finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move roles/matrix* to roles/custom/matrix*

Browse Source 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
This commit is contained in:
Slavi Pantaleev
2022-11-03 09:11:29 +02:00
parent 6c131138ad
commit 410a915a8a
722 changed files with 148 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
roles/custom/matrix-bridge-hookshot/defaults/main.yml Normal file
View File

@ -0,0 +1,262 @@
---
# A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
# Project source code URL: https://github.com/matrix-org/matrix-hookshot
matrix_hookshot_enabled: true
matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 2.4.0
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_hookshot_docker_image_force_pull: "{{ matrix_hookshot_docker_image.endswith(':latest') }}"
matrix_hookshot_base_path: "{{ matrix_base_data_path }}/hookshot"
matrix_hookshot_docker_src_files_path: "{{ matrix_hookshot_base_path }}/docker-src"
matrix_hookshot_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_hookshot_container_url: 'matrix-hookshot'
matrix_hookshot_public_endpoint: /hookshot
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_appservice_port: 9993
matrix_hookshot_appservice_endpoint: "{{ matrix_hookshot_public_endpoint }}/_matrix/app"
# Controls whether metrics are enabled in the bridge configuration.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_hookshot_metrics_proxying_enabled`.
matrix_hookshot_metrics_enabled: false
# Controls whether Hookshot metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/hookshot`.
# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`.
# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`.
matrix_hookshot_metrics_proxying_enabled: false
# There is no need to edit ports.
# Read the documentation to learn about using hookshot metrics with external Prometheus
# If you still want something different, use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_metrics_port: 9001
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_webhook_port: 9000
matrix_hookshot_webhook_endpoint: "{{ matrix_hookshot_public_endpoint }}/webhooks"
# You need to create a GitHub app to enable this and fill in the empty variables below
# https://matrix-org.github.io/matrix-hookshot/setup/github.html
matrix_hookshot_github_enabled: false
matrix_hookshot_github_appid: ''
# Set this variable to the contents of the generated and downloaded GitHub private key:
# matrix_hookshot_github_private_key: |
# -----BEGIN RSA PRIVATE KEY-----
# 0123456789ABCDEF...
# -----END RSA PRIVATE KEY-----
# Alternatively, leave it empty and do it manually or use matrix-aux instead, see docs/matrix-bridge-hookshot.md for info.
matrix_hookshot_github_private_key: ''
matrix_hookshot_github_private_key_file: 'private-key.pem'
matrix_hookshot_github_secret: '' # "Webhook secret" on the GitHub App page
matrix_hookshot_github_oauth_enabled: false
# You need to configure oauth settings only when you have enabled oauth (optional)
matrix_hookshot_github_oauth_id: '' # "Client ID" on the GitHub App page
matrix_hookshot_github_oauth_secret: '' # "Client Secret" on the GitHub App page
# Default value of matrix_hookshot_github_oauth_endpoint: "/hookshot/webhooks/oauth"
matrix_hookshot_github_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/oauth"
matrix_hookshot_github_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_github_oauth_endpoint }}"
# These are the default settings mentioned here and don't need to be modified: https://matrix-org.github.io/matrix-hookshot/usage/room_configuration/github_repo.html#configuration
matrix_hookshot_github_ignore_hooks: "{}"
matrix_hookshot_github_command_prefix: '!gh'
matrix_hookshot_github_showIssueRoomLink: false # noqa var-naming
matrix_hookshot_github_pr_diff: "{enabled: false, maxLines: 5}"
matrix_hookshot_github_including_labels: ''
matrix_hookshot_github_excluding_labels: ''
matrix_hookshot_github_hotlink_prefix: "#"
matrix_hookshot_gitlab_enabled: true
# Optionally add your instances, e.g.
# matrix_hookshot_gitlab_instances:
# gitlab.com:
# url: https://gitlab.com
# mygitlab:
# url: https://gitlab.example.org
matrix_hookshot_gitlab_instances:
gitlab.com:
url: https://gitlab.com
# This will be the "Secret token" you have to enter into all GitLab instances for authentication
matrix_hookshot_gitlab_secret: ''
matrix_hookshot_figma_enabled: false
# Default value of matrix_hookshot_figma_endpoint: "/hookshot/webhooks/figma/webhook"
matrix_hookshot_figma_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/figma/webhook"
matrix_hookshot_figma_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_figma_endpoint }}" # noqa var-naming
# To bridge figma webhooks, you need to configure one of multiple instances like this:
# matrix_hookshot_figma_instances:
# your-instance:
# teamId: your-team-id
# accessToken: your-personal-access-token
# passcode: your-webhook-passcode
matrix_hookshot_jira_enabled: false
# Get the these values from https://matrix-org.github.io/matrix-hookshot/setup/jira.html#jira-oauth
matrix_hookshot_jira_secret: ''
matrix_hookshot_jira_oauth_enabled: false
matrix_hookshot_jira_oauth_id: ''
matrix_hookshot_jira_oauth_secret: ''
# Default value of matrix_hookshot_jira_oauth_endpoint: "/hookshot/webhooks/jira/oauth"
matrix_hookshot_jira_oauth_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/jira/oauth"
matrix_hookshot_jira_oauth_uri: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_jira_oauth_endpoint }}"
# No need to change these
matrix_hookshot_generic_enabled: true
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}"
# urlprefix gets updated with protocol & port in group_vars/matrix_servers
matrix_hookshot_generic_urlprefix: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_generic_endpoint }}"
matrix_hookshot_generic_allow_js_transformation_functions: false
# If you're also using matrix-appservice-webhooks, take care that these prefixes don't overlap
matrix_hookshot_generic_user_id_prefix: '_webhooks_'
matrix_hookshot_feeds_enabled: true
matrix_hookshot_feeds_pollIntervalSeconds: 600 # no-qa var-naming
matrix_hookshot_feeds_pollTimeoutSeconds: 10 # no-qa var-naming
# There is no need to edit ports. use matrix_hookshot_container_http_host_bind_ports below to expose ports instead.
matrix_hookshot_provisioning_port: 9002
matrix_hookshot_provisioning_secret: ''
# Provisioning will be automatically enabled if dimension is enabled and you have provided a provisioning secret, unless you override it
matrix_hookshot_provisioning_enabled: false
matrix_hookshot_provisioning_internal: "/v1"
matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_provisioning_internal }}"
matrix_hookshot_widgets_enabled: true
matrix_hookshot_widgets_port: 9003
matrix_hookshot_widgets_addToAdminRooms: false # default off as it is a beta feature # noqa var-naming
matrix_hookshot_widgets_roomSetupWidget_enabled: true # noqa var-naming
matrix_hookshot_widgets_roomSetupWidget_addOnInvite: false # noqa var-naming
# `disallowedIpRanges` describes which IP ranges should be disallowed when resolving homeserver IP addresses (for security reasons). Unless you know what you are doing, it is recommended to not include this key. The following IPs are blocked by default, unless you supply another list.
# matrix_hookshot_widgets_disallowedIpRanges:
# - 127.0.0.0/8
# - 10.0.0.0/8
# - 172.16.0.0/12
# - 192.168.0.0/16
# - 100.64.0.0/10
# - 192.0.0.0/24
# - 169.254.0.0/16
# - 192.88.99.0/24
# - 198.18.0.0/15
# - 192.0.2.0/24
# - 198.51.100.0/24
# - 203.0.113.0/24
# - 224.0.0.0/4
# - ::1/128
# - fe80::/10
# - fc00::/7
# - 2001:db8::/32
# - ff00::/8
# - fec0::/10
matrix_hookshot_widgets_disallowedIpRanges: '' # noqa var-naming
matrix_hookshot_widgets_internal: "/widgetapi"
# Default value of matrix_hookshot_widgets_endpoint: "/hookshot/widgetapi"
matrix_hookshot_widgets_endpoint: "{{ matrix_hookshot_public_endpoint }}{{ matrix_hookshot_widgets_internal }}"
matrix_hookshot_widgets_publicUrl: "{{ matrix_hookshot_urlprefix }}{{ matrix_hookshot_widgets_endpoint }}/v1/static" # noqa var-naming
matrix_hookshot_widgets_branding_widgetTitle: "Hookshot Configuration" # noqa var-naming
# You can configure access to the bridge as documented here https://matrix-org.github.io/matrix-hookshot/setup.html#permissions
# When empty, the default permissions are applied.
# Example:
# matrix_hookshot_permissions:
# - actor: *
# services:
# - service: *
# level: commands
# - actor: example.com
# services:
# - service: "*"
# level: admin
matrix_hookshot_permissions: []
matrix_hookshot_bot_displayname: Hookshot Bot
matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d'
# A list of extra arguments to pass to the container
matrix_hookshot_container_extra_arguments: []
# List of systemd services that service depends on.
matrix_hookshot_systemd_required_services_list: ['docker.service']
# List of systemd services that service wants
matrix_hookshot_systemd_wanted_services_list: []
# List of ports to bind to the host to expose them directly.
# Ports will automatically be bound to localhost if matrix_nginx_proxy_enabled is false.
# Setting this variable will override that behaviour in either case.
# Supply docker port bind arguments in a list like this:
#
# matrix_hookshot_container_http_host_bind_ports:
# - "127.0.0.1:9999:{{ matrix_hookshot_metrics_port }}"
#
# Above example will bind the metrics port in the container to port 9999 on localhost.
matrix_hookshot_container_http_host_bind_ports: []
# These tokens will be set automatically
matrix_hookshot_appservice_token: ''
matrix_hookshot_homeserver_token: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrixhookshot_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_hookshot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
matrix_hookshot_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_hookshot_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_hookshot_configuration_yaml`.
matrix_hookshot_configuration_extension: "{{ matrix_hookshot_configuration_extension_yaml | from_yaml if matrix_hookshot_configuration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_configuration_yaml`.
matrix_hookshot_configuration: "{{ matrix_hookshot_configuration_yaml | from_yaml | combine(matrix_hookshot_configuration_extension, recursive=True) }}"
# Default registration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrixhookshot_registration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_hookshot_registration_yaml: "{{ lookup('template', 'templates/registration.yml.j2') }}"
matrix_hookshot_registration_extension_yaml: |
# Your custom YAML registration goes here.
# This registration extends the default starting registration (`matrix_hookshot_registration_yaml`).
#
# You can override individual variables from the default registration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_hookshot_registration_yaml`.
matrix_hookshot_registration_extension: "{{ matrix_hookshot_registration_extension_yaml | from_yaml if matrix_hookshot_registration_extension_yaml | from_yaml is mapping else {} }}"
# Holds the final registration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_hookshot_registration_yaml`.
matrix_hookshot_registration: "{{ matrix_hookshot_registration_yaml | from_yaml | combine(matrix_hookshot_registration_extension, recursive=True) }}"

0
roles/custom/matrix-bridge-hookshot/files/.gitkeep Normal file
View File

141
roles/custom/matrix-bridge-hookshot/tasks/init.yml Normal file
View File

@ -0,0 +1,141 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
ansible.builtin.fail:
msg: >-
The matrix-bridge-hookshot role needs to execute before the matrix-synapse role.
when: "matrix_hookshot_enabled and matrix_synapse_role_executed | default(False)"
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-hookshot.service'] }}"
when: matrix_hookshot_enabled | bool
# If the matrix-synapse role is not used, these variables may not exist.
- ansible.builtin.set_fact:
matrix_homeserver_container_runtime_injected_arguments: >
{{
matrix_homeserver_container_runtime_injected_arguments | default([])
+
["--mount type=bind,src={{ matrix_hookshot_base_path }}/registration.yml,dst=/hookshot-registration.yml,ro"]
}}
matrix_homeserver_app_service_runtime_injected_config_files: >
{{
matrix_homeserver_app_service_runtime_injected_config_files | default([])
+
["/hookshot-registration.yml"]
}}
when: matrix_hookshot_enabled | bool
- when: matrix_hookshot_enabled | bool
block:
- name: Fail if matrix-nginx-proxy role already executed
ansible.builtin.fail:
msg: >-
Trying to append hookshot's reverse-proxying configuration to matrix-nginx-proxy,
but it's pointless since the matrix-nginx-proxy role had already executed.
To fix this, please change the order of roles in your playbook,
so that the matrix-nginx-proxy role would run after the matrix-bridge-hookshot role.
when: matrix_nginx_proxy_role_executed | default(False) | bool
- name: Generate Matrix hookshot proxying configuration for matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_configuration: |
location ~ ^{{ matrix_hookshot_appservice_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}";
proxy_pass http://$backend/$1;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_appservice_port }}/$1;
{% endif %}
proxy_set_header Host $host;
}
{% if matrix_hookshot_provisioning_enabled %}
location ~ ^{{ matrix_hookshot_provisioning_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_provisioning_port }}";
proxy_pass http://$backend{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_provisioning_port }}{{ matrix_hookshot_provisioning_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
location ~ ^{{ matrix_hookshot_widgets_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_widgets_port }}";
proxy_pass http://$backend{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_widgets_port }}{{ matrix_hookshot_widgets_internal }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
{% endif %}
location ~ ^{{ matrix_hookshot_webhook_endpoint }}/(.*)$ {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_webhook_port }}";
proxy_pass http://$backend/$1$is_args$args;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_webhook_port }}/$1$is_args$args;
{% endif %}
proxy_set_header Host $host;
}
- name: Register hookshot proxying configuration with matrix-nginx-proxy
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_configuration]
}}
- name: Generate hookshot metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain: |
location /metrics/hookshot {
{% if matrix_nginx_proxy_enabled | default(False) %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_metrics_port }}";
proxy_pass http://$backend/metrics;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_hookshot_metrics_port }}/metrics;
{% endif %}
}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Register hookshot metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/hookshot)
ansible.builtin.set_fact:
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: |
{{
matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([])
+
[matrix_hookshot_matrix_nginx_proxy_metrics_configuration_matrix_domain]
}}
when: matrix_hookshot_metrics_enabled | bool and matrix_hookshot_metrics_proxying_enabled | bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
ansible.builtin.debug:
msg: >-
NOTE: You've enabled the hookshot bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ matrix_hookshot_public_endpoint }}`
URL endpoint to the matrix-hookshot container.
You can expose the container's ports using the `matrix_hookshot_container_http_host_bind_ports` variable.
when: "matrix_hookshot_enabled | bool and not matrix_nginx_proxy_enabled | default(False) | bool"

23
roles/custom/matrix-bridge-hookshot/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup | bool and matrix_hookshot_enabled | bool"
tags:
- setup-all
- setup-hookshot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup | bool and matrix_hookshot_enabled | bool"
tags:
- setup-all
- setup-hookshot
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup | bool and not matrix_hookshot_enabled | bool"
tags:
- setup-all
- setup-hookshot

116
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,116 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
- name: Ensure hookshot paths exist
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_hookshot_base_path }}", when: true}
- {path: "{{ matrix_hookshot_docker_src_files_path }}", when: "{{ matrix_hookshot_container_image_self_build }}"}
when: item.when | bool
- name: Ensure hookshot image is pulled
community.docker.docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_hookshot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_docker_image_force_pull }}"
when: not matrix_hookshot_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure hookshot repository is present on self-build
ansible.builtin.git:
repo: "{{ matrix_hookshot_container_image_self_build_repo }}"
dest: "{{ matrix_hookshot_docker_src_files_path }}"
version: "{{ matrix_hookshot_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_hookshot_git_pull_results
when: "matrix_hookshot_container_image_self_build | bool"
- name: Ensure hookshot Docker image is built
community.docker.docker_image:
name: "{{ matrix_hookshot_docker_image }}"
source: build
force_source: "{{ matrix_hookshot_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_hookshot_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_hookshot_docker_src_files_path }}"
pull: true
when: "matrix_hookshot_container_image_self_build | bool"
- name: Check if hookshot passkey exists
ansible.builtin.stat:
path: "{{ matrix_hookshot_base_path }}/passkey.pem"
register: hookshot_passkey_file
- name: Generate hookshot passkey if it doesn't exist
ansible.builtin.shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_hookshot_base_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096"
become: true
become_user: "{{ matrix_user_username }}"
when: "not hookshot_passkey_file.stat.exists"
- name: Ensure hookshot config.yml installed if provided
ansible.builtin.copy:
content: "{{ matrix_hookshot_configuration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_hookshot_base_path }}/config.yml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Validate hookshot config.yml
ansible.builtin.command:
cmd: |
{{ matrix_host_command_docker }} run
--rm
--name={{ matrix_hookshot_container_url }}-validate
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_hookshot_base_path }}/config.yml:/config.yml
{{ matrix_hookshot_docker_image }} node Config/Config.js /config.yml
register: hookshot_config_validation_result
changed_when: false
- name: Fail if hookshot config.yml invalid
ansible.builtin.fail:
msg: "Your hookshot configuration did not pass validation:\n{{ hookshot_config_validation_result.stdout }}\n{{ hookshot_config_validation_result.stderr }}"
when: "hookshot_config_validation_result.rc > 0"
- name: Ensure hookshot registration.yml installed if provided
ansible.builtin.copy:
content: "{{ matrix_hookshot_registration | to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_hookshot_base_path }}/registration.yml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure hookshot github private key file installed if github is enabled
ansible.builtin.copy:
content: "{{ matrix_hookshot_github_private_key }}"
dest: "{{ matrix_hookshot_base_path }}/{{ matrix_hookshot_github_private_key_file }}"
mode: 0400
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_hookshot_github_enabled | bool and matrix_hookshot_github_private_key|length > 0
- name: Ensure matrix-hookshot.service installed
ansible.builtin.template:
src: "{{ role_path }}/templates/systemd/matrix-hookshot.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-hookshot.service"
mode: 0644
register: matrix_hookshot_systemd_service_result
- name: Ensure systemd reloaded after matrix-hookshot.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_hookshot_systemd_service_result.changed

25
roles/custom/matrix-bridge-hookshot/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-hookshot service
ansible.builtin.stat:
path: "{{ matrix_systemd_path }}/matrix-hookshot.service"
register: matrix_hookshot_service_stat
- name: Ensure matrix-hookshot is stopped
ansible.builtin.service:
name: matrix-hookshot
state: stopped
enabled: false
daemon_reload: true
when: "matrix_hookshot_service_stat.stat.exists"
- name: Ensure matrix-hookshot.service doesn't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/matrix-hookshot.service"
state: absent
when: "matrix_hookshot_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-hookshot.service removal
ansible.builtin.service:
daemon_reload: true
when: "matrix_hookshot_service_stat.stat.exists"

81
roles/custom/matrix-bridge-hookshot/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,81 @@
---
- name: Fail if required settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_hookshot_appservice_token"
- "matrix_hookshot_homeserver_token"
- name: Fail if required GitHub settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable GitHub.
when: "matrix_hookshot_github_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_github_appid"
- "matrix_hookshot_github_secret"
- name: Fail if required GitHub OAuth settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable GitHub OAuth.
when: "matrix_hookshot_github_oauth_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_github_oauth_id"
- "matrix_hookshot_github_oauth_secret"
- name: Fail if required Jira settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable Jira.
when: "matrix_hookshot_jira_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_jira_secret"
- name: Fail if required Jira OAuth settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable Jira OAuth.
when: "matrix_hookshot_jira_oauth_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_jira_oauth_id"
- "matrix_hookshot_jira_oauth_secret"
- name: Fail if required Figma settings not defined
ansible.builtin.fail:
msg: >-
You need to define at least one Figma instance to enable Figma.
when: "matrix_hookshot_figma_enabled and matrix_hookshot_figma_instances is undefined"
- name: Fail if required provisioning settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to enable provisioning.
when: "matrix_hookshot_provisioning_enabled and vars[item] == ''"
with_items:
- "matrix_hookshot_provisioning_secret"
- name: (Deprecation) Catch and report renamed Hookshot variables
ansible.builtin.fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_hookshot_feeds_interval', 'new': 'matrix_hookshot_feeds_pollIntervalSeconds'}
- name: (Deprecation) Catch and report old metrics usage
ansible.builtin.fail:
msg: >-
Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Hookshot,
which exposed metrics on `https://stats.DOMAIN/hookshot/metrics`.
We now recommend exposing Hookshot metrics in another way, from another URL.
Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22
with_items:
- matrix_hookshot_proxy_metrics
- matrix_hookshot_metrics_endpoint
when: "item in vars"

159
roles/custom/matrix-bridge-hookshot/templates/config.yml.j2 Normal file
View File

@ -0,0 +1,159 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Basic homeserver configuration
#
domain: {{ matrix_domain }}
url: {{ matrix_hookshot_homeserver_address }}
mediaUrl: {{ matrix_hookshot_homeserver_address }}
port: {{ matrix_hookshot_appservice_port }}
bindAddress: 0.0.0.0
{% if matrix_hookshot_github_enabled %}
github:
# (Optional) Configure this to enable GitHub support
#
auth:
# Authentication for the GitHub App.
#
id: {{ matrix_hookshot_github_appid }}
privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
webhook:
# Webhook settings for the GitHub app.
#
secret: {{ matrix_hookshot_github_secret|to_json }}
{% if matrix_hookshot_github_oauth_enabled %}
oauth:
# (Optional) Settings for allowing users to sign in via OAuth.
#
client_id: {{ matrix_hookshot_github_oauth_id }}
client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }}
redirect_uri: {{ matrix_hookshot_github_oauth_uri }}
{% endif %}
defaultOptions:
# (Optional) Default options for GitHub connections.
#
ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }}
commandPrefix: "{{ matrix_hookshot_github_command_prefix }}"
showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }}
prDiff: {{ matrix_hookshot_github_pr_diff }}
includingLabels:{{ matrix_hookshot_github_including_labels }}
excludingLabels: {{ matrix_hookshot_github_excluding_labels }}
hotlinkIssues:
prefix: "{{ matrix_hookshot_github_hotlink_prefix }}"
{% endif %}
{% if matrix_hookshot_gitlab_enabled %}
gitlab:
# (Optional) Configure this to enable GitLab support
#
instances:
{{ matrix_hookshot_gitlab_instances }}
webhook:
secret: {{ matrix_hookshot_gitlab_secret|to_json }}
{% endif %}
{% if matrix_hookshot_figma_enabled %}
figma:
# (Optional) Configure this to enable Figma support
#
publicUrl: {{ matrix_hookshot_figma_publicUrl }}
instances: {{ matrix_hookshot_figma_instances }}
{% endif %}
{% if matrix_hookshot_jira_enabled %}
jira:
# (Optional) Configure this to enable Jira support
#
webhook:
secret: {{ matrix_hookshot_jira_secret|to_json }}
{% if matrix_hookshot_jira_oauth_enabled %}
oauth:
client_id: {{ matrix_hookshot_jira_oauth_id|to_json }}
client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }}
redirect_uri: {{ matrix_hookshot_jira_oauth_uri }}
{% endif %}
{% endif %}
{% if matrix_hookshot_generic_enabled %}
generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
#
enabled: {{ matrix_hookshot_generic_enabled }}
urlPrefix: {{ matrix_hookshot_generic_urlprefix }}
allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
{% endif %}
{% if matrix_hookshot_feeds_enabled %}
feeds:
# (Optional) Configure this to enable RSS/Atom feed support
#
enabled: {{ matrix_hookshot_feeds_enabled | to_json }}
pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
provisioning:
# (Optional) Provisioning API for integration managers
#
secret: {{ matrix_hookshot_provisioning_secret|to_json }}
{% endif %}
passFile:
# A passkey used to encrypt tokens stored inside the bridge.
# Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
#
/data/passkey.pem
bot:
# (Optional) Define profile information for the bot user
#
displayname: {{ matrix_hookshot_bot_displayname }}
avatar: {{ matrix_hookshot_bot_avatar }}
metrics:
# (Optional) Prometheus metrics support
#
enabled: {{ matrix_hookshot_metrics_enabled }}
logging:
# (Optional) Logging settings. You can have a severity debug,info,warn,error
#
level: warn
{% if matrix_hookshot_widgets_enabled %}
widgets:
# (Optional) EXPERIMENTAL support for complimentary widgets
#
addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }}
{% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
roomSetupWidget:
addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }}
{% endif %}
{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }}
{% endif %}
publicUrl: {{ matrix_hookshot_widgets_publicUrl }}
branding:
widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }}
{% endif %}
{% if matrix_hookshot_permissions %}
permissions: {{ matrix_hookshot_permissions }}
{% endif %}
listeners:
# (Optional) HTTP Listener configuration.
# Bind resource endpoints to ports and addresses.
# 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
#
{# always enabled since all services need it #}
- port: {{ matrix_hookshot_webhook_port }}
bindAddress: 0.0.0.0
resources:
- webhooks
{% if matrix_hookshot_metrics_enabled %}
- port: {{ matrix_hookshot_metrics_port }}
bindAddress: 0.0.0.0
resources:
- metrics
{% endif %}
{% if matrix_hookshot_provisioning_enabled %}
- port: {{ matrix_hookshot_provisioning_port }}
bindAddress: 0.0.0.0
resources:
- provisioning
{% endif %}
{% if matrix_hookshot_widgets_enabled %}
- port: {{ matrix_hookshot_widgets_port }}
bindAddress: 0.0.0.0
resources:
- widgets
{% endif %}

30
roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2 Normal file
View File

@ -0,0 +1,30 @@
#jinja2: lstrip_blocks: "True"
id: matrix-hookshot # This can be anything, but must be unique within your homeserver
as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string
hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this
namespaces:
rooms: []
users:
{% if matrix_hookshot_github_enabled %}
- regex: "@_github_.*:{{ matrix_domain }}"
exclusive: true
{% endif %}
{% if matrix_hookshot_gitlab_enabled %}
- regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
exclusive: true
{% endif %}
{% if matrix_hookshot_jira_enabled %}
- regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
exclusive: true
{% endif %}
{% if matrix_hookshot_generic_enabled %}
- regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
exclusive: true
{% endif %}
aliases:
- regex: "#github_.+:{{ matrix_domain }}"
exclusive: true
sender_localpart: hookshot
url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file
rate_limited: false

40
roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2 Normal file
View File

@ -0,0 +1,40 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
{% for service in matrix_hookshot_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_hookshot_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }}
ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }}
ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_hookshot_base_path }}:/data:z \
{% for port in matrix_hookshot_container_http_host_bind_ports %}
-p {{ port }} \
{% endfor %}
{% for arg in matrix_hookshot_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_hookshot_docker_image }}
ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }}
ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }}
Restart=always
RestartSec=30
SyslogIdentifier={{ matrix_hookshot_container_url }}
[Install]
WantedBy=multi-user.target