }}"
matrix_mautrix_signalgo_base_path: "{{ matrix_base_data_path }}/mautrix-signalgo"
matrix_mautrix_signalgo_config_path: "{{ matrix_mautrix_signalgo_base_path }}/config"
matrix_mautrix_signalgo_data_path: "{{ matrix_mautrix_signalgo_base_path }}/data"
matrix_mautrix_signalgo_docker_src_files_path: "{{ matrix_mautrix_signalgo_base_path }}/docker-src"
matrix_mautrix_signalgo_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_signalgo_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_signalgo_appservice_address: "http://matrix-mautrix-signalgo:8080"
matrix_mautrix_signalgo_command_prefix: "!signalgo"
matrix_mautrix_signalgo_bridge_permissions: |
{{
{'*': 'relay', matrix_mautrix_signalgo_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_signalgo_container_extra_arguments: []
# List of systemd services that matrix-mautrix-signalgo.service depends on.
matrix_mautrix_signalgo_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-signalgo.service wants
matrix_mautrix_signalgo_systemd_wanted_services_list: []
matrix_mautrix_signalgo_appservice_token: ''
matrix_mautrix_signalgo_homeserver_token: ''
matrix_mautrix_signalgo_appservice_bot_username: signalgobot
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_signalgo_logging_level: 'warn'
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_mautrix_signalgo_federate_rooms: true
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.
matrix_mautrix_signalgo_metrics_enabled: false
# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_mautrix_signalgo_metrics_proxying_enabled: false
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_mautrix_signalgo_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_signalgo_database_*` variables
matrix_mautrix_signalgo_database_engine: 'sqlite'
matrix_mautrix_signalgo_sqlite_database_path_local: "{{ matrix_mautrix_signalgo_data_path }}/mautrix-signalgo.db"
matrix_mautrix_signalgo_sqlite_database_path_in_container: "/data/mautrix-signalgo.db"
matrix_mautrix_signalgo_database_username: 'matrix_mautrix_signalgo'
matrix_mautrix_signalgo_database_password: 'some-password'
matrix_mautrix_signalgo_database_hostname: ''
matrix_mautrix_signalgo_database_port: 5432
matrix_mautrix_signalgo_database_name: 'matrix_mautrix_signalgo'
matrix_mautrix_signalgo_database_sslmode: disable
matrix_mautrix_signalgo_database_connection_string: 'postgresql://{{ matrix_mautrix_signalgo_database_username }}:{{ matrix_mautrix_signalgo_database_password }}@{{ matrix_mautrix_signalgo_database_hostname }}:{{ matrix_mautrix_signalgo_database_port }}/{{ matrix_mautrix_signalgo_database_name }}?sslmode={{ matrix_mautrix_signalgo_database_sslmode }}'
matrix_mautrix_signalgo_appservice_database_type: "{{
{
'sqlite': 'sqlite3-fk-wal',
'postgres':'postgres',
}[matrix_mautrix_signalgo_database_engine]
}}"
matrix_mautrix_signalgo_appservice_database_uri: "{{
{
'sqlite': matrix_mautrix_signalgo_sqlite_database_path_in_container,
'postgres': matrix_mautrix_signalgo_database_connection_string,
}[matrix_mautrix_signalgo_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_signalgo_login_shared_secret: ''
matrix_mautrix_signalgo_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_signalgo_homeserver_domain: matrix_mautrix_signalgo_login_shared_secret} if matrix_mautrix_signalgo_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_mautrix_signalgo_bridge_double_puppet_server_map:
"{{ matrix_mautrix_signalgo_homeserver_domain : matrix_mautrix_signalgo_homeserver_address }}"
# Default mautrix-signalgo configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_signalgo_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_signalgo_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_signalgo_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_signalgo_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_signalgo_configuration_yaml`.
matrix_mautrix_signalgo_configuration_extension: "{{ matrix_mautrix_signalgo_configuration_extension_yaml | from_yaml if matrix_mautrix_signalgo_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_signalgo_configuration_yaml`.
matrix_mautrix_signalgo_configuration: "{{ matrix_mautrix_signalgo_configuration_yaml | from_yaml | combine(matrix_mautrix_signalgo_configuration_extension, recursive=True) }}"
matrix_mautrix_signalgo_registration_yaml: |
id: signalgo
url: {{ matrix_mautrix_signalgo_appservice_address }}
as_token: "{{ matrix_mautrix_signalgo_appservice_token }}"
hs_token: "{{ matrix_mautrix_signalgo_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_signalgo_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@signalgo_[-a-f0-9]+:{{ matrix_mautrix_signalgo_homeserver_domain | regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_mautrix_signalgo_appservice_bot_username | regex_escape }}:{{ matrix_mautrix_signalgo_homeserver_domain | regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_signalgo_registration: "{{ matrix_mautrix_signalgo_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_signalgo_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_signalgo_bridge_encryption_default: "{{ matrix_mautrix_signalgo_bridge_encryption_allow }}"
matrix_mautrix_signalgo_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_signalgo_bridge_encryption_allow }}"
# On conduit versions before 0.5.0 this option prevented users from joining spaces created by the bridge.
# Setting this to false fixed the issue.
matrix_mautrix_signalgo_bridge_restricted_rooms: true

View File

@ -1,35 +0,0 @@
---
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append mautrix-signalgo-metrics's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signalgo role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- when: matrix_mautrix_signalgo_metrics_proxying_enabled | bool
block:
- name: Generate mautrix-signalgo metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signalgo)
ansible.builtin.set_fact:
matrix_mautrix_signalgo_nginx_metrics_configuration_block: |
location /metrics/mautrix-signalgo {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-mautrix-signalgo:8001";
proxy_pass http://$backend/metrics;
{% else %}
return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable";
{% endif %}
}
- name: Register mautrix-signalgo metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signalgo)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_mautrix_signalgo_nginx_metrics_configuration_block]
}}

View File

@ -1,29 +0,0 @@
---
- tags:
- setup-all
- setup-nginx-proxy
- install-all
- install-nginx-proxy
block:
- when: matrix_mautrix_signalgo_enabled | bool and matrix_mautrix_signalgo_metrics_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/inject_into_nginx_proxy.yml"
- tags:
- setup-all
- setup-mautrix-signalgo
- install-all
- install-mautrix-signalgo
block:
- when: matrix_mautrix_signalgo_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
- when: matrix_mautrix_signalgo_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
- tags:
- setup-all
- setup-mautrix-signalgo
block:
- when: not matrix_mautrix_signalgo_enabled | bool
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"

View File

@ -1,140 +0,0 @@
---
- ansible.builtin.set_fact:
matrix_mautrix_signalgo_requires_restart: false
- when: "matrix_mautrix_signalgo_database_engine == 'postgres'"
block:
- name: Check if an SQLite database already exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_signalgo_sqlite_database_path_local }}"
register: matrix_mautrix_signalgo_sqlite_database_path_local_stat_result
- when: "matrix_mautrix_signalgo_sqlite_database_path_local_stat_result.stat.exists | bool"
block:
- ansible.builtin.include_role:
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_signalgo_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_signalgo_database_connection_string }}"
caller: "{{ role_path | basename }}"
engine_variable_name: 'matrix_mautrix_signalgo_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-mautrix-signalgo.service']
pgloader_options: ['--with "quote identifiers"']
- ansible.builtin.set_fact:
matrix_mautrix_signalgo_requires_restart: true
- name: Ensure Mautrix Signalgo paths exists
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_mautrix_signalgo_base_path }}", when: true}
- {path: "{{ matrix_mautrix_signalgo_config_path }}", when: true}
- {path: "{{ matrix_mautrix_signalgo_data_path }}", when: true}
- {path: "{{ matrix_mautrix_signalgo_docker_src_files_path }}", when: "{{ matrix_mautrix_signalgo_container_image_self_build }}"}
when: item.when | bool
- name: Ensure Mautrix Signalgo image is pulled
community.docker.docker_image:
name: "{{ matrix_mautrix_signalgo_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_signalgo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signalgo_docker_image_force_pull }}"
when: not matrix_mautrix_signalgo_container_image_self_build
register: result
retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed
- name: Ensure Mautrix Signalgo repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_mautrix_signalgo_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_signalgo_docker_src_files_path }}"
version: "{{ matrix_mautrix_signalgo_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_mautrix_signalgo_git_pull_results
when: "matrix_mautrix_signalgo_container_image_self_build | bool"
- name: Ensure Mautrix Signalgo Docker image is built
community.docker.docker_image:
name: "{{ matrix_mautrix_signalgo_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_signalgo_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_signalgo_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_signalgo_docker_src_files_path }}"
pull: true
when: "matrix_mautrix_signalgo_container_image_self_build | bool"
- name: Check if an old database file exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_signalgo_base_path }}/mautrix-signalgo.db"
register: matrix_mautrix_signalgo_stat_database
- name: Check if an old matrix state file exists
ansible.builtin.stat:
path: "{{ matrix_mautrix_signalgo_base_path }}/mx-state.json"
register: matrix_mautrix_signalgo_stat_mx_state
- name: (Data relocation) Ensure matrix-mautrix-signalgo.service is stopped
ansible.builtin.service:
name: matrix-mautrix-signalgo
state: stopped
enabled: false
daemon_reload: true
failed_when: false
when: "matrix_mautrix_signalgo_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-signalgo database file to ./data directory
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_signalgo_base_path }}/mautrix-signalgo.db {{ matrix_mautrix_signalgo_data_path }}/mautrix-signalgo.db"
creates: "{{ matrix_mautrix_signalgo_data_path }}/mautrix-signalgo.db"
removes: "{{ matrix_mautrix_signalgo_base_path }}/mautrix-signalgo.db"
when: "matrix_mautrix_signalgo_stat_database.stat.exists"
- name: (Data relocation) Move mautrix-signalgo mx-state file to ./data directory
ansible.builtin.command:
cmd: "mv {{ matrix_mautrix_signalgo_base_path }}/mx-state.json {{ matrix_mautrix_signalgo_data_path }}/mx-state.json"
creates: "{{ matrix_mautrix_signalgo_data_path }}/mx-state.json"
removes: "{{ matrix_mautrix_signalgo_base_path }}/mx-state.json"
when: "matrix_mautrix_signalgo_stat_mx_state.stat.exists"
- name: Ensure mautrix-signalgo config.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_signalgo_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_signalgo_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-signalgo registration.yaml installed
ansible.builtin.copy:
content: "{{ matrix_mautrix_signalgo_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_mautrix_signalgo_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-signalgo.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-signalgo.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signalgo.service"
mode: 0644
- name: Ensure matrix-mautrix-signalgo.service restarted, if necessary
ansible.builtin.service:
name: "matrix-mautrix-signalgo.service"
state: restarted
daemon_reload: true
when: "matrix_mautrix_signalgo_requires_restart | bool"

View File

@ -1,20 +0,0 @@
---
- name: Check existence of matrix-mautrix-signalgo service
ansible.builtin.stat:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signalgo.service"
register: matrix_mautrix_signalgo_service_stat
- when: matrix_mautrix_signalgo_service_stat.stat.exists | bool
block:
- name: Ensure matrix-mautrix-signalgo is stopped
ansible.builtin.service:
name: matrix-mautrix-signalgo
state: stopped
enabled: false
daemon_reload: true
- name: Ensure matrix-mautrix-signalgo.service doesn't exist
ansible.builtin.file:
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-mautrix-signalgo.service"
state: absent

View File

@ -1,20 +0,0 @@
---
- name: Fail if required mautrix-signalgo settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item.name }}`).
when: "item.when | bool and vars[item.name] == ''"
with_items:
- {'name': 'matrix_mautrix_signalgo_appservice_token', when: true}
- {'name': 'matrix_mautrix_signalgo_homeserver_token', when: true}
- {'name': 'matrix_mautrix_signalgo_database_hostname', when: "{{ matrix_mautrix_signalgo_database_engine == 'postgres' }}"}
- name: (Deprecation) Catch and report renamed settings
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_signalgo_log_level', 'new': 'matrix_mautrix_signalgo_logging_level'}

View File

@ -1,262 +0,0 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_signalgo_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_signalgo_homeserver_domain }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
# Should the bridge use a websocket for connecting to the homeserver?
# The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
# mautrix-asmux (deprecated), and hungryserv (proprietary).
websocket: false
# How often should the websocket be pinged? Pinging will be disabled if this is zero.
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_signalgo_appservice_address | to_json }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_signalgo_appservice_database_type|to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_signalgo_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: signalgo
# Appservice bot details.
bot:
# Username of the appservice bot.
username: signalgobot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Signalgo bridge bot
avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_signalgo_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_signalgo_homeserver_token | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: false
# IP and port where the metrics listener should be. The path is always /metrics
listen: 127.0.0.1:8000
# Bridge config
bridge:
# Localpart template of MXIDs for Signal users.
# {{ '{{.}}' }} is replaced with the internal ID of the Signal user.
username_template: "{{ 'signalgo_{{.}}' }}"
# Displayname template for Signal users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# Available variables: TODO
displayname_template: "{{ '{{.ProfileName}} (Signalgo)' }}"
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge send a read receipt from the bridge bot when a message has been sent to Signal?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_signalgo_federate_rooms|to_json }}
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_signalgo_homeserver_domain }}": {{ matrix_mautrix_signalgo_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_signalgo_bridge_login_shared_secret_map|to_json }}
# Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
# Null means there's no enforced timeout.
message_handling_timeout:
# Send an error message after this timeout, but keep waiting for the response until the deadline.
# This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
# If the message is older than this when it reaches the bridge, the message won't be handled at all.
error_after: null
# Drop messages after this timeout. They may still go through if the message got sent to the servers.
# This is counted from the time the bridge starts handling the message.
deadline: 120s
# The prefix for commands. Only required in non-management rooms.
command_prefix: "{{ matrix_mautrix_signalgo_command_prefix }}"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Signalgo bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_signalgo_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_signalgo_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_signalgo_bridge_encryption_key_sharing_allow|to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from Signal to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Signal account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_signalgo_bridge_permissions|to_json }}
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
directory: ./logs
file_name_format: ''
file_date_format: "2006-01-02"
file_mode: 384
timestamp_format: Jan _2, 2006 15:04:05
print_level: {{ matrix_mautrix_signalgo_logging_level | to_json }}
print_json: false
file_json: false

View File

@ -1,43 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Signalgo bridge
{% for service in matrix_mautrix_signalgo_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_signalgo_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signalgo 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signalgo 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-mautrix-signalgo \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
--mount type=bind,src={{ matrix_mautrix_signalgo_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_mautrix_signalgo_data_path }},dst=/data \
--workdir=/data \
{% for arg in matrix_mautrix_signalgo_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_signalgo_docker_image }} \
/usr/bin/mautrix-signal -c /config/config.yaml -r /config/registration.yaml --no-update
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-mautrix-signalgo 2>/dev/null || true'
ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-mautrix-signalgo 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-signalgo
[Install]
WantedBy=multi-user.target

View File

@ -60,7 +60,6 @@
- custom/matrix-bridge-mautrix-instagram - custom/matrix-bridge-mautrix-instagram
- custom/matrix-bridge-mautrix-telegram - custom/matrix-bridge-mautrix-telegram
- custom/matrix-bridge-mautrix-signal - custom/matrix-bridge-mautrix-signal
- custom/matrix-bridge-mautrix-signalgo
- custom/matrix-bridge-mautrix-gmessages - custom/matrix-bridge-mautrix-gmessages
- custom/matrix-bridge-mautrix-whatsapp - custom/matrix-bridge-mautrix-whatsapp
- custom/matrix-bridge-mautrix-wsproxy - custom/matrix-bridge-mautrix-wsproxy