From 4359e5774cf7f93f9403c1135d4cfec8f5c3be52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?=
 <laszlo.varady@protonmail.com>
Date: Sat, 12 Mar 2022 19:14:08 +0100
Subject: [PATCH] bridge-mautrix-telegram: add option to enable/disable
 web-based login

---
 .../defaults/main.yml                         |  3 +++
 .../tasks/init.yml                            | 22 +++++++++----------
 .../templates/config.yaml.j2                  |  2 +-
 .../matrix-mautrix-telegram.service.j2        |  2 +-
 4 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
index a88c0bac0..eb70d3fa4 100644
--- a/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -28,6 +28,9 @@ matrix_mautrix_telegram_api_id: ''
 matrix_mautrix_telegram_api_hash: ''
 matrix_mautrix_telegram_bot_token: disabled
 
+# Whether or not the public-facing endpoints should be enabled (web-based login)
+matrix_mautrix_telegram_appservice_public_enabled: true
+
 # Mautrix telegram public endpoint to log in to telegram
 # Use an uuid so it's not easily discoverable.
 # Example: /741a0483-ba17-4682-9900-30bd7269f1cc
diff --git a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
index 764d403d9..a97dcd8e0 100644
--- a/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/init.yml
@@ -56,16 +56,16 @@
             +
             [matrix_mautrix_telegram_matrix_nginx_proxy_configuration]
           }}
+    - name: Warn about reverse-proxying if matrix-nginx-proxy not used
+      debug:
+        msg: >-
+          NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
+          reverse proxy.
+          Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
+          URL endpoint to the matrix-mautrix-telegram container.
+          You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
+      when: "not matrix_nginx_proxy_enabled|default(False)|bool"
+
   tags:
     - always
-  when: matrix_mautrix_telegram_enabled|bool
-
-- name: Warn about reverse-proxying if matrix-nginx-proxy not used
-  debug:
-    msg: >-
-      NOTE: You've enabled the Mautrix Telegram bridge but are not using the matrix-nginx-proxy
-      reverse proxy.
-      Please make sure that you're proxying the `{{ matrix_mautrix_telegram_public_endpoint }}`
-      URL endpoint to the matrix-mautrix-telegram container.
-      You can expose the container's port using the `matrix_mautrix_telegram_container_http_host_bind_port` variable.
-  when: "matrix_mautrix_telegram_enabled|bool and not matrix_nginx_proxy_enabled|default(False)|bool"
+  when: matrix_mautrix_telegram_enabled|bool and matrix_mautrix_telegram_appservice_public_enabled|bool
diff --git a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
index 10e6e32e8..6569ce87a 100644
--- a/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
@@ -34,7 +34,7 @@ appservice:
     # the HS database.
     public:
         # Whether or not the public-facing endpoints should be enabled.
-        enabled: true
+        enabled: {{ matrix_mautrix_telegram_appservice_public_enabled|to_json }}
         # The prefix to use in the public-facing endpoints.
         prefix: {{ matrix_mautrix_telegram_public_endpoint|to_json }}
         # The base URL where the public-facing endpoints are available. The prefix is not added
diff --git a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2 b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
index d24e960ea..459a0fec5 100644
--- a/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
+++ b/roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
@@ -24,7 +24,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegr
 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
 			--cap-drop=ALL \
 			--network={{ matrix_docker_network }} \
-			{% if matrix_mautrix_telegram_container_http_host_bind_port %}
+			{% if matrix_mautrix_telegram_appservice_public_enabled and matrix_mautrix_telegram_container_http_host_bind_port %}
 			-p {{ matrix_mautrix_telegram_container_http_host_bind_port }}:8080 \
 			{% endif %}
 			-v {{ matrix_mautrix_telegram_config_path }}:/config:z \