Merge remote-tracking branch 'github/master'
This commit is contained in:
commit
99639d7d7a
@ -1,3 +1,12 @@
|
||||
# 2020-06-05
|
||||
|
||||
## SMS bridging support
|
||||
|
||||
Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge).
|
||||
|
||||
See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started.
|
||||
|
||||
|
||||
# 2020-05-19
|
||||
|
||||
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server
|
||||
|
@ -1,24 +1,29 @@
|
||||
# Alternative architectures
|
||||
|
||||
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
|
||||
|
||||
To that end add the following variable to your `vars.yaml` file:
|
||||
|
||||
```yaml
|
||||
matrix_architecture: <your-matrix-server-architecture>
|
||||
```
|
||||
matrix_architecture = <your-matrix-server-architecture>
|
||||
```
|
||||
|
||||
Currently supported architectures are the following:
|
||||
- `amd64` (the default)
|
||||
- `arm64`
|
||||
- `arm32`
|
||||
|
||||
so for the Raspberry Pi the following should be in your `vars.yaml` file:
|
||||
```
|
||||
matrix_architecture = "arm32"
|
||||
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
|
||||
|
||||
```yaml
|
||||
matrix_architecture: "arm32"
|
||||
```
|
||||
|
||||
## Implementation details
|
||||
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||
|
||||
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
|
||||
|
||||
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
|
||||
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
|
||||
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
|
||||
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
|
||||
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
|
||||
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
|
||||
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.
|
||||
|
@ -49,7 +49,7 @@ docker run -it --rm \
|
||||
-v `pwd`:/work \
|
||||
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
|
||||
--entrypoint=/bin/sh \
|
||||
devture/ansible:2.8.1-r0
|
||||
devture/ansible:2.9.9-r0
|
||||
```
|
||||
|
||||
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
|
||||
@ -60,7 +60,7 @@ The `/work` directory contains the playbook's code.
|
||||
|
||||
You can execute `ansible-playbook` commands as per normal now.
|
||||
|
||||
### If you don't use SSH keys for authentication
|
||||
### If you don't use SSH keys for authentication
|
||||
|
||||
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
|
||||
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:
|
||||
|
@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
|
||||
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
|
||||
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
|
||||
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
|
||||
7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id`
|
||||
7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
|
||||
|
||||
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.
|
||||
|
||||
|
@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
|
||||
```
|
||||
|
||||
You can generate a strong shared secret with a command like this: `pwgen -s 64 1`
|
||||
|
||||
|
||||
## Authenticating only using a password provider
|
||||
|
||||
|
@ -136,7 +136,7 @@ backend matrix-backend
|
||||
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
|
||||
# Rewrite redirects as ProxyPassReverse does
|
||||
acl response-is-redirect res.hdr(Location) -m found
|
||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect
|
||||
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
|
||||
```
|
||||
|
||||
Make sure to:
|
||||
|
@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als
|
||||
|
||||
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
|
||||
|
||||
To upgrade the services:
|
||||
To upgrade services:
|
||||
|
||||
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
|
||||
|
||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of
|
||||
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
|
||||
|
||||
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
|
||||
|
||||
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
|
||||
|
||||
**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
|
||||
|
@ -6,16 +6,16 @@
|
||||
|
||||
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
|
||||
|
||||
- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
|
||||
|
||||
- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
|
||||
|
||||
- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
|
||||
|
||||
- an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
|
||||
|
||||
- properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md))
|
||||
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
|
||||
|
||||
- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP)
|
||||
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
|
||||
|
||||
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).
|
||||
|
@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
|
||||
- `matrix-riot-web`
|
||||
- `matrix-coturn`
|
||||
- `matrix-ma1sd`
|
||||
- `matrix-mailer`
|
||||
- `matrix-mautrix-facebook`
|
||||
- `matrix-mautrix-hangouts`
|
||||
- `matrix-mx-puppet-skype`
|
||||
|
@ -537,11 +537,13 @@ matrix_jitsi_web_stun_servers: |
|
||||
#
|
||||
######################################################################
|
||||
|
||||
# By default, this playbook sets up a postfix mailer server (running in a container).
|
||||
# By default, this playbook sets up an exim mailer server (running in a container).
|
||||
# This is so that Synapse can send email reminders for unread messages.
|
||||
# Other services (like ma1sd), also use the mailer.
|
||||
matrix_mailer_enabled: true
|
||||
|
||||
matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
# /matrix-mailer
|
||||
@ -636,6 +638,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
|
||||
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
|
||||
|
||||
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
|
||||
|
||||
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
|
||||
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
|
||||
@ -673,7 +677,13 @@ matrix_ssl_domains_to_obtain_certificates_for: |
|
||||
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
|
||||
}}
|
||||
|
||||
matrix_ssl_architecture: "{{ matrix_architecture }}"
|
||||
matrix_ssl_architecture: "{{
|
||||
{
|
||||
'amd64': 'amd64',
|
||||
'arm32': 'arm32v6',
|
||||
'arm64': 'arm64v8',
|
||||
}[matrix_architecture]
|
||||
}}"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
@ -780,7 +790,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy
|
||||
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
|
||||
#
|
||||
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
|
||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
|
||||
#
|
||||
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
|
||||
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"
|
||||
|
@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
|
||||
# This is where you access Jitsi.
|
||||
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
|
||||
|
||||
matrix_federation_public_port: 8448
|
||||
|
||||
matrix_user_username: "matrix"
|
||||
matrix_user_groupname: "matrix"
|
||||
|
||||
@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system"
|
||||
matrix_cron_path: "/etc/cron.d"
|
||||
matrix_local_bin_path: "/usr/local/bin"
|
||||
|
||||
matrix_host_command_docker: "/usr/bin/env docker"
|
||||
matrix_host_command_sleep: "/usr/bin/env sleep"
|
||||
matrix_host_command_chown: "/usr/bin/env chown"
|
||||
matrix_host_command_fusermount: "/usr/bin/env fusermount"
|
||||
matrix_host_command_openssl: "/usr/bin/env openssl"
|
||||
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
||||
|
||||
matrix_ntpd_package: "ntp"
|
||||
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
{
|
||||
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
|
||||
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
|
||||
}
|
||||
|
@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
|
||||
matrix_appservice_discord_bridge_disablePresence: false
|
||||
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
|
||||
|
||||
matrix_appservice_discord_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Domain part of the bridge, e.g. matrix.org
|
||||
domain: {{ matrix_appservice_discord_bridge_domain }}
|
||||
# This should be your publically facing URL because Discord may use it to
|
||||
# fetch media from the media store.
|
||||
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
||||
# Interval at which to process users in the 'presence queue'. If you have
|
||||
# 5 users, one user will be processed every 500 milliseconds according to the
|
||||
# value below. This has a minimum value of 250.
|
||||
# WARNING: This has a high chance of spamming the homeserver with presence
|
||||
# updates since it will send one each time somebody changes state or is online.
|
||||
presenceInterval: 500
|
||||
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
||||
# will not be shown as away or online.
|
||||
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
||||
# Disable sending typing notifications when somebody on Discord types.
|
||||
disableTypingNotifications: false
|
||||
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
||||
disableDeletionForwarding: false
|
||||
# Enable users to bridge rooms using !discord commands. See
|
||||
# https://t2bot.io/discord for instructions.
|
||||
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
||||
# Disable sending of read receipts for Matrix events which have been
|
||||
# successfully bridged to Discord.
|
||||
disableReadReceipts: false
|
||||
# Disable Join Leave echos from matrix
|
||||
disableJoinLeaveNotifications: false
|
||||
# Authentication configuration for the discord bot.
|
||||
auth:
|
||||
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
||||
botToken: {{ matrix_appservice_discord_bot_token }}
|
||||
logging:
|
||||
# What level should the logger output to the console at.
|
||||
console: "warn" #silly, verbose, info, http, warn, error, silent
|
||||
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
||||
# files:
|
||||
# - file: "debug.log"
|
||||
# disable:
|
||||
# - "PresenceHandler" # Will not capture presence logging
|
||||
# - file: "warn.log" # Will capture warnings
|
||||
# level: "warn"
|
||||
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
||||
# level: "info"
|
||||
# enable:
|
||||
# - "DiscordBot"
|
||||
database:
|
||||
userStorePath: "/data/user-store.db"
|
||||
roomStorePath: "/data/room-store.db"
|
||||
# You may either use SQLite or Postgresql for the bridge database, which contains
|
||||
# important mappings for events and user puppeting configurations.
|
||||
# Use the filename option for SQLite, or connString for Postgresql.
|
||||
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
||||
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
||||
# is in heavy demand and you suffer from IO slowness.
|
||||
filename: "/data/discord.db"
|
||||
# connString: "postgresql://user:password@localhost/database_name"
|
||||
room:
|
||||
# Set the default visibility of alias rooms, defaults to "public".
|
||||
# One of: "public", "private"
|
||||
defaultVisibility: "public"
|
||||
channel:
|
||||
# Pattern of the name given to bridged rooms.
|
||||
# Can use :guild for the guild name and :name for the channel name.
|
||||
namePattern: "[Discord] :guild :name"
|
||||
# Changes made to rooms when a channel is deleted.
|
||||
deleteOptions:
|
||||
# Prefix the room name with a string.
|
||||
#namePrefix: "[Deleted]"
|
||||
# Prefix the room topic with a string.
|
||||
#topicPrefix: "This room has been deleted"
|
||||
# Disable people from talking in the room by raising the event PL to 50
|
||||
disableMessaging: false
|
||||
# Remove the discord alias from the room.
|
||||
unsetRoomAlias: true
|
||||
# Remove the room from the directory.
|
||||
unlistFromDirectory: true
|
||||
# Set the room to be unavaliable for joining without an invite.
|
||||
setInviteOnly: true
|
||||
# Make all the discord users leave the room.
|
||||
ghostsLeave: true
|
||||
limits:
|
||||
# Delay in milliseconds between discord users joining a room.
|
||||
roomGhostJoinDelay: 6000
|
||||
# Delay in milliseconds before sending messages to discord to avoid echos.
|
||||
# (Copies of a sent message may arrive from discord before we've
|
||||
# fininished handling it, causing us to echo it back to the room)
|
||||
discordSendDelay: 750
|
||||
ghosts:
|
||||
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
||||
nickPattern: ":nick"
|
||||
# Pattern for the ghosts username, available is :username, :tag and :id
|
||||
usernamePattern: ":username#:tag"
|
||||
matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_appservice_discord_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
@ -60,7 +60,7 @@
|
||||
# We intentionally suppress Ansible changes.
|
||||
- name: Generate AppService Discord invite link
|
||||
shell: >-
|
||||
/usr/bin/docker run --rm --name matrix-appservice-discord-link-gen
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
-v {{ matrix_appservice_discord_config_path }}:/cfg
|
||||
|
@ -0,0 +1,93 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Domain part of the bridge, e.g. matrix.org
|
||||
domain: {{ matrix_appservice_discord_bridge_domain }}
|
||||
# This should be your publically facing URL because Discord may use it to
|
||||
# fetch media from the media store.
|
||||
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
|
||||
# Interval at which to process users in the 'presence queue'. If you have
|
||||
# 5 users, one user will be processed every 500 milliseconds according to the
|
||||
# value below. This has a minimum value of 250.
|
||||
# WARNING: This has a high chance of spamming the homeserver with presence
|
||||
# updates since it will send one each time somebody changes state or is online.
|
||||
presenceInterval: 500
|
||||
# Disable setting presence for 'ghost users' which means Discord users on Matrix
|
||||
# will not be shown as away or online.
|
||||
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
|
||||
# Disable sending typing notifications when somebody on Discord types.
|
||||
disableTypingNotifications: false
|
||||
# Disable deleting messages on Discord if a message is redacted on Matrix.
|
||||
disableDeletionForwarding: false
|
||||
# Enable users to bridge rooms using !discord commands. See
|
||||
# https://t2bot.io/discord for instructions.
|
||||
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
|
||||
# Disable sending of read receipts for Matrix events which have been
|
||||
# successfully bridged to Discord.
|
||||
disableReadReceipts: false
|
||||
# Disable Join Leave echos from matrix
|
||||
disableJoinLeaveNotifications: false
|
||||
# Authentication configuration for the discord bot.
|
||||
auth:
|
||||
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
|
||||
botToken: {{ matrix_appservice_discord_bot_token }}
|
||||
logging:
|
||||
# What level should the logger output to the console at.
|
||||
console: "warn" #silly, verbose, info, http, warn, error, silent
|
||||
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
|
||||
# files:
|
||||
# - file: "debug.log"
|
||||
# disable:
|
||||
# - "PresenceHandler" # Will not capture presence logging
|
||||
# - file: "warn.log" # Will capture warnings
|
||||
# level: "warn"
|
||||
# - file: "botlogs.log" # Will capture logs from DiscordBot
|
||||
# level: "info"
|
||||
# enable:
|
||||
# - "DiscordBot"
|
||||
database:
|
||||
userStorePath: "/data/user-store.db"
|
||||
roomStorePath: "/data/room-store.db"
|
||||
# You may either use SQLite or Postgresql for the bridge database, which contains
|
||||
# important mappings for events and user puppeting configurations.
|
||||
# Use the filename option for SQLite, or connString for Postgresql.
|
||||
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
|
||||
# WARNING: You will almost certainly be fine with sqlite unless your bridge
|
||||
# is in heavy demand and you suffer from IO slowness.
|
||||
filename: "/data/discord.db"
|
||||
# connString: "postgresql://user:password@localhost/database_name"
|
||||
room:
|
||||
# Set the default visibility of alias rooms, defaults to "public".
|
||||
# One of: "public", "private"
|
||||
defaultVisibility: "public"
|
||||
channel:
|
||||
# Pattern of the name given to bridged rooms.
|
||||
# Can use :guild for the guild name and :name for the channel name.
|
||||
namePattern: "[Discord] :guild :name"
|
||||
# Changes made to rooms when a channel is deleted.
|
||||
deleteOptions:
|
||||
# Prefix the room name with a string.
|
||||
#namePrefix: "[Deleted]"
|
||||
# Prefix the room topic with a string.
|
||||
#topicPrefix: "This room has been deleted"
|
||||
# Disable people from talking in the room by raising the event PL to 50
|
||||
disableMessaging: false
|
||||
# Remove the discord alias from the room.
|
||||
unsetRoomAlias: true
|
||||
# Remove the room from the directory.
|
||||
unlistFromDirectory: true
|
||||
# Set the room to be unavaliable for joining without an invite.
|
||||
setInviteOnly: true
|
||||
# Make all the discord users leave the room.
|
||||
ghostsLeave: true
|
||||
limits:
|
||||
# Delay in milliseconds between discord users joining a room.
|
||||
roomGhostJoinDelay: 6000
|
||||
# Delay in milliseconds before sending messages to discord to avoid echos.
|
||||
# (Copies of a sent message may arrive from discord before we've
|
||||
# fininished handling it, causing us to echo it back to the room)
|
||||
discordSendDelay: 750
|
||||
ghosts:
|
||||
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
|
||||
nickPattern: ":nick"
|
||||
# Pattern for the ghosts username, available is :username, :tag and :id
|
||||
usernamePattern: ":username#:tag"
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
|
||||
{{ matrix_appservice_discord_docker_image }} \
|
||||
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-discord
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-discord
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-appservice-discord
|
||||
|
@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
|
||||
matrix_appservice_irc_appservice_token: ''
|
||||
matrix_appservice_irc_homeserver_token: ''
|
||||
|
||||
matrix_appservice_irc_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: True
|
||||
homeserver:
|
||||
# The URL to the home server for client-server API calls, also used to form the
|
||||
# media URLs as displayed in bridged IRC channels:
|
||||
url: {{ matrix_appservice_irc_homeserver_url }}
|
||||
#
|
||||
# The URL of the homeserver hosting media files. This is only used to transform
|
||||
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
||||
# default, this is the homeserver URL, specified above.
|
||||
#
|
||||
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
||||
|
||||
# Drop Matrix messages which are older than this number of seconds, according to
|
||||
# the event's origin_server_ts.
|
||||
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
||||
# events on reconnection. These events may be hours old, which can be confusing to
|
||||
# IRC users if they are then bridged. This option allows these old messages to be
|
||||
# dropped.
|
||||
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
||||
# clock times and hence produce different origin_server_ts values, which may be old
|
||||
# enough to cause *all* events from the homeserver to be dropped.
|
||||
# Default: 0 (don't ever drop)
|
||||
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
||||
|
||||
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
||||
# is the "domain name" part of the HS URL.
|
||||
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
||||
|
||||
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
||||
# homeserver then it should also be disabled here to avoid excess traffic.
|
||||
# Default: true
|
||||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||
|
||||
ircService:
|
||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||
# the database.
|
||||
#
|
||||
# To generate a .pem file:
|
||||
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||
#
|
||||
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
||||
# for storage in the database. Passwords are stored by using the admin room command
|
||||
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
||||
# the Matrix user, this password will be sent as the server password (PASS command).
|
||||
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
||||
|
||||
# Config for Matrix -> IRC bridging
|
||||
matrixHandler:
|
||||
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
||||
eventCacheSize: 4096
|
||||
|
||||
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
||||
|
||||
# Configuration for an ident server. If you are running a public bridge it is
|
||||
# advised you setup an ident server so IRC mods can ban specific matrix users
|
||||
# rather than the application service itself.
|
||||
ident:
|
||||
# True to listen for Ident requests and respond with the
|
||||
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
||||
# Default: false.
|
||||
enabled: false
|
||||
# The port to listen on for incoming ident requests.
|
||||
# Ports below 1024 require root to listen on, and you may not want this to
|
||||
# run as root. Instead, you can get something like an Apache to yank up
|
||||
# incoming requests to 113 to a high numbered port. Set the port to listen
|
||||
# on instead of 113 here.
|
||||
# Default: 113.
|
||||
port: 1113
|
||||
# The address to listen on for incoming ident requests.
|
||||
# Default: 0.0.0.0
|
||||
address: "::"
|
||||
|
||||
# Configuration for logging. Optional. Default: console debug level logging
|
||||
# only.
|
||||
logging:
|
||||
# Level to log on console/logfile. One of error|warn|info|debug
|
||||
level: "debug"
|
||||
# The file location to log to. This is relative to the project directory.
|
||||
#logfile: "debug.log"
|
||||
# The file location to log errors to. This is relative to the project
|
||||
# directory.
|
||||
#errfile: "errors.log"
|
||||
# Whether to log to the console or not.
|
||||
toConsole: true
|
||||
# The max number of files to keep. Files will be overwritten eventually due
|
||||
# to rotations.
|
||||
maxFiles: 5
|
||||
|
||||
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
||||
# $ npm install prom-client@6.3.0
|
||||
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
||||
metrics:
|
||||
# Whether to actually enable the metric endpoint. Default: false
|
||||
enabled: true
|
||||
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
||||
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
||||
remoteUserAgeBuckets:
|
||||
- "1h"
|
||||
- "1d"
|
||||
- "1w"
|
||||
|
||||
# Configuration for the provisioning API.
|
||||
#
|
||||
# GET /_matrix/provision/link
|
||||
# GET /_matrix/provision/unlink
|
||||
# GET /_matrix/provision/listlinks
|
||||
#
|
||||
provisioning:
|
||||
# True to enable the provisioning HTTP endpoint. Default: false.
|
||||
enabled: false
|
||||
# The number of seconds to wait before giving up on getting a response from
|
||||
# an IRC channel operator. If the channel operator does not respond within the
|
||||
# allotted time period, the provisioning request will fail.
|
||||
# Default: 300 seconds (5 mins)
|
||||
requestTimeoutSeconds: 300
|
||||
|
||||
# Options here are generally only applicable to large-scale bridges and may have
|
||||
# consequences greater than other options in this configuration file.
|
||||
advanced:
|
||||
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
||||
# however for large bridges it is important to rate limit the bridge to avoid
|
||||
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
||||
# enough for the vast majority of use cases.
|
||||
maxHttpSockets: 1000
|
||||
|
||||
# Use an external database to store bridge state.
|
||||
database:
|
||||
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||
engine: "nedb"
|
||||
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||
# For postgres, it must start with postgres://
|
||||
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||
connectionString: "nedb:///data"
|
||||
matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_appservice_irc_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for Appservice IRC servers goes here.
|
||||
|
@ -58,7 +58,7 @@
|
||||
register: irc_passkey_file
|
||||
|
||||
- name: Generate Appservice IRC passkey if it doesn't exist
|
||||
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||
shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
when: "not irc_passkey_file.stat.exists"
|
||||
@ -93,7 +93,7 @@
|
||||
# to produce a final registration.yaml file, as we desire.
|
||||
- name: Generate Appservice IRC registration-template.yaml
|
||||
shell: >-
|
||||
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
-v {{ matrix_appservice_irc_config_path }}:/config:z
|
||||
|
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2
Normal file
@ -0,0 +1,134 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
homeserver:
|
||||
# The URL to the home server for client-server API calls, also used to form the
|
||||
# media URLs as displayed in bridged IRC channels:
|
||||
url: {{ matrix_appservice_irc_homeserver_url }}
|
||||
#
|
||||
# The URL of the homeserver hosting media files. This is only used to transform
|
||||
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
|
||||
# default, this is the homeserver URL, specified above.
|
||||
#
|
||||
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
|
||||
|
||||
# Drop Matrix messages which are older than this number of seconds, according to
|
||||
# the event's origin_server_ts.
|
||||
# If the bridge is down for a while, the homeserver will attempt to send all missed
|
||||
# events on reconnection. These events may be hours old, which can be confusing to
|
||||
# IRC users if they are then bridged. This option allows these old messages to be
|
||||
# dropped.
|
||||
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
|
||||
# clock times and hence produce different origin_server_ts values, which may be old
|
||||
# enough to cause *all* events from the homeserver to be dropped.
|
||||
# Default: 0 (don't ever drop)
|
||||
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
|
||||
|
||||
# The 'domain' part for user IDs on this home server. Usually (but not always)
|
||||
# is the "domain name" part of the HS URL.
|
||||
domain: {{ matrix_appservice_irc_homeserver_domain }}
|
||||
|
||||
# Should presence be enabled for matrix clients on this bridge. If disabled on the
|
||||
# homeserver then it should also be disabled here to avoid excess traffic.
|
||||
# Default: true
|
||||
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
|
||||
|
||||
ircService:
|
||||
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
|
||||
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
|
||||
# the database.
|
||||
#
|
||||
# To generate a .pem file:
|
||||
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
|
||||
#
|
||||
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
|
||||
# for storage in the database. Passwords are stored by using the admin room command
|
||||
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
|
||||
# the Matrix user, this password will be sent as the server password (PASS command).
|
||||
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
|
||||
|
||||
# Config for Matrix -> IRC bridging
|
||||
matrixHandler:
|
||||
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
|
||||
eventCacheSize: 4096
|
||||
|
||||
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
|
||||
|
||||
# Configuration for an ident server. If you are running a public bridge it is
|
||||
# advised you setup an ident server so IRC mods can ban specific matrix users
|
||||
# rather than the application service itself.
|
||||
ident:
|
||||
# True to listen for Ident requests and respond with the
|
||||
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
|
||||
# Default: false.
|
||||
enabled: false
|
||||
# The port to listen on for incoming ident requests.
|
||||
# Ports below 1024 require root to listen on, and you may not want this to
|
||||
# run as root. Instead, you can get something like an Apache to yank up
|
||||
# incoming requests to 113 to a high numbered port. Set the port to listen
|
||||
# on instead of 113 here.
|
||||
# Default: 113.
|
||||
port: 1113
|
||||
# The address to listen on for incoming ident requests.
|
||||
# Default: 0.0.0.0
|
||||
address: "::"
|
||||
|
||||
# Configuration for logging. Optional. Default: console debug level logging
|
||||
# only.
|
||||
logging:
|
||||
# Level to log on console/logfile. One of error|warn|info|debug
|
||||
level: "debug"
|
||||
# The file location to log to. This is relative to the project directory.
|
||||
#logfile: "debug.log"
|
||||
# The file location to log errors to. This is relative to the project
|
||||
# directory.
|
||||
#errfile: "errors.log"
|
||||
# Whether to log to the console or not.
|
||||
toConsole: true
|
||||
# The max number of files to keep. Files will be overwritten eventually due
|
||||
# to rotations.
|
||||
maxFiles: 5
|
||||
|
||||
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
|
||||
# $ npm install prom-client@6.3.0
|
||||
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
|
||||
metrics:
|
||||
# Whether to actually enable the metric endpoint. Default: false
|
||||
enabled: true
|
||||
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
|
||||
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
|
||||
remoteUserAgeBuckets:
|
||||
- "1h"
|
||||
- "1d"
|
||||
- "1w"
|
||||
|
||||
# Configuration for the provisioning API.
|
||||
#
|
||||
# GET /_matrix/provision/link
|
||||
# GET /_matrix/provision/unlink
|
||||
# GET /_matrix/provision/listlinks
|
||||
#
|
||||
provisioning:
|
||||
# True to enable the provisioning HTTP endpoint. Default: false.
|
||||
enabled: false
|
||||
# The number of seconds to wait before giving up on getting a response from
|
||||
# an IRC channel operator. If the channel operator does not respond within the
|
||||
# allotted time period, the provisioning request will fail.
|
||||
# Default: 300 seconds (5 mins)
|
||||
requestTimeoutSeconds: 300
|
||||
|
||||
# Options here are generally only applicable to large-scale bridges and may have
|
||||
# consequences greater than other options in this configuration file.
|
||||
advanced:
|
||||
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
|
||||
# however for large bridges it is important to rate limit the bridge to avoid
|
||||
# accidentally overloading the homeserver. Defaults to 1000, which should be
|
||||
# enough for the vast majority of use cases.
|
||||
maxHttpSockets: 1000
|
||||
|
||||
# Use an external database to store bridge state.
|
||||
database:
|
||||
# database engine (must be 'postgres' or 'nedb'). Default: nedb
|
||||
engine: "nedb"
|
||||
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
|
||||
# For postgres, it must start with postgres://
|
||||
# For NeDB, it must start with nedb://. The path is relative to the project directory.
|
||||
connectionString: "nedb:///data"
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
|
||||
{{ matrix_appservice_irc_docker_image }} \
|
||||
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-appservice-irc
|
||||
|
@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
|
||||
matrix_appservice_slack_homeserver_token: ''
|
||||
matrix_appservice_slack_id_token: ''
|
||||
|
||||
matrix_appservice_slack_configuration_yaml: |
|
||||
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
||||
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
||||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||
|
||||
homeserver:
|
||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||
server_name: "{{ matrix_domain }}"
|
||||
|
||||
dbdir: "/data"
|
||||
|
||||
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
||||
|
||||
matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_appservice_slack_configuration_extension_yaml: |
|
||||
#slack_hook_port: 9898
|
||||
|
@ -0,0 +1,14 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
|
||||
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
|
||||
bot_username: "{{ matrix_appservice_slack_bot_name }}"
|
||||
username_prefix: {{ matrix_appservice_slack_user_prefix }}
|
||||
|
||||
homeserver:
|
||||
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
|
||||
url: "{{ matrix_appservice_slack_homeserver_url }}"
|
||||
server_name: "{{ matrix_domain }}"
|
||||
|
||||
dbdir: "/data"
|
||||
|
||||
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
|
||||
{{ matrix_appservice_slack_docker_image }} \
|
||||
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-slack
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-slack
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-appservice-slack
|
||||
|
@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
|
||||
# Logging information (info and verbose is available) default is: info
|
||||
matrix_appservice_webhooks_log_level: 'info'
|
||||
|
||||
matrix_appservice_webhooks_configuration_yaml: |
|
||||
|
||||
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||
homeserver:
|
||||
# The domain for the client-server API calls.
|
||||
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||
|
||||
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||
# home server's URL.
|
||||
domain: "{{ matrix_domain }}"
|
||||
|
||||
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||
webhookBot:
|
||||
# The localpart to use for the bot. May require re-registering the application service.
|
||||
localpart: "_webhook"
|
||||
|
||||
# Provisioning API options
|
||||
provisioning:
|
||||
# Your secret for the API. Required for all provisioning API requests.
|
||||
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||
|
||||
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||
web:
|
||||
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||
|
||||
logging:
|
||||
console: true
|
||||
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||
writeFiles: false
|
||||
matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_appservice_webhooks_configuration_extension_yaml: |
|
||||
#
|
||||
|
@ -0,0 +1,28 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
|
||||
homeserver:
|
||||
# The domain for the client-server API calls.
|
||||
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
|
||||
|
||||
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
|
||||
# home server's URL.
|
||||
domain: "{{ matrix_domain }}"
|
||||
|
||||
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
|
||||
webhookBot:
|
||||
# The localpart to use for the bot. May require re-registering the application service.
|
||||
localpart: "_webhook"
|
||||
|
||||
# Provisioning API options
|
||||
provisioning:
|
||||
# Your secret for the API. Required for all provisioning API requests.
|
||||
secret: '{{ matrix_appservice_webhooks_api_secret }}'
|
||||
|
||||
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
|
||||
web:
|
||||
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
|
||||
|
||||
logging:
|
||||
console: true
|
||||
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
|
||||
writeFiles: false
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
|
||||
{{ matrix_appservice_webhooks_docker_image }} \
|
||||
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
|
||||
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-appservice-webhooks
|
||||
|
@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_facebook_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_facebook_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29319
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-facebook.db
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
public:
|
||||
# Whether or not the public-facing endpoints should be enabled.
|
||||
enabled: false
|
||||
# The prefix to use in the public-facing endpoints.
|
||||
prefix: /public
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: https://example.com/public
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: facebook
|
||||
# Username of the appservice bot.
|
||||
bot_username: facebookbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Facebook bridge bot
|
||||
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Facebook users.
|
||||
# {userid} is replaced with the user ID of the Facebook user.
|
||||
username_template: "facebook_{userid}"
|
||||
# Localpart template for per-user room grouping community IDs.
|
||||
# The bridge will create these communities and add all of the specific user's portals to the community.
|
||||
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
||||
#
|
||||
# `facebook_{localpart}={server}` is a good value.
|
||||
community_template: null
|
||||
# Displayname template for Facebook users.
|
||||
# {displayname} is replaced with the display name of the Facebook user
|
||||
# as defined below in displayname_preference.
|
||||
# Keys available for displayname_preference are also available here.
|
||||
displayname_template: '{displayname} (FB)'
|
||||
# Available keys:
|
||||
# "name" (full name)
|
||||
# "first_name"
|
||||
# "last_name"
|
||||
# "nickname"
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!fb"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
initial_chat_sync: 10
|
||||
# Whether or not the Facebook users of logged in Matrix users should be
|
||||
# invited to private chats when the user sends a message from another client.
|
||||
invite_own_puppet_to_pm: false
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Facebook account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
||||
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
||||
# presence, but then it won't send other users' presence to the client.
|
||||
presence: true
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_facebook.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
fbchat:
|
||||
level: DEBUG
|
||||
hbmqtt:
|
||||
level: INFO
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
||||
matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_facebook_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
Normal file
@ -0,0 +1,194 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_facebook_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_facebook_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 29319
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-facebook.db
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
public:
|
||||
# Whether or not the public-facing endpoints should be enabled.
|
||||
enabled: false
|
||||
# The prefix to use in the public-facing endpoints.
|
||||
prefix: /public
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: https://example.com/public
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: facebook
|
||||
# Username of the appservice bot.
|
||||
bot_username: facebookbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Facebook bridge bot
|
||||
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Facebook users.
|
||||
# {userid} is replaced with the user ID of the Facebook user.
|
||||
username_template: "facebook_{userid}"
|
||||
# Localpart template for per-user room grouping community IDs.
|
||||
# The bridge will create these communities and add all of the specific user's portals to the community.
|
||||
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
|
||||
#
|
||||
# `facebook_{localpart}={server}` is a good value.
|
||||
community_template: null
|
||||
# Displayname template for Facebook users.
|
||||
# {displayname} is replaced with the display name of the Facebook user
|
||||
# as defined below in displayname_preference.
|
||||
# Keys available for displayname_preference are also available here.
|
||||
displayname_template: '{displayname} (FB)'
|
||||
# Available keys:
|
||||
# "name" (full name)
|
||||
# "first_name"
|
||||
# "last_name"
|
||||
# "nickname"
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!fb"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
initial_chat_sync: 10
|
||||
# Whether or not the Facebook users of logged in Matrix users should be
|
||||
# invited to private chats when the user sends a message from another client.
|
||||
invite_own_puppet_to_pm: false
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Facebook account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
|
||||
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
|
||||
# presence, but then it won't send other users' presence to the client.
|
||||
presence: true
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
|
||||
# been sent to Facebook.
|
||||
delivery_receipts: false
|
||||
# Whether to allow inviting arbitrary mxids to portal rooms
|
||||
allow_invites: false
|
||||
# Settings for backfilling messages from Facebook.
|
||||
backfill:
|
||||
# Whether or not the Facebook users of logged in Matrix users should be
|
||||
# invited to private chats when backfilling history from Facebook. This is
|
||||
# usually needed to prevent rate limits and to allow timestamp massaging.
|
||||
invite_own_puppet: true
|
||||
# Maximum number of messages to backfill initially.
|
||||
# Set to 0 to disable backfilling when creating portal.
|
||||
initial_limit: 0
|
||||
# Maximum number of messages to backfill if messages were missed while
|
||||
# the bridge was disconnected.
|
||||
# Set to 0 to disable backfilling missed messages.
|
||||
missed_limit: 1000
|
||||
# If using double puppeting, should notifications be disabled
|
||||
# while the initial backfill is in progress?
|
||||
disable_notifications: false
|
||||
periodic_reconnect:
|
||||
# Interval in seconds in which to automatically reconnect all users.
|
||||
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
|
||||
# Set to -1 to disable periodic reconnections entirely.
|
||||
interval: -1
|
||||
# What to do in periodic reconnects. Either "refresh" or "reconnect"
|
||||
mode: refresh
|
||||
# Should even disconnected users be reconnected?
|
||||
always: false
|
||||
# The number of seconds that a disconnection can last without triggering an automatic re-sync
|
||||
# and missed message backfilling when reconnecting.
|
||||
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
|
||||
resync_max_disconnected_time: 5
|
||||
# Whether or not temporary disconnections should send notices to the notice room.
|
||||
# If this is false, disconnections will never send messages and connections will only send
|
||||
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
|
||||
temporary_disconnect_notices: true
|
||||
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
|
||||
# attempt fails.
|
||||
refresh_on_reconnection_fail: false
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_facebook.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
fbchat:
|
||||
level: DEBUG
|
||||
hbmqtt:
|
||||
level: INFO
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
|
||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
|
||||
alembic -x config=/config/config.yaml upgrade head
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
|
||||
{{ matrix_mautrix_facebook_docker_image }} \
|
||||
python3 -m mautrix_facebook -c /config/config.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
|
||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mautrix-facebook
|
||||
|
@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_hangouts_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-hangouts.db
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: hangouts
|
||||
# Username of the appservice bot.
|
||||
bot_username: hangoutsbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Hangouts bridge bot
|
||||
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Hangouts users.
|
||||
# {userid} is replaced with the user ID of the Hangouts user.
|
||||
username_template: "hangouts_{userid}"
|
||||
# Displayname template for Hangouts users.
|
||||
# {displayname} is replaced with the display name of the Hangouts user
|
||||
# as defined below in displayname_preference.
|
||||
# Keys available for displayname_preference are also available here.
|
||||
displayname_template: '{full_name} (Hangouts)'
|
||||
# Available keys:
|
||||
# "name" (full name)
|
||||
# "first_name"
|
||||
# "last_name"
|
||||
# "nickname"
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!HO"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
initial_chat_sync: 20
|
||||
# Whether or not the Hangouts users of logged in Matrix users should be
|
||||
# invited to private chats when the user sends a message from another client.
|
||||
invite_own_puppet_to_pm: false
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Public website and API configs
|
||||
web:
|
||||
# Auth server config
|
||||
auth:
|
||||
# Publicly accessible base URL for the login endpoints.
|
||||
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
||||
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
||||
# This path should usually include a trailing slash.
|
||||
# Internal prefix in the appservice web server for the login endpoints.
|
||||
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_hangouts.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
hangups:
|
||||
level: DEBUG
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
||||
matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_hangouts_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2
Normal file
@ -0,0 +1,145 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_hangouts_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_hangouts_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-hangouts.db
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: hangouts
|
||||
# Username of the appservice bot.
|
||||
bot_username: hangoutsbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Hangouts bridge bot
|
||||
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Hangouts users.
|
||||
# {userid} is replaced with the user ID of the Hangouts user.
|
||||
username_template: "hangouts_{userid}"
|
||||
# Displayname template for Hangouts users.
|
||||
# {displayname} is replaced with the display name of the Hangouts user
|
||||
# as defined below in displayname_preference.
|
||||
# Keys available for displayname_preference are also available here.
|
||||
displayname_template: '{full_name} (Hangouts)'
|
||||
# Available keys:
|
||||
# "name" (full name)
|
||||
# "first_name"
|
||||
# "last_name"
|
||||
# "nickname"
|
||||
# "own_nickname" (user-specific!)
|
||||
displayname_preference:
|
||||
- name
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!HO"
|
||||
|
||||
# Number of chats to sync (and create portals for) on startup/login.
|
||||
# Maximum 20, set 0 to disable automatic syncing.
|
||||
initial_chat_sync: 20
|
||||
# Whether or not the Hangouts users of logged in Matrix users should be
|
||||
# invited to private chats when the user sends a message from another client.
|
||||
invite_own_puppet_to_pm: false
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Hangouts account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
|
||||
# Whether or not to update avatars when syncing all contacts at startup.
|
||||
update_avatar_initial_sync: true
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Public website and API configs
|
||||
web:
|
||||
# Auth server config
|
||||
auth:
|
||||
# Publicly accessible base URL for the login endpoints.
|
||||
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
|
||||
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
|
||||
# This path should usually include a trailing slash.
|
||||
# Internal prefix in the appservice web server for the login endpoints.
|
||||
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
|
||||
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Use the bridge with puppeting.
|
||||
# admin - Use and administrate the bridge.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
colored:
|
||||
(): mautrix_hangouts.util.ColorFormatter
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
normal:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: colored
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
hangups:
|
||||
level: DEBUG
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
@ -11,9 +11,9 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
|
||||
alembic -x config=/config/config.yaml upgrade head
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
|
||||
{{ matrix_mautrix_hangouts_docker_image }} \
|
||||
python3 -m mautrix_hangouts -c /config/config.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
|
||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mautrix-hangouts
|
||||
|
@ -4,7 +4,7 @@
|
||||
matrix_mautrix_telegram_enabled: true
|
||||
|
||||
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
|
||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
|
||||
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2"
|
||||
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
|
||||
@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_telegram_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_telegram_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-telegram.db
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
||||
# the HS database.
|
||||
public:
|
||||
# Whether or not the public-facing endpoints should be enabled.
|
||||
enabled: true
|
||||
# The prefix to use in the public-facing endpoints.
|
||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
||||
|
||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||
provisioning:
|
||||
# Whether or not the provisioning API should be enabled.
|
||||
enabled: false
|
||||
# The prefix to use in the provisioning API endpoints.
|
||||
prefix: /_matrix/provision/v1
|
||||
# The shared secret to authorize users of the API.
|
||||
# Set to "generate" to generate and save a new token.
|
||||
shared_secret: generate
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: telegram
|
||||
# Username of the appservice bot.
|
||||
bot_username: telegrambot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Telegram bridge bot
|
||||
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Telegram users.
|
||||
# {userid} is replaced with the user ID of the Telegram user.
|
||||
username_template: "telegram_{userid}"
|
||||
# Localpart template of room aliases for Telegram portal rooms.
|
||||
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
||||
alias_template: "telegram_{groupname}"
|
||||
# Displayname template for Telegram users.
|
||||
# {displayname} is replaced with the display name of the Telegram user.
|
||||
displayname_template: "{displayname} (Telegram)"
|
||||
|
||||
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
||||
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
||||
# ID is used.
|
||||
#
|
||||
# If the bridge is working properly, a phone number or an username should always be known, but
|
||||
# the other one can very well be empty.
|
||||
#
|
||||
# Valid keys:
|
||||
# "full name" (First and/or last name)
|
||||
# "full name reversed" (Last and/or first name)
|
||||
# "first name"
|
||||
# "last name"
|
||||
# "username"
|
||||
# "phone number"
|
||||
displayname_preference:
|
||||
- full name
|
||||
- username
|
||||
- phone number
|
||||
# Maximum length of displayname
|
||||
displayname_max_length: 100
|
||||
|
||||
# Maximum number of members to sync per portal when starting up. Other members will be
|
||||
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
||||
# will not send any more members.
|
||||
# Defaults to no local limit (-> limited to 10000 by server)
|
||||
max_initial_member_sync: -1
|
||||
# Whether or not to sync the member list in channels.
|
||||
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
||||
# list regardless of this setting.
|
||||
sync_channel_members: true
|
||||
# Whether or not to skip deleted members when syncing members.
|
||||
skip_deleted_members: true
|
||||
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
||||
# their Telegram account at startup.
|
||||
startup_sync: true
|
||||
# Number of most recently active dialogs to check when syncing chats.
|
||||
# Dialogs include groups and private chats, but only groups are synced.
|
||||
# Set to 0 to remove limit.
|
||||
sync_dialog_limit: 30
|
||||
# Whether or not to sync and create portals for direct chats at startup.
|
||||
sync_direct_chats: false
|
||||
# The maximum number of simultaneous Telegram deletions to handle.
|
||||
# A large number of simultaneous redactions could put strain on your homeserver.
|
||||
max_telegram_delete: 10
|
||||
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
||||
# at startup and when creating a bridge.
|
||||
sync_matrix_state: true
|
||||
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
||||
# login website (see appservice.public config section)
|
||||
allow_matrix_login: true
|
||||
# Whether or not to bridge plaintext highlights.
|
||||
# Only enable this if your displayname_template has some static part that the bridge can use to
|
||||
# reliably identify what is a plaintext highlight.
|
||||
plaintext_highlights: false
|
||||
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
||||
public_portals: true
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Telegram account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
||||
# Set to false to disable link previews in messages sent to Telegram.
|
||||
telegram_link_preview: true
|
||||
# Use inline images instead of a separate message for the caption.
|
||||
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
||||
inline_images: false
|
||||
# Maximum size of image in megabytes before sending to Telegram as a document.
|
||||
image_as_file_size: 10
|
||||
# Maximum size of Telegram documents in megabytes to bridge.
|
||||
max_document_size: 100
|
||||
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
||||
# streaming from/to Matrix and using many connections for Telegram.
|
||||
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
||||
parallel_file_transfer: false
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: true
|
||||
# Settings for converting animated stickers.
|
||||
animated_sticker:
|
||||
# Format to which animated stickers should be converted.
|
||||
# disable - No conversion, send as-is (gzipped lottie)
|
||||
# png - converts to non-animated png (fastest),
|
||||
# gif - converts to animated gif, but loses transparency
|
||||
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
||||
target: gif
|
||||
# Arguments for converter. All converters take width and height.
|
||||
# GIF converter takes background as a hex color.
|
||||
args:
|
||||
width: 256
|
||||
height: 256
|
||||
background: "020202" # only for gif
|
||||
fps: 30 # only for webm
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Overrides for base power levels.
|
||||
initial_power_level_overrides:
|
||||
user: {}
|
||||
group: {}
|
||||
|
||||
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
||||
bot_messages_as_notices: true
|
||||
bridge_notices:
|
||||
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
||||
default: false
|
||||
# List of user IDs for whom the previous flag is flipped.
|
||||
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
||||
# notices from users listed here will be bridged.
|
||||
exceptions: []
|
||||
|
||||
# Some config options related to Telegram message deduplication.
|
||||
# The default values are usually fine, but some debug messages/warnings might recommend you
|
||||
# change these.
|
||||
deduplication:
|
||||
# Whether or not to check the database if the message about to be sent is a duplicate.
|
||||
pre_db_check: false
|
||||
# The number of latest events to keep when checking for duplicates.
|
||||
# You might need to increase this on high-traffic bridge instances.
|
||||
cache_queue_length: 20
|
||||
|
||||
|
||||
# The formats to use when sending messages to Telegram via the relay bot.
|
||||
#
|
||||
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
||||
#
|
||||
# Available variables:
|
||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||
# $message - The message content as HTML
|
||||
message_formats:
|
||||
m.text: "<b>$sender_displayname</b>: $message"
|
||||
m.notice: "<b>$sender_displayname</b>: $message"
|
||||
m.emote: "* <b>$sender_displayname</b> $message"
|
||||
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
||||
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
||||
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
||||
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
||||
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
||||
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
||||
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
||||
# Telegram user info is available in the following variables:
|
||||
# $displayname - Telegram displayname
|
||||
# $username - Telegram username (may not exist)
|
||||
# $mention - Telegram @username or displayname mention (depending on which exists)
|
||||
emote_format: "* $mention $formatted_body"
|
||||
|
||||
# The formats to use when sending state events to Telegram via the relay bot.
|
||||
#
|
||||
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
||||
# In name_change events, `$prev_displayname` is the previous displayname.
|
||||
#
|
||||
# Set format to an empty string to disable the messages for that event.
|
||||
state_event_formats:
|
||||
join: "<b>$displayname</b> joined the room."
|
||||
leave: "<b>$displayname</b> left the room."
|
||||
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
||||
|
||||
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
||||
# `filter-mode` management commands.
|
||||
#
|
||||
# Filters do not affect direct chats.
|
||||
# An empty blacklist will essentially disable the filter.
|
||||
filter:
|
||||
# Filter mode to use. Either "blacklist" or "whitelist".
|
||||
# If the mode is "blacklist", the listed chats will never be bridged.
|
||||
# If the mode is "whitelist", only the listed chats can be bridged.
|
||||
mode: blacklist
|
||||
# The list of group/channel IDs to filter.
|
||||
list: []
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!tg"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
||||
# user - Relaybot level + access to commands to create bridges.
|
||||
# puppeting - User level + logging in with a Telegram account.
|
||||
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
||||
# admin - Full access to use the bridge and some extra administration commands.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
||||
|
||||
# Options related to the message relay Telegram bot.
|
||||
relaybot:
|
||||
private_chat:
|
||||
# List of users to invite to the portal when someone starts a private chat with the bot.
|
||||
# If empty, private chats with the bot won't create a portal.
|
||||
invite: []
|
||||
# Whether or not to bridge state change messages in relaybot private chats.
|
||||
state_changes: true
|
||||
# When private_chat_invite is empty, this message is sent to users /starting the
|
||||
# relaybot. Telegram's "markdown" is supported.
|
||||
message: This is a Matrix bridge relaybot and does not support direct chats
|
||||
# List of users to invite to all group chat portals created by the bridge.
|
||||
group_chat_invite: []
|
||||
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
||||
# If false, portals will be created when the relaybot receives messages, just like normal
|
||||
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
||||
# the chat to another room.
|
||||
ignore_unbridged_group_chat: true
|
||||
# Whether or not to allow creating portals from Telegram.
|
||||
authless_portals: true
|
||||
# Whether or not to allow Telegram group admins to use the bot commands.
|
||||
whitelist_group_admins: true
|
||||
# Whether or not to ignore incoming events sent by the relay bot.
|
||||
ignore_own_incoming_events: true
|
||||
# List of usernames/user IDs who are also allowed to use the bot commands.
|
||||
whitelist: []
|
||||
|
||||
# Telegram config
|
||||
telegram:
|
||||
# Get your own API keys at https://my.telegram.org/apps
|
||||
api_id: {{ matrix_mautrix_telegram_api_id }}
|
||||
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
||||
# (Optional) Create your own bot at https://t.me/BotFather
|
||||
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
||||
|
||||
# Telethon connection options.
|
||||
connection:
|
||||
# The timeout in seconds to be used when connecting.
|
||||
timeout: 120
|
||||
# How many times the reconnection should retry, either on the initial connection or when
|
||||
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
||||
# this is not recommended, since the program can get stuck in an infinite loop.
|
||||
retries: 5
|
||||
# The delay in seconds to sleep between automatic reconnections.
|
||||
retry_delay: 1
|
||||
# The threshold below which the library should automatically sleep on flood wait errors
|
||||
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
||||
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
||||
# the error instead. Values larger than a day (86400) will be changed to a day.
|
||||
flood_sleep_threshold: 60
|
||||
# How many times a request should be retried. Request are retried when Telegram is having
|
||||
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
||||
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
||||
# is not recommended, since some requests can always trigger a call fail (such as searching
|
||||
# for messages).
|
||||
request_retries: 5
|
||||
|
||||
# Device info sent to Telegram.
|
||||
device_info:
|
||||
# "auto" = OS name+version.
|
||||
device_model: auto
|
||||
# "auto" = Telethon version.
|
||||
system_version: auto
|
||||
# "auto" = mautrix-telegram version.
|
||||
app_version: auto
|
||||
lang_code: en
|
||||
system_lang_code: en
|
||||
|
||||
# Custom server to connect to.
|
||||
server:
|
||||
# Set to true to use these server settings. If false, will automatically
|
||||
# use production server assigned by Telegram. Set to false in production.
|
||||
enabled: false
|
||||
# The DC ID to connect to.
|
||||
dc: 2
|
||||
# The IP to connect to.
|
||||
ip: 149.154.167.40
|
||||
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
||||
port: 80
|
||||
|
||||
# Telethon proxy configuration.
|
||||
# You must install PySocks from pip for proxies to work.
|
||||
proxy:
|
||||
# Allowed types: disabled, socks4, socks5, http
|
||||
type: disabled
|
||||
# Proxy IP address and port.
|
||||
address: 127.0.0.1
|
||||
port: 1080
|
||||
# Whether or not to perform DNS resolving remotely.
|
||||
rdns: true
|
||||
# Proxy authentication (optional).
|
||||
username: ""
|
||||
password: ""
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
precise:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
telethon:
|
||||
level: DEBUG
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
||||
|
||||
matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_telegram_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2
Normal file
@ -0,0 +1,397 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_telegram_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
|
||||
# Whether or not to verify the SSL certificate of the homeserver.
|
||||
# Only applies if address starts with https://
|
||||
verify_ssl: true
|
||||
|
||||
# Application service host/registration related details
|
||||
# Changing these values requires regeneration of the registration.
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_telegram_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
|
||||
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
|
||||
max_body_size: 1
|
||||
|
||||
# The full URI to the database. SQLite and Postgres are fully supported.
|
||||
# Other DBMSes supported by SQLAlchemy may or may not work.
|
||||
# Format examples:
|
||||
# SQLite: sqlite:///filename.db
|
||||
# Postgres: postgres://username:password@hostname/dbname
|
||||
database: sqlite:////data/mautrix-telegram.db
|
||||
|
||||
# Public part of web server for out-of-Matrix interaction with the bridge.
|
||||
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
|
||||
# the HS database.
|
||||
public:
|
||||
# Whether or not the public-facing endpoints should be enabled.
|
||||
enabled: true
|
||||
# The prefix to use in the public-facing endpoints.
|
||||
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
|
||||
# The base URL where the public-facing endpoints are available. The prefix is not added
|
||||
# implicitly.
|
||||
external: {{ matrix_mautrix_telegram_appservice_public_external }}
|
||||
|
||||
# Provisioning API part of the web server for automated portal creation and fetching information.
|
||||
# Used by things like Dimension (https://dimension.t2bot.io/).
|
||||
provisioning:
|
||||
# Whether or not the provisioning API should be enabled.
|
||||
enabled: false
|
||||
# The prefix to use in the provisioning API endpoints.
|
||||
prefix: /_matrix/provision/v1
|
||||
# The shared secret to authorize users of the API.
|
||||
# Set to "generate" to generate and save a new token.
|
||||
shared_secret: generate
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: telegram
|
||||
# Username of the appservice bot.
|
||||
bot_username: telegrambot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
bot_displayname: Telegram bridge bot
|
||||
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
|
||||
|
||||
# Authentication tokens for AS <-> HS communication.
|
||||
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for Telegram users.
|
||||
# {userid} is replaced with the user ID of the Telegram user.
|
||||
username_template: "telegram_{userid}"
|
||||
# Localpart template of room aliases for Telegram portal rooms.
|
||||
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
|
||||
alias_template: "telegram_{groupname}"
|
||||
# Displayname template for Telegram users.
|
||||
# {displayname} is replaced with the display name of the Telegram user.
|
||||
displayname_template: "{displayname} (Telegram)"
|
||||
|
||||
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
|
||||
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
|
||||
# ID is used.
|
||||
#
|
||||
# If the bridge is working properly, a phone number or an username should always be known, but
|
||||
# the other one can very well be empty.
|
||||
#
|
||||
# Valid keys:
|
||||
# "full name" (First and/or last name)
|
||||
# "full name reversed" (Last and/or first name)
|
||||
# "first name"
|
||||
# "last name"
|
||||
# "username"
|
||||
# "phone number"
|
||||
displayname_preference:
|
||||
- full name
|
||||
- username
|
||||
- phone number
|
||||
# Maximum length of displayname
|
||||
displayname_max_length: 100
|
||||
|
||||
# Maximum number of members to sync per portal when starting up. Other members will be
|
||||
# synced when they send messages. The maximum is 10000, after which the Telegram server
|
||||
# will not send any more members.
|
||||
# Defaults to no local limit (-> limited to 10000 by server)
|
||||
max_initial_member_sync: -1
|
||||
# Whether or not to sync the member list in channels.
|
||||
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
|
||||
# list regardless of this setting.
|
||||
sync_channel_members: true
|
||||
# Whether or not to skip deleted members when syncing members.
|
||||
skip_deleted_members: true
|
||||
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
|
||||
# their Telegram account at startup.
|
||||
startup_sync: true
|
||||
# Number of most recently active dialogs to check when syncing chats.
|
||||
# Dialogs include groups and private chats, but only groups are synced.
|
||||
# Set to 0 to remove limit.
|
||||
sync_dialog_limit: 30
|
||||
# Whether or not to sync and create portals for direct chats at startup.
|
||||
sync_direct_chats: false
|
||||
# The maximum number of simultaneous Telegram deletions to handle.
|
||||
# A large number of simultaneous redactions could put strain on your homeserver.
|
||||
max_telegram_delete: 10
|
||||
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
|
||||
# at startup and when creating a bridge.
|
||||
sync_matrix_state: true
|
||||
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
|
||||
# login website (see appservice.public config section)
|
||||
allow_matrix_login: true
|
||||
# Whether or not to bridge plaintext highlights.
|
||||
# Only enable this if your displayname_template has some static part that the bridge can use to
|
||||
# reliably identify what is a plaintext highlight.
|
||||
plaintext_highlights: false
|
||||
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
|
||||
public_portals: true
|
||||
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
|
||||
# your own Matrix account as the Matrix puppet for your Telegram account.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
|
||||
# Set to false to disable link previews in messages sent to Telegram.
|
||||
telegram_link_preview: true
|
||||
# Use inline images instead of a separate message for the caption.
|
||||
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
|
||||
inline_images: false
|
||||
# Maximum size of image in megabytes before sending to Telegram as a document.
|
||||
image_as_file_size: 10
|
||||
# Maximum size of Telegram documents in megabytes to bridge.
|
||||
max_document_size: 100
|
||||
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
|
||||
# streaming from/to Matrix and using many connections for Telegram.
|
||||
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
|
||||
parallel_file_transfer: false
|
||||
# Whether or not created rooms should have federation enabled.
|
||||
# If false, created portal rooms will never be federated.
|
||||
federate_rooms: true
|
||||
# Settings for converting animated stickers.
|
||||
animated_sticker:
|
||||
# Format to which animated stickers should be converted.
|
||||
# disable - No conversion, send as-is (gzipped lottie)
|
||||
# png - converts to non-animated png (fastest),
|
||||
# gif - converts to animated gif, but loses transparency
|
||||
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
|
||||
target: gif
|
||||
# Arguments for converter. All converters take width and height.
|
||||
# GIF converter takes background as a hex color.
|
||||
args:
|
||||
width: 256
|
||||
height: 256
|
||||
background: "020202" # only for gif
|
||||
fps: 30 # only for webm
|
||||
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
|
||||
# and login_shared_secret to be configured in order to get a device for the bridge bot.
|
||||
#
|
||||
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
|
||||
# application service.
|
||||
encryption:
|
||||
# Allow encryption, work in group chat rooms with e2ee enabled
|
||||
allow: false
|
||||
# Default to encryption, force-enable encryption in all portals the bridge creates
|
||||
# This will cause the bridge bot to be in private chats for the encryption to work properly.
|
||||
default: false
|
||||
|
||||
# Overrides for base power levels.
|
||||
initial_power_level_overrides:
|
||||
user: {}
|
||||
group: {}
|
||||
|
||||
# Whether to bridge Telegram bot messages as m.notices or m.texts.
|
||||
bot_messages_as_notices: true
|
||||
bridge_notices:
|
||||
# Whether or not Matrix bot messages (type m.notice) should be bridged.
|
||||
default: false
|
||||
# List of user IDs for whom the previous flag is flipped.
|
||||
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
|
||||
# notices from users listed here will be bridged.
|
||||
exceptions: []
|
||||
|
||||
# Some config options related to Telegram message deduplication.
|
||||
# The default values are usually fine, but some debug messages/warnings might recommend you
|
||||
# change these.
|
||||
deduplication:
|
||||
# Whether or not to check the database if the message about to be sent is a duplicate.
|
||||
pre_db_check: false
|
||||
# The number of latest events to keep when checking for duplicates.
|
||||
# You might need to increase this on high-traffic bridge instances.
|
||||
cache_queue_length: 20
|
||||
|
||||
|
||||
# The formats to use when sending messages to Telegram via the relay bot.
|
||||
#
|
||||
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
|
||||
#
|
||||
# Available variables:
|
||||
# $sender_displayname - The display name of the sender (e.g. Example User)
|
||||
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
|
||||
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
|
||||
# $message - The message content as HTML
|
||||
message_formats:
|
||||
m.text: "<b>$sender_displayname</b>: $message"
|
||||
m.notice: "<b>$sender_displayname</b>: $message"
|
||||
m.emote: "* <b>$sender_displayname</b> $message"
|
||||
m.file: "<b>$sender_displayname</b> sent a file: $message"
|
||||
m.image: "<b>$sender_displayname</b> sent an image: $message"
|
||||
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
|
||||
m.video: "<b>$sender_displayname</b> sent a video: $message"
|
||||
m.location: "<b>$sender_displayname</b> sent a location: $message"
|
||||
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
|
||||
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
|
||||
# Telegram user info is available in the following variables:
|
||||
# $displayname - Telegram displayname
|
||||
# $username - Telegram username (may not exist)
|
||||
# $mention - Telegram @username or displayname mention (depending on which exists)
|
||||
emote_format: "* $mention $formatted_body"
|
||||
|
||||
# The formats to use when sending state events to Telegram via the relay bot.
|
||||
#
|
||||
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
|
||||
# In name_change events, `$prev_displayname` is the previous displayname.
|
||||
#
|
||||
# Set format to an empty string to disable the messages for that event.
|
||||
state_event_formats:
|
||||
join: "<b>$displayname</b> joined the room."
|
||||
leave: "<b>$displayname</b> left the room."
|
||||
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
|
||||
|
||||
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
|
||||
# `filter-mode` management commands.
|
||||
#
|
||||
# Filters do not affect direct chats.
|
||||
# An empty blacklist will essentially disable the filter.
|
||||
filter:
|
||||
# Filter mode to use. Either "blacklist" or "whitelist".
|
||||
# If the mode is "blacklist", the listed chats will never be bridged.
|
||||
# If the mode is "whitelist", only the listed chats can be bridged.
|
||||
mode: blacklist
|
||||
# The list of group/channel IDs to filter.
|
||||
list: []
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!tg"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# relaybot - Only use the bridge via the relaybot, no access to commands.
|
||||
# user - Relaybot level + access to commands to create bridges.
|
||||
# puppeting - User level + logging in with a Telegram account.
|
||||
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
|
||||
# admin - Full access to use the bridge and some extra administration commands.
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
|
||||
|
||||
# Options related to the message relay Telegram bot.
|
||||
relaybot:
|
||||
private_chat:
|
||||
# List of users to invite to the portal when someone starts a private chat with the bot.
|
||||
# If empty, private chats with the bot won't create a portal.
|
||||
invite: []
|
||||
# Whether or not to bridge state change messages in relaybot private chats.
|
||||
state_changes: true
|
||||
# When private_chat_invite is empty, this message is sent to users /starting the
|
||||
# relaybot. Telegram's "markdown" is supported.
|
||||
message: This is a Matrix bridge relaybot and does not support direct chats
|
||||
# List of users to invite to all group chat portals created by the bridge.
|
||||
group_chat_invite: []
|
||||
# Whether or not the relaybot should not bridge events in unbridged group chats.
|
||||
# If false, portals will be created when the relaybot receives messages, just like normal
|
||||
# users. This behavior is usually not desirable, as it interferes with manually bridging
|
||||
# the chat to another room.
|
||||
ignore_unbridged_group_chat: true
|
||||
# Whether or not to allow creating portals from Telegram.
|
||||
authless_portals: true
|
||||
# Whether or not to allow Telegram group admins to use the bot commands.
|
||||
whitelist_group_admins: true
|
||||
# Whether or not to ignore incoming events sent by the relay bot.
|
||||
ignore_own_incoming_events: true
|
||||
# List of usernames/user IDs who are also allowed to use the bot commands.
|
||||
whitelist: []
|
||||
|
||||
# Telegram config
|
||||
telegram:
|
||||
# Get your own API keys at https://my.telegram.org/apps
|
||||
api_id: {{ matrix_mautrix_telegram_api_id }}
|
||||
api_hash: {{ matrix_mautrix_telegram_api_hash }}
|
||||
# (Optional) Create your own bot at https://t.me/BotFather
|
||||
bot_token: {{ matrix_mautrix_telegram_bot_token }}
|
||||
|
||||
# Telethon connection options.
|
||||
connection:
|
||||
# The timeout in seconds to be used when connecting.
|
||||
timeout: 120
|
||||
# How many times the reconnection should retry, either on the initial connection or when
|
||||
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
|
||||
# this is not recommended, since the program can get stuck in an infinite loop.
|
||||
retries: 5
|
||||
# The delay in seconds to sleep between automatic reconnections.
|
||||
retry_delay: 1
|
||||
# The threshold below which the library should automatically sleep on flood wait errors
|
||||
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
|
||||
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
|
||||
# the error instead. Values larger than a day (86400) will be changed to a day.
|
||||
flood_sleep_threshold: 60
|
||||
# How many times a request should be retried. Request are retried when Telegram is having
|
||||
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
|
||||
# there's a migrate error. May take a negative or null value for infinite retries, but this
|
||||
# is not recommended, since some requests can always trigger a call fail (such as searching
|
||||
# for messages).
|
||||
request_retries: 5
|
||||
|
||||
# Device info sent to Telegram.
|
||||
device_info:
|
||||
# "auto" = OS name+version.
|
||||
device_model: auto
|
||||
# "auto" = Telethon version.
|
||||
system_version: auto
|
||||
# "auto" = mautrix-telegram version.
|
||||
app_version: auto
|
||||
lang_code: en
|
||||
system_lang_code: en
|
||||
|
||||
# Custom server to connect to.
|
||||
server:
|
||||
# Set to true to use these server settings. If false, will automatically
|
||||
# use production server assigned by Telegram. Set to false in production.
|
||||
enabled: false
|
||||
# The DC ID to connect to.
|
||||
dc: 2
|
||||
# The IP to connect to.
|
||||
ip: 149.154.167.40
|
||||
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
|
||||
port: 80
|
||||
|
||||
# Telethon proxy configuration.
|
||||
# You must install PySocks from pip for proxies to work.
|
||||
proxy:
|
||||
# Allowed types: disabled, socks4, socks5, http
|
||||
type: disabled
|
||||
# Proxy IP address and port.
|
||||
address: 127.0.0.1
|
||||
port: 1080
|
||||
# Whether or not to perform DNS resolving remotely.
|
||||
rdns: true
|
||||
# Proxy authentication (optional).
|
||||
username: ""
|
||||
password: ""
|
||||
|
||||
# Python logging configuration.
|
||||
#
|
||||
# See section 16.7.2 of the Python documentation for more info:
|
||||
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
|
||||
logging:
|
||||
version: 1
|
||||
formatters:
|
||||
precise:
|
||||
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
loggers:
|
||||
mau:
|
||||
level: DEBUG
|
||||
telethon:
|
||||
level: DEBUG
|
||||
aiohttp:
|
||||
level: INFO
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
@ -11,21 +11,22 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram
|
||||
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
|
||||
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
|
||||
{{ matrix_mautrix_telegram_docker_image }} \
|
||||
alembic -x config=/config/config.yaml upgrade head
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
|
||||
{{ matrix_mautrix_telegram_docker_image }} \
|
||||
python3 -m mautrix_telegram -c /config/config.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
|
||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mautrix-telegram
|
||||
|
@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mautrix_whatsapp_configuration_yaml: |
|
||||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3" and "postgres" are supported.
|
||||
type: sqlite3
|
||||
# The database URI.
|
||||
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database
|
||||
uri: mautrix-whatsapp.db
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
|
||||
# Path to the Matrix room state store.
|
||||
state_store_path: ./mx-state.json
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: whatsapp
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: whatsappbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: WhatsApp bridge bot
|
||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for WhatsApp users.
|
||||
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
||||
username_template: "{{ 'whatsapp_{{.}}' }}"
|
||||
# Displayname template for WhatsApp users.
|
||||
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
||||
# {{ '{{.Jid}}' }} - phone number (international format)
|
||||
# The following variables are also available, but will cause problems on multi-user instances:
|
||||
# {{ '{{.Name}}' }} - display name from contact list
|
||||
# {{ '{{.Short}}' }} - short display name from contact list
|
||||
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
||||
# WhatsApp connection timeout in seconds.
|
||||
connection_timeout: 20
|
||||
# Maximum number of times to retry connecting on connection error.
|
||||
max_connection_attempts: 3
|
||||
# Number of seconds to wait between connection attempts.
|
||||
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
||||
connection_retry_delay: -1
|
||||
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
||||
# If false, it will only report when it stops retrying.
|
||||
report_connection_retry: true
|
||||
# Maximum number of seconds to wait for chats to be sent at startup.
|
||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||
chat_list_wait: 30
|
||||
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||
portal_sync_wait: 600
|
||||
|
||||
# Whether or not to send call start/end notices to Matrix.
|
||||
call_notices:
|
||||
start: true
|
||||
end: true
|
||||
|
||||
# Number of chats to sync for new users.
|
||||
initial_chat_sync_count: 10
|
||||
# Number of old messages to fill when creating new portal rooms.
|
||||
initial_history_fill_count: 20
|
||||
# Maximum number of chats to sync when recovering from downtime.
|
||||
# Set to -1 to sync all new chats during downtime.
|
||||
recovery_chat_sync_limit: -1
|
||||
# Whether or not to sync history when recovering from downtime.
|
||||
recovery_history_backfill: true
|
||||
# Maximum number of seconds since last message in chat to skip
|
||||
# syncing the chat in any case. This setting will take priority
|
||||
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
||||
# Default is 3 days = 259200 seconds
|
||||
sync_max_chat_age: 259200
|
||||
|
||||
# Whether or not to sync with custom puppets to receive EDUs that
|
||||
# are not normally sent to appservices.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
||||
|
||||
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
||||
# chat portals when backfilling if needed.
|
||||
# This always uses the default puppet instead of custom puppets due to
|
||||
# rate limits and timestamp massaging.
|
||||
invite_own_puppet_for_backfilling: true
|
||||
# Whether or not to explicitly set the avatar and room name for private
|
||||
# chat portal rooms. This can be useful if the previous field works fine,
|
||||
# but causes room avatar/name bugs.
|
||||
private_chat_portal_meta: false
|
||||
|
||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||
# users (private chat and groups)
|
||||
allow_user_invite: false
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
||||
|
||||
relaybot:
|
||||
# Whether or not relaybot support is enabled.
|
||||
enabled: false
|
||||
# The management room for the bot. This is where all status notifications are posted and
|
||||
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
||||
# the command prefix completely like in user management rooms is not possible.
|
||||
management: '!foo:example.com'
|
||||
# List of users to invite to all created rooms that include the relaybot.
|
||||
invites: []
|
||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||
message_formats:
|
||||
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
||||
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
||||
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
||||
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
||||
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
||||
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
||||
# Logging config.
|
||||
logging:
|
||||
# The directory for log files. Will be created if not found.
|
||||
directory: ./logs
|
||||
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
||||
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
||||
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
||||
file_date_format: "2006-01-02"
|
||||
# Log file permissions.
|
||||
file_mode: 0600
|
||||
# Timestamp format for log entries in the Go time format.
|
||||
timestamp_format: "Jan _2, 2006 15:04:05"
|
||||
# Minimum severity for log messages.
|
||||
# Options: debug, info, warn, error, fatal
|
||||
print_level: debug
|
||||
matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
Normal file
@ -0,0 +1,169 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
# Homeserver details.
|
||||
homeserver:
|
||||
# The address that this appservice can use to connect to the homeserver.
|
||||
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
|
||||
# The domain of the homeserver (for MXIDs, etc).
|
||||
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
|
||||
# Application service host/registration related details.
|
||||
# Changing these values requires regeneration of the registration.
|
||||
|
||||
appservice:
|
||||
# The address that the homeserver can use to connect to this appservice.
|
||||
address: {{ matrix_mautrix_whatsapp_appservice_address }}
|
||||
|
||||
# The hostname and port where this appservice should listen.
|
||||
hostname: 0.0.0.0
|
||||
port: 8080
|
||||
|
||||
# Database config.
|
||||
database:
|
||||
# The database type. "sqlite3" and "postgres" are supported.
|
||||
type: sqlite3
|
||||
# The database URI.
|
||||
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
|
||||
# Postgres: Connection string. For example, postgres://user:password@host/database
|
||||
uri: mautrix-whatsapp.db
|
||||
# Maximum number of connections. Mostly relevant for Postgres.
|
||||
max_open_conns: 20
|
||||
max_idle_conns: 2
|
||||
|
||||
# Path to the Matrix room state store.
|
||||
state_store_path: ./mx-state.json
|
||||
|
||||
# The unique ID of this appservice.
|
||||
id: whatsapp
|
||||
# Appservice bot details.
|
||||
bot:
|
||||
# Username of the appservice bot.
|
||||
username: whatsappbot
|
||||
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
|
||||
# to leave display name/avatar as-is.
|
||||
displayname: WhatsApp bridge bot
|
||||
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
|
||||
|
||||
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
|
||||
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
|
||||
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
|
||||
|
||||
# Bridge config
|
||||
bridge:
|
||||
# Localpart template of MXIDs for WhatsApp users.
|
||||
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
|
||||
username_template: "{{ 'whatsapp_{{.}}' }}"
|
||||
# Displayname template for WhatsApp users.
|
||||
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
|
||||
# {{ '{{.Jid}}' }} - phone number (international format)
|
||||
# The following variables are also available, but will cause problems on multi-user instances:
|
||||
# {{ '{{.Name}}' }} - display name from contact list
|
||||
# {{ '{{.Short}}' }} - short display name from contact list
|
||||
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
|
||||
# WhatsApp connection timeout in seconds.
|
||||
connection_timeout: 20
|
||||
# Maximum number of times to retry connecting on connection error.
|
||||
max_connection_attempts: 3
|
||||
# Number of seconds to wait between connection attempts.
|
||||
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
|
||||
connection_retry_delay: -1
|
||||
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
|
||||
# If false, it will only report when it stops retrying.
|
||||
report_connection_retry: true
|
||||
# Maximum number of seconds to wait for chats to be sent at startup.
|
||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||
chat_list_wait: 30
|
||||
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
|
||||
# If this is too low and you have lots of chats, it could cause backfilling to fail.
|
||||
portal_sync_wait: 600
|
||||
|
||||
# Whether or not to send call start/end notices to Matrix.
|
||||
call_notices:
|
||||
start: true
|
||||
end: true
|
||||
|
||||
# Number of chats to sync for new users.
|
||||
initial_chat_sync_count: 10
|
||||
# Number of old messages to fill when creating new portal rooms.
|
||||
initial_history_fill_count: 20
|
||||
# Maximum number of chats to sync when recovering from downtime.
|
||||
# Set to -1 to sync all new chats during downtime.
|
||||
recovery_chat_sync_limit: -1
|
||||
# Whether or not to sync history when recovering from downtime.
|
||||
recovery_history_backfill: true
|
||||
# Maximum number of seconds since last message in chat to skip
|
||||
# syncing the chat in any case. This setting will take priority
|
||||
# over both recovery_chat_sync_limit and initial_chat_sync_count.
|
||||
# Default is 3 days = 259200 seconds
|
||||
sync_max_chat_age: 259200
|
||||
|
||||
# Whether or not to sync with custom puppets to receive EDUs that
|
||||
# are not normally sent to appservices.
|
||||
sync_with_custom_puppets: true
|
||||
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#
|
||||
# If set, custom puppets will be enabled automatically for local users
|
||||
# instead of users having to find an access token and run `login-matrix`
|
||||
# manually.
|
||||
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
|
||||
|
||||
# Whether or not to invite own WhatsApp user's Matrix puppet into private
|
||||
# chat portals when backfilling if needed.
|
||||
# This always uses the default puppet instead of custom puppets due to
|
||||
# rate limits and timestamp massaging.
|
||||
invite_own_puppet_for_backfilling: true
|
||||
# Whether or not to explicitly set the avatar and room name for private
|
||||
# chat portal rooms. This can be useful if the previous field works fine,
|
||||
# but causes room avatar/name bugs.
|
||||
private_chat_portal_meta: false
|
||||
|
||||
# Allow invite permission for user. User can invite any bots to room with whatsapp
|
||||
# users (private chat and groups)
|
||||
allow_user_invite: false
|
||||
|
||||
# The prefix for commands. Only required in non-management rooms.
|
||||
command_prefix: "!wa"
|
||||
|
||||
# Permissions for using the bridge.
|
||||
# Permitted values:
|
||||
# user - Access to use the bridge to chat with a WhatsApp account.
|
||||
# admin - User level and some additional administration tools
|
||||
# Permitted keys:
|
||||
# * - All Matrix users
|
||||
# domain - All users on that homeserver
|
||||
# mxid - Specific user
|
||||
permissions:
|
||||
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
|
||||
|
||||
relaybot:
|
||||
# Whether or not relaybot support is enabled.
|
||||
enabled: false
|
||||
# The management room for the bot. This is where all status notifications are posted and
|
||||
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
|
||||
# the command prefix completely like in user management rooms is not possible.
|
||||
management: '!foo:example.com'
|
||||
# List of users to invite to all created rooms that include the relaybot.
|
||||
invites: []
|
||||
# The formats to use when sending messages to WhatsApp via the relaybot.
|
||||
message_formats:
|
||||
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
|
||||
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
|
||||
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
|
||||
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
|
||||
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
|
||||
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
|
||||
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
|
||||
# Logging config.
|
||||
logging:
|
||||
# The directory for log files. Will be created if not found.
|
||||
directory: ./logs
|
||||
# Available variables: .Date for the file date and .Index for different log files on the same day.
|
||||
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
|
||||
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
|
||||
file_date_format: "2006-01-02"
|
||||
# Log file permissions.
|
||||
file_mode: 0600
|
||||
# Timestamp format for log entries in the Go time format.
|
||||
timestamp_format: "Jan _2, 2006 15:04:05"
|
||||
# Minimum severity for log messages.
|
||||
# Options: debug, info, warn, error, fatal
|
||||
print_level: debug
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
|
||||
{{ matrix_mautrix_whatsapp_docker_image }} \
|
||||
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
|
||||
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mautrix-whatsapp
|
||||
|
@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mx_puppet_skype_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Address for the bridge to bind to; if running as a Docker container, you
|
||||
# probably want 0.0.0.0 here
|
||||
bindAddress: 0.0.0.0
|
||||
# Port to host the bridge on which your homeserver will connect to
|
||||
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
||||
# Name of your homeserver
|
||||
domain: {{ matrix_domain }}
|
||||
# URL where the bridge can connect to your homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
||||
# Optionally specify a different media URL used for the media store
|
||||
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
||||
# This enabled automatic double-puppeting:
|
||||
# A map for shared secrets of the homeserver URL to the shared secret
|
||||
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#loginSharedSecretMap:
|
||||
# yourserver.com: supersecretsharedsecret
|
||||
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
||||
loginSharedSecretMap:
|
||||
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||
{% endif %}
|
||||
# optionally override the display name of the bridge bot
|
||||
#displayname: Protocol Bot
|
||||
# optionally set the avatar of the bridge bot
|
||||
#avatarUrl: mxc://yourserver.com/somefile
|
||||
|
||||
logging:
|
||||
# Log level of console output
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
console: info
|
||||
# Optionally, you can apply filters to the console logging
|
||||
#console:
|
||||
# level: info
|
||||
# enabled:
|
||||
# - Store
|
||||
# disabled:
|
||||
# - PresenceHandler
|
||||
|
||||
# Date and time formatting
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
# Optionally enable/disable logging for certain modules
|
||||
#disabled:
|
||||
# - PresenceHandler
|
||||
# - module: bot-sdk-MatrixLiteClient
|
||||
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
||||
#enabled:
|
||||
# - Store
|
||||
|
||||
database:
|
||||
# Use Postgres as a database backend
|
||||
# If set, will be used instead of SQLite3
|
||||
# Connection string to connect to the Postgres instance
|
||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||
# Modify each value as necessary
|
||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||
# Use SQLite3 as a database backend
|
||||
# The name of the database file
|
||||
filename: /data/database.db
|
||||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
||||
|
||||
presence:
|
||||
# Bridge online/offline status
|
||||
enabled: true
|
||||
# How often to send status to the homeserver in milliseconds
|
||||
interval: 500
|
||||
# if the im.vector.user_status state setting should be diabled
|
||||
#disableStatusState: false
|
||||
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
||||
#statusStateBlacklist:
|
||||
# - baduser
|
||||
|
||||
relay:
|
||||
# Regex of Matrix IDs to allow to use the relay mode
|
||||
# Same format as in provisioning
|
||||
#whitelist:
|
||||
#- "@.*:yourserver\\.com"
|
||||
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
||||
|
||||
#blacklist:
|
||||
#- "@user:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
||||
|
||||
# Map certain homeserver URLs to the C-S API endpoint
|
||||
# Useful for double-puppeting if .well-known is unavailable for some reason
|
||||
#homeserverUrlMap:
|
||||
# yourserver.com: http://localhost:1234
|
||||
|
||||
namePatterns:
|
||||
# Override the protocols set default name patterns
|
||||
# Which variables are available depends on protocol implementation
|
||||
user: :name
|
||||
room: :name
|
||||
|
||||
limits:
|
||||
# Up to how many users should be auto-joined on room creation? -1 to disable
|
||||
# Defaults to 200
|
||||
maxAutojoinUsers: 200
|
||||
# How long the delay between two autojoin users should be, in millisectonds.
|
||||
# Defaults to 5000
|
||||
roomUserAutojoinDelay: 5000
|
||||
matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2
Normal file
@ -0,0 +1,138 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Address for the bridge to bind to; if running as a Docker container, you
|
||||
# probably want 0.0.0.0 here
|
||||
bindAddress: 0.0.0.0
|
||||
# Port to host the bridge on which your homeserver will connect to
|
||||
port: {{ matrix_mx_puppet_skype_appservice_port }}
|
||||
# Name of your homeserver
|
||||
domain: {{ matrix_domain }}
|
||||
# URL where the bridge can connect to your homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
|
||||
# Optionally specify a different media URL used for the media store
|
||||
mediaURL: https://{{ matrix_server_fqn_matrix }}
|
||||
# This enabled automatic double-puppeting:
|
||||
# A map for shared secrets of the homeserver URL to the shared secret
|
||||
# See https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
#loginSharedSecretMap:
|
||||
# yourserver.com: supersecretsharedsecret
|
||||
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
|
||||
loginSharedSecretMap:
|
||||
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
|
||||
{% endif %}
|
||||
# optionally override the display name of the bridge bot
|
||||
#displayname: Protocol Bot
|
||||
# optionally set the avatar of the bridge bot
|
||||
#avatarUrl: mxc://yourserver.com/somefile
|
||||
|
||||
logging:
|
||||
# Log level of console output
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
console: info
|
||||
# Optionally, you can apply filters to the console logging
|
||||
#console:
|
||||
# level: info
|
||||
# enabled:
|
||||
# - Store
|
||||
# disabled:
|
||||
# - PresenceHandler
|
||||
|
||||
# Date and time formatting
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
# Optionally enable/disable logging for certain modules
|
||||
#disabled:
|
||||
# - PresenceHandler
|
||||
# - module: bot-sdk-MatrixLiteClient
|
||||
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
|
||||
#enabled:
|
||||
# - Store
|
||||
|
||||
database:
|
||||
# Use Postgres as a database backend
|
||||
# If set, will be used instead of SQLite3
|
||||
# Connection string to connect to the Postgres instance
|
||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||
# Modify each value as necessary
|
||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||
# Use SQLite3 as a database backend
|
||||
# The name of the database file
|
||||
filename: /data/database.db
|
||||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
|
||||
|
||||
presence:
|
||||
# Bridge online/offline status
|
||||
enabled: true
|
||||
# How often to send status to the homeserver in milliseconds
|
||||
interval: 500
|
||||
# if the im.vector.user_status state setting should be diabled
|
||||
#disableStatusState: false
|
||||
# A blacklist of remote user IDs for the im.vector.user_status state setting
|
||||
#statusStateBlacklist:
|
||||
# - baduser
|
||||
|
||||
relay:
|
||||
# Regex of Matrix IDs to allow to use the relay mode
|
||||
# Same format as in provisioning
|
||||
#whitelist:
|
||||
#- "@.*:yourserver\\.com"
|
||||
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
|
||||
|
||||
#blacklist:
|
||||
#- "@user:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
|
||||
|
||||
# Map certain homeserver URLs to the C-S API endpoint
|
||||
# Useful for double-puppeting if .well-known is unavailable for some reason
|
||||
#homeserverUrlMap:
|
||||
# yourserver.com: http://localhost:1234
|
||||
|
||||
namePatterns:
|
||||
# Override the protocols set default name patterns
|
||||
# Which variables are available depends on protocol implementation
|
||||
user: :name
|
||||
room: :name
|
||||
|
||||
limits:
|
||||
# Up to how many users should be auto-joined on room creation? -1 to disable
|
||||
# Defaults to 200
|
||||
maxAutojoinUsers: 200
|
||||
# How long the delay between two autojoin users should be, in millisectonds.
|
||||
# Defaults to 5000
|
||||
roomUserAutojoinDelay: 5000
|
@ -11,13 +11,13 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
|
||||
{% endfor %}
|
||||
{{ matrix_mx_puppet_skype_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype
|
||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mx-puppet-skype
|
||||
|
@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true
|
||||
|
||||
matrix_mx_puppet_slack_container_image_self_build: false
|
||||
|
||||
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
|
||||
matrix_mx_puppet_slack_container_http_host_bind_port: ''
|
||||
|
||||
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
|
||||
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
|
||||
|
||||
@ -47,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
|
||||
matrix_mx_puppet_slack_appservice_token: ''
|
||||
matrix_mx_puppet_slack_homeserver_token: ''
|
||||
|
||||
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
|
||||
matrix_mx_puppet_slack_login_shared_secret: ''
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_mx_puppet_slack_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Port to host the bridge on
|
||||
# Used for communication between the homeserver and the bridge
|
||||
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
||||
# The host connections to the bridge's webserver are allowed from
|
||||
bindAddress: 0.0.0.0
|
||||
# Public domain of the homeserver
|
||||
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
||||
# Reachable URL of the Matrix homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
||||
|
||||
|
||||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||
oauth:
|
||||
enabled: false
|
||||
# Slack app credentials.
|
||||
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
||||
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
||||
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
||||
# Path where to listen for OAuth redirect callbacks.
|
||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||
# then set this field and the Slack app redirect URI field to the former.
|
||||
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
||||
|
||||
presence:
|
||||
# Bridge Discord online/offline status
|
||||
enabled: true
|
||||
# How often to send status to the homeserver in milliseconds
|
||||
interval: 500
|
||||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
||||
|
||||
# Shared secret for the provisioning API for use by integration managers.
|
||||
# If this is not set, the provisioning API will not be enabled.
|
||||
#sharedSecret: random string
|
||||
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
||||
apiPrefix: /_matrix/provision
|
||||
|
||||
database:
|
||||
# Use Postgres as a database backend
|
||||
# If set, will be used instead of SQLite3
|
||||
# Connection string to connect to the Postgres instance
|
||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||
# Modify each value as necessary
|
||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||
# Use SQLite3 as a database backend
|
||||
# The name of the database file
|
||||
filename: /data/database.db
|
||||
|
||||
logging:
|
||||
# Log level of console output
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
console: info
|
||||
# Date and time formatting
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
||||
matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
|
@ -50,17 +50,17 @@
|
||||
}}
|
||||
tags:
|
||||
- always
|
||||
when: matrix_appservice_slack_enabled|bool
|
||||
when: matrix_mx_puppet_slack_enabled|bool
|
||||
|
||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||
debug:
|
||||
msg: >-
|
||||
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
|
||||
reverse proxy.
|
||||
Please make sure that you're proxying the `{{ something }}`
|
||||
URL endpoint to the matrix-appservice-slack container.
|
||||
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
|
||||
URL endpoint to the matrix-mx-puppet-slack container.
|
||||
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
|
||||
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
||||
|
||||
# ansible lower than 2.8, does not support docker_image build parameters
|
||||
# for self buildig it is explicitly needed, so we rather fail here
|
||||
|
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2
Normal file
@ -0,0 +1,96 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
bridge:
|
||||
# Port to host the bridge on
|
||||
# Used for communication between the homeserver and the bridge
|
||||
port: {{ matrix_mx_puppet_slack_appservice_port }}
|
||||
# The host connections to the bridge's webserver are allowed from
|
||||
bindAddress: 0.0.0.0
|
||||
# Public domain of the homeserver
|
||||
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
|
||||
# Reachable URL of the Matrix homeserver
|
||||
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
|
||||
{% if matrix_mx_puppet_slack_login_shared_secret != '' %}
|
||||
loginSharedSecretMap:
|
||||
{{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
|
||||
{% endif %}
|
||||
|
||||
|
||||
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
|
||||
oauth:
|
||||
enabled: true
|
||||
# Slack app credentials.
|
||||
# N.B. This must be quoted so YAML wouldn't parse it as a float.
|
||||
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
|
||||
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
|
||||
# Path where to listen for OAuth redirect callbacks.
|
||||
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
|
||||
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
|
||||
# then set this field and the Slack app redirect URI field to the former.
|
||||
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
|
||||
|
||||
presence:
|
||||
# Bridge Discord online/offline status
|
||||
enabled: true
|
||||
# How often to send status to the homeserver in milliseconds
|
||||
interval: 500
|
||||
|
||||
provisioning:
|
||||
# Regex of Matrix IDs allowed to use the puppet bridge
|
||||
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
|
||||
# Allow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Allow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
# Allow anyone
|
||||
#- ".*"
|
||||
# Regex of Matrix IDs forbidden from using the puppet bridge
|
||||
#blacklist:
|
||||
# Disallow a specific user
|
||||
#- "@user:server\\.com"
|
||||
# Disallow users on a specific homeserver
|
||||
#- "@.*:yourserver\\.com"
|
||||
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
|
||||
|
||||
# Shared secret for the provisioning API for use by integration managers.
|
||||
# If this is not set, the provisioning API will not be enabled.
|
||||
#sharedSecret: random string
|
||||
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
|
||||
apiPrefix: /_matrix/provision
|
||||
|
||||
database:
|
||||
# Use Postgres as a database backend
|
||||
# If set, will be used instead of SQLite3
|
||||
# Connection string to connect to the Postgres instance
|
||||
# with username "user", password "pass", host "localhost" and database name "dbname".
|
||||
# Modify each value as necessary
|
||||
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
|
||||
# Use SQLite3 as a database backend
|
||||
# The name of the database file
|
||||
filename: /data/database.db
|
||||
|
||||
logging:
|
||||
# Log level of console output
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
console: info
|
||||
# Date and time formatting
|
||||
lineDateFormat: MMM-D HH:mm:ss.SSS
|
||||
# Logging files
|
||||
# Log files are rotated daily by default
|
||||
files:
|
||||
# Log file path
|
||||
- file: "/data/bridge.log"
|
||||
# Log level for this file
|
||||
# Allowed values starting with most verbose:
|
||||
# silly, debug, verbose, info, warn, error
|
||||
level: info
|
||||
# Date and time formatting
|
||||
datePattern: YYYY-MM-DD
|
||||
# Maximum number of logs to keep.
|
||||
# This can be a number of files or number of days.
|
||||
# If using days, add 'd' as a suffix
|
||||
maxFiles: 14d
|
||||
# Maximum size of the file after which it will rotate. This can be a
|
||||
# number of bytes, or units of kb, mb, and gb. If using the units, add
|
||||
# 'k', 'm', or 'g' as the suffix
|
||||
maxSize: 50m
|
@ -11,17 +11,20 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre=/bin/sleep 5
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_mx_puppet_slack_container_http_host_bind_port %}
|
||||
-p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \
|
||||
{% endif %}
|
||||
-e CONFIG_PATH=/config/config.yaml \
|
||||
-e REGISTRATION_PATH=/config/registration.yaml \
|
||||
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
|
||||
@ -31,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
|
||||
{% endfor %}
|
||||
{{ matrix_mx_puppet_slack_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
|
||||
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mx-puppet-slack
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-corporal
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-corporal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
||||
{{ matrix_corporal_docker_image }} \
|
||||
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-corporal
|
||||
ExecStop=-/usr/bin/docker rm matrix-corporal
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-corporal
|
||||
|
@ -99,7 +99,7 @@
|
||||
hour: "4"
|
||||
minute: "20"
|
||||
day: "*/5"
|
||||
job: /bin/systemctl reload matrix-coturn.service
|
||||
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
|
||||
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
|
||||
|
||||
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-coturn
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-coturn
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
|
||||
{{ matrix_coturn_docker_image }} \
|
||||
-c /turnserver.conf
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-coturn
|
||||
ExecStop=-/usr/bin/docker rm matrix-coturn
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
|
||||
|
||||
# This only reloads certificates (not other configuration).
|
||||
# See: https://github.com/coturn/coturn/pull/236
|
||||
ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
|
||||
ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1
|
||||
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_dimension_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: True
|
||||
# The web settings for the service (API and UI).
|
||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||
web:
|
||||
port: 8184
|
||||
address: '0.0.0.0'
|
||||
|
||||
# Homeserver configuration
|
||||
homeserver:
|
||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||
# setups, to identify the homeserver.
|
||||
name: "{{ matrix_domain }}"
|
||||
|
||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||
# use to access the homeserver with.
|
||||
clientServerUrl: "http://matrix-synapse:8008"
|
||||
|
||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||
# through the normal federation process.
|
||||
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
||||
|
||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
||||
# should be for a user on the configured homeserver: any user will do, however it is
|
||||
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
||||
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||
accessToken: "{{ matrix_dimension_access_token }}"
|
||||
|
||||
# These users can modify the integrations this Dimension supports.
|
||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||
admins: {{ matrix_dimension_admins|to_json }}
|
||||
|
||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||
widgetBlacklist:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
- 127.0.0.0/8
|
||||
|
||||
# Where the database for Dimension is
|
||||
database:
|
||||
file: "dimension.db"
|
||||
|
||||
# Display settings that apply to self-hosted go-neb instances
|
||||
goneb:
|
||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||
# make the bot's avatar an empty string.
|
||||
avatars:
|
||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||
|
||||
# Settings for how Dimension is represented to the public
|
||||
dimension:
|
||||
# This is where Dimension is accessible from clients. Be sure to set this
|
||||
# to your own Dimension instance.
|
||||
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
||||
|
||||
# Settings for controlling how logging works
|
||||
logging:
|
||||
file: /dev/null
|
||||
console: true
|
||||
consoleLevel: verbose
|
||||
fileLevel: info
|
||||
rotate:
|
||||
size: 52428800 # bytes, default is 50mb
|
||||
count: 5
|
||||
|
||||
matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_dimension_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for Dimension goes here.
|
||||
|
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
81
roles/matrix-dimension/templates/config.yaml.j2
Normal file
@ -0,0 +1,81 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
# The web settings for the service (API and UI).
|
||||
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
|
||||
web:
|
||||
port: 8184
|
||||
address: '0.0.0.0'
|
||||
|
||||
# Homeserver configuration
|
||||
homeserver:
|
||||
# The domain name of the homeserver. This is used in many places, such as with go-neb
|
||||
# setups, to identify the homeserver.
|
||||
name: "{{ matrix_domain }}"
|
||||
|
||||
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
|
||||
# use to access the homeserver with.
|
||||
clientServerUrl: "http://matrix-synapse:8008"
|
||||
|
||||
# The URL that Dimension should use when trying to communicate with federated APIs on
|
||||
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
|
||||
# through the normal federation process.
|
||||
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
|
||||
|
||||
# The URL that Dimension will redirect media requests to for downloading media such as
|
||||
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
|
||||
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
|
||||
|
||||
# The access token Dimension should use for miscellaneous access to the homeserver. This
|
||||
# should be for a user on the configured homeserver: any user will do, however it is
|
||||
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
|
||||
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
|
||||
accessToken: "{{ matrix_dimension_access_token }}"
|
||||
|
||||
# These users can modify the integrations this Dimension supports.
|
||||
# To access the admin interface, open Dimension in Riot and click the settings icon.
|
||||
admins: {{ matrix_dimension_admins|to_json }}
|
||||
|
||||
# IPs and CIDR ranges listed here will be blocked from being widgets.
|
||||
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
|
||||
widgetBlacklist:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
- 127.0.0.0/8
|
||||
|
||||
# Where the database for Dimension is
|
||||
database:
|
||||
file: "dimension.db"
|
||||
|
||||
# Display settings that apply to self-hosted go-neb instances
|
||||
goneb:
|
||||
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
|
||||
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
|
||||
# make the bot's avatar an empty string.
|
||||
avatars:
|
||||
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
|
||||
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
|
||||
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
|
||||
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
|
||||
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
|
||||
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
|
||||
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
|
||||
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
|
||||
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
|
||||
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
|
||||
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
|
||||
|
||||
# Settings for how Dimension is represented to the public
|
||||
dimension:
|
||||
# This is where Dimension is accessible from clients. Be sure to set this
|
||||
# to your own Dimension instance.
|
||||
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
|
||||
|
||||
# Settings for controlling how logging works
|
||||
logging:
|
||||
file: /dev/null
|
||||
console: true
|
||||
consoleLevel: verbose
|
||||
fileLevel: info
|
||||
rotate:
|
||||
size: 52428800 # bytes, default is 50mb
|
||||
count: 5
|
@ -6,13 +6,13 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-dimension
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-dimension
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||
|
||||
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
|
||||
ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
||||
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
|
||||
{% endfor %}
|
||||
{{ matrix_dimension_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-dimension
|
||||
ExecStop=-/usr/bin/docker rm matrix-dimension
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-dimension
|
||||
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
|
||||
{% endfor %}
|
||||
{{ matrix_email2matrix_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-email2matrix
|
||||
ExecStop=-/usr/bin/docker rm matrix-email2matrix
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-email2matrix
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
|
||||
--log-driver=none \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
|
||||
@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
|
||||
{% endfor %}
|
||||
{{ matrix_jitsi_jicofo_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
|
||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-jitsi-jicofo
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
|
||||
--log-driver=none \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
|
||||
@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
|
||||
{% endfor %}
|
||||
{{ matrix_jitsi_jvb_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
|
||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-jitsi-jvb
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
|
||||
--log-driver=none \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
|
||||
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
|
||||
{% endfor %}
|
||||
{{ matrix_jitsi_prosody_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
|
||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-jitsi-prosody
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
|
||||
--log-driver=none \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--env-file={{ matrix_jitsi_web_base_path }}/env \
|
||||
@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
|
||||
{% endfor %}
|
||||
{{ matrix_jitsi_web_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
|
||||
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-jitsi-web
|
||||
|
@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_ma1sd_configuration_yaml: |
|
||||
#jinja2: lstrip_blocks: True
|
||||
matrix:
|
||||
domain: {{ matrix_domain }}
|
||||
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
||||
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
||||
|
||||
server:
|
||||
name: {{ matrix_server_fqn_matrix }}
|
||||
|
||||
key:
|
||||
path: /var/ma1sd/sign.key
|
||||
|
||||
storage:
|
||||
provider:
|
||||
sqlite:
|
||||
database: /var/ma1sd/ma1sd.db
|
||||
|
||||
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
||||
dns:
|
||||
overwrite:
|
||||
homeserver:
|
||||
client:
|
||||
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
||||
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
||||
forward:
|
||||
servers: ['matrix-org']
|
||||
{% endif %}
|
||||
|
||||
threepid:
|
||||
medium:
|
||||
email:
|
||||
identity:
|
||||
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
||||
connectors:
|
||||
smtp:
|
||||
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
||||
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
||||
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
||||
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
||||
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
||||
generators:
|
||||
template:
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
||||
invite: '/var/ma1sd/invite-template.eml'
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||
session:
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
||||
validation: '/var/ma1sd/validate-template.eml'
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||
unbind:
|
||||
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
||||
generic:
|
||||
matrixId: '/var/ma1sd/mxid-template.eml'
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
synapseSql:
|
||||
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
||||
type: {{ matrix_ma1sd_synapsesql_type }}
|
||||
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
||||
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
|
||||
|
||||
matrix_ma1sd_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for ma1sd goes here.
|
||||
|
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2
Normal file
@ -0,0 +1,69 @@
|
||||
#jinja2: lstrip_blocks: True
|
||||
matrix:
|
||||
domain: {{ matrix_domain }}
|
||||
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
|
||||
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
|
||||
|
||||
server:
|
||||
name: {{ matrix_server_fqn_matrix }}
|
||||
|
||||
key:
|
||||
path: /var/ma1sd/sign.key
|
||||
|
||||
storage:
|
||||
provider:
|
||||
sqlite:
|
||||
database: /var/ma1sd/ma1sd.db
|
||||
|
||||
{% if matrix_ma1sd_dns_overwrite_enabled %}
|
||||
dns:
|
||||
overwrite:
|
||||
homeserver:
|
||||
client:
|
||||
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
|
||||
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
|
||||
forward:
|
||||
servers: ['matrix-org']
|
||||
{% endif %}
|
||||
|
||||
threepid:
|
||||
medium:
|
||||
email:
|
||||
identity:
|
||||
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
|
||||
connectors:
|
||||
smtp:
|
||||
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
|
||||
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
|
||||
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
|
||||
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
|
||||
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
|
||||
generators:
|
||||
template:
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
|
||||
invite: '/var/ma1sd/invite-template.eml'
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||
session:
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
|
||||
validation: '/var/ma1sd/validate-template.eml'
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
|
||||
unbind:
|
||||
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
|
||||
generic:
|
||||
matrixId: '/var/ma1sd/mxid-template.eml'
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
synapseSql:
|
||||
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
|
||||
type: {{ matrix_ma1sd_synapsesql_type }}
|
||||
connection: {{ matrix_ma1sd_synapsesql_connection }}
|
@ -11,12 +11,12 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-ma1sd
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-ma1sd
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||
|
||||
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
|
||||
# so /tmp needs to be mounted with an exec option.
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
|
||||
{% endfor %}
|
||||
{{ matrix_ma1sd_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-ma1sd
|
||||
ExecStop=-/usr/bin/docker rm matrix-ma1sd
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-ma1sd
|
||||
|
@ -2,7 +2,12 @@ matrix_mailer_enabled: true
|
||||
|
||||
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
|
||||
|
||||
matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0"
|
||||
matrix_mailer_container_image_self_build: false
|
||||
matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
|
||||
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
|
||||
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
|
||||
|
||||
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
|
||||
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
|
||||
|
||||
# The user/group that the container runs with.
|
||||
|
@ -6,12 +6,15 @@
|
||||
|
||||
- name: Ensure mailer base path exists
|
||||
file:
|
||||
path: "{{ matrix_mailer_base_path }}"
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_mailer_enabled|bool
|
||||
with_items:
|
||||
- { path: "{{ matrix_mailer_base_path }}", when: true }
|
||||
- { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
|
||||
when: "matrix_mailer_enabled|bool and item.when"
|
||||
|
||||
- name: Ensure mailer environment variables file created
|
||||
template:
|
||||
@ -20,13 +23,31 @@
|
||||
mode: 0640
|
||||
when: matrix_mailer_enabled|bool
|
||||
|
||||
- name: Ensure mailer image is pulled
|
||||
- name: Ensure exim-relay repository is present on self-build
|
||||
git:
|
||||
repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
|
||||
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||
version: "{{ matrix_mailer_container_image_self_build_version }}"
|
||||
force: "yes"
|
||||
when: "matrix_mailer_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure exim-relay Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_mailer_docker_image }}"
|
||||
source: build
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure exim-relay image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mailer_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
|
||||
when: matrix_mailer_enabled|bool
|
||||
when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-mailer.service installed
|
||||
template:
|
||||
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-mailer
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-mailer
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
|
||||
{% endfor %}
|
||||
{{ matrix_mailer_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-mailer
|
||||
ExecStop=-/usr/bin/docker rm matrix-mailer
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-mailer
|
||||
|
@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
|
||||
# We use an official nginx image, which we fix-up to run unprivileged.
|
||||
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
|
||||
# that is frequently out of date.
|
||||
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
|
||||
matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
|
||||
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
|
||||
@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
|
||||
|
||||
# Controls whether to obtain production or staging certificates from Let's Encrypt.
|
||||
matrix_ssl_lets_encrypt_staging: false
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
|
||||
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
|
||||
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
|
||||
matrix_ssl_lets_encrypt_support_email: ~
|
||||
|
@ -84,7 +84,7 @@
|
||||
hour: "5"
|
||||
minute: "20"
|
||||
day: "*"
|
||||
job: /bin/systemctl reload matrix-nginx-proxy.service
|
||||
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
# We suppress the error, as we'll try another method below.
|
||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
|
||||
shell: >-
|
||||
/usr/bin/docker run
|
||||
{{ matrix_host_command_docker }} run
|
||||
--rm
|
||||
--name=matrix-certbot
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
@ -43,7 +43,7 @@
|
||||
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
|
||||
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
|
||||
shell: >-
|
||||
/usr/bin/docker run
|
||||
{{ matrix_host_command_docker }} run
|
||||
--rm
|
||||
--name=matrix-certbot
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
|
@ -150,7 +150,7 @@
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
location /_synapse/admin {
|
||||
location /_synapse {
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
|
@ -11,10 +11,10 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
|
||||
{% endfor %}
|
||||
{{ matrix_nginx_proxy_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
|
||||
ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
|
||||
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
|
||||
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-nginx-proxy
|
||||
|
@ -8,10 +8,10 @@ matrix_postgres_db_name: ""
|
||||
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
|
||||
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
|
||||
|
||||
matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine"
|
||||
matrix_postgres_docker_image_v10: "postgres:10.12-alpine"
|
||||
matrix_postgres_docker_image_v11: "postgres:11.7-alpine"
|
||||
matrix_postgres_docker_image_v12: "postgres:12.2-alpine"
|
||||
matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine"
|
||||
matrix_postgres_docker_image_v10: "postgres:10.13-alpine"
|
||||
matrix_postgres_docker_image_v11: "postgres:11.8-alpine"
|
||||
matrix_postgres_docker_image_v12: "postgres:12.3-alpine"
|
||||
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
|
||||
|
||||
# This variable is assigned at runtime. Overriding its value has no effect.
|
||||
|
@ -63,7 +63,7 @@
|
||||
- name: Generate Postgres database import command
|
||||
set_fact:
|
||||
matrix_postgres_import_command: >-
|
||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
|
@ -79,6 +79,7 @@
|
||||
--network={{ matrix_docker_network }}
|
||||
--entrypoint=python
|
||||
-v {{ matrix_synapse_config_dir_path }}:/data
|
||||
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
|
||||
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
|
||||
{{ matrix_synapse_docker_image }}
|
||||
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml
|
||||
|
@ -66,7 +66,7 @@
|
||||
- name: Generate Postgres database synapse-janitor command
|
||||
set_fact:
|
||||
matrix_postgres_synapse_janitor_command: >-
|
||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-janitor
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
|
@ -45,7 +45,7 @@
|
||||
- name: Generate Postgres database vacuum command
|
||||
set_fact:
|
||||
matrix_postgres_vacuum_command: >-
|
||||
/usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
|
@ -79,7 +79,7 @@
|
||||
# we need to remove these from the dump, or we'll get errors saying these already exist.
|
||||
- name: Perform Postgres database dump
|
||||
command: >-
|
||||
/usr/bin/docker run --rm --name matrix-postgres-dump
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--network={{ matrix_docker_network }}
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||
@ -123,7 +123,7 @@
|
||||
- name: Generate Postgres database import command
|
||||
set_fact:
|
||||
matrix_postgres_import_command: >-
|
||||
/usr/bin/docker run --rm --name matrix-postgres-import
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker stop matrix-postgres
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-postgres
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
|
||||
{% endfor %}
|
||||
{{ matrix_postgres_docker_image_to_use }}
|
||||
|
||||
ExecStop=-/usr/bin/docker stop matrix-postgres
|
||||
ExecStop=-/usr/bin/docker rm matrix-postgres
|
||||
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-postgres
|
||||
|
@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
|
||||
|
||||
matrix_riot_web_container_image_self_build: false
|
||||
|
||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1"
|
||||
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4"
|
||||
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"
|
||||
|
@ -8,10 +8,10 @@ After={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-riot-web
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-riot-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||
{% endif %}
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
|
||||
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||
-v /dev/null:/etc/nginx/conf.d/default.conf:ro \
|
||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
|
||||
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
|
||||
{% if matrix_riot_web_embedded_pages_home_path is not none %}
|
||||
@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
|
||||
{% endfor %}
|
||||
{{ matrix_riot_web_docker_image }}
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-riot-web
|
||||
ExecStop=-/usr/bin/docker rm matrix-riot-web
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-riot-web
|
||||
|
@ -5,7 +5,7 @@ matrix_synapse_enabled: true
|
||||
|
||||
matrix_synapse_container_image_self_build: false
|
||||
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0"
|
||||
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||
@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true
|
||||
# Controls the number of events that Synapse caches in memory.
|
||||
matrix_synapse_event_cache_size: "100K"
|
||||
|
||||
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
|
||||
# Controls cache sizes for Synapse.
|
||||
# Raise this to increase cache sizes or lower it to potentially lower memory use.
|
||||
# To learn more, see:
|
||||
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
|
||||
# - https://github.com/matrix-org/synapse/issues/3939
|
||||
matrix_synapse_cache_factor: 0.5
|
||||
matrix_synapse_caches_global_factor: 0.5
|
||||
|
||||
# Controls whether Synapse will federate at all.
|
||||
# Disable this to completely isolate your server from the rest of the Matrix network.
|
||||
@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
|
||||
# Enable this to activate the Shared Secret Auth password provider module.
|
||||
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
|
||||
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
|
||||
|
||||
# Enable this to activate LDAP password provider
|
||||
@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5"
|
||||
#
|
||||
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
|
||||
# If not, you can also control its value manually.
|
||||
matrix_synapse_spam_checker: ~
|
||||
matrix_synapse_spam_checker: []
|
||||
|
||||
matrix_synapse_trusted_key_servers:
|
||||
- server_name: "matrix.org"
|
||||
|
@ -38,10 +38,15 @@
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_spam_checker:
|
||||
module: "synapse_simple_antispam.AntiSpamInvites"
|
||||
config:
|
||||
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
|
||||
matrix_synapse_spam_checker: >
|
||||
{{ matrix_synapse_spam_checker }}
|
||||
+
|
||||
[{
|
||||
"module": "synapse_simple_antispam.AntiSpamInvites",
|
||||
"config": {
|
||||
"blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
|
||||
}
|
||||
}]
|
||||
|
||||
matrix_synapse_container_extra_arguments: >
|
||||
{{ matrix_synapse_container_extra_arguments|default([]) }}
|
||||
|
@ -11,7 +11,7 @@
|
||||
|
||||
- name: Fail if Matrix Federation API not working
|
||||
fail:
|
||||
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
|
||||
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
|
||||
|
||||
- name: Fail if Matrix Federation API unexpectedly enabled
|
||||
|
@ -36,7 +36,7 @@
|
||||
when: "start_result.changed or postgres_start_result.changed"
|
||||
|
||||
- name: Generate password hash
|
||||
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
||||
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
|
||||
register: password_hash
|
||||
|
||||
- name: Update user password hash
|
||||
|
@ -31,3 +31,4 @@
|
||||
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
|
||||
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
|
||||
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
|
||||
- {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}
|
||||
|
@ -6,10 +6,10 @@ Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill %n
|
||||
ExecStartPre=-/usr/bin/docker rm %n
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill %n
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm %n
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name %n \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
-v /etc/passwd:/etc/passwd:ro \
|
||||
@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \
|
||||
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
|
||||
|
||||
TimeoutStartSec=5min
|
||||
ExecStop=-/usr/bin/docker stop %n
|
||||
ExecStop=-/usr/bin/docker kill %n
|
||||
ExecStop=-/usr/bin/docker rm %n
|
||||
ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }}
|
||||
ExecStop=-{{ matrix_host_command_docker }} stop %n
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill %n
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm %n
|
||||
ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }}
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
SyslogIdentifier=matrix-goofys
|
||||
|
@ -320,22 +320,27 @@ listeners:
|
||||
# Used by phonehome stats to group together related servers.
|
||||
#server_context: context
|
||||
|
||||
# Resource-constrained homeserver Settings
|
||||
# Resource-constrained homeserver settings
|
||||
#
|
||||
# If limit_remote_rooms.enabled is True, the room complexity will be
|
||||
# checked before a user joins a new remote room. If it is above
|
||||
# limit_remote_rooms.complexity, it will disallow joining or
|
||||
# instantly leave.
|
||||
# When this is enabled, the room "complexity" will be checked before a user
|
||||
# joins a new remote room. If it is above the complexity limit, the server will
|
||||
# disallow joining, or will instantly leave.
|
||||
#
|
||||
# limit_remote_rooms.complexity_error can be set to customise the text
|
||||
# displayed to the user when a room above the complexity threshold has
|
||||
# its join cancelled.
|
||||
# Room complexity is an arbitrary measure based on factors such as the number of
|
||||
# users in the room.
|
||||
#
|
||||
# Uncomment the below lines to enable:
|
||||
#limit_remote_rooms:
|
||||
# enabled: True
|
||||
# complexity: 1.0
|
||||
# complexity_error: "This room is too complex."
|
||||
limit_remote_rooms:
|
||||
# Uncomment to enable room complexity checking.
|
||||
#
|
||||
#enabled: true
|
||||
|
||||
# the limit above which rooms cannot be joined. The default is 1.0.
|
||||
#
|
||||
#complexity: 0.5
|
||||
|
||||
# override the error which is returned when the room is too complex.
|
||||
#
|
||||
#complexity_error: "This room is too complex."
|
||||
|
||||
# Whether to require a user to be in the room to add an alias to it.
|
||||
# Defaults to 'true'.
|
||||
@ -605,6 +610,50 @@ acme:
|
||||
|
||||
|
||||
|
||||
## Caching ##
|
||||
|
||||
# Caching can be configured through the following options.
|
||||
#
|
||||
# A cache 'factor' is a multiplier that can be applied to each of
|
||||
# Synapse's caches in order to increase or decrease the maximum
|
||||
# number of entries that can be stored.
|
||||
|
||||
# The number of events to cache in memory. Not affected by
|
||||
# caches.global_factor.
|
||||
#
|
||||
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
||||
|
||||
caches:
|
||||
# Controls the global cache factor, which is the default cache factor
|
||||
# for all caches if a specific factor for that cache is not otherwise
|
||||
# set.
|
||||
#
|
||||
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
|
||||
# variable. Setting by environment variable takes priority over
|
||||
# setting through the config file.
|
||||
#
|
||||
# Defaults to 0.5, which will half the size of all caches.
|
||||
#
|
||||
global_factor: {{ matrix_synapse_caches_global_factor }}
|
||||
|
||||
# A dictionary of cache name to cache factor for that individual
|
||||
# cache. Overrides the global cache factor for a given cache.
|
||||
#
|
||||
# These can also be set through environment variables comprised
|
||||
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
|
||||
# letters and underscores. Setting by environment variable
|
||||
# takes priority over setting through the config file.
|
||||
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
|
||||
#
|
||||
# Some caches have '*' and other characters that are not
|
||||
# alphanumeric or underscores. These caches can be named with or
|
||||
# without the special characters stripped. For example, to specify
|
||||
# the cache factor for `*stateGroupCache*` via an environment
|
||||
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
|
||||
#
|
||||
per_cache_factors:
|
||||
#get_users_who_share_room_with_user: 2.0
|
||||
|
||||
## Database ##
|
||||
|
||||
database:
|
||||
@ -618,10 +667,6 @@ database:
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
||||
# Number of events to cache in memory.
|
||||
#
|
||||
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
|
||||
|
||||
|
||||
## Logging ##
|
||||
|
||||
@ -884,25 +929,28 @@ url_preview_accept_language:
|
||||
|
||||
|
||||
## Captcha ##
|
||||
# See docs/CAPTCHA_SETUP for full details of configuring this.
|
||||
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
|
||||
|
||||
# This homeserver's ReCAPTCHA public key.
|
||||
# This homeserver's ReCAPTCHA public key. Must be specified if
|
||||
# enable_registration_captcha is enabled.
|
||||
#
|
||||
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
|
||||
|
||||
# This homeserver's ReCAPTCHA private key.
|
||||
# This homeserver's ReCAPTCHA private key. Must be specified if
|
||||
# enable_registration_captcha is enabled.
|
||||
#
|
||||
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
|
||||
|
||||
# Enables ReCaptcha checks when registering, preventing signup
|
||||
# Uncomment to enable ReCaptcha checks when registering, preventing signup
|
||||
# unless a captcha is answered. Requires a valid ReCaptcha
|
||||
# public/private key.
|
||||
# public/private key. Defaults to 'false'.
|
||||
#
|
||||
#enable_registration_captcha: false
|
||||
#enable_registration_captcha: true
|
||||
|
||||
# The API endpoint to use for verifying m.login.recaptcha responses.
|
||||
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
|
||||
#
|
||||
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
|
||||
#recaptcha_siteverify_api: "https://my.recaptcha.site"
|
||||
|
||||
|
||||
## TURN ##
|
||||
@ -1151,6 +1199,13 @@ auto_join_rooms:
|
||||
#
|
||||
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
|
||||
|
||||
# When auto_join_rooms is specified, setting this flag to false prevents
|
||||
# guest accounts from being automatically joined to the rooms.
|
||||
#
|
||||
# Defaults to true.
|
||||
#
|
||||
#auto_join_rooms_for_guests: false
|
||||
|
||||
|
||||
## Metrics ###
|
||||
|
||||
@ -1182,6 +1237,7 @@ metrics_flags:
|
||||
#known_servers: true
|
||||
|
||||
# Whether or not to report anonymized homeserver usage statistics.
|
||||
#
|
||||
report_stats: {{ matrix_synapse_report_stats|to_json }}
|
||||
|
||||
# The endpoint to report the anonymized homeserver usage statistics to.
|
||||
@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
|
||||
#key_server_signing_keys_path: "key_server_signing_keys.key"
|
||||
|
||||
|
||||
## Single sign-on integration ##
|
||||
|
||||
# Enable SAML2 for registration and login. Uses pysaml2.
|
||||
#
|
||||
# At least one of `sp_config` or `config_path` must be set in this section to
|
||||
@ -1440,7 +1498,13 @@ saml2_config:
|
||||
# * HTML page to display to users if something goes wrong during the
|
||||
# authentication process: 'saml_error.html'.
|
||||
#
|
||||
# This template doesn't currently need any variable to render.
|
||||
# When rendering, this template is given the following variables:
|
||||
# * code: an HTML error code corresponding to the error that is being
|
||||
# returned (typically 400 or 500)
|
||||
#
|
||||
# * msg: a textual message describing the error.
|
||||
#
|
||||
# The variables will automatically be HTML-escaped.
|
||||
#
|
||||
# You can see the default templates at:
|
||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||
@ -1448,6 +1512,121 @@ saml2_config:
|
||||
#template_dir: "res/templates"
|
||||
|
||||
|
||||
# OpenID Connect integration. The following settings can be used to make Synapse
|
||||
# use an OpenID Connect Provider for authentication, instead of its internal
|
||||
# password database.
|
||||
#
|
||||
# See https://github.com/matrix-org/synapse/blob/master/openid.md.
|
||||
#
|
||||
oidc_config:
|
||||
# Uncomment the following to enable authorization against an OpenID Connect
|
||||
# server. Defaults to false.
|
||||
#
|
||||
#enabled: true
|
||||
|
||||
# Uncomment the following to disable use of the OIDC discovery mechanism to
|
||||
# discover endpoints. Defaults to true.
|
||||
#
|
||||
#discover: false
|
||||
|
||||
# the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
|
||||
# discover the provider's endpoints.
|
||||
#
|
||||
# Required if 'enabled' is true.
|
||||
#
|
||||
#issuer: "https://accounts.example.com/"
|
||||
|
||||
# oauth2 client id to use.
|
||||
#
|
||||
# Required if 'enabled' is true.
|
||||
#
|
||||
#client_id: "provided-by-your-issuer"
|
||||
|
||||
# oauth2 client secret to use.
|
||||
#
|
||||
# Required if 'enabled' is true.
|
||||
#
|
||||
#client_secret: "provided-by-your-issuer"
|
||||
|
||||
# auth method to use when exchanging the token.
|
||||
# Valid values are 'client_secret_basic' (default), 'client_secret_post' and
|
||||
# 'none'.
|
||||
#
|
||||
#client_auth_method: client_secret_post
|
||||
|
||||
# list of scopes to request. This should normally include the "openid" scope.
|
||||
# Defaults to ["openid"].
|
||||
#
|
||||
#scopes: ["openid", "profile"]
|
||||
|
||||
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
|
||||
#
|
||||
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
|
||||
|
||||
# the oauth2 token endpoint. Required if provider discovery is disabled.
|
||||
#
|
||||
#token_endpoint: "https://accounts.example.com/oauth2/token"
|
||||
|
||||
# the OIDC userinfo endpoint. Required if discovery is disabled and the
|
||||
# "openid" scope is not requested.
|
||||
#
|
||||
#userinfo_endpoint: "https://accounts.example.com/userinfo"
|
||||
|
||||
# URI where to fetch the JWKS. Required if discovery is disabled and the
|
||||
# "openid" scope is used.
|
||||
#
|
||||
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
|
||||
|
||||
# Uncomment to skip metadata verification. Defaults to false.
|
||||
#
|
||||
# Use this if you are connecting to a provider that is not OpenID Connect
|
||||
# compliant.
|
||||
# Avoid this in production.
|
||||
#
|
||||
#skip_verification: true
|
||||
|
||||
# An external module can be provided here as a custom solution to mapping
|
||||
# attributes returned from a OIDC provider onto a matrix user.
|
||||
#
|
||||
user_mapping_provider:
|
||||
# The custom module's class. Uncomment to use a custom module.
|
||||
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
|
||||
#
|
||||
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
|
||||
# for information on implementing a custom mapping provider.
|
||||
#
|
||||
#module: mapping_provider.OidcMappingProvider
|
||||
|
||||
# Custom configuration values for the module. This section will be passed as
|
||||
# a Python dictionary to the user mapping provider module's `parse_config`
|
||||
# method.
|
||||
#
|
||||
# The examples below are intended for the default provider: they should be
|
||||
# changed if using a custom provider.
|
||||
#
|
||||
config:
|
||||
# name of the claim containing a unique identifier for the user.
|
||||
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
|
||||
#
|
||||
#subject_claim: "sub"
|
||||
|
||||
# Jinja2 template for the localpart of the MXID.
|
||||
#
|
||||
# When rendering, this template is given the following variables:
|
||||
# * user: The claims returned by the UserInfo Endpoint and/or in the ID
|
||||
# Token
|
||||
#
|
||||
# This must be configured if using the default mapping provider.
|
||||
#
|
||||
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
||||
|
||||
# Jinja2 template for the display name to set on first login.
|
||||
#
|
||||
# If unset, no displayname will be set.
|
||||
#
|
||||
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
|
||||
|
||||
|
||||
|
||||
# Enable CAS for registration and login.
|
||||
#
|
||||
@ -1455,10 +1634,97 @@ saml2_config:
|
||||
# enabled: true
|
||||
# server_url: "https://cas-server.com"
|
||||
# service_url: "https://homeserver.domain.com:8448"
|
||||
# #displayname_attribute: name
|
||||
# #required_attributes:
|
||||
# # name: value
|
||||
|
||||
|
||||
# Additional settings to use with single-sign on systems such as OpenID Connect,
|
||||
# SAML2 and CAS.
|
||||
#
|
||||
sso:
|
||||
# A list of client URLs which are whitelisted so that the user does not
|
||||
# have to confirm giving access to their account to the URL. Any client
|
||||
# whose URL starts with an entry in the following list will not be subject
|
||||
# to an additional confirmation step after the SSO login is completed.
|
||||
#
|
||||
# WARNING: An entry such as "https://my.client" is insecure, because it
|
||||
# will also match "https://my.client.evil.site", exposing your users to
|
||||
# phishing attacks from evil.site. To avoid this, include a slash after the
|
||||
# hostname: "https://my.client/".
|
||||
#
|
||||
# If public_baseurl is set, then the login fallback page (used by clients
|
||||
# that don't natively support the required login flows) is whitelisted in
|
||||
# addition to any URLs in this list.
|
||||
#
|
||||
# By default, this list is empty.
|
||||
#
|
||||
#client_whitelist:
|
||||
# - https://riot.im/develop
|
||||
# - https://my.custom.client/
|
||||
|
||||
# Directory in which Synapse will try to find the template files below.
|
||||
# If not set, default templates from within the Synapse package will be used.
|
||||
#
|
||||
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
|
||||
# If you *do* uncomment it, you will need to make sure that all the templates
|
||||
# below are in the directory.
|
||||
#
|
||||
# Synapse will look for the following templates in this directory:
|
||||
#
|
||||
# * HTML page for a confirmation step before redirecting back to the client
|
||||
# with the login token: 'sso_redirect_confirm.html'.
|
||||
#
|
||||
# When rendering, this template is given three variables:
|
||||
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||
# manual escaping (see
|
||||
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||
#
|
||||
# * display_url: the same as `redirect_url`, but with the query
|
||||
# parameters stripped. The intention is to have a
|
||||
# human-readable URL to show to users, not to use it as
|
||||
# the final address to redirect to. Needs manual escaping
|
||||
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||
#
|
||||
# * server_name: the homeserver's name.
|
||||
#
|
||||
# * HTML page which notifies the user that they are authenticating to confirm
|
||||
# an operation on their account during the user interactive authentication
|
||||
# process: 'sso_auth_confirm.html'.
|
||||
#
|
||||
# When rendering, this template is given the following variables:
|
||||
# * redirect_url: the URL the user is about to be redirected to. Needs
|
||||
# manual escaping (see
|
||||
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
|
||||
#
|
||||
# * description: the operation which the user is being asked to confirm
|
||||
#
|
||||
# * HTML page shown after a successful user interactive authentication session:
|
||||
# 'sso_auth_success.html'.
|
||||
#
|
||||
# Note that this page must include the JavaScript which notifies of a successful authentication
|
||||
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
|
||||
#
|
||||
# This template has no additional variables.
|
||||
#
|
||||
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
|
||||
# attempts to login: 'sso_account_deactivated.html'.
|
||||
#
|
||||
# This template has no additional variables.
|
||||
#
|
||||
# * HTML page to display to users if something goes wrong during the
|
||||
# OpenID Connect authentication process: 'sso_error.html'.
|
||||
#
|
||||
# When rendering, this template is given two variables:
|
||||
# * error: the technical name of the error
|
||||
# * error_description: a human-readable message for the error
|
||||
#
|
||||
# You can see the default templates at:
|
||||
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
|
||||
#
|
||||
#template_dir: "res/templates"
|
||||
|
||||
|
||||
# The JWT needs to contain a globally unique "sub" (subject) claim.
|
||||
#
|
||||
#jwt_config:
|
||||
@ -1501,8 +1767,8 @@ email:
|
||||
# Username/password for authentication to the SMTP server. By default, no
|
||||
# authentication is attempted.
|
||||
#
|
||||
# smtp_user: "exampleusername"
|
||||
# smtp_pass: "examplepassword"
|
||||
#smtp_user: "exampleusername"
|
||||
#smtp_pass: "examplepassword"
|
||||
|
||||
# Uncomment the following to require TLS transport security for SMTP.
|
||||
# By default, Synapse will connect over plain text, and will then switch to
|
||||
@ -1681,10 +1947,17 @@ push:
|
||||
include_content: {{ matrix_synapse_push_include_content|to_json }}
|
||||
|
||||
|
||||
#spam_checker:
|
||||
# module: "my_custom_project.SuperSpamChecker"
|
||||
# config:
|
||||
# example_option: 'things'
|
||||
# Spam checkers are third-party modules that can block specific actions
|
||||
# of local users, such as creating rooms and registering undesirable
|
||||
# usernames, as well as remote users by redacting incoming events.
|
||||
#
|
||||
# spam_checker:
|
||||
#- module: "my_custom_project.SuperSpamChecker"
|
||||
# config:
|
||||
# example_option: 'things'
|
||||
#- module: "some_other_project.BadEventStopper"
|
||||
# config:
|
||||
# example_stop_events_from: ['@bad:example.com']
|
||||
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
|
||||
|
||||
# Uncomment to allow non-server-admin users to create groups on this server
|
||||
|
@ -11,16 +11,16 @@ Wants={{ service }}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-synapse
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-synapse
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse
|
||||
{% if matrix_s3_media_store_enabled %}
|
||||
# Allow for some time before starting, so that media store can mount.
|
||||
# Mounting can happen later too, but if we start writing,
|
||||
# we'd write files to the local filesystem and fusermount will complain.
|
||||
ExecStartPre=/bin/sleep 3
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 3
|
||||
{% endif %}
|
||||
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
--network={{ matrix_docker_network }} \
|
||||
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
|
||||
{% if matrix_synapse_container_client_api_host_bind_port %}
|
||||
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
|
||||
{% endif %}
|
||||
@ -55,9 +54,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||
{{ matrix_synapse_docker_image }} \
|
||||
-m synapse.app.homeserver -c /data/homeserver.yaml
|
||||
|
||||
ExecStop=-/usr/bin/docker kill matrix-synapse
|
||||
ExecStop=-/usr/bin/docker rm matrix-synapse
|
||||
ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse
|
||||
ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-synapse
|
||||
|
@ -3,7 +3,7 @@
|
||||
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
|
||||
|
||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
|
||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
|
||||
|
||||
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
||||
matrix_synapse_role_executed: false
|
||||
|
Loading…
Reference in New Issue
Block a user