finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'github/master'

Browse Source
This commit is contained in:
benkuly
2020-06-11 15:36:02 +02:00
parent 1937398342 6538ae34f5
commit 99639d7d7a
85 changed files with 2168 additions and 1772 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/matrix-base/defaults/main.yml
View File

@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access Jitsi.
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
matrix_federation_public_port: 8448
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system"
matrix_cron_path: "/etc/cron.d"
matrix_local_bin_path: "/usr/local/bin"
matrix_host_command_docker: "/usr/bin/env docker"
matrix_host_command_sleep: "/usr/bin/env sleep"
matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_ntpd_package: "ntp"
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"

2
roles/matrix-base/templates/static-files/well-known/matrix-server.j2
View File

@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
}

95
roles/matrix-bridge-appservice-discord/defaults/main.yml
View File

@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
matrix_appservice_discord_bridge_disablePresence: false
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
matrix_appservice_discord_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
# WARNING: This has a high chance of spamming the homeserver with presence
# updates since it will send one each time somebody changes state or is online.
presenceInterval: 500
# Disable setting presence for 'ghost users' which means Discord users on Matrix
# will not be shown as away or online.
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
# Disable sending typing notifications when somebody on Discord types.
disableTypingNotifications: false
# Disable deleting messages on Discord if a message is redacted on Matrix.
disableDeletionForwarding: false
# Enable users to bridge rooms using !discord commands. See
# https://t2bot.io/discord for instructions.
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
# Disable sending of read receipts for Matrix events which have been
# successfully bridged to Discord.
disableReadReceipts: false
# Disable Join Leave echos from matrix
disableJoinLeaveNotifications: false
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
logging:
# What level should the logger output to the console at.
console: "warn" #silly, verbose, info, http, warn, error, silent
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
# files:
# - file: "debug.log"
# disable:
# - "PresenceHandler" # Will not capture presence logging
# - file: "warn.log" # Will capture warnings
# level: "warn"
# - file: "botlogs.log" # Will capture logs from DiscordBot
# level: "info"
# enable:
# - "DiscordBot"
database:
userStorePath: "/data/user-store.db"
roomStorePath: "/data/room-store.db"
# You may either use SQLite or Postgresql for the bridge database, which contains
# important mappings for events and user puppeting configurations.
# Use the filename option for SQLite, or connString for Postgresql.
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
# WARNING: You will almost certainly be fine with sqlite unless your bridge
# is in heavy demand and you suffer from IO slowness.
filename: "/data/discord.db"
# connString: "postgresql://user:password@localhost/database_name"
room:
# Set the default visibility of alias rooms, defaults to "public".
# One of: "public", "private"
defaultVisibility: "public"
channel:
# Pattern of the name given to bridged rooms.
# Can use :guild for the guild name and :name for the channel name.
namePattern: "[Discord] :guild :name"
# Changes made to rooms when a channel is deleted.
deleteOptions:
# Prefix the room name with a string.
#namePrefix: "[Deleted]"
# Prefix the room topic with a string.
#topicPrefix: "This room has been deleted"
# Disable people from talking in the room by raising the event PL to 50
disableMessaging: false
# Remove the discord alias from the room.
unsetRoomAlias: true
# Remove the room from the directory.
unlistFromDirectory: true
# Set the room to be unavaliable for joining without an invite.
setInviteOnly: true
# Make all the discord users leave the room.
ghostsLeave: true
limits:
# Delay in milliseconds between discord users joining a room.
roomGhostJoinDelay: 6000
# Delay in milliseconds before sending messages to discord to avoid echos.
# (Copies of a sent message may arrive from discord before we've
# fininished handling it, causing us to echo it back to the room)
discordSendDelay: 750
ghosts:
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
nickPattern: ":nick"
# Pattern for the ghosts username, available is :username, :tag and :id
usernamePattern: ":username#:tag"
matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_discord_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

2
roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -60,7 +60,7 @@
# We intentionally suppress Ansible changes.
- name: Generate AppService Discord invite link
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-discord-link-gen
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_discord_config_path }}:/cfg

93
roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,93 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
# WARNING: This has a high chance of spamming the homeserver with presence
# updates since it will send one each time somebody changes state or is online.
presenceInterval: 500
# Disable setting presence for 'ghost users' which means Discord users on Matrix
# will not be shown as away or online.
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
# Disable sending typing notifications when somebody on Discord types.
disableTypingNotifications: false
# Disable deleting messages on Discord if a message is redacted on Matrix.
disableDeletionForwarding: false
# Enable users to bridge rooms using !discord commands. See
# https://t2bot.io/discord for instructions.
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
# Disable sending of read receipts for Matrix events which have been
# successfully bridged to Discord.
disableReadReceipts: false
# Disable Join Leave echos from matrix
disableJoinLeaveNotifications: false
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
logging:
# What level should the logger output to the console at.
console: "warn" #silly, verbose, info, http, warn, error, silent
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
# files:
# - file: "debug.log"
# disable:
# - "PresenceHandler" # Will not capture presence logging
# - file: "warn.log" # Will capture warnings
# level: "warn"
# - file: "botlogs.log" # Will capture logs from DiscordBot
# level: "info"
# enable:
# - "DiscordBot"
database:
userStorePath: "/data/user-store.db"
roomStorePath: "/data/room-store.db"
# You may either use SQLite or Postgresql for the bridge database, which contains
# important mappings for events and user puppeting configurations.
# Use the filename option for SQLite, or connString for Postgresql.
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
# WARNING: You will almost certainly be fine with sqlite unless your bridge
# is in heavy demand and you suffer from IO slowness.
filename: "/data/discord.db"
# connString: "postgresql://user:password@localhost/database_name"
room:
# Set the default visibility of alias rooms, defaults to "public".
# One of: "public", "private"
defaultVisibility: "public"
channel:
# Pattern of the name given to bridged rooms.
# Can use :guild for the guild name and :name for the channel name.
namePattern: "[Discord] :guild :name"
# Changes made to rooms when a channel is deleted.
deleteOptions:
# Prefix the room name with a string.
#namePrefix: "[Deleted]"
# Prefix the room topic with a string.
#topicPrefix: "This room has been deleted"
# Disable people from talking in the room by raising the event PL to 50
disableMessaging: false
# Remove the discord alias from the room.
unsetRoomAlias: true
# Remove the room from the directory.
unlistFromDirectory: true
# Set the room to be unavaliable for joining without an invite.
setInviteOnly: true
# Make all the discord users leave the room.
ghostsLeave: true
limits:
# Delay in milliseconds between discord users joining a room.
roomGhostJoinDelay: 6000
# Delay in milliseconds before sending messages to discord to avoid echos.
# (Copies of a sent message may arrive from discord before we've
# fininished handling it, causing us to echo it back to the room)
discordSendDelay: 750
ghosts:
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
nickPattern: ":nick"
# Pattern for the ghosts username, available is :username, :tag and :id
usernamePattern: ":username#:tag"

12
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-discord
ExecStop=-/usr/bin/docker rm matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-discord

136
roles/matrix-bridge-appservice-irc/defaults/main.yml
View File

@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
matrix_appservice_irc_appservice_token: ''
matrix_appservice_irc_homeserver_token: ''
matrix_appservice_irc_configuration_yaml: |
#jinja2: lstrip_blocks: True
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
#
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
#logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
#errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
# Use an external database to store bridge state.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "nedb"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "nedb:///data"
matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here.

4
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@ -58,7 +58,7 @@
register: irc_passkey_file
- name: Generate Appservice IRC passkey if it doesn't exist
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
become: true
become_user: "{{ matrix_user_username }}"
when: "not irc_passkey_file.stat.exists"
@ -93,7 +93,7 @@
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_irc_config_path }}:/config:z

134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,134 @@
#jinja2: lstrip_blocks: True
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
#
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
#logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
#errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
# Use an external database to store bridge state.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "nedb"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "nedb:///data"

12
roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-irc

16
roles/matrix-bridge-appservice-slack/defaults/main.yml
View File

@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
matrix_appservice_slack_homeserver_token: ''
matrix_appservice_slack_id_token: ''
matrix_appservice_slack_configuration_yaml: |
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
bot_username: "{{ matrix_appservice_slack_bot_name }}"
username_prefix: {{ matrix_appservice_slack_user_prefix }}
homeserver:
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
server_name: "{{ matrix_domain }}"
dbdir: "/data"
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_slack_configuration_extension_yaml: |
#slack_hook_port: 9898

14
roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,14 @@
#jinja2: lstrip_blocks: True
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
bot_username: "{{ matrix_appservice_slack_bot_name }}"
username_prefix: {{ matrix_appservice_slack_user_prefix }}
homeserver:
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
server_name: "{{ matrix_domain }}"
dbdir: "/data"
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"

12
roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack
ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
{{ matrix_appservice_slack_docker_image }} \
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-slack
ExecStop=-/usr/bin/docker rm matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-slack

30
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
View File

@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
# Logging information (info and verbose is available) default is: info
matrix_appservice_webhooks_log_level: 'info'
matrix_appservice_webhooks_configuration_yaml: |
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
homeserver:
# The domain for the client-server API calls.
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
# home server's URL.
domain: "{{ matrix_domain }}"
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
webhookBot:
# The localpart to use for the bot. May require re-registering the application service.
localpart: "_webhook"
# Provisioning API options
provisioning:
# Your secret for the API. Required for all provisioning API requests.
secret: '{{ matrix_appservice_webhooks_api_secret }}'
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
web:
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
logging:
console: true
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
writeFiles: false
matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_webhooks_configuration_extension_yaml: |
#

28
roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,28 @@
#jinja2: lstrip_blocks: True
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
homeserver:
# The domain for the client-server API calls.
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
# home server's URL.
domain: "{{ matrix_domain }}"
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
webhookBot:
# The localpart to use for the bot. May require re-registering the application service.
localpart: "_webhook"
# Provisioning API options
provisioning:
# Your secret for the API. Required for all provisioning API requests.
secret: '{{ matrix_appservice_webhooks_api_secret }}'
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
web:
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
logging:
console: true
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
writeFiles: false

12
roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
{{ matrix_appservice_webhooks_docker_image }} \
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-webhooks

155
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View File

@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_facebook_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_facebook_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_facebook_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-facebook.db
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Localpart template for per-user room grouping community IDs.
# The bridge will create these communities and add all of the specific user's portals to the community.
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
#
# `facebook_{localpart}={server}` is a good value.
community_template: null
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{displayname} (FB)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
hbmqtt:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_facebook_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,194 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_facebook_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_facebook_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-facebook.db
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Localpart template for per-user room grouping community IDs.
# The bridge will create these communities and add all of the specific user's portals to the community.
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
#
# `facebook_{localpart}={server}` is a good value.
community_template: null
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{displayname} (FB)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Facebook.
delivery_receipts: false
# Whether to allow inviting arbitrary mxids to portal rooms
allow_invites: false
# Settings for backfilling messages from Facebook.
backfill:
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when backfilling history from Facebook. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# Maximum number of messages to backfill if messages were missed while
# the bridge was disconnected.
# Set to 0 to disable backfilling missed messages.
missed_limit: 1000
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
interval: -1
# What to do in periodic reconnects. Either "refresh" or "reconnect"
mode: refresh
# Should even disconnected users be reconnected?
always: false
# The number of seconds that a disconnection can last without triggering an automatic re-sync
# and missed message backfilling when reconnecting.
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
resync_max_disconnected_time: 5
# Whether or not temporary disconnections should send notices to the notice room.
# If this is false, disconnections will never send messages and connections will only send
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
temporary_disconnect_notices: true
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
# attempt fails.
refresh_on_reconnection_fail: false
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
hbmqtt:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

14
roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
View File

@ -11,9 +11,9 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-facebook

147
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View File

@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_hangouts_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_hangouts_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_hangouts_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-hangouts.db
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Hangouts users.
# {userid} is replaced with the user ID of the Hangouts user.
username_template: "hangouts_{userid}"
# Displayname template for Hangouts users.
# {displayname} is replaced with the display name of the Hangouts user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (Hangouts)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Hangouts users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Hangouts account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_hangouts.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_hangouts_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,145 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_hangouts_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_hangouts_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-hangouts.db
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Hangouts users.
# {userid} is replaced with the user ID of the Hangouts user.
username_template: "hangouts_{userid}"
# Displayname template for Hangouts users.
# {displayname} is replaced with the display name of the Hangouts user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (Hangouts)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Hangouts users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Hangouts account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_hangouts.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

14
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
View File

@ -11,9 +11,9 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts

402
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -4,7 +4,7 @@
matrix_mautrix_telegram_enabled: true
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_telegram_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_telegram_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-telegram.db
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# Defaults to no local limit (-> limited to 10000 by server)
max_initial_member_sync: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Dialogs include groups and private chats, but only groups are synced.
# Set to 0 to remove limit.
sync_dialog_limit: 30
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: false
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
# login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to bridge plaintext highlights.
# Only enable this if your displayname_template has some static part that the bridge can use to
# reliably identify what is a plaintext highlight.
plaintext_highlights: false
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: true
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Telegram account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Use inline images instead of a separate message for the caption.
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
inline_images: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum size of Telegram documents in megabytes to bridge.
max_document_size: 100
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif, but loses transparency
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
target: gif
# Arguments for converter. All converters take width and height.
# GIF converter takes background as a hex color.
args:
width: 256
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# Some config options related to Telegram message deduplication.
# The default values are usually fine, but some debug messages/warnings might recommend you
# change these.
deduplication:
# Whether or not to check the database if the message about to be sent is a duplicate.
pre_db_check: false
# The number of latest events to keep when checking for duplicates.
# You might need to increase this on high-traffic bridge instances.
cache_queue_length: 20
# The formats to use when sending messages to Telegram via the relay bot.
#
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content as HTML
message_formats:
m.text: "<b>$sender_displayname</b>: $message"
m.notice: "<b>$sender_displayname</b>: $message"
m.emote: "* <b>$sender_displayname</b> $message"
m.file: "<b>$sender_displayname</b> sent a file: $message"
m.image: "<b>$sender_displayname</b> sent an image: $message"
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
m.video: "<b>$sender_displayname</b> sent a video: $message"
m.location: "<b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "<b>$displayname</b> joined the room."
leave: "<b>$displayname</b> left the room."
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist: []
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: auto
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely.
rdns: true
# Proxy authentication (optional).
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
precise:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
mau:
level: DEBUG
telethon:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_telegram_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,397 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_telegram_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-telegram.db
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# Defaults to no local limit (-> limited to 10000 by server)
max_initial_member_sync: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Dialogs include groups and private chats, but only groups are synced.
# Set to 0 to remove limit.
sync_dialog_limit: 30
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: false
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
# login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to bridge plaintext highlights.
# Only enable this if your displayname_template has some static part that the bridge can use to
# reliably identify what is a plaintext highlight.
plaintext_highlights: false
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: true
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Telegram account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Use inline images instead of a separate message for the caption.
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
inline_images: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum size of Telegram documents in megabytes to bridge.
max_document_size: 100
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif, but loses transparency
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
target: gif
# Arguments for converter. All converters take width and height.
# GIF converter takes background as a hex color.
args:
width: 256
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# Some config options related to Telegram message deduplication.
# The default values are usually fine, but some debug messages/warnings might recommend you
# change these.
deduplication:
# Whether or not to check the database if the message about to be sent is a duplicate.
pre_db_check: false
# The number of latest events to keep when checking for duplicates.
# You might need to increase this on high-traffic bridge instances.
cache_queue_length: 20
# The formats to use when sending messages to Telegram via the relay bot.
#
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content as HTML
message_formats:
m.text: "<b>$sender_displayname</b>: $message"
m.notice: "<b>$sender_displayname</b>: $message"
m.emote: "* <b>$sender_displayname</b> $message"
m.file: "<b>$sender_displayname</b> sent a file: $message"
m.image: "<b>$sender_displayname</b> sent an image: $message"
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
m.video: "<b>$sender_displayname</b> sent a video: $message"
m.location: "<b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "<b>$displayname</b> joined the room."
leave: "<b>$displayname</b> left the room."
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist: []
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: auto
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely.
rdns: true
# Proxy authentication (optional).
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
precise:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
mau:
level: DEBUG
telethon:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

15
roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
View File

@ -11,21 +11,22 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
{{ matrix_mautrix_telegram_docker_image }} \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
{{ matrix_mautrix_telegram_docker_image }} \
python3 -m mautrix_telegram -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-telegram

170
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_whatsapp_configuration_yaml: |
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: sqlite3
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database
uri: mautrix-whatsapp.db
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users.
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
# WhatsApp connection timeout in seconds.
connection_timeout: 20
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Maximum number of seconds to wait for chats to be sent at startup.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
chat_list_wait: 30
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
portal_sync_wait: 600
# Whether or not to send call start/end notices to Matrix.
call_notices:
start: true
end: true
# Number of chats to sync for new users.
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
relaybot:
# Whether or not relaybot support is enabled.
enabled: false
# The management room for the bot. This is where all status notifications are posted and
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug
matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,169 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: sqlite3
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database
uri: mautrix-whatsapp.db
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users.
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
# WhatsApp connection timeout in seconds.
connection_timeout: 20
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Maximum number of seconds to wait for chats to be sent at startup.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
chat_list_wait: 30
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
portal_sync_wait: 600
# Whether or not to send call start/end notices to Matrix.
call_notices:
start: true
end: true
# Number of chats to sync for new users.
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
relaybot:
# Whether or not relaybot support is enabled.
enabled: false
# The management room for the bot. This is where all status notifications are posted and
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug

12
roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
{{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-whatsapp

140
roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
View File

@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_skype_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Address for the bridge to bind to; if running as a Docker container, you
# probably want 0.0.0.0 here
bindAddress: 0.0.0.0
# Port to host the bridge on which your homeserver will connect to
port: {{ matrix_mx_puppet_skype_appservice_port }}
# Name of your homeserver
domain: {{ matrix_domain }}
# URL where the bridge can connect to your homeserver
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
# Optionally specify a different media URL used for the media store
mediaURL: https://{{ matrix_server_fqn_matrix }}
# This enabled automatic double-puppeting:
# A map for shared secrets of the homeserver URL to the shared secret
# See https://github.com/devture/matrix-synapse-shared-secret-auth
#loginSharedSecretMap:
# yourserver.com: supersecretsharedsecret
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{% endif %}
# optionally override the display name of the bridge bot
#displayname: Protocol Bot
# optionally set the avatar of the bridge bot
#avatarUrl: mxc://yourserver.com/somefile
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Optionally, you can apply filters to the console logging
#console:
# level: info
# enabled:
# - Store
# disabled:
# - PresenceHandler
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
presence:
# Bridge online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
# if the im.vector.user_status state setting should be diabled
#disableStatusState: false
# A blacklist of remote user IDs for the im.vector.user_status state setting
#statusStateBlacklist:
# - baduser
relay:
# Regex of Matrix IDs to allow to use the relay mode
# Same format as in provisioning
#whitelist:
#- "@.*:yourserver\\.com"
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
#blacklist:
#- "@user:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
# Map certain homeserver URLs to the C-S API endpoint
# Useful for double-puppeting if .well-known is unavailable for some reason
#homeserverUrlMap:
# yourserver.com: http://localhost:1234
namePatterns:
# Override the protocols set default name patterns
# Which variables are available depends on protocol implementation
user: :name
room: :name
limits:
# Up to how many users should be auto-joined on room creation? -1 to disable
# Defaults to 200
maxAutojoinUsers: 200
# How long the delay between two autojoin users should be, in millisectonds.
# Defaults to 5000
roomUserAutojoinDelay: 5000
matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_skype_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,138 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Address for the bridge to bind to; if running as a Docker container, you
# probably want 0.0.0.0 here
bindAddress: 0.0.0.0
# Port to host the bridge on which your homeserver will connect to
port: {{ matrix_mx_puppet_skype_appservice_port }}
# Name of your homeserver
domain: {{ matrix_domain }}
# URL where the bridge can connect to your homeserver
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
# Optionally specify a different media URL used for the media store
mediaURL: https://{{ matrix_server_fqn_matrix }}
# This enabled automatic double-puppeting:
# A map for shared secrets of the homeserver URL to the shared secret
# See https://github.com/devture/matrix-synapse-shared-secret-auth
#loginSharedSecretMap:
# yourserver.com: supersecretsharedsecret
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{% endif %}
# optionally override the display name of the bridge bot
#displayname: Protocol Bot
# optionally set the avatar of the bridge bot
#avatarUrl: mxc://yourserver.com/somefile
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Optionally, you can apply filters to the console logging
#console:
# level: info
# enabled:
# - Store
# disabled:
# - PresenceHandler
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
presence:
# Bridge online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
# if the im.vector.user_status state setting should be diabled
#disableStatusState: false
# A blacklist of remote user IDs for the im.vector.user_status state setting
#statusStateBlacklist:
# - baduser
relay:
# Regex of Matrix IDs to allow to use the relay mode
# Same format as in provisioning
#whitelist:
#- "@.*:yourserver\\.com"
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
#blacklist:
#- "@user:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
# Map certain homeserver URLs to the C-S API endpoint
# Useful for double-puppeting if .well-known is unavailable for some reason
#homeserverUrlMap:
# yourserver.com: http://localhost:1234
namePatterns:
# Override the protocols set default name patterns
# Which variables are available depends on protocol implementation
user: :name
room: :name
limits:
# Up to how many users should be auto-joined on room creation? -1 to disable
# Defaults to 200
maxAutojoinUsers: 200
# How long the delay between two autojoin users should be, in millisectonds.
# Defaults to 5000
roomUserAutojoinDelay: 5000

12
roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
{% endfor %}
{{ matrix_mx_puppet_skype_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-skype

102
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
View File

@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_container_image_self_build: false
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_slack_container_http_host_bind_port: ''
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
@ -47,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
matrix_mx_puppet_slack_appservice_token: ''
matrix_mx_puppet_slack_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_slack_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_slack_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_slack_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: false
# Slack app credentials.
# N.B. This must be quoted so YAML wouldn't parse it as a float.
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
# then set this field and the Slack app redirect URI field to the former.
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

8
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
View File

@ -50,17 +50,17 @@
}}
tags:
- always
when: matrix_appservice_slack_enabled|bool
when: matrix_mx_puppet_slack_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ something }}`
URL endpoint to the matrix-appservice-slack container.
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
URL endpoint to the matrix-mx-puppet-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here

96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,96 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_slack_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
{% if matrix_mx_puppet_slack_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
{% endif %}
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: true
# Slack app credentials.
# N.B. This must be quoted so YAML wouldn't parse it as a float.
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
# then set this field and the Slack app redirect URI field to the former.
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

15
roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
View File

@ -11,17 +11,20 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_mx_puppet_slack_container_http_host_bind_port %}
-p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \
{% endif %}
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
@ -31,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
{% endfor %}
{{ matrix_mx_puppet_slack_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-slack

10
roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-corporal
ExecStartPre=-/usr/bin/docker rm matrix-corporal
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
{{ matrix_corporal_docker_image }} \
/matrix-corporal -config=/etc/matrix-corporal/config.json
ExecStop=-/usr/bin/docker kill matrix-corporal
ExecStop=-/usr/bin/docker rm matrix-corporal
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
Restart=always
RestartSec=30
SyslogIdentifier=matrix-corporal

2
roles/matrix-coturn/tasks/setup_coturn.yml
View File

@ -99,7 +99,7 @@
hour: "4"
minute: "20"
day: "*/5"
job: /bin/systemctl reload matrix-coturn.service
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"

12
roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-coturn
ExecStartPre=-/usr/bin/docker rm matrix-coturn
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
{{ matrix_coturn_docker_image }} \
-c /turnserver.conf
ExecStop=-/usr/bin/docker kill matrix-coturn
ExecStop=-/usr/bin/docker rm matrix-coturn
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
# This only reloads certificates (not other configuration).
# See: https://github.com/coturn/coturn/pull/236
ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1
Restart=always
RestartSec=30

84
roles/matrix-dimension/defaults/main.yml
View File

@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
#
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_dimension_configuration_yaml: |
#jinja2: lstrip_blocks: True
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 8184
address: '0.0.0.0'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "{{ matrix_domain }}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "http://matrix-synapse:8008"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
# The access token Dimension should use for miscellaneous access to the homeserver. This
# should be for a user on the configured homeserver: any user will do, however it is
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "{{ matrix_dimension_access_token }}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins: {{ matrix_dimension_admins|to_json }}
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
# Where the database for Dimension is
database:
file: "dimension.db"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for how Dimension is represented to the public
dimension:
# This is where Dimension is accessible from clients. Be sure to set this
# to your own Dimension instance.
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
# Settings for controlling how logging works
logging:
file: /dev/null
console: true
consoleLevel: verbose
fileLevel: info
rotate:
size: 52428800 # bytes, default is 50mb
count: 5
matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_dimension_configuration_extension_yaml: |
# Your custom YAML configuration for Dimension goes here.

81
roles/matrix-dimension/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,81 @@
#jinja2: lstrip_blocks: True
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 8184
address: '0.0.0.0'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "{{ matrix_domain }}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "http://matrix-synapse:8008"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
# The access token Dimension should use for miscellaneous access to the homeserver. This
# should be for a user on the configured homeserver: any user will do, however it is
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "{{ matrix_dimension_access_token }}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins: {{ matrix_dimension_admins|to_json }}
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
# Where the database for Dimension is
database:
file: "dimension.db"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for how Dimension is represented to the public
dimension:
# This is where Dimension is accessible from clients. Be sure to set this
# to your own Dimension instance.
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
# Settings for controlling how logging works
logging:
file: /dev/null
console: true
consoleLevel: verbose
fileLevel: info
rotate:
size: 52428800 # bytes, default is 50mb
count: 5

12
roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
View File

@ -6,13 +6,13 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-dimension
ExecStartPre=-/usr/bin/docker rm matrix-dimension
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
--log-driver=none \
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
--cap-drop=ALL \
@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
{% endfor %}
{{ matrix_dimension_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-dimension
ExecStop=-/usr/bin/docker rm matrix-dimension
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
Restart=always
RestartSec=30
SyslogIdentifier=matrix-dimension

10
roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
{% endfor %}
{{ matrix_email2matrix_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-email2matrix
ExecStop=-/usr/bin/docker rm matrix-email2matrix
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
Restart=always
RestartSec=30
SyslogIdentifier=matrix-email2matrix

10
roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
{% endfor %}
{{ matrix_jitsi_jicofo_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jicofo

10
roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
{% endfor %}
{{ matrix_jitsi_jvb_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jvb

10
roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
{% endfor %}
{{ matrix_jitsi_prosody_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-prosody

10
roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_web_base_path }}/env \
@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
{% endfor %}
{{ matrix_jitsi_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-web

71
roles/matrix-ma1sd/defaults/main.yml
View File

@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true
#
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_ma1sd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
provider:
sqlite:
database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
matrix_ma1sd_configuration_extension_yaml: |
# Your custom YAML configuration for ma1sd goes here.

69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2 Normal file
View File

@ -0,0 +1,69 @@
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
provider:
sqlite:
database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}

10
roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
View File

@ -11,12 +11,12 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-ma1sd
ExecStartPre=-/usr/bin/docker rm matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
{% endfor %}
{{ matrix_ma1sd_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-ma1sd
ExecStop=-/usr/bin/docker rm matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
Restart=always
RestartSec=30
SyslogIdentifier=matrix-ma1sd

7
roles/matrix-mailer/defaults/main.yml
View File

@ -2,7 +2,12 @@ matrix_mailer_enabled: true
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0"
matrix_mailer_container_image_self_build: false
matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
# The user/group that the container runs with.

29
roles/matrix-mailer/tasks/setup_mailer.yml
View File

@ -6,12 +6,15 @@
- name: Ensure mailer base path exists
file:
path: "{{ matrix_mailer_base_path }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_mailer_enabled|bool
with_items:
- { path: "{{ matrix_mailer_base_path }}", when: true }
- { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
when: "matrix_mailer_enabled|bool and item.when"
- name: Ensure mailer environment variables file created
template:
@ -20,13 +23,31 @@
mode: 0640
when: matrix_mailer_enabled|bool
- name: Ensure mailer image is pulled
- name: Ensure exim-relay repository is present on self-build
git:
repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
version: "{{ matrix_mailer_container_image_self_build_version }}"
force: "yes"
when: "matrix_mailer_container_image_self_build|bool"
- name: Ensure exim-relay Docker image is built
docker_image:
name: "{{ matrix_mailer_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
pull: yes
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
- name: Ensure exim-relay image is pulled
docker_image:
name: "{{ matrix_mailer_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
when: matrix_mailer_enabled|bool
when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"
- name: Ensure matrix-mailer.service installed
template:

10
roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mailer
ExecStartPre=-/usr/bin/docker rm matrix-mailer
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
--log-driver=none \
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
--cap-drop=ALL \
@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
{% endfor %}
{{ matrix_mailer_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mailer
ExecStop=-/usr/bin/docker rm matrix-mailer
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mailer

4
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0"
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~

2
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
View File

@ -84,7 +84,7 @@
hour: "5"
minute: "20"
day: "*"
job: /bin/systemctl reload matrix-nginx-proxy.service
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
when: matrix_nginx_proxy_enabled|bool
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"

4
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
View File

@ -16,7 +16,7 @@
# We suppress the error, as we'll try another method below.
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
shell: >-
/usr/bin/docker run
{{ matrix_host_command_docker }} run
--rm
--name=matrix-certbot
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
@ -43,7 +43,7 @@
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
shell: >-
/usr/bin/docker run
{{ matrix_host_command_docker }} run
--rm
--name=matrix-certbot
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
View File

@ -150,7 +150,7 @@
}
{% endif %}
location /_synapse/admin {
location /_synapse {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;

12
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
View File

@ -11,10 +11,10 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
{% endfor %}
{{ matrix_nginx_proxy_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
Restart=always
RestartSec=30
SyslogIdentifier=matrix-nginx-proxy

8
roles/matrix-postgres/defaults/main.yml
View File

@ -8,10 +8,10 @@ matrix_postgres_db_name: ""
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine"
matrix_postgres_docker_image_v10: "postgres:10.12-alpine"
matrix_postgres_docker_image_v11: "postgres:11.7-alpine"
matrix_postgres_docker_image_v12: "postgres:12.2-alpine"
matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine"
matrix_postgres_docker_image_v10: "postgres:10.13-alpine"
matrix_postgres_docker_image_v11: "postgres:11.8-alpine"
matrix_postgres_docker_image_v12: "postgres:12.3-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
# This variable is assigned at runtime. Overriding its value has no effect.

2
roles/matrix-postgres/tasks/import_postgres.yml
View File

@ -63,7 +63,7 @@
- name: Generate Postgres database import command
set_fact:
matrix_postgres_import_command: >-
/usr/bin/docker run --rm --name matrix-postgres-import
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

1
roles/matrix-postgres/tasks/import_sqlite_db.yml
View File

@ -79,6 +79,7 @@
--network={{ matrix_docker_network }}
--entrypoint=python
-v {{ matrix_synapse_config_dir_path }}:/data
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
{{ matrix_synapse_docker_image }}
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml

2
roles/matrix-postgres/tasks/run_synapse_janitor.yml
View File

@ -66,7 +66,7 @@
- name: Generate Postgres database synapse-janitor command
set_fact:
matrix_postgres_synapse_janitor_command: >-
/usr/bin/docker run --rm --name matrix-postgres-synapse-janitor
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

2
roles/matrix-postgres/tasks/run_vacuum.yml
View File

@ -45,7 +45,7 @@
- name: Generate Postgres database vacuum command
set_fact:
matrix_postgres_vacuum_command: >-
/usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

4
roles/matrix-postgres/tasks/upgrade_postgres.yml
View File

@ -79,7 +79,7 @@
# we need to remove these from the dump, or we'll get errors saying these already exist.
- name: Perform Postgres database dump
command: >-
/usr/bin/docker run --rm --name matrix-postgres-dump
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
@ -123,7 +123,7 @@
- name: Generate Postgres database import command
set_fact:
matrix_postgres_import_command: >-
/usr/bin/docker run --rm --name matrix-postgres-import
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

10
roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker stop matrix-postgres
ExecStartPre=-/usr/bin/docker rm matrix-postgres
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
{% endfor %}
{{ matrix_postgres_docker_image_to_use }}
ExecStop=-/usr/bin/docker stop matrix-postgres
ExecStop=-/usr/bin/docker rm matrix-postgres
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
Restart=always
RestartSec=30
SyslogIdentifier=matrix-postgres

2
roles/matrix-riot-web/defaults/main.yml
View File

@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: false
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1"
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"

11
roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-riot-web
ExecStartPre=-/usr/bin/docker rm matrix-riot-web
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /dev/null:/etc/nginx/conf.d/default.conf:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
{% if matrix_riot_web_embedded_pages_home_path is not none %}
@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
{% endfor %}
{{ matrix_riot_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-riot-web
ExecStop=-/usr/bin/docker rm matrix-riot-web
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-riot-web

10
roles/matrix-synapse/defaults/main.yml
View File

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true
# Controls the number of events that Synapse caches in memory.
matrix_synapse_event_cache_size: "100K"
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
# Controls cache sizes for Synapse.
# Raise this to increase cache sizes or lower it to potentially lower memory use.
# To learn more, see:
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
# - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_cache_factor: 0.5
matrix_synapse_caches_global_factor: 0.5
# Controls whether Synapse will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
# Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
# Enable this to activate LDAP password provider
@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5"
#
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
# If not, you can also control its value manually.
matrix_synapse_spam_checker: ~
matrix_synapse_spam_checker: []
matrix_synapse_trusted_key_servers:
- server_name: "matrix.org"

13
roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
View File

@ -38,10 +38,15 @@
become_user: "{{ matrix_user_username }}"
- set_fact:
matrix_synapse_spam_checker:
module: "synapse_simple_antispam.AntiSpamInvites"
config:
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
matrix_synapse_spam_checker: >
{{ matrix_synapse_spam_checker }}
+
[{
"module": "synapse_simple_antispam.AntiSpamInvites",
"config": {
"blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
}
}]
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}

2
roles/matrix-synapse/tasks/self_check_federation_api.yml
View File

@ -11,7 +11,7 @@
- name: Fail if Matrix Federation API not working
fail:
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
- name: Fail if Matrix Federation API unexpectedly enabled

2
roles/matrix-synapse/tasks/update_user_password.yml
View File

@ -36,7 +36,7 @@
when: "start_result.changed or postgres_start_result.changed"
- name: Generate password hash
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
register: password_hash
- name: Update user password hash

1
roles/matrix-synapse/tasks/validate_config.yml
View File

@ -31,3 +31,4 @@
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
- {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}

14
roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=-{{ matrix_host_command_docker }} kill %n
ExecStartPre=-{{ matrix_host_command_docker }} rm %n
ExecStart=/usr/bin/docker run --rm --name %n \
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-v /etc/passwd:/etc/passwd:ro \
@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
TimeoutStartSec=5min
ExecStop=-/usr/bin/docker stop %n
ExecStop=-/usr/bin/docker kill %n
ExecStop=-/usr/bin/docker rm %n
ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }}
ExecStop=-{{ matrix_host_command_docker }} stop %n
ExecStop=-{{ matrix_host_command_docker }} kill %n
ExecStop=-{{ matrix_host_command_docker }} rm %n
ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }}
Restart=always
RestartSec=5
SyslogIdentifier=matrix-goofys

335
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -320,22 +320,27 @@ listeners:
# Used by phonehome stats to group together related servers.
#server_context: context
# Resource-constrained homeserver Settings
# Resource-constrained homeserver settings
#
# If limit_remote_rooms.enabled is True, the room complexity will be
# checked before a user joins a new remote room. If it is above
# limit_remote_rooms.complexity, it will disallow joining or
# instantly leave.
# When this is enabled, the room "complexity" will be checked before a user
# joins a new remote room. If it is above the complexity limit, the server will
# disallow joining, or will instantly leave.
#
# limit_remote_rooms.complexity_error can be set to customise the text
# displayed to the user when a room above the complexity threshold has
# its join cancelled.
# Room complexity is an arbitrary measure based on factors such as the number of
# users in the room.
#
# Uncomment the below lines to enable:
#limit_remote_rooms:
# enabled: True
# complexity: 1.0
# complexity_error: "This room is too complex."
limit_remote_rooms:
# Uncomment to enable room complexity checking.
#
#enabled: true
# the limit above which rooms cannot be joined. The default is 1.0.
#
#complexity: 0.5
# override the error which is returned when the room is too complex.
#
#complexity_error: "This room is too complex."
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
@ -605,6 +610,50 @@ acme:
## Caching ##
# Caching can be configured through the following options.
#
# A cache 'factor' is a multiplier that can be applied to each of
# Synapse's caches in order to increase or decrease the maximum
# number of entries that can be stored.
# The number of events to cache in memory. Not affected by
# caches.global_factor.
#
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
caches:
# Controls the global cache factor, which is the default cache factor
# for all caches if a specific factor for that cache is not otherwise
# set.
#
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
# variable. Setting by environment variable takes priority over
# setting through the config file.
#
# Defaults to 0.5, which will half the size of all caches.
#
global_factor: {{ matrix_synapse_caches_global_factor }}
# A dictionary of cache name to cache factor for that individual
# cache. Overrides the global cache factor for a given cache.
#
# These can also be set through environment variables comprised
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
# letters and underscores. Setting by environment variable
# takes priority over setting through the config file.
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
#
# Some caches have '*' and other characters that are not
# alphanumeric or underscores. These caches can be named with or
# without the special characters stripped. For example, to specify
# the cache factor for `*stateGroupCache*` via an environment
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
#
per_cache_factors:
#get_users_who_share_room_with_user: 2.0
## Database ##
database:
@ -618,10 +667,6 @@ database:
cp_min: 5
cp_max: 10
# Number of events to cache in memory.
#
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
## Logging ##
@ -884,25 +929,28 @@ url_preview_accept_language:
## Captcha ##
# See docs/CAPTCHA_SETUP for full details of configuring this.
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
# This homeserver's ReCAPTCHA public key.
# This homeserver's ReCAPTCHA public key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
# This homeserver's ReCAPTCHA private key.
# This homeserver's ReCAPTCHA private key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
# Enables ReCaptcha checks when registering, preventing signup
# Uncomment to enable ReCaptcha checks when registering, preventing signup
# unless a captcha is answered. Requires a valid ReCaptcha
# public/private key.
# public/private key. Defaults to 'false'.
#
#enable_registration_captcha: false
#enable_registration_captcha: true
# The API endpoint to use for verifying m.login.recaptcha responses.
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
#
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
#recaptcha_siteverify_api: "https://my.recaptcha.site"
## TURN ##
@ -1151,6 +1199,13 @@ auto_join_rooms:
#
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
# When auto_join_rooms is specified, setting this flag to false prevents
# guest accounts from being automatically joined to the rooms.
#
# Defaults to true.
#
#auto_join_rooms_for_guests: false
## Metrics ###
@ -1182,6 +1237,7 @@ metrics_flags:
#known_servers: true
# Whether or not to report anonymized homeserver usage statistics.
#
report_stats: {{ matrix_synapse_report_stats|to_json }}
# The endpoint to report the anonymized homeserver usage statistics to.
@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
#key_server_signing_keys_path: "key_server_signing_keys.key"
## Single sign-on integration ##
# Enable SAML2 for registration and login. Uses pysaml2.
#
# At least one of `sp_config` or `config_path` must be set in this section to
@ -1440,7 +1498,13 @@ saml2_config:
# * HTML page to display to users if something goes wrong during the
# authentication process: 'saml_error.html'.
#
# This template doesn't currently need any variable to render.
# When rendering, this template is given the following variables:
# * code: an HTML error code corresponding to the error that is being
# returned (typically 400 or 500)
#
# * msg: a textual message describing the error.
#
# The variables will automatically be HTML-escaped.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
@ -1448,6 +1512,121 @@ saml2_config:
#template_dir: "res/templates"
# OpenID Connect integration. The following settings can be used to make Synapse
# use an OpenID Connect Provider for authentication, instead of its internal
# password database.
#
# See https://github.com/matrix-org/synapse/blob/master/openid.md.
#
oidc_config:
# Uncomment the following to enable authorization against an OpenID Connect
# server. Defaults to false.
#
#enabled: true
# Uncomment the following to disable use of the OIDC discovery mechanism to
# discover endpoints. Defaults to true.
#
#discover: false
# the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
# discover the provider's endpoints.
#
# Required if 'enabled' is true.
#
#issuer: "https://accounts.example.com/"
# oauth2 client id to use.
#
# Required if 'enabled' is true.
#
#client_id: "provided-by-your-issuer"
# oauth2 client secret to use.
#
# Required if 'enabled' is true.
#
#client_secret: "provided-by-your-issuer"
# auth method to use when exchanging the token.
# Valid values are 'client_secret_basic' (default), 'client_secret_post' and
# 'none'.
#
#client_auth_method: client_secret_post
# list of scopes to request. This should normally include the "openid" scope.
# Defaults to ["openid"].
#
#scopes: ["openid", "profile"]
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
#
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
# the oauth2 token endpoint. Required if provider discovery is disabled.
#
#token_endpoint: "https://accounts.example.com/oauth2/token"
# the OIDC userinfo endpoint. Required if discovery is disabled and the
# "openid" scope is not requested.
#
#userinfo_endpoint: "https://accounts.example.com/userinfo"
# URI where to fetch the JWKS. Required if discovery is disabled and the
# "openid" scope is used.
#
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
# Uncomment to skip metadata verification. Defaults to false.
#
# Use this if you are connecting to a provider that is not OpenID Connect
# compliant.
# Avoid this in production.
#
#skip_verification: true
# An external module can be provided here as a custom solution to mapping
# attributes returned from a OIDC provider onto a matrix user.
#
user_mapping_provider:
# The custom module's class. Uncomment to use a custom module.
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
#
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
# for information on implementing a custom mapping provider.
#
#module: mapping_provider.OidcMappingProvider
# Custom configuration values for the module. This section will be passed as
# a Python dictionary to the user mapping provider module's `parse_config`
# method.
#
# The examples below are intended for the default provider: they should be
# changed if using a custom provider.
#
config:
# name of the claim containing a unique identifier for the user.
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
#
#subject_claim: "sub"
# Jinja2 template for the localpart of the MXID.
#
# When rendering, this template is given the following variables:
# * user: The claims returned by the UserInfo Endpoint and/or in the ID
# Token
#
# This must be configured if using the default mapping provider.
#
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
# Jinja2 template for the display name to set on first login.
#
# If unset, no displayname will be set.
#
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
# Enable CAS for registration and login.
#
@ -1455,10 +1634,97 @@ saml2_config:
# enabled: true
# server_url: "https://cas-server.com"
# service_url: "https://homeserver.domain.com:8448"
# #displayname_attribute: name
# #required_attributes:
# # name: value
# Additional settings to use with single-sign on systems such as OpenID Connect,
# SAML2 and CAS.
#
sso:
# A list of client URLs which are whitelisted so that the user does not
# have to confirm giving access to their account to the URL. Any client
# whose URL starts with an entry in the following list will not be subject
# to an additional confirmation step after the SSO login is completed.
#
# WARNING: An entry such as "https://my.client" is insecure, because it
# will also match "https://my.client.evil.site", exposing your users to
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
#
# By default, this list is empty.
#
#client_whitelist:
# - https://riot.im/develop
# - https://my.custom.client/
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page for a confirmation step before redirecting back to the client
# with the login token: 'sso_redirect_confirm.html'.
#
# When rendering, this template is given three variables:
# * redirect_url: the URL the user is about to be redirected to. Needs
# manual escaping (see
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * display_url: the same as `redirect_url`, but with the query
# parameters stripped. The intention is to have a
# human-readable URL to show to users, not to use it as
# the final address to redirect to. Needs manual escaping
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * server_name: the homeserver's name.
#
# * HTML page which notifies the user that they are authenticating to confirm
# an operation on their account during the user interactive authentication
# process: 'sso_auth_confirm.html'.
#
# When rendering, this template is given the following variables:
# * redirect_url: the URL the user is about to be redirected to. Needs
# manual escaping (see
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * description: the operation which the user is being asked to confirm
#
# * HTML page shown after a successful user interactive authentication session:
# 'sso_auth_success.html'.
#
# Note that this page must include the JavaScript which notifies of a successful authentication
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
#
# This template has no additional variables.
#
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
# attempts to login: 'sso_account_deactivated.html'.
#
# This template has no additional variables.
#
# * HTML page to display to users if something goes wrong during the
# OpenID Connect authentication process: 'sso_error.html'.
#
# When rendering, this template is given two variables:
# * error: the technical name of the error
# * error_description: a human-readable message for the error
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# The JWT needs to contain a globally unique "sub" (subject) claim.
#
#jwt_config:
@ -1501,8 +1767,8 @@ email:
# Username/password for authentication to the SMTP server. By default, no
# authentication is attempted.
#
# smtp_user: "exampleusername"
# smtp_pass: "examplepassword"
#smtp_user: "exampleusername"
#smtp_pass: "examplepassword"
# Uncomment the following to require TLS transport security for SMTP.
# By default, Synapse will connect over plain text, and will then switch to
@ -1681,10 +1947,17 @@ push:
include_content: {{ matrix_synapse_push_include_content|to_json }}
#spam_checker:
# module: "my_custom_project.SuperSpamChecker"
# config:
# example_option: 'things'
# Spam checkers are third-party modules that can block specific actions
# of local users, such as creating rooms and registering undesirable
# usernames, as well as remote users by redacting incoming events.
#
# spam_checker:
#- module: "my_custom_project.SuperSpamChecker"
# config:
# example_option: 'things'
#- module: "some_other_project.BadEventStopper"
# config:
# example_stop_events_from: ['@bad:example.com']
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
# Uncomment to allow non-server-admin users to create groups on this server

15
roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
View File

@ -11,16 +11,16 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-synapse
ExecStartPre=-/usr/bin/docker rm matrix-synapse
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse
{% if matrix_s3_media_store_enabled %}
# Allow for some time before starting, so that media store can mount.
# Mounting can happen later too, but if we start writing,
# we'd write files to the local filesystem and fusermount will complain.
ExecStartPre=/bin/sleep 3
ExecStartPre={{ matrix_host_command_sleep }} 3
{% endif %}
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
--network={{ matrix_docker_network }} \
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
{% if matrix_synapse_container_client_api_host_bind_port %}
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
{% endif %}
@ -55,9 +54,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
{{ matrix_synapse_docker_image }} \
-m synapse.app.homeserver -c /data/homeserver.yaml
ExecStop=-/usr/bin/docker kill matrix-synapse
ExecStop=-/usr/bin/docker rm matrix-synapse
ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1
ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse
ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse
ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1
Restart=always
RestartSec=30
SyslogIdentifier=matrix-synapse

2
roles/matrix-synapse/vars/main.yml
View File

@ -3,7 +3,7 @@
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
# Tells whether this role had executed or not. Toggled to `true` during runtime.
matrix_synapse_role_executed: false