Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
This commit is contained in:
commit
4315b472af
30
CHANGELOG.md
30
CHANGELOG.md
@ -1,3 +1,33 @@
|
|||||||
|
# 2019-05-09
|
||||||
|
|
||||||
|
Besides a myriad of bug fixes and minor improvements, here are the more notable (bigger) features we can announce today.
|
||||||
|
|
||||||
|
## Mautrix Facebook/Messenger bridging support
|
||||||
|
|
||||||
|
The playbook now supports bridging with [Facebook](https://www.facebook.com/) by installing the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge. This playbook functionality is available thanks to [@izissise](https://github.com/izissise).
|
||||||
|
|
||||||
|
Additional details are available in [Setting up Mautrix Facebook bridging](docs/configuring-playbook-bridge-mautrix-facebook.md).
|
||||||
|
|
||||||
|
## mxisd Registration feature integration
|
||||||
|
|
||||||
|
The playbook can now help you integrate with mxisd's [Registration](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) feature.
|
||||||
|
|
||||||
|
Learn more in [mxisd-controlled Registration](docs/configuring-playbook-mxisd.md#mxisd-controlled-registration).
|
||||||
|
|
||||||
|
|
||||||
|
# 2019-04-16
|
||||||
|
|
||||||
|
## Caddy webserver examples
|
||||||
|
|
||||||
|
If you prefer using the [Caddy](https://caddyserver.com/) webserver instead of our own integrated nginx, we now have examples for it in the [`examples/caddy`](examples/caddy) directory
|
||||||
|
|
||||||
|
# 2019-04-10
|
||||||
|
|
||||||
|
## Goofys support for other S3-compatible object stores
|
||||||
|
|
||||||
|
Until now, you could optionally host Synapse's media repository on Amazon S3, but we now also support [using other S3-compatible object stores](docs/configuring-playbook-s3.md),
|
||||||
|
|
||||||
|
|
||||||
# 2019-04-03
|
# 2019-04-03
|
||||||
|
|
||||||
## Ansible >= 2.5 is required
|
## Ansible >= 2.5 is required
|
||||||
|
@ -38,6 +38,8 @@ Using this playbook, you can get the following services configured on your serve
|
|||||||
|
|
||||||
- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/)
|
- (optional) the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge for bridging your Matrix server to [Whatsapp](https://www.whatsapp.com/)
|
||||||
|
|
||||||
|
- (optional) the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge for bridging your Matrix server to [facebook](https://facebook.com/)
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
- (optional) the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat)
|
||||||
|
|
||||||
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
- (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/)
|
||||||
@ -116,6 +118,8 @@ This playbook sets up your server using the following Docker images:
|
|||||||
|
|
||||||
- [tulir/mautrix-whatsapp](https://hub.docker.com/r/tulir/mautrix-whatsapp/) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
|
- [tulir/mautrix-whatsapp](https://hub.docker.com/r/tulir/mautrix-whatsapp/) - the [mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) bridge to [Whatsapp](https://www.whatsapp.com/) (optional)
|
||||||
|
|
||||||
|
- [tulir/mautrix-facebook](https://hub.docker.com/r/tulir/mautrix-facebook/) - the [mautrix-facebook](https://github.com/tulir/mautrix-facebook) bridge to [Facebook](https://facebook.com/) (optional)
|
||||||
|
|
||||||
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
- [tedomum/matrix-appservice-irc](https://hub.docker.com/r/tedomum/matrix-appservice-irc/) - the [matrix-appservice-irc](https://github.com/TeDomum/matrix-appservice-irc) bridge to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) (optional)
|
||||||
|
|
||||||
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
|
- [halfshot/matrix-appservice-discord](https://hub.docker.com/r/halfshot/matrix-appservice-discord) - the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge to [Discord](https://discordapp.com/) (optional)
|
||||||
|
@ -12,6 +12,8 @@
|
|||||||
|
|
||||||
- [Registering users](registering-users.md)
|
- [Registering users](registering-users.md)
|
||||||
|
|
||||||
|
- [Updating users passwords](updating-users-passwords.md)
|
||||||
|
|
||||||
- [Configuring service discovery via .well-known](configuring-well-known.md)
|
- [Configuring service discovery via .well-known](configuring-well-known.md)
|
||||||
|
|
||||||
- [Maintenance / checking if services work](maintenance-checking-services.md)
|
- [Maintenance / checking if services work](maintenance-checking-services.md)
|
||||||
|
@ -54,9 +54,9 @@ The SRV record should look like this:
|
|||||||
- Name: `_matrix._tcp` (use this text as-is)
|
- Name: `_matrix._tcp` (use this text as-is)
|
||||||
- Content: `10 0 8448 matrix.<your-domain>` (replace `<your-domain>` with your own)
|
- Content: `10 0 8448 matrix.<your-domain>` (replace `<your-domain>` with your own)
|
||||||
|
|
||||||
A [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) is superseding the `_matrix._tcp` SRV record. **During the transition phase, you'll need to set up both mechanisms**. We'll instruct you how to set up the file-based mechanism after the [installation phase](installing.md) for this playbook.
|
A [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) is superseding the `_matrix._tcp` SRV record for our use case. **During the transition phase, you'll need to set up both mechanisms**. We'll instruct you how to set up the file-based mechanism after the [installation phase](installing.md) for this playbook.
|
||||||
|
|
||||||
Doing delegation/redirection of Matrix services using a DNS SRV record (`_matrix._tcp`) is a **temporary measure** that is only necessary before Synapse v1.0 is released.
|
Doing delegation/redirection of Matrix services using a DNS SRV record (`_matrix._tcp`) is a **temporary measure** for our use-case, that will only be necessary before Synapse v1.0 is released.
|
||||||
|
|
||||||
As more and more people upgrade to the Synapse v0.99 transitional release and just before the final Synapse v1.0 gets released, at some point in the near future **you will need to remove the `_matrix._tcp` SRV record** and leave only the [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) in place.
|
As more and more people upgrade to the Synapse v0.99 transitional release and just before the final Synapse v1.0 gets released, at some point in the near future **you will need to remove the `_matrix._tcp` SRV record** and leave only the [new file-based mechanism for Federation Server Discovery](configuring-well-known.md#introduction-to-federation-server-discovery) in place.
|
||||||
|
|
||||||
|
11
docs/configuring-playbook-bridge-mautrix-facebook.md
Normal file
11
docs/configuring-playbook-bridge-mautrix-facebook.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Setting up Mautrix Facebook (optional)
|
||||||
|
|
||||||
|
The playbook can install and configure [mautrix-facebook](https://github.com/tulir/mautrix-facebook) for you.
|
||||||
|
|
||||||
|
See the project's [documentation](https://github.com/tulir/mautrix-facebook/wiki#usage) to learn what it does and why it might be useful to you.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_mautrix_facebook_enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
You then need to start a chat with `@facebookbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
|
@ -24,6 +24,19 @@ If you'd like to change the default email templates used by mxisd, take a look a
|
|||||||
(in the `roles/matrix-mxisd/defaults/main.yml` file.
|
(in the `roles/matrix-mxisd/defaults/main.yml` file.
|
||||||
|
|
||||||
|
|
||||||
|
## mxisd-controlled Registration
|
||||||
|
|
||||||
|
To use the [Registration](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) feature of mxisd, you can make use of the following variables:
|
||||||
|
|
||||||
|
- `matrix_synapse_enable_registration` - to enable user-initiated registration in Synapse
|
||||||
|
|
||||||
|
- `matrix_synapse_registrations_require_3pid` - to control the types of 3pid (`'email'`, `'msisdn'`) required by the Synapse server for registering
|
||||||
|
|
||||||
|
- variables prefixed with `matrix_nginx_proxy_proxy_matrix_3pid_registration_` (e.g. `matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled`) - to configure the integrated nginx webserver to send registration requests to mxisd (instead of Synapse), so it can apply its additional functionality
|
||||||
|
|
||||||
|
- `matrix_mxisd_configuration_extension_yaml` - to configure mxisd as required. See the [Registration feature's docs](https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md) for inspiration. Also see the [Additional features](#additional-features) section below to learn more about how to use `matrix_mxisd_configuration_extension_yaml`.
|
||||||
|
|
||||||
|
|
||||||
## Additional features
|
## Additional features
|
||||||
|
|
||||||
What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services.
|
What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services.
|
||||||
|
@ -3,9 +3,11 @@
|
|||||||
By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
|
By default, this playbook configures your server to store Synapse's content repository (`media_store`) files on the local filesystem.
|
||||||
If that's alright, you can skip this.
|
If that's alright, you can skip this.
|
||||||
|
|
||||||
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3,
|
If you'd like to store Synapse's content repository (`media_store`) files on Amazon S3 (or other S3-compatible service),
|
||||||
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
|
you can let this playbook configure [Goofys](https://github.com/kahing/goofys) for you.
|
||||||
|
|
||||||
|
## Amazon S3
|
||||||
|
|
||||||
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
|
You'll need an Amazon S3 bucket and some IAM user credentials (access key + secret key) with full write access to the bucket. Example security policy:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
@ -37,3 +39,13 @@ matrix_s3_media_store_aws_access_key: "access-key-goes-here"
|
|||||||
matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
|
matrix_s3_media_store_aws_secret_key: "secret-key-goes-here"
|
||||||
matrix_s3_media_store_region: "eu-central-1"
|
matrix_s3_media_store_region: "eu-central-1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Using other S3-compatible object stores
|
||||||
|
|
||||||
|
You can use any S3-compatible object store by **additionally** configuring these variables:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_s3_media_store_custom_endpoint_enabled: true
|
||||||
|
matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
|
||||||
|
```
|
||||||
|
@ -77,6 +77,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
|
|||||||
|
|
||||||
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
|
- [Setting up Mautrix Whatsapp bridging](configuring-playbook-bridge-mautrix-whatsapp.md) (optional)
|
||||||
|
|
||||||
|
- [Setting up Mautrix Facebook bridging](configuring-playbook-bridge-mautrix-facebook.md) (optional)
|
||||||
|
|
||||||
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
|
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)
|
||||||
|
|
||||||
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
|
- [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional)
|
||||||
|
@ -13,15 +13,19 @@ There are 2 types of well-known service discovery that Matrix makes use of:
|
|||||||
|
|
||||||
All services created by this playbook are meant to be installed on their own server (such as `matrix.<your-domain>`).
|
All services created by this playbook are meant to be installed on their own server (such as `matrix.<your-domain>`).
|
||||||
|
|
||||||
As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@<username>:<your-domain>` while hosting services on a subdomain like `matrix.<your-domain>`, we need to instruct the Matrix network of such a delegation/redirection by means of setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain.com>).
|
As [per the Server-Server specification](https://matrix.org/docs/spec/server_server/r0.1.0.html#server-discovery), to use a Matrix user identifier like `@<username>:<your-domain>` while hosting services on a subdomain like `matrix.<your-domain>`, the Matrix network needs to be instructed of such delegation/redirection.
|
||||||
|
|
||||||
We have discussed this same thing already in the "`_matrix._tcp` SRV record setup (temporary requirement)" section of [Configuring DNS](configuring-dns.md).
|
Server delegation can be configured using DNS SRV records or by setting up a `/.well-known/matrix/server` file on the base domain (`<your-domain.com>`).
|
||||||
|
|
||||||
In short, you are required to set up both a `_matrix._tcp` DNS SRV record and the `/.well-known/matrix/server` file at the moment.
|
We have discussed the DNS SRV record method already in the "`_matrix._tcp` SRV record setup (temporary requirement)" section of [Configuring DNS](configuring-dns.md).
|
||||||
|
|
||||||
As the Synapse server progresses towards v1.0, only the `/.well-known/matrix/server` file will be used. At that future moment, you would need to remove the `_matrix._tcp` SRV record because Synapse v1.0+ will do the wrong thing if a SRV record exists. During the transitional phase (before Synapse 1.0), we do need to have both a SRV record and a `/.well-known/matrix/server` file, in order to federate correctly with v0.99 and older Synapse versions.
|
Both methods have their place and will continue to do so. Usually, you would need to use just one of these delegation methods.
|
||||||
|
For simplicity reasons, our setup advocates for the `/.well-known/matrix/server` method and guides you into using that.
|
||||||
|
For backward compatibility with older Synapse servers (< v0.99), however, for now you are also required to set up a `_matrix._tcp` DNS SRV record (in addition to the `/.well-known/matrix/server` file on the base domain).
|
||||||
|
|
||||||
To learn how to set it up, read the Installing section below.
|
As the Synapse server progresses towards v1.0, only the `/.well-known/matrix/server` file will be used by us, unless you have a more special setup necessitating a DNS SRV record. At that future moment, you would need to remove the `_matrix._tcp` SRV record because Synapse v1.0+ will do the wrong thing if a SRV record exists.
|
||||||
|
|
||||||
|
To learn how to set up `/.well-known/matrix/server`, read the Installing section below.
|
||||||
|
|
||||||
|
|
||||||
## Introduction to Client Server Discovery
|
## Introduction to Client Server Discovery
|
||||||
|
@ -10,4 +10,4 @@ ansible-playbook -i inventory/hosts setup.yml --tags=self-check
|
|||||||
|
|
||||||
If it's all green, everything is probably running correctly.
|
If it's all green, everything is probably running correctly.
|
||||||
|
|
||||||
Besides this self-check, you can also check your server using the [Federation Tester](https://neo.lain.haus/fed-tester/).
|
Besides this self-check, you can also check your server using the [Federation Tester](https://federationtester.matrix.org/).
|
||||||
|
19
docs/updating-users-passwords.md
Normal file
19
docs/updating-users-passwords.md
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Updating users passwords
|
||||||
|
|
||||||
|
If you are using the matrix-postgres container(default), you can do it via this Ansible playbook (make sure to edit the `<your-username>` and `<your-password>` part below):
|
||||||
|
|
||||||
|
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=<your-username> password=<your-password>' --tags=update-user-password
|
||||||
|
|
||||||
|
**Note**: `<your-username>` is just a plain username (like `john`), not your full `@<username>:<your-domain>` identifier.
|
||||||
|
|
||||||
|
**You can then log in with that user** via the riot-web service that this playbook has created for you at a URL like this: `https://riot.<domain>/`.
|
||||||
|
|
||||||
|
If you are NOT using the matrix-postgres container, you can generate the password hash by using the command-line after **SSH**-ing to your server (requires that [all services have been started](#starting-the-services)):
|
||||||
|
|
||||||
|
docker exec -it matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml
|
||||||
|
|
||||||
|
and then connecting to the postgres server and executing:
|
||||||
|
|
||||||
|
UPDATE users SET password_hash = '<password-hash>' WHERE name = '@someone:server.com'
|
||||||
|
|
||||||
|
where `<password-hash>` is the hash returned by the docker command above.
|
@ -169,7 +169,7 @@ matrix_mxisd_container_expose_port: "{{ not matrix_nginx_proxy_enabled }}"
|
|||||||
# your own configuration in `matrix_mxisd_configuration_extension_yaml`.
|
# your own configuration in `matrix_mxisd_configuration_extension_yaml`.
|
||||||
matrix_mxisd_synapsesql_enabled: true
|
matrix_mxisd_synapsesql_enabled: true
|
||||||
matrix_mxisd_synapsesql_type: postgresql
|
matrix_mxisd_synapsesql_type: postgresql
|
||||||
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user }}&password={{ matrix_synapse_database_password }}
|
matrix_mxisd_synapsesql_connection: //{{ matrix_synapse_database_host }}/{{ matrix_synapse_database_database }}?user={{ matrix_synapse_database_user | urlencode() }}&password={{ matrix_synapse_database_password | urlencode() }}
|
||||||
|
|
||||||
matrix_mxisd_dns_overwrite_enabled: true
|
matrix_mxisd_dns_overwrite_enabled: true
|
||||||
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
matrix_mxisd_dns_overwrite_homeserver_client_name: "{{ matrix_server_fqn_matrix }}"
|
||||||
|
@ -48,6 +48,7 @@ run_import_postgres: true
|
|||||||
run_upgrade_postgres: true
|
run_upgrade_postgres: true
|
||||||
run_start: true
|
run_start: true
|
||||||
run_register_user: true
|
run_register_user: true
|
||||||
|
run_update_user_password: true
|
||||||
run_import_sqlite_db: true
|
run_import_sqlite_db: true
|
||||||
run_import_media_store: true
|
run_import_media_store: true
|
||||||
run_self_check: true
|
run_self_check: true
|
||||||
|
@ -68,7 +68,7 @@
|
|||||||
|
|
||||||
- name: Ensure Docker is started and autoruns
|
- name: Ensure Docker is started and autoruns
|
||||||
service:
|
service:
|
||||||
name: docker
|
name: docker
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"m.homeserver": {
|
"m.homeserver": {
|
||||||
"base_url": "{{ matrix_homeserver_url }}"
|
"base_url": "{{ matrix_homeserver_url }}"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ "$(id -u)" != "0" ]; then
|
if [ "$(id -u)" != "0" ]; then
|
||||||
|
@ -6,6 +6,9 @@ matrix_corporal_enabled: true
|
|||||||
# Controls whether the matrix-corporal web server's ports (`41080` and `41081`) are exposed outside of the container.
|
# Controls whether the matrix-corporal web server's ports (`41080` and `41081`) are exposed outside of the container.
|
||||||
matrix_corporal_container_expose_ports: false
|
matrix_corporal_container_expose_ports: false
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_corporal_container_extra_arguments: []
|
||||||
|
|
||||||
# List of systemd services that matrix-corporal.service depends on
|
# List of systemd services that matrix-corporal.service depends on
|
||||||
matrix_corporal_systemd_required_services_list: ['docker.service']
|
matrix_corporal_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"Matrix": {
|
"Matrix": {
|
||||||
"HomeserverDomainName": "{{ matrix_corporal_matrix_homeserver_domain_name }}",
|
"HomeserverDomainName": "{{ matrix_corporal_matrix_homeserver_domain_name }}",
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Corporal
|
Description=Matrix Corporal
|
||||||
{% for service in matrix_corporal_systemd_required_services_list %}
|
{% for service in matrix_corporal_systemd_required_services_list %}
|
||||||
@ -22,6 +23,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
|||||||
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
|
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
|
||||||
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
|
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
|
||||||
-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
|
-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
|
||||||
|
{% for arg in matrix_corporal_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_corporal_docker_image }} \
|
{{ matrix_corporal_docker_image }} \
|
||||||
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
||||||
ExecStop=-/usr/bin/docker kill matrix-corporal
|
ExecStop=-/usr/bin/docker kill matrix-corporal
|
||||||
|
@ -23,6 +23,9 @@ matrix_coturn_systemd_required_services_list: ['docker.service']
|
|||||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||||
matrix_coturn_container_additional_volumes: []
|
matrix_coturn_container_additional_volumes: []
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_coturn_container_extra_arguments: []
|
||||||
|
|
||||||
# A shared secret (between Synapse and Coturn) used for authentication.
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
||||||
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
# You can put any string here, but generating a strong one is preferred (e.g. `pwgen -s 64 1`).
|
||||||
matrix_coturn_turn_static_auth_secret: ""
|
matrix_coturn_turn_static_auth_secret: ""
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Coturn server
|
Description=Matrix Coturn server
|
||||||
{% for service in matrix_coturn_systemd_required_services_list %}
|
{% for service in matrix_coturn_systemd_required_services_list %}
|
||||||
@ -27,6 +28,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
|||||||
{% for volume in matrix_coturn_container_additional_volumes %}
|
{% for volume in matrix_coturn_container_additional_volumes %}
|
||||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for arg in matrix_coturn_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_coturn_docker_image }} \
|
{{ matrix_coturn_docker_image }} \
|
||||||
-c /turnserver.conf
|
-c /turnserver.conf
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
static-auth-secret={{ matrix_coturn_turn_static_auth_secret }}
|
||||||
realm=turn.{{ matrix_server_fqn_matrix }}
|
realm=turn.{{ matrix_server_fqn_matrix }}
|
||||||
|
@ -20,6 +20,9 @@ matrix_dimension_user_gid: 1000
|
|||||||
|
|
||||||
matrix_dimension_container_expose_port: false
|
matrix_dimension_container_expose_port: false
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_dimension_container_extra_arguments: []
|
||||||
|
|
||||||
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot"
|
matrix_dimension_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/riot"
|
||||||
matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
matrix_dimension_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
||||||
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
|
matrix_dimension_integrations_widgets_urls: ["https://{{ matrix_server_fqn_dimension }}/widgets"]
|
||||||
@ -31,6 +34,7 @@ matrix_dimension_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_di
|
|||||||
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_dimension_configuration_yaml: |
|
matrix_dimension_configuration_yaml: |
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
# The web settings for the service (API and UI).
|
# The web settings for the service (API and UI).
|
||||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||||
web:
|
web:
|
||||||
@ -125,5 +129,3 @@ matrix_dimension_configuration_extension_yaml: |
|
|||||||
# Holds the final Dimension configuration (a combination of the default and its extension).
|
# Holds the final Dimension configuration (a combination of the default and its extension).
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`.
|
# You most likely don't need to touch this variable. Instead, see `matrix_dimension_configuration_yaml`.
|
||||||
matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml|from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}"
|
matrix_dimension_configuration: "{{ matrix_dimension_configuration_yaml|from_yaml|combine(matrix_dimension_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Dimension
|
Description=Matrix Dimension
|
||||||
After=docker.service
|
After=docker.service
|
||||||
@ -19,6 +20,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
|||||||
-p 127.0.0.1:8184:8184 \
|
-p 127.0.0.1:8184:8184 \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_dimension_base_path }}:/data:rw \
|
-v {{ matrix_dimension_base_path }}:/data:rw \
|
||||||
|
{% for arg in matrix_dimension_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_dimension_docker_image }}
|
{{ matrix_dimension_docker_image }}
|
||||||
ExecStop=-/usr/bin/docker kill matrix-dimension
|
ExecStop=-/usr/bin/docker kill matrix-dimension
|
||||||
ExecStop=-/usr/bin/docker rm matrix-dimension
|
ExecStop=-/usr/bin/docker rm matrix-dimension
|
||||||
|
@ -9,6 +9,9 @@ matrix_mailer_docker_image: "devture/exim-relay:4.91-r3-0"
|
|||||||
matrix_mailer_container_user_uid: 100
|
matrix_mailer_container_user_uid: 100
|
||||||
matrix_mailer_container_user_gid: 101
|
matrix_mailer_container_user_gid: 101
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_mailer_container_extra_arguments: []
|
||||||
|
|
||||||
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
|
matrix_mailer_sender_address: "matrix@{{ matrix_domain }}"
|
||||||
matrix_mailer_relay_use: false
|
matrix_mailer_relay_use: false
|
||||||
matrix_mailer_relay_host_name: "mail.example.com"
|
matrix_mailer_relay_host_name: "mail.example.com"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
{% if matrix_mailer_relay_use %}
|
{% if matrix_mailer_relay_use %}
|
||||||
SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port }}
|
SMARTHOST={{ matrix_mailer_relay_host_name }}::{{ matrix_mailer_relay_host_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix mailer
|
Description=Matrix mailer
|
||||||
After=docker.service
|
After=docker.service
|
||||||
@ -16,6 +17,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
|||||||
--network={{ matrix_docker_network }} \
|
--network={{ matrix_docker_network }} \
|
||||||
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
--env-file={{ matrix_mailer_base_path }}/env-mailer \
|
||||||
--hostname={{ matrix_server_fqn_matrix }} \
|
--hostname={{ matrix_server_fqn_matrix }} \
|
||||||
|
{% for arg in matrix_mailer_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_mailer_docker_image }}
|
{{ matrix_mailer_docker_image }}
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
ExecStop=-/usr/bin/docker kill matrix-mailer
|
||||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
ExecStop=-/usr/bin/docker rm matrix-mailer
|
||||||
|
@ -8,6 +8,9 @@ matrix_mxisd_data_path: "{{ matrix_mxisd_base_path }}/data"
|
|||||||
# Controls whether the mxisd web server's port (`8090`) is exposed outside of the container.
|
# Controls whether the mxisd web server's port (`8090`) is exposed outside of the container.
|
||||||
matrix_mxisd_container_expose_port: false
|
matrix_mxisd_container_expose_port: false
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_mxisd_container_extra_arguments: []
|
||||||
|
|
||||||
# List of systemd services that matrix-mxisd.service depends on
|
# List of systemd services that matrix-mxisd.service depends on
|
||||||
matrix_mxisd_systemd_required_services_list: ['docker.service']
|
matrix_mxisd_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
@ -64,6 +67,7 @@ matrix_mxisd_self_check_validate_certificates: true
|
|||||||
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
|
# For a more advanced customization, you can extend the default (see `matrix_mxisd_configuration_extension_yaml`)
|
||||||
# or completely replace this variable with your own template.
|
# or completely replace this variable with your own template.
|
||||||
matrix_mxisd_configuration_yaml: |
|
matrix_mxisd_configuration_yaml: |
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
matrix:
|
matrix:
|
||||||
domain: {{ matrix_domain }}
|
domain: {{ matrix_domain }}
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix mxisd Identity server
|
Description=Matrix mxisd Identity server
|
||||||
{% for service in matrix_mxisd_systemd_required_services_list %}
|
{% for service in matrix_mxisd_systemd_required_services_list %}
|
||||||
@ -27,6 +28,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
|
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
|
||||||
-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
|
-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
|
||||||
|
{% for arg in matrix_mxisd_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_mxisd_docker_image }}
|
{{ matrix_mxisd_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-mxisd
|
ExecStop=-/usr/bin/docker kill matrix-mxisd
|
||||||
|
@ -21,6 +21,9 @@ matrix_nginx_proxy_systemd_wanted_services_list: []
|
|||||||
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
# Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}
|
||||||
matrix_nginx_proxy_container_additional_volumes: []
|
matrix_nginx_proxy_container_additional_volumes: []
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_nginx_proxy_container_extra_arguments: []
|
||||||
|
|
||||||
# Controls whether matrix-nginx-proxy should serve the base domain.
|
# Controls whether matrix-nginx-proxy should serve the base domain.
|
||||||
#
|
#
|
||||||
# This is useful for when you only have your Matrix server, but you need to serve
|
# This is useful for when you only have your Matrix server, but you need to serve
|
||||||
@ -66,6 +69,13 @@ matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled: false
|
|||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container: "matrix-mxisd:8090"
|
||||||
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"
|
matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container: "127.0.0.1:8090"
|
||||||
|
|
||||||
|
# Controls whether proxying for 3PID-based registration (`/_matrix/client/r0/register/(email|msisdn)/requestToken`) should be done (on the matrix domain).
|
||||||
|
# This allows another service to control registrations involving 3PIDs.
|
||||||
|
# To learn more, see: https://github.com/kamax-matrix/mxisd/blob/master/docs/features/registration.md
|
||||||
|
matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled: false
|
||||||
|
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container: "matrix-mxisd:8090"
|
||||||
|
matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container: "127.0.0.1:8090"
|
||||||
|
|
||||||
# Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
|
# Controls whether proxying for the Identity API (`/_matrix/identity`) should be done (on the matrix domain)
|
||||||
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
|
matrix_nginx_proxy_proxy_matrix_identity_api_enabled: false
|
||||||
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
matrix_nginx_proxy_proxy_matrix_identity_api_addr_with_container: "matrix-mxisd:8090"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
server {
|
server {
|
||||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
|
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
server {
|
server {
|
||||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
server_name {{ matrix_nginx_proxy_base_domain_hostname }};
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
server {
|
server {
|
||||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
|
server_name {{ matrix_nginx_proxy_proxy_riot_hostname }};
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
server {
|
server {
|
||||||
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
|
||||||
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
|
server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }};
|
||||||
@ -102,6 +103,23 @@ server {
|
|||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled %}
|
||||||
|
location ~ ^/_matrix/client/r0/register/(email|msisdn)/requestToken$ {
|
||||||
|
{% if matrix_nginx_proxy_enabled %}
|
||||||
|
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||||
|
resolver 127.0.0.11 valid=5s;
|
||||||
|
set $backend "{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container }}";
|
||||||
|
proxy_pass http://$backend;
|
||||||
|
{% else %}
|
||||||
|
{# Generic configuration for use outside of our container setup #}
|
||||||
|
proxy_pass http://{{ matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# The default is aligned to the CPU's cache size,
|
# The default is aligned to the CPU's cache size,
|
||||||
# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
|
# which can sometimes be too low to handle our 2 vhosts (Synapse and Riot).
|
||||||
#
|
#
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# User and password for protecting /_synapse/metrics URI
|
# User and password for protecting /_synapse/metrics URI
|
||||||
prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}
|
prometheus:{{ matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key }}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
||||||
# because it allows us to run nginx with a non-root user.
|
# because it allows us to run nginx with a non-root user.
|
||||||
#
|
#
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix nginx-proxy server
|
Description=Matrix nginx-proxy server
|
||||||
{% for service in matrix_nginx_proxy_systemd_required_services_list %}
|
{% for service in matrix_nginx_proxy_systemd_required_services_list %}
|
||||||
@ -33,6 +34,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
|||||||
{% for volume in matrix_nginx_proxy_container_additional_volumes %}
|
{% for volume in matrix_nginx_proxy_container_additional_volumes %}
|
||||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for arg in matrix_nginx_proxy_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_nginx_proxy_docker_image }}
|
{{ matrix_nginx_proxy_docker_image }}
|
||||||
|
|
||||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
|
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
|
||||||
|
@ -12,3 +12,6 @@ matrix_postgres_docker_image_v9: "postgres:9.6.12-alpine"
|
|||||||
matrix_postgres_docker_image_v10: "postgres:10.7-alpine"
|
matrix_postgres_docker_image_v10: "postgres:10.7-alpine"
|
||||||
matrix_postgres_docker_image_v11: "postgres:11.2-alpine"
|
matrix_postgres_docker_image_v11: "postgres:11.2-alpine"
|
||||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v11 }}"
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_postgres_container_extra_arguments: []
|
||||||
|
@ -123,3 +123,10 @@
|
|||||||
debug:
|
debug:
|
||||||
msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
|
msg: "Note: You are not using a local PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_data_path }}`. Feel free to delete it."
|
||||||
when: "not matrix_postgres_enabled and matrix_postgres_data_path_stat.stat.exists"
|
when: "not matrix_postgres_enabled and matrix_postgres_data_path_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-postgres-update-user-password-hash script created
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/usr-local-bin/matrix-postgres-update-user-password-hash.j2"
|
||||||
|
dest: "/usr/local/bin/matrix-postgres-update-user-password-hash"
|
||||||
|
mode: 0750
|
||||||
|
when: matrix_postgres_enabled
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
PGUSER={{ matrix_postgres_connection_username }}
|
PGUSER={{ matrix_postgres_connection_username }}
|
||||||
PGPASSWORD={{ matrix_postgres_connection_password }}
|
PGPASSWORD={{ matrix_postgres_connection_password }}
|
||||||
PGDATABASE={{ matrix_postgres_db_name }}
|
PGDATABASE={{ matrix_postgres_db_name }}
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
POSTGRES_USER={{ matrix_postgres_connection_username }}
|
POSTGRES_USER={{ matrix_postgres_connection_username }}
|
||||||
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
|
POSTGRES_PASSWORD={{ matrix_postgres_connection_password }}
|
||||||
POSTGRES_DB={{ matrix_postgres_db_name }}
|
POSTGRES_DB={{ matrix_postgres_db_name }}
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Postgres server
|
Description=Matrix Postgres server
|
||||||
After=docker.service
|
After=docker.service
|
||||||
@ -18,6 +19,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
|||||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
|
--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
|
||||||
-v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data:rw \
|
-v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data:rw \
|
||||||
-v /etc/passwd:/etc/passwd:ro \
|
-v /etc/passwd:/etc/passwd:ro \
|
||||||
|
{% for arg in matrix_postgres_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_postgres_docker_image_to_use }}
|
{{ matrix_postgres_docker_image_to_use }}
|
||||||
ExecStop=-/usr/bin/docker stop matrix-postgres
|
ExecStop=-/usr/bin/docker stop matrix-postgres
|
||||||
ExecStop=-/usr/bin/docker rm matrix-postgres
|
ExecStop=-/usr/bin/docker rm matrix-postgres
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $# -ne 1 ]; then
|
if [ $# -ne 1 ]; then
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
docker run \
|
docker run \
|
||||||
|
@ -0,0 +1,16 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ $# -ne 2 ]; then
|
||||||
|
echo "Usage: "$0" <username> <password_hash>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker run \
|
||||||
|
--rm \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql \
|
||||||
|
--network {{ matrix_docker_network }} \
|
||||||
|
{{ matrix_postgres_docker_image_to_use }} \
|
||||||
|
psql -h {{ matrix_postgres_connection_hostname }} -c "UPDATE users set password_hash='$2' WHERE name = '@$1:{{ matrix_domain }}'"
|
@ -6,6 +6,9 @@ matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
|||||||
|
|
||||||
matrix_riot_web_container_expose_port: false
|
matrix_riot_web_container_expose_port: false
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_riot_web_container_extra_arguments: []
|
||||||
|
|
||||||
# List of systemd services that matrix-riot-web.service depends on
|
# List of systemd services that matrix-riot-web.service depends on
|
||||||
matrix_riot_web_systemd_required_services_list: ['docker.service']
|
matrix_riot_web_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
|
@ -1,23 +1,24 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
{
|
{
|
||||||
"default_hs_url": {{ matrix_riot_web_default_hs_url|to_json }},
|
"default_hs_url": {{ matrix_riot_web_default_hs_url|string|to_json }},
|
||||||
"default_is_url": {{ matrix_riot_web_default_is_url|to_json }},
|
"default_is_url": {{ matrix_riot_web_default_is_url|string|to_json }},
|
||||||
"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
|
"disable_custom_urls": {{ matrix_riot_web_disable_custom_urls|to_json }},
|
||||||
"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
|
"disable_guests": {{ matrix_riot_web_disable_guests|to_json }},
|
||||||
"brand": "Riot",
|
"brand": "Riot",
|
||||||
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|to_json }},
|
"integrations_ui_url": {{ matrix_riot_web_integrations_ui_url|string|to_json }},
|
||||||
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|to_json }},
|
"integrations_rest_url": {{ matrix_riot_web_integrations_rest_url|string|to_json }},
|
||||||
"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
|
"integrations_widgets_urls": {{ matrix_riot_web_integrations_widgets_urls|to_json }},
|
||||||
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|to_json }},
|
"integrations_jitsi_widget_url": {{ matrix_riot_web_integrations_jitsi_widget_url|string|to_json }},
|
||||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||||
"enableLabs": true,
|
"enableLabs": true,
|
||||||
"roomDirectory": {
|
"roomDirectory": {
|
||||||
"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
|
"servers": {{ matrix_riot_web_roomdir_servers|to_json }}
|
||||||
},
|
},
|
||||||
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|to_json }},
|
"welcomeUserId": {{ matrix_riot_web_welcome_user_id|string|to_json }},
|
||||||
{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
|
{% if matrix_riot_web_enable_presence_by_hs_url is not none %}
|
||||||
"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
|
"enable_presence_by_hs_url": {{ matrix_riot_web_enable_presence_by_hs_url|to_json }},
|
||||||
{% endif %}
|
{% endif %}
|
||||||
"embeddedPages": {
|
"embeddedPages": {
|
||||||
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|to_json }}
|
"homeUrl": {{ matrix_riot_web_embedded_pages_home_url|string|to_json }}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
# This is a custom nginx configuration file that we use in the container (instead of the default one),
|
||||||
# because it allows us to run nginx with a non-root user.
|
# because it allows us to run nginx with a non-root user.
|
||||||
#
|
#
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix riot-web server
|
Description=Matrix riot-web server
|
||||||
{% for service in matrix_riot_web_systemd_required_services_list %}
|
{% for service in matrix_riot_web_systemd_required_services_list %}
|
||||||
@ -26,6 +27,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
|||||||
-v {{ matrix_riot_web_data_path }}/home.html:/etc/riot-web/home.html:ro \
|
-v {{ matrix_riot_web_data_path }}/home.html:/etc/riot-web/home.html:ro \
|
||||||
{% endif %}
|
{% endif %}
|
||||||
-v {{ matrix_riot_web_data_path }}/welcome.html:/etc/riot-web/welcome.html:ro \
|
-v {{ matrix_riot_web_data_path }}/welcome.html:/etc/riot-web/welcome.html:ro \
|
||||||
|
{% for arg in matrix_riot_web_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_riot_web_docker_image }}
|
{{ matrix_riot_web_docker_image }}
|
||||||
ExecStop=-/usr/bin/docker kill matrix-riot-web
|
ExecStop=-/usr/bin/docker kill matrix-riot-web
|
||||||
ExecStop=-/usr/bin/docker rm matrix-riot-web
|
ExecStop=-/usr/bin/docker rm matrix-riot-web
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
|
|
||||||
/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid
|
/* we deliberately inline style here to avoid flash-of-CSS problems, and to avoid
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3-py3"
|
matrix_synapse_docker_image: "matrixdotorg/synapse:v0.99.3.2"
|
||||||
|
|
||||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||||
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
||||||
@ -24,6 +24,9 @@ matrix_appservice_discord_container_expose_client_server_api_port: false
|
|||||||
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
# Controls whether the matrix-synapse container exposes the metrics port (tcp/9100).
|
||||||
matrix_synapse_container_expose_metrics_port: false
|
matrix_synapse_container_expose_metrics_port: false
|
||||||
|
|
||||||
|
# A list of extra arguments to pass to the container
|
||||||
|
matrix_synapse_container_extra_arguments: []
|
||||||
|
|
||||||
# List of systemd services that matrix-synapse.service depends on
|
# List of systemd services that matrix-synapse.service depends on
|
||||||
matrix_synapse_systemd_required_services_list: ['docker.service']
|
matrix_synapse_systemd_required_services_list: ['docker.service']
|
||||||
|
|
||||||
@ -111,6 +114,9 @@ matrix_synapse_use_presence: true
|
|||||||
# Controls whether people with access to the homeserver can register by themselves.
|
# Controls whether people with access to the homeserver can register by themselves.
|
||||||
matrix_synapse_enable_registration: false
|
matrix_synapse_enable_registration: false
|
||||||
|
|
||||||
|
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
|
||||||
|
matrix_synapse_registrations_require_3pid: []
|
||||||
|
|
||||||
# Users who register on this homeserver will automatically be joined to these rooms.
|
# Users who register on this homeserver will automatically be joined to these rooms.
|
||||||
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
# Rooms are to be specified using addresses (e.g. `#address:example.com`)
|
||||||
matrix_synapse_auto_join_rooms: []
|
matrix_synapse_auto_join_rooms: []
|
||||||
@ -258,6 +264,18 @@ matrix_mautrix_whatsapp_docker_image: "tulir/mautrix-whatsapp:latest"
|
|||||||
|
|
||||||
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
|
matrix_mautrix_whatsapp_base_path: "{{ matrix_base_data_path }}/mautrix-whatsapp"
|
||||||
|
|
||||||
|
# Matrix mautrix is a Matrix <-> Facebook bridge
|
||||||
|
# Enable facebook bridge
|
||||||
|
matrix_mautrix_facebook_enabled: false
|
||||||
|
|
||||||
|
matrix_mautrix_facebook_docker_image: "tulir/mautrix-facebook:latest"
|
||||||
|
|
||||||
|
matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
|
||||||
|
|
||||||
|
# Get your own API keys at https://developers.facebook.com/docs/apis-and-sdks/
|
||||||
|
matrix_mautrix_facebook_api_id: YOUR_FACEBOOK_APP_ID
|
||||||
|
matrix_mautrix_facebook_api_hash: YOUR_FACEBOOK_API_HASH
|
||||||
|
|
||||||
# Matrix Appservice IRC is a Matrix <-> IRC bridge
|
# Matrix Appservice IRC is a Matrix <-> IRC bridge
|
||||||
# Enable IRC bridge
|
# Enable IRC bridge
|
||||||
matrix_appservice_irc_enabled: false
|
matrix_appservice_irc_enabled: false
|
||||||
@ -267,6 +285,7 @@ matrix_appservice_irc_docker_image: "tedomum/matrix-appservice-irc:latest"
|
|||||||
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"
|
||||||
|
|
||||||
matrix_appservice_irc_configuration_yaml: |
|
matrix_appservice_irc_configuration_yaml: |
|
||||||
|
#jinja2: lstrip_blocks: True
|
||||||
homeserver:
|
homeserver:
|
||||||
url: "https://{{ matrix_server_fqn_matrix }}"
|
url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
domain: "{{ matrix_domain }}"
|
domain: "{{ matrix_domain }}"
|
||||||
|
@ -4,6 +4,8 @@
|
|||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/init.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/init.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/init.yml"
|
||||||
|
3
roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml
Normal file
3
roles/matrix-synapse/tasks/ext/mautrix-facebook/init.yml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
- set_fact:
|
||||||
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-facebook'] }}"
|
||||||
|
when: matrix_mautrix_facebook_enabled
|
101
roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml
Normal file
101
roles/matrix-synapse/tasks/ext/mautrix-facebook/setup.yml
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Mautrix Facebook image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_mautrix_facebook_docker_image }}"
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- name: Ensure Mautrix Facebook configuration path exists
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_mautrix_facebook_base_path }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- name: Check if a mautrix-facebook configuration file exists
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
|
||||||
|
register: mautrix_facebook_config_file_stat
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- name: Ensure Matrix Mautrix facebook config installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/ext/mautrix-facebook/config.yaml.j2"
|
||||||
|
dest: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_config_file_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: (Migration) Fix up old configuration
|
||||||
|
lineinfile:
|
||||||
|
path: "{{ matrix_mautrix_facebook_base_path }}/config.yaml"
|
||||||
|
regexp: "{{ item.regexp }}"
|
||||||
|
line: "{{ item.line }}"
|
||||||
|
backrefs: yes
|
||||||
|
with_items:
|
||||||
|
- {'regexp': '^(\s+)filename: \./mautrix-facebook.log', 'line': '\1filename: /data/mautrix-facebook.log'}
|
||||||
|
- {'regexp': '^(\s+)database:', 'line': '\1database: sqlite:////data/mautrix-facebook.db'}
|
||||||
|
when: "matrix_mautrix_facebook_enabled and mautrix_facebook_config_file_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-mautrix-facebook.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/ext/mautrix-facebook/systemd/matrix-mautrix-facebook.service.j2"
|
||||||
|
dest: "/etc/systemd/system/matrix-mautrix-facebook.service"
|
||||||
|
mode: 0644
|
||||||
|
register: matrix_mautrix_facebook_systemd_service_result
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- name: Ensure systemd reloaded after matrix-mautrix-facebook.service installation
|
||||||
|
service:
|
||||||
|
daemon_reload: yes
|
||||||
|
when: "matrix_mautrix_facebook_enabled and matrix_mautrix_facebook_systemd_service_result.changed"
|
||||||
|
|
||||||
|
- name: Check if a mautrix-facebook registration file exists
|
||||||
|
stat:
|
||||||
|
path: "{{ matrix_mautrix_facebook_base_path }}/registration.yaml"
|
||||||
|
register: mautrix_facebook_registration_file_stat
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- name: Generate matrix-mautrix-facebook registration.yaml if it doesn't exist
|
||||||
|
shell:
|
||||||
|
cmd: >-
|
||||||
|
/usr/bin/docker run
|
||||||
|
--rm
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||||
|
--cap-drop=ALL
|
||||||
|
--name matrix-mautrix-facebook-gen
|
||||||
|
-v {{ matrix_mautrix_facebook_base_path }}:/data:z
|
||||||
|
{{ matrix_mautrix_facebook_docker_image }}
|
||||||
|
python3 -m mautrix_facebook -g -c /data/config.yaml -r /data/registration.yaml
|
||||||
|
when: "matrix_mautrix_facebook_enabled and not mautrix_facebook_registration_file_stat.stat.exists"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_app_service_config_file_mautrix_facebook: '/app-registration/mautrix-facebook.yml'
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_container_additional_volumes: >
|
||||||
|
{{ matrix_synapse_container_additional_volumes }}
|
||||||
|
+
|
||||||
|
{{ [{'src': '{{ matrix_mautrix_facebook_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_facebook }}', 'options': 'ro'}] }}
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
matrix_synapse_app_service_config_files: >
|
||||||
|
{{ matrix_synapse_app_service_config_files }}
|
||||||
|
+
|
||||||
|
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_facebook }}"] | to_nice_json }}
|
||||||
|
when: "matrix_mautrix_facebook_enabled"
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to getting rid of matrix-mautrix-facebook (if it was previously enabled)
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Ensure matrix-mautrix-facebook.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/matrix-mautrix-facebook.service"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_mautrix_facebook_enabled"
|
@ -10,6 +10,8 @@
|
|||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml"
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-facebook/setup.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/appservice-irc/setup.yml"
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/ext/appservice-discord/setup.yml"
|
||||||
|
@ -37,3 +37,8 @@
|
|||||||
when: run_self_check
|
when: run_self_check
|
||||||
tags:
|
tags:
|
||||||
- self-check
|
- self-check
|
||||||
|
|
||||||
|
- import_tasks: "{{ role_path }}/tasks/update_user_password.yml"
|
||||||
|
when: run_update_user_password
|
||||||
|
tags:
|
||||||
|
- update-user-password
|
48
roles/matrix-synapse/tasks/update_user_password.yml
Normal file
48
roles/matrix-synapse/tasks/update_user_password.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Fail if playbook called incorrectly
|
||||||
|
fail:
|
||||||
|
msg: "The `username` variable needs to be provided to this playbook, via --extra-vars"
|
||||||
|
when: "username is not defined or username == '<your-username>'"
|
||||||
|
|
||||||
|
- name: Fail if playbook called incorrectly
|
||||||
|
fail:
|
||||||
|
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
|
||||||
|
when: "password is not defined or password == '<your-password>'"
|
||||||
|
|
||||||
|
- name: Fail if not using matrix-postgres container
|
||||||
|
fail:
|
||||||
|
msg: "This command is working only when matrix-postgres container is being used"
|
||||||
|
when: "not matrix_postgres_enabled"
|
||||||
|
|
||||||
|
- name: Ensure matrix-synapse is started
|
||||||
|
service:
|
||||||
|
name: matrix-synapse
|
||||||
|
state: started
|
||||||
|
daemon_reload: yes
|
||||||
|
register: start_result
|
||||||
|
|
||||||
|
- name: Ensure matrix-postgres is started
|
||||||
|
service:
|
||||||
|
name: matrix-postgres
|
||||||
|
state: started
|
||||||
|
daemon_reload: yes
|
||||||
|
register: postgres_start_result
|
||||||
|
|
||||||
|
|
||||||
|
- name: Wait a while, so that Matrix Synapse can manage to start
|
||||||
|
pause:
|
||||||
|
seconds: 7
|
||||||
|
when: start_result.changed
|
||||||
|
|
||||||
|
- name: Wait a while, so that Matrix Postgres can manage to start
|
||||||
|
pause:
|
||||||
|
seconds: 7
|
||||||
|
when: postgres_start_result.changed
|
||||||
|
|
||||||
|
- name: Generate password hash
|
||||||
|
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password }}"
|
||||||
|
register: password_hash
|
||||||
|
|
||||||
|
- name: Update user password hash
|
||||||
|
shell: "/usr/local/bin/matrix-postgres-update-user-password-hash {{ username }} '{{ password_hash.stdout }}'"
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Appservice Discord server
|
Description=Matrix Appservice Discord server
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Appservice IRC server
|
Description=Matrix Appservice IRC server
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
@ -0,0 +1,109 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
# Homeserver details
|
||||||
|
homeserver:
|
||||||
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
address: https://{{ matrix_server_fqn_matrix }}
|
||||||
|
# The domain of the homeserver (for MXIDs, etc).
|
||||||
|
domain: {{ matrix_domain }}
|
||||||
|
# Whether or not to verify the SSL certificate of the homeserver.
|
||||||
|
# Only applies if address starts with https://
|
||||||
|
verify_ssl: true
|
||||||
|
|
||||||
|
# Application service host/registration related details
|
||||||
|
# Changing these values requires regeneration of the registration.
|
||||||
|
appservice:
|
||||||
|
# The address that the homeserver can use to connect to this appservice.
|
||||||
|
address: http://matrix-mautrix-facebook:8080
|
||||||
|
|
||||||
|
# The hostname and port where this appservice should listen.
|
||||||
|
hostname: 0.0.0.0
|
||||||
|
port: 8080
|
||||||
|
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||||
|
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||||
|
max_body_size: 1
|
||||||
|
|
||||||
|
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||||
|
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||||
|
# Format examples:
|
||||||
|
# SQLite: sqlite:///filename.db
|
||||||
|
# Postgres: postgres://username:password@hostname/dbname
|
||||||
|
database: sqlite:////data/mautrix-facebook.db
|
||||||
|
|
||||||
|
# The unique ID of this appservice.
|
||||||
|
id: facebook
|
||||||
|
# Username of the appservice bot.
|
||||||
|
bot_username: facebookbot
|
||||||
|
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||||
|
# to leave display name/avatar as-is.
|
||||||
|
bot_displayname: Facebook bridge bot
|
||||||
|
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||||
|
|
||||||
|
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||||
|
as_token: "This value is generated when generating the registration"
|
||||||
|
hs_token: "This value is generated when generating the registration"
|
||||||
|
|
||||||
|
# Bridge config
|
||||||
|
bridge:
|
||||||
|
# Localpart template of MXIDs for Facebook users.
|
||||||
|
# {userid} is replaced with the user ID of the Facebook user.
|
||||||
|
username_template: "facebook_{userid}"
|
||||||
|
|
||||||
|
# The prefix for commands. Only required in non-management rooms.
|
||||||
|
command_prefix: "!fb"
|
||||||
|
|
||||||
|
# Number of chats to sync (and create portals for) on startup/login.
|
||||||
|
# Maximum 20, set 0 to disable automatic syncing.
|
||||||
|
initial_chat_sync: 10
|
||||||
|
# Whether or not the Facebook users of logged in Matrix users should be
|
||||||
|
# invited to private chats when the user sends a message from another client.
|
||||||
|
invite_own_puppet_to_pm: false
|
||||||
|
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||||
|
# your own Matrix account as the Matrix puppet for your Facebook account.
|
||||||
|
sync_with_custom_puppets: true
|
||||||
|
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
||||||
|
# presence, but then it won't send other users' presence to the client.
|
||||||
|
presence: true
|
||||||
|
|
||||||
|
# Permissions for using the bridge.
|
||||||
|
# Permitted values:
|
||||||
|
# user - Use the bridge with puppeting.
|
||||||
|
# admin - Use and administrate the bridge.
|
||||||
|
# Permitted keys:
|
||||||
|
# * - All Matrix users
|
||||||
|
# domain - All users on that homeserver
|
||||||
|
# mxid - Specific user
|
||||||
|
permissions:
|
||||||
|
'{{ matrix_domain }}': user
|
||||||
|
|
||||||
|
# Python logging configuration.
|
||||||
|
#
|
||||||
|
# See section 16.7.2 of the Python documentation for more info:
|
||||||
|
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
logging:
|
||||||
|
version: 1
|
||||||
|
formatters:
|
||||||
|
colored:
|
||||||
|
(): mautrix_facebook.util.ColorFormatter
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
normal:
|
||||||
|
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||||
|
handlers:
|
||||||
|
file:
|
||||||
|
class: logging.handlers.RotatingFileHandler
|
||||||
|
formatter: normal
|
||||||
|
filename: /data/mautrix-facebook.log
|
||||||
|
maxBytes: 10485760
|
||||||
|
backupCount: 10
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: colored
|
||||||
|
loggers:
|
||||||
|
mau:
|
||||||
|
level: DEBUG
|
||||||
|
fbchat:
|
||||||
|
level: DEBUG
|
||||||
|
aiohttp:
|
||||||
|
level: INFO
|
||||||
|
root:
|
||||||
|
level: DEBUG
|
||||||
|
handlers: [file, console]
|
@ -0,0 +1,34 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
[Unit]
|
||||||
|
Description=Matrix Mautrix Facebook server
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
Requires=matrix-synapse.service
|
||||||
|
After=matrix-synapse.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
|
||||||
|
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
|
||||||
|
{{ matrix_mautrix_facebook_docker_image }} \
|
||||||
|
alembic -x config=/data/config.yaml upgrade head
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
||||||
|
--log-driver=none \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--cap-drop=ALL \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
-v {{ matrix_mautrix_facebook_base_path }}:/data:z \
|
||||||
|
{{ matrix_mautrix_facebook_docker_image }} \
|
||||||
|
python3 -m mautrix_facebook -c /data/config.yaml
|
||||||
|
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# Homeserver details
|
# Homeserver details
|
||||||
homeserver:
|
homeserver:
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Mautrix Telegram server
|
Description=Matrix Mautrix Telegram server
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# Homeserver details.
|
# Homeserver details.
|
||||||
homeserver:
|
homeserver:
|
||||||
# The address that this appservice can use to connect to the homeserver.
|
# The address that this appservice can use to connect to the homeserver.
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Mautrix Whatsapp server
|
Description=Matrix Mautrix Whatsapp server
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
AWS_ACCESS_KEY={{ matrix_s3_media_store_aws_access_key }}
|
AWS_ACCESS_KEY={{ matrix_s3_media_store_aws_access_key }}
|
||||||
AWS_SECRET_KEY={{ matrix_s3_media_store_aws_secret_key }}
|
AWS_SECRET_KEY={{ matrix_s3_media_store_aws_secret_key }}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Matrix Goofys media store
|
Description=Matrix Goofys media store
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||||
SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }}
|
SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }}
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
# vim:ft=yaml
|
# vim:ft=yaml
|
||||||
|
|
||||||
## Server ##
|
## Server ##
|
||||||
@ -358,8 +359,8 @@ database:
|
|||||||
# The database engine name
|
# The database engine name
|
||||||
name: "psycopg2"
|
name: "psycopg2"
|
||||||
args:
|
args:
|
||||||
user: {{ matrix_synapse_database_user|to_json }}
|
user: {{ matrix_synapse_database_user|string|to_json }}
|
||||||
password: {{ matrix_synapse_database_password|to_json }}
|
password: {{ matrix_synapse_database_password|string|to_json }}
|
||||||
database: "{{ matrix_synapse_database_database }}"
|
database: "{{ matrix_synapse_database_database }}"
|
||||||
host: "{{ matrix_synapse_database_host }}"
|
host: "{{ matrix_synapse_database_host }}"
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
@ -521,9 +522,10 @@ max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
|
|||||||
# height: 600
|
# height: 600
|
||||||
# method: scale
|
# method: scale
|
||||||
|
|
||||||
# Is the preview URL API enabled? If enabled, you *must* specify
|
# Is the preview URL API enabled?
|
||||||
# an explicit url_preview_ip_range_blacklist of IPs that the spider is
|
#
|
||||||
# denied from accessing.
|
# 'false' by default: uncomment the following to enable it (and specify a
|
||||||
|
# url_preview_ip_range_blacklist blacklist).
|
||||||
#
|
#
|
||||||
url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
|
url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
|
||||||
|
|
||||||
@ -534,7 +536,13 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }}
|
|||||||
# to connect to, otherwise anyone in any Matrix room could cause your
|
# to connect to, otherwise anyone in any Matrix room could cause your
|
||||||
# synapse to issue arbitrary GET requests to your internal services,
|
# synapse to issue arbitrary GET requests to your internal services,
|
||||||
# causing serious security issues.
|
# causing serious security issues.
|
||||||
|
#
|
||||||
|
# (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly
|
||||||
|
# listed here, since they correspond to unroutable addresses.)
|
||||||
|
#
|
||||||
|
# This must be specified if url_preview_enabled is set. It is recommended that
|
||||||
|
# you uncomment the following list as a starting point.
|
||||||
|
#
|
||||||
url_preview_ip_range_blacklist:
|
url_preview_ip_range_blacklist:
|
||||||
- '127.0.0.0/8'
|
- '127.0.0.0/8'
|
||||||
- '10.0.0.0/8'
|
- '10.0.0.0/8'
|
||||||
@ -628,7 +636,7 @@ turn_uris: {{ matrix_synapse_turn_uris|to_json }}
|
|||||||
|
|
||||||
# The shared secret used to compute passwords for the TURN server
|
# The shared secret used to compute passwords for the TURN server
|
||||||
#
|
#
|
||||||
turn_shared_secret: {{ matrix_synapse_turn_shared_secret|to_json }}
|
turn_shared_secret: {{ matrix_synapse_turn_shared_secret|string|to_json }}
|
||||||
|
|
||||||
# The Username and password if the TURN server needs them and
|
# The Username and password if the TURN server needs them and
|
||||||
# does not use a token
|
# does not use a token
|
||||||
@ -663,6 +671,9 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|||||||
#registrations_require_3pid:
|
#registrations_require_3pid:
|
||||||
# - email
|
# - email
|
||||||
# - msisdn
|
# - msisdn
|
||||||
|
{% if matrix_synapse_registrations_require_3pid %}
|
||||||
|
registrations_require_3pid: {{ matrix_synapse_registrations_require_3pid|to_json }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Explicitly disable asking for MSISDNs from the registration
|
# Explicitly disable asking for MSISDNs from the registration
|
||||||
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
||||||
@ -683,7 +694,7 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
|
|||||||
# If set, allows registration of standard or admin accounts by anyone who
|
# If set, allows registration of standard or admin accounts by anyone who
|
||||||
# has the shared secret, even if registration is otherwise disabled.
|
# has the shared secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
registration_shared_secret: {{ matrix_synapse_registration_shared_secret|to_json }}
|
registration_shared_secret: {{ matrix_synapse_registration_shared_secret|string|to_json }}
|
||||||
|
|
||||||
# Set the number of bcrypt rounds used to generate password hash.
|
# Set the number of bcrypt rounds used to generate password hash.
|
||||||
# Larger numbers increase the work factor needed to generate the hash.
|
# Larger numbers increase the work factor needed to generate the hash.
|
||||||
@ -784,7 +795,7 @@ app_service_config_files: {{ matrix_synapse_app_service_config_files }}
|
|||||||
# the registration_shared_secret is used, if one is given; otherwise,
|
# the registration_shared_secret is used, if one is given; otherwise,
|
||||||
# a secret key is derived from the signing key.
|
# a secret key is derived from the signing key.
|
||||||
#
|
#
|
||||||
macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|to_json }}
|
macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|string|to_json }}
|
||||||
|
|
||||||
# Used to enable access token expiration.
|
# Used to enable access token expiration.
|
||||||
#
|
#
|
||||||
@ -794,7 +805,7 @@ macaroon_secret_key: {{ matrix_synapse_macaroon_secret_key|to_json }}
|
|||||||
# falsification of values. Must be specified for the User Consent
|
# falsification of values. Must be specified for the User Consent
|
||||||
# forms to work.
|
# forms to work.
|
||||||
#
|
#
|
||||||
form_secret: {{ matrix_synapse_form_secret|to_json }}
|
form_secret: {{ matrix_synapse_form_secret|string|to_json }}
|
||||||
|
|
||||||
## Signing Keys ##
|
## Signing Keys ##
|
||||||
|
|
||||||
@ -899,7 +910,7 @@ password_config:
|
|||||||
# Uncomment and change to a secret random string for extra security.
|
# Uncomment and change to a secret random string for extra security.
|
||||||
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
|
# DO NOT CHANGE THIS AFTER INITIAL SETUP!
|
||||||
#
|
#
|
||||||
pepper: {{ matrix_synapse_password_config_pepper|to_json }}
|
pepper: {{ matrix_synapse_password_config_pepper|string|to_json }}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -914,15 +925,15 @@ password_config:
|
|||||||
{% if matrix_synapse_email_enabled %}
|
{% if matrix_synapse_email_enabled %}
|
||||||
email:
|
email:
|
||||||
enable_notifs: true
|
enable_notifs: true
|
||||||
smtp_host: {{ matrix_synapse_email_smtp_host|to_json }}
|
smtp_host: {{ matrix_synapse_email_smtp_host|string|to_json }}
|
||||||
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
smtp_port: {{ matrix_synapse_email_smtp_port|to_json }}
|
||||||
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }}
|
||||||
notif_from: {{ matrix_synapse_email_notif_from|to_json }}
|
notif_from: {{ matrix_synapse_email_notif_from|string|to_json }}
|
||||||
app_name: Matrix
|
app_name: Matrix
|
||||||
notif_template_html: notif_mail.html
|
notif_template_html: notif_mail.html
|
||||||
notif_template_text: notif_mail.txt
|
notif_template_text: notif_mail.txt
|
||||||
notif_for_new_users: True
|
notif_for_new_users: True
|
||||||
riot_base_url: {{ matrix_synapse_email_riot_base_url|to_json }}
|
riot_base_url: {{ matrix_synapse_email_riot_base_url|string|to_json }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
@ -945,12 +956,12 @@ password_providers:
|
|||||||
{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
|
{% if matrix_synapse_ext_password_provider_shared_secret_auth_enabled %}
|
||||||
- module: "shared_secret_authenticator.SharedSecretAuthenticator"
|
- module: "shared_secret_authenticator.SharedSecretAuthenticator"
|
||||||
config:
|
config:
|
||||||
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|to_json }}
|
sharedSecret: {{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret|string|to_json }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
|
{% if matrix_synapse_ext_password_provider_rest_auth_enabled %}
|
||||||
- module: "rest_auth_provider.RestAuthProvider"
|
- module: "rest_auth_provider.RestAuthProvider"
|
||||||
config:
|
config:
|
||||||
endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|to_json }}
|
endpoint: {{ matrix_synapse_ext_password_provider_rest_auth_endpoint|string|to_json }}
|
||||||
policy:
|
policy:
|
||||||
registration:
|
registration:
|
||||||
username:
|
username:
|
||||||
@ -965,16 +976,16 @@ password_providers:
|
|||||||
- module: "ldap_auth_provider.LdapAuthProvider"
|
- module: "ldap_auth_provider.LdapAuthProvider"
|
||||||
config:
|
config:
|
||||||
enabled: true
|
enabled: true
|
||||||
uri: {{ matrix_synapse_ext_password_provider_ldap_uri|to_json }}
|
uri: {{ matrix_synapse_ext_password_provider_ldap_uri|string|to_json }}
|
||||||
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|to_json }}
|
start_tls: {{ matrix_synapse_ext_password_provider_ldap_start_tls|string|to_json }}
|
||||||
base: {{ matrix_synapse_ext_password_provider_ldap_base|to_json }}
|
base: {{ matrix_synapse_ext_password_provider_ldap_base|string|to_json }}
|
||||||
attributes:
|
attributes:
|
||||||
uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|to_json }}
|
uid: {{ matrix_synapse_ext_password_provider_ldap_attributes_uid|string|to_json }}
|
||||||
mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|to_json }}
|
mail: {{ matrix_synapse_ext_password_provider_ldap_attributes_mail|string|to_json }}
|
||||||
name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|to_json }}
|
name: {{ matrix_synapse_ext_password_provider_ldap_attributes_name|string|to_json }}
|
||||||
bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|to_json }}
|
bind_dn: {{ matrix_synapse_ext_password_provider_ldap_bind_dn|string|to_json }}
|
||||||
bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|to_json }}
|
bind_password: {{ matrix_synapse_ext_password_provider_ldap_bind_password|string|to_json }}
|
||||||
filter: {{ matrix_synapse_ext_password_provider_ldap_filter|to_json }}
|
filter: {{ matrix_synapse_ext_password_provider_ldap_filter|string|to_json }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
version: 1
|
version: 1
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Synapse server
|
Description=Synapse server
|
||||||
{% for service in matrix_synapse_systemd_required_services_list %}
|
{% for service in matrix_synapse_systemd_required_services_list %}
|
||||||
@ -46,6 +47,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
|||||||
{% for volume in matrix_synapse_container_additional_volumes %}
|
{% for volume in matrix_synapse_container_additional_volumes %}
|
||||||
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% for arg in matrix_synapse_container_extra_arguments %}
|
||||||
|
{{ arg }} \
|
||||||
|
{% endfor %}
|
||||||
{{ matrix_synapse_docker_image }} \
|
{{ matrix_synapse_docker_image }} \
|
||||||
-m synapse.app.homeserver -c /data/homeserver.yaml
|
-m synapse.app.homeserver -c /data/homeserver.yaml
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
#jinja2: lstrip_blocks: "True"
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $# -ne 3 ]; then
|
if [ $# -ne 3 ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user