Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

roles/custom/matrix-bridge-hookshot/templates/config.yml.j2

@@ -0,0 +1,159 @@
+#jinja2: lstrip_blocks: "True"
+bridge:
+  # Basic homeserver configuration
+  #
+  domain: {{ matrix_domain }}
+  url: {{ matrix_hookshot_homeserver_address }}
+  mediaUrl: {{ matrix_hookshot_homeserver_address }}
+  port: {{ matrix_hookshot_appservice_port }}
+  bindAddress: 0.0.0.0
+{% if matrix_hookshot_github_enabled %}
+github:
+  # (Optional) Configure this to enable GitHub support
+  #
+  auth:
+    # Authentication for the GitHub App.
+    #
+    id: {{ matrix_hookshot_github_appid }}
+    privateKeyFile: /data/{{ matrix_hookshot_github_private_key_file }}
+  webhook:
+    # Webhook settings for the GitHub app.
+    #
+    secret: {{ matrix_hookshot_github_secret|to_json }}
+{% if matrix_hookshot_github_oauth_enabled %}
+  oauth:
+    # (Optional) Settings for allowing users to sign in via OAuth.
+    #
+    client_id: {{ matrix_hookshot_github_oauth_id }}
+    client_secret: {{ matrix_hookshot_github_oauth_secret|to_json }}
+    redirect_uri: {{ matrix_hookshot_github_oauth_uri }}
+{% endif %}
+  defaultOptions:
+    # (Optional) Default options for GitHub connections.
+    #
+    ignoreHooks: {{ matrix_hookshot_github_ignore_hooks }}
+    commandPrefix: "{{ matrix_hookshot_github_command_prefix }}"
+    showIssueRoomLink: {{ matrix_hookshot_github_showIssueRoomLink }}
+    prDiff: {{ matrix_hookshot_github_pr_diff }}
+    includingLabels:{{ matrix_hookshot_github_including_labels }}
+    excludingLabels: {{ matrix_hookshot_github_excluding_labels }}
+    hotlinkIssues:
+      prefix: "{{ matrix_hookshot_github_hotlink_prefix }}"
+{% endif %}
+{% if matrix_hookshot_gitlab_enabled %}
+gitlab:
+  # (Optional) Configure this to enable GitLab support
+  #
+  instances:
+    {{ matrix_hookshot_gitlab_instances }}
+  webhook:
+    secret: {{ matrix_hookshot_gitlab_secret|to_json }}
+{% endif %}
+{% if matrix_hookshot_figma_enabled %}
+figma:
+  # (Optional) Configure this to enable Figma support
+  #
+  publicUrl: {{ matrix_hookshot_figma_publicUrl }}
+  instances: {{ matrix_hookshot_figma_instances }}
+{% endif %}
+{% if matrix_hookshot_jira_enabled %}
+jira:
+  # (Optional) Configure this to enable Jira support
+  #
+  webhook:
+    secret: {{ matrix_hookshot_jira_secret|to_json }}
+{% if matrix_hookshot_jira_oauth_enabled %}
+  oauth:
+    client_id: {{ matrix_hookshot_jira_oauth_id|to_json }}
+    client_secret: {{ matrix_hookshot_jira_oauth_secret|to_json }}
+    redirect_uri: {{ matrix_hookshot_jira_oauth_uri }}
+{% endif %}
+{% endif %}
+{% if matrix_hookshot_generic_enabled %}
+generic:
+  # (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
+  #
+  enabled: {{ matrix_hookshot_generic_enabled }}
+  urlPrefix: {{ matrix_hookshot_generic_urlprefix }}
+  allowJsTransformationFunctions: {{ matrix_hookshot_generic_allow_js_transformation_functions }}
+  userIdPrefix: {{ matrix_hookshot_generic_user_id_prefix|to_json }}
+{% endif %}
+{% if matrix_hookshot_feeds_enabled %}
+feeds:
+  # (Optional) Configure this to enable RSS/Atom feed support
+  #
+  enabled: {{ matrix_hookshot_feeds_enabled | to_json }}
+  pollIntervalSeconds: {{ matrix_hookshot_feeds_pollIntervalSeconds | to_json }}
+  pollTimeoutSeconds: {{ matrix_hookshot_feeds_pollTimeoutSeconds | to_json }}
+{% endif %}
+{% if matrix_hookshot_provisioning_enabled %}
+provisioning:
+  # (Optional) Provisioning API for integration managers
+  #
+  secret: {{ matrix_hookshot_provisioning_secret|to_json }}
+{% endif %}
+passFile:
+  # A passkey used to encrypt tokens stored inside the bridge.
+  # Run openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 to generate
+  #
+  /data/passkey.pem
+bot:
+  # (Optional) Define profile information for the bot user
+  #
+  displayname: {{ matrix_hookshot_bot_displayname }}
+  avatar: {{ matrix_hookshot_bot_avatar }}
+metrics:
+  # (Optional) Prometheus metrics support
+  #
+  enabled: {{ matrix_hookshot_metrics_enabled }}
+logging:
+  # (Optional) Logging settings. You can have a severity debug,info,warn,error
+  #
+  level: warn
+{% if matrix_hookshot_widgets_enabled %}
+widgets:
+  # (Optional) EXPERIMENTAL support for complimentary widgets
+  #
+  addToAdminRooms: {{ matrix_hookshot_widgets_addToAdminRooms }}
+{% if matrix_hookshot_widgets_roomSetupWidget_enabled %}
+  roomSetupWidget:
+    addOnInvite: {{ matrix_hookshot_widgets_roomSetupWidget_addOnInvite }}
+{% endif %}
+{% if not matrix_hookshot_widgets_disallowedIpRanges is in [None, ''] %}
+  disallowedIpRanges: {{ matrix_hookshot_widgets_disallowedIpRanges }}
+{% endif %}
+  publicUrl: {{ matrix_hookshot_widgets_publicUrl }}
+  branding:
+    widgetTitle: {{ matrix_hookshot_widgets_branding_widgetTitle }}
+{% endif %}
+{% if matrix_hookshot_permissions %}
+permissions: {{ matrix_hookshot_permissions }}
+{% endif %}
+listeners:
+  # (Optional) HTTP Listener configuration.
+  # Bind resource endpoints to ports and addresses.
+  # 'resources' may be any of webhooks, widgets, metrics, provisioning, appservice
+  #
+{# always enabled since all services need it #}
+  - port: {{ matrix_hookshot_webhook_port }}
+    bindAddress: 0.0.0.0
+    resources:
+      - webhooks
+{% if matrix_hookshot_metrics_enabled %}
+  - port: {{ matrix_hookshot_metrics_port }}
+    bindAddress: 0.0.0.0
+    resources:
+      - metrics
+{% endif %}
+{% if matrix_hookshot_provisioning_enabled %}
+  - port: {{ matrix_hookshot_provisioning_port }}
+    bindAddress: 0.0.0.0
+    resources:
+      - provisioning
+{% endif %}
+{% if matrix_hookshot_widgets_enabled %}
+  - port: {{ matrix_hookshot_widgets_port }}
+    bindAddress: 0.0.0.0
+    resources:
+      - widgets
+{% endif %}

roles/custom/matrix-bridge-hookshot/templates/registration.yml.j2

@@ -0,0 +1,30 @@
+#jinja2: lstrip_blocks: "True"
+id: matrix-hookshot # This can be anything, but must be unique within your homeserver
+as_token: {{ matrix_hookshot_appservice_token|to_json }} # This again can be a random string
+hs_token: {{ matrix_hookshot_homeserver_token|to_json }} # ..as can this
+namespaces:
+  rooms: []
+  users:
+{% if matrix_hookshot_github_enabled %}
+    - regex: "@_github_.*:{{ matrix_domain }}"
+      exclusive: true
+{% endif %}
+{% if matrix_hookshot_gitlab_enabled %}
+    - regex: "@_gitlab_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
+      exclusive: true
+{% endif %}
+{% if matrix_hookshot_jira_enabled %}
+    - regex: "@_jira_.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain
+      exclusive: true
+{% endif %}
+{% if matrix_hookshot_generic_enabled %}
+    - regex: "@{{ matrix_hookshot_generic_user_id_prefix }}.*:{{ matrix_domain }}" # Where foobar is your homeserver's domain // depending on userIdPrefix setting in conf
+      exclusive: true
+{% endif %}
+  aliases:
+    - regex: "#github_.+:{{ matrix_domain }}"
+      exclusive: true
+
+sender_localpart: hookshot
+url: "http://{{ matrix_hookshot_container_url }}:{{ matrix_hookshot_appservice_port }}" # This should match the bridge.port in your config file
+rate_limited: false

roles/custom/matrix-bridge-hookshot/templates/systemd/matrix-hookshot.service.j2

@@ -0,0 +1,40 @@
+#jinja2: lstrip_blocks: "True"
+[Unit]
+Description=A bridge between Matrix and multiple project management services, such as GitHub, GitLab and JIRA.
+{% for service in matrix_hookshot_systemd_required_services_list %}
+Requires={{ service }}
+After={{ service }}
+{% endfor %}
+{% for service in matrix_hookshot_systemd_wanted_services_list %}
+Wants={{ service }}
+{% endfor %}
+DefaultDependencies=no
+
+[Service]
+Type=simple
+Environment="HOME={{ matrix_systemd_unit_home_path }}"
+ExecStartPre=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }}
+ExecStartPre=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }}
+
+ExecStart={{ matrix_host_command_docker }} run --rm --name {{ matrix_hookshot_container_url }} \
+          --log-driver=none \
+          --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
+          --cap-drop=ALL \
+          --network={{ matrix_docker_network }} \
+          -v {{ matrix_hookshot_base_path }}:/data:z \
+          {% for port in matrix_hookshot_container_http_host_bind_ports %}
+          -p {{ port }} \
+          {% endfor %}
+          {% for arg in matrix_hookshot_container_extra_arguments %}
+          {{ arg }} \
+          {% endfor %}
+          {{ matrix_hookshot_docker_image }}
+
+ExecStop=-{{ matrix_host_command_docker }} kill {{ matrix_hookshot_container_url }}
+ExecStop=-{{ matrix_host_command_docker }} rm {{ matrix_hookshot_container_url }}
+Restart=always
+RestartSec=30
+SyslogIdentifier={{ matrix_hookshot_container_url }}
+
+[Install]
+WantedBy=multi-user.target