finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'github/master'

Browse Source
This commit is contained in:
benkuly 2020-06-11 15:36:02 +02:00
commit 99639d7d7a
85 changed files with 2168 additions and 1772 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -1,3 +1,12 @@
# 2020-06-05
## SMS bridging support
Thanks to [benkuly](https://github.com/benkuly)'s efforts, the playbook now supports bridging to SMS (with one telephone number only) via [matrix-sms-bridge](https://github.com/benkuly/matrix-sms-bridge).
See our [Setting up Matrix SMS bridging](docs/configuring-playbook-matrix-bridge-sms.md) documentation page for getting started.
# 2020-05-19
## (Compatibility Break / Security Issue) Disabling User Directory search powered by the ma1sd Identity Server

23
docs/alternative-architectures.md
View File

@ -1,24 +1,29 @@
# Alternative architectures
As stated in the [Prerequisites](prerequisites.md), currently only x86_64 is supported. However, it is possible to set the target architecture, and some tools can be built on the host or other measures can be used.
To that end add the following variable to your `vars.yaml` file:
```yaml
matrix_architecture: <your-matrix-server-architecture>
```
matrix_architecture = <your-matrix-server-architecture>
```
Currently supported architectures are the following:
- `amd64` (the default)
- `arm64`
- `arm32`
so for the Raspberry Pi the following should be in your `vars.yaml` file:
```
matrix_architecture = "arm32"
so for the Raspberry Pi, the following should be in your `vars.yaml` file:
```yaml
matrix_architecture: "arm32"
```
## Implementation details
This subsection is used for a reminder, how the different roles implement architecture differenes. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
This subsection is used for a reminder, how the different roles implement architecture differences. This is **not** aimed at the users, so one does not have to do anything based on this subsection.
On most roles [self-building](self-building.md) is used if the architecture is not `amd64`, however there are some special cases:
- matrix-bridge-mautrix-facebook: there is built docker image for arm64 as well,
- matrix-bridge-mautrix-hangouts: there is built docker image for arm64 as well,
- matrix-nginx-proxy: Certbot has docker image for both arm32 and arm64, however tagging is used, which requires special handling.
- `matrix-bridge-mautrix-facebook`: there is a pre-built Docker image for `arm64` as well
- `matrix-bridge-mautrix-hangouts`: there is a pre-built Docker image for `arm64` as well
- `matrix-nginx-proxy`: Certbot has a pre-built Docker image for both `arm32` and `arm64`, however tagging is used, which requires special handling.

2
docs/ansible.md
View File

@ -49,7 +49,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
devture/ansible:2.8.1-r0
devture/ansible:2.9.9-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

2
docs/configuring-playbook-bridge-appservice-discord.md
View File

@ -23,7 +23,7 @@ matrix_appservice_discord_bot_token: "YOUR DISCORD APP BOT TOKEN"
4. If you've already installed Matrix services using the playbook before, you'll need to re-run it (`--tags=setup-all,start`). If not, proceed with [configuring other playbook services](configuring-playbook.md) and then with [Installing](installing.md). Get back to this guide once ready.
5. Retrieve Discord invite link from the `{{ matrix_appservice_discord_config_path }}/invite_link` file on the server (this defaults to `/matrix/appservice-discord/config/invite_link`)
6. Invite the Bot to Discord servers you wish to bridge. Administrator permission is recommended.
7. Join the rooms by following this syntax `#_discord_guildid_channelid` - can be easily retrieved by logging into Discord in a browser and opening the desired channel. URL will have this format: `discordapp.com/channels/guild_id/channel_id`
7. Room addresses follow this syntax: `#_discord_guildid_channelid`. You can easily find the guild and channel ids by logging into Discord in a browser and opening the desired channel. The URL will have this format: `discordapp.com/channels/guild_id/channel_id`. Once you have figured out the appropriate room addrss, you can join by doing `/join #_discord_guildid_channelid` in your Matrix client.
Other configuration options are available via the `matrix_appservice_discord_configuration_extension_yaml` variable.

2
docs/configuring-playbook-shared-secret-auth.md
View File

@ -11,6 +11,8 @@ matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: YOUR_SHARED_SECRET_GOES_HERE
```
You can generate a strong shared secret with a command like this: `pwgen -s 64 1`
## Authenticating only using a password provider

2
docs/configuring-well-known.md
View File

@ -136,7 +136,7 @@ backend matrix-backend
reqirep ^(GET|POST|HEAD)\ /.well-known/matrix/(.*) \1\ /\2
# Rewrite redirects as ProxyPassReverse does
acl response-is-redirect res.hdr(Location) -m found
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.exapmle.com/.well-known/matrix/\2 if response-is-redirect
rsprep ^Location:\ (http|https)://matrix.example.com\/(.*) Location:\ \1://matrix.example.com/.well-known/matrix/\2 if response-is-redirect
```
Make sure to:

6
docs/maintenance-upgrading-services.md
View File

@ -4,14 +4,14 @@ This playbook not only installs the various Matrix services for you, but can als
If you want to be notified when new versions of Synapse are released, you should join the Synapse Homeowners room: [#homeowners:matrix.org](https://matrix.to/#/#homeowners:matrix.org).
To upgrade the services:
To upgrade services:
- update your playbook directory (`git pull`), so you'd obtain everything new we've done
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incomptabile changes that you need to take care of
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of
- re-run the [playbook setup](installing.md): `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all`
- restart the services: `ansible-playbook -i inventory/hosts setup.yml --tags=start`
**Note**: major version upgrades are not done to the internal PostgreSQL database. To upgrade that one, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).
**Note**: major version upgrades to the internal PostgreSQL database are not done automatically. To upgrade it, refer to the [upgrading PostgreSQL guide](maintenance-postgres.md#upgrading-postgresql).

12
docs/prerequisites.md
View File

@ -6,16 +6,16 @@
- [Python](https://www.python.org/) being installed on the server. Most distributions install Python by default, but some don't (e.g. Ubuntu 18.04) and require manual installation (something like `apt-get install python`).
- a `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
- A `cron`-like tool installed on the server such as `cron` or `anacron` to automatically schedule the Let's Encrypt SSL certificates's renewal. *This can be ignored if you use your own SSL certificates.*
- the [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
- The [Ansible](http://ansible.com/) program being installed on your own computer. It's used to run this playbook and configures your server for you. Take a look at [our guide about Ansible](ansible.md) for more information, as well as [version requirements](ansible.md#supported-ansible-versions) and alternative ways to run Ansible.
- either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
- Either the `dig` tool or `python-dns` installed on your own computer. Used later on, by the playbook's [services check](maintenance-checking-services.md) feature.
- an HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
- An HTTPS-capable web server at the base domain name (`<your-domain>`) which is capable of serving static files. Unless you decide to [Serve the base domain from the Matrix server](configuring-playbook-base-domain-serving.md) or alternatively, to use DNS SRV records for [Server Delegation](howto-server-delegation.md).
- properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md))
- Properly configured DNS records for `<your-domain>` (details in [Configuring DNS](configuring-dns.md)).
- some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP)
- Some TCP/UDP ports open. This playbook configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports: `80/tcp` (HTTP webserver), `443/tcp` (HTTPS webserver), `3478/tcp` (TURN over TCP), `3478/udp` (TURN over UDP), `5349/tcp` (TURN over TCP), `5349/udp` (TURN over UDP), `8448/tcp` (Matrix Federation API HTTPS webserver), the range `49152-49172/udp` (TURN over UDP), `4443/tcp` (Jitsi Harvester fallback), `10000/udp` (Jitsi video RTP). Depending on your firewall/NAT setup, incoming RTP packets on port 10000 may have the external IP of your firewall as destination address, due to the usage of STUN in JVB (see [`matrix_jitsi_jvb_stun_servers`](../roles/matrix-jitsi/defaults/main.yml)).
When ready to proceed, continue with [Configuring DNS](configuring-dns.md).

1
docs/self-building.md
View File

@ -15,6 +15,7 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-riot-web`
- `matrix-coturn`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-mautrix-facebook`
- `matrix-mautrix-hangouts`
- `matrix-mx-puppet-skype`

16
group_vars/matrix_servers
View File

@ -537,11 +537,13 @@ matrix_jitsi_web_stun_servers: |
#
######################################################################
# By default, this playbook sets up a postfix mailer server (running in a container).
# By default, this playbook sets up an exim mailer server (running in a container).
# This is so that Synapse can send email reminders for unread messages.
# Other services (like ma1sd), also use the mailer.
matrix_mailer_enabled: true
matrix_mailer_container_image_self_build: "{{ matrix_architecture != 'amd64'}}"
######################################################################
#
# /matrix-mailer
@ -636,6 +638,8 @@ matrix_nginx_proxy_proxy_matrix_federation_api_enabled: true
matrix_nginx_proxy_proxy_matrix_federation_api_addr_with_container: "matrix-synapse:8048"
matrix_nginx_proxy_proxy_matrix_federation_api_addr_sans_container: "127.0.0.1:8048"
matrix_nginx_proxy_container_federation_host_bind_port: "{{ matrix_federation_public_port }}"
matrix_nginx_proxy_proxy_synapse_metrics: "{{ matrix_synapse_metrics_enabled }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_with_container: "matrix-synapse:{{ matrix_synapse_metrics_port }}"
matrix_nginx_proxy_proxy_synapse_metrics_addr_sans_container: "127.0.0.1:{{ matrix_synapse_metrics_port }}"
@ -673,7 +677,13 @@ matrix_ssl_domains_to_obtain_certificates_for: |
([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
}}
matrix_ssl_architecture: "{{ matrix_architecture }}"
matrix_ssl_architecture: "{{
{
'amd64': 'amd64',
'arm32': 'arm32v6',
'arm64': 'arm64v8',
}[matrix_architecture]
}}"
######################################################################
#
@ -780,7 +790,7 @@ matrix_synapse_container_client_api_host_bind_port: "{{ '' if matrix_nginx_proxy
matrix_synapse_container_federation_api_plain_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:8048' }}"
#
# For exposing the Matrix Federation API's TLS port (HTTPS) to the internet on all network interfaces.
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ '8448' if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
matrix_synapse_container_federation_api_tls_host_bind_port: "{{ matrix_federation_public_port if (matrix_synapse_federation_enabled and matrix_synapse_tls_federation_listener_enabled) else '' }}"
#
# For exposing the Synapse Metrics API's port (plain HTTP) to the local host.
matrix_synapse_container_metrics_api_host_bind_port: "{{ '127.0.0.1:9100' if (matrix_synapse_metrics_enabled and not matrix_nginx_proxy_enabled) else '' }}"

9
roles/matrix-base/defaults/main.yml
View File

@ -21,6 +21,8 @@ matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
# This is where you access Jitsi.
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
matrix_federation_public_port: 8448
matrix_user_username: "matrix"
matrix_user_groupname: "matrix"
@ -32,6 +34,13 @@ matrix_systemd_path: "/etc/systemd/system"
matrix_cron_path: "/etc/cron.d"
matrix_local_bin_path: "/usr/local/bin"
matrix_host_command_docker: "/usr/bin/env docker"
matrix_host_command_sleep: "/usr/bin/env sleep"
matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_ntpd_package: "ntp"
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"

2
roles/matrix-base/templates/static-files/well-known/matrix-server.j2
View File

@ -1,4 +1,4 @@
#jinja2: lstrip_blocks: "True"
{
"m.server": "{{ matrix_server_fqn_matrix }}:8448"
"m.server": "{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}"
}

95
roles/matrix-bridge-appservice-discord/defaults/main.yml
View File

@ -39,100 +39,7 @@ matrix_appservice_discord_bridge_homeserverUrl: "{{ matrix_homeserver_url }}"
matrix_appservice_discord_bridge_disablePresence: false
matrix_appservice_discord_bridge_enableSelfServiceBridging: false
matrix_appservice_discord_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
# WARNING: This has a high chance of spamming the homeserver with presence
# updates since it will send one each time somebody changes state or is online.
presenceInterval: 500
# Disable setting presence for 'ghost users' which means Discord users on Matrix
# will not be shown as away or online.
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
# Disable sending typing notifications when somebody on Discord types.
disableTypingNotifications: false
# Disable deleting messages on Discord if a message is redacted on Matrix.
disableDeletionForwarding: false
# Enable users to bridge rooms using !discord commands. See
# https://t2bot.io/discord for instructions.
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
# Disable sending of read receipts for Matrix events which have been
# successfully bridged to Discord.
disableReadReceipts: false
# Disable Join Leave echos from matrix
disableJoinLeaveNotifications: false
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
logging:
# What level should the logger output to the console at.
console: "warn" #silly, verbose, info, http, warn, error, silent
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
# files:
# - file: "debug.log"
# disable:
# - "PresenceHandler" # Will not capture presence logging
# - file: "warn.log" # Will capture warnings
# level: "warn"
# - file: "botlogs.log" # Will capture logs from DiscordBot
# level: "info"
# enable:
# - "DiscordBot"
database:
userStorePath: "/data/user-store.db"
roomStorePath: "/data/room-store.db"
# You may either use SQLite or Postgresql for the bridge database, which contains
# important mappings for events and user puppeting configurations.
# Use the filename option for SQLite, or connString for Postgresql.
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
# WARNING: You will almost certainly be fine with sqlite unless your bridge
# is in heavy demand and you suffer from IO slowness.
filename: "/data/discord.db"
# connString: "postgresql://user:password@localhost/database_name"
room:
# Set the default visibility of alias rooms, defaults to "public".
# One of: "public", "private"
defaultVisibility: "public"
channel:
# Pattern of the name given to bridged rooms.
# Can use :guild for the guild name and :name for the channel name.
namePattern: "[Discord] :guild :name"
# Changes made to rooms when a channel is deleted.
deleteOptions:
# Prefix the room name with a string.
#namePrefix: "[Deleted]"
# Prefix the room topic with a string.
#topicPrefix: "This room has been deleted"
# Disable people from talking in the room by raising the event PL to 50
disableMessaging: false
# Remove the discord alias from the room.
unsetRoomAlias: true
# Remove the room from the directory.
unlistFromDirectory: true
# Set the room to be unavaliable for joining without an invite.
setInviteOnly: true
# Make all the discord users leave the room.
ghostsLeave: true
limits:
# Delay in milliseconds between discord users joining a room.
roomGhostJoinDelay: 6000
# Delay in milliseconds before sending messages to discord to avoid echos.
# (Copies of a sent message may arrive from discord before we've
# fininished handling it, causing us to echo it back to the room)
discordSendDelay: 750
ghosts:
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
nickPattern: ":nick"
# Pattern for the ghosts username, available is :username, :tag and :id
usernamePattern: ":username#:tag"
matrix_appservice_discord_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_discord_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

2
roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -60,7 +60,7 @@
# We intentionally suppress Ansible changes.
- name: Generate AppService Discord invite link
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-discord-link-gen
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_discord_config_path }}:/cfg

93
roles/matrix-bridge-appservice-discord/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,93 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Domain part of the bridge, e.g. matrix.org
domain: {{ matrix_appservice_discord_bridge_domain }}
# This should be your publically facing URL because Discord may use it to
# fetch media from the media store.
homeserverUrl: {{ matrix_appservice_discord_bridge_homeserverUrl }}
# Interval at which to process users in the 'presence queue'. If you have
# 5 users, one user will be processed every 500 milliseconds according to the
# value below. This has a minimum value of 250.
# WARNING: This has a high chance of spamming the homeserver with presence
# updates since it will send one each time somebody changes state or is online.
presenceInterval: 500
# Disable setting presence for 'ghost users' which means Discord users on Matrix
# will not be shown as away or online.
disablePresence: {{ matrix_appservice_discord_bridge_disablePresence|to_json }}
# Disable sending typing notifications when somebody on Discord types.
disableTypingNotifications: false
# Disable deleting messages on Discord if a message is redacted on Matrix.
disableDeletionForwarding: false
# Enable users to bridge rooms using !discord commands. See
# https://t2bot.io/discord for instructions.
enableSelfServiceBridging: {{ matrix_appservice_discord_bridge_enableSelfServiceBridging|to_json }}
# Disable sending of read receipts for Matrix events which have been
# successfully bridged to Discord.
disableReadReceipts: false
# Disable Join Leave echos from matrix
disableJoinLeaveNotifications: false
# Authentication configuration for the discord bot.
auth:
clientID: {{ matrix_appservice_discord_client_id|string|to_json }}
botToken: {{ matrix_appservice_discord_bot_token }}
logging:
# What level should the logger output to the console at.
console: "warn" #silly, verbose, info, http, warn, error, silent
lineDateFormat: "MMM-D HH:mm:ss.SSS" # This is in moment.js format
# files:
# - file: "debug.log"
# disable:
# - "PresenceHandler" # Will not capture presence logging
# - file: "warn.log" # Will capture warnings
# level: "warn"
# - file: "botlogs.log" # Will capture logs from DiscordBot
# level: "info"
# enable:
# - "DiscordBot"
database:
userStorePath: "/data/user-store.db"
roomStorePath: "/data/room-store.db"
# You may either use SQLite or Postgresql for the bridge database, which contains
# important mappings for events and user puppeting configurations.
# Use the filename option for SQLite, or connString for Postgresql.
# If you are migrating, see https://github.com/Half-Shot/matrix-appservice-discord/blob/master/docs/howto.md#migrate-to-postgres-from-sqlite
# WARNING: You will almost certainly be fine with sqlite unless your bridge
# is in heavy demand and you suffer from IO slowness.
filename: "/data/discord.db"
# connString: "postgresql://user:password@localhost/database_name"
room:
# Set the default visibility of alias rooms, defaults to "public".
# One of: "public", "private"
defaultVisibility: "public"
channel:
# Pattern of the name given to bridged rooms.
# Can use :guild for the guild name and :name for the channel name.
namePattern: "[Discord] :guild :name"
# Changes made to rooms when a channel is deleted.
deleteOptions:
# Prefix the room name with a string.
#namePrefix: "[Deleted]"
# Prefix the room topic with a string.
#topicPrefix: "This room has been deleted"
# Disable people from talking in the room by raising the event PL to 50
disableMessaging: false
# Remove the discord alias from the room.
unsetRoomAlias: true
# Remove the room from the directory.
unlistFromDirectory: true
# Set the room to be unavaliable for joining without an invite.
setInviteOnly: true
# Make all the discord users leave the room.
ghostsLeave: true
limits:
# Delay in milliseconds between discord users joining a room.
roomGhostJoinDelay: 6000
# Delay in milliseconds before sending messages to discord to avoid echos.
# (Copies of a sent message may arrive from discord before we've
# fininished handling it, causing us to echo it back to the room)
discordSendDelay: 750
ghosts:
# Pattern for the ghosts nick, available is :nick, :username, :tag and :id
nickPattern: ":nick"
# Pattern for the ghosts username, available is :username, :tag and :id
usernamePattern: ":username#:tag"

12
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-discord
ExecStartPre=-/usr/bin/docker rm matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-discord \
{{ matrix_appservice_discord_docker_image }} \
node /build/src/discordas.js -p 9005 -c /cfg/config.yaml -f /cfg/registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-discord
ExecStop=-/usr/bin/docker rm matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-discord
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-discord
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-discord

136
roles/matrix-bridge-appservice-irc/defaults/main.yml
View File

@ -346,141 +346,7 @@ matrix_appservice_irc_systemd_wanted_services_list: []
matrix_appservice_irc_appservice_token: ''
matrix_appservice_irc_homeserver_token: ''
matrix_appservice_irc_configuration_yaml: |
#jinja2: lstrip_blocks: True
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
#
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
#logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
#errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
# Use an external database to store bridge state.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "nedb"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "nedb:///data"
matrix_appservice_irc_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_irc_configuration_extension_yaml: |
# Your custom YAML configuration for Appservice IRC servers goes here.

4
roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@ -58,7 +58,7 @@
register: irc_passkey_file
- name: Generate Appservice IRC passkey if it doesn't exist
shell: /usr/bin/openssl genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
shell: "{{ matrix_host_command_openssl }} genpkey -out {{ matrix_appservice_irc_data_path }}/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048"
become: true
become_user: "{{ matrix_user_username }}"
when: "not irc_passkey_file.stat.exists"
@ -93,7 +93,7 @@
# to produce a final registration.yaml file, as we desire.
- name: Generate Appservice IRC registration-template.yaml
shell: >-
/usr/bin/docker run --rm --name matrix-appservice-irc-gen
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_irc_config_path }}:/config:z

134
roles/matrix-bridge-appservice-irc/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,134 @@
#jinja2: lstrip_blocks: True
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: {{ matrix_appservice_irc_homeserver_url }}
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
#
media_url: {{ matrix_appservice_irc_homeserver_media_url }}
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: {{ matrix_appservice_irc_homeserver_domain }}
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: {{ matrix_appservice_irc_homeserver_enablePresence|to_json }}
ircService:
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
passwordEncryptionKeyPath: "/data/passkey.pem" # does not typically need modification
# Config for Matrix -> IRC bridging
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
servers: {{ matrix_appservice_irc_ircService_servers|to_json }}
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Configuration for logging. Optional. Default: console debug level logging
# only.
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "debug"
# The file location to log to. This is relative to the project directory.
#logfile: "debug.log"
# The file location to log errors to. This is relative to the project
# directory.
#errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Optional. Enable Prometheus metrics. If this is enabled, you MUST install `prom-client`:
# $ npm install prom-client@6.3.0
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
maxHttpSockets: 1000
# Use an external database to store bridge state.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "nedb"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "nedb:///data"

12
roles/matrix-bridge-appservice-irc/templates/systemd/matrix-appservice-irc.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-irc
ExecStartPre=-/usr/bin/docker rm matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-irc \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -34,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-irc \
{{ matrix_appservice_irc_docker_image }} \
-c 'node app.js -c /config/config.yaml -f /config/registration.yaml -p 9999'
ExecStop=-/usr/bin/docker kill matrix-appservice-irc
ExecStop=-/usr/bin/docker rm matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-irc
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-irc
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-irc

16
roles/matrix-bridge-appservice-slack/defaults/main.yml
View File

@ -45,21 +45,7 @@ matrix_appservice_slack_appservice_token: ''
matrix_appservice_slack_homeserver_token: ''
matrix_appservice_slack_id_token: ''
matrix_appservice_slack_configuration_yaml: |
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
bot_username: "{{ matrix_appservice_slack_bot_name }}"
username_prefix: {{ matrix_appservice_slack_user_prefix }}
homeserver:
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
server_name: "{{ matrix_domain }}"
dbdir: "/data"
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"
matrix_appservice_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_slack_configuration_extension_yaml: |
#slack_hook_port: 9898

14
roles/matrix-bridge-appservice-slack/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,14 @@
#jinja2: lstrip_blocks: True
slack_hook_port: {{ matrix_appservice_slack_slack_port }}
inbound_uri_prefix: "{{ matrix_appservice_slack_inbound_uri_prefix }}"
bot_username: "{{ matrix_appservice_slack_bot_name }}"
username_prefix: {{ matrix_appservice_slack_user_prefix }}
homeserver:
media_url: "{{ matrix_appservice_slack_homeserver_media_url }}"
url: "{{ matrix_appservice_slack_homeserver_url }}"
server_name: "{{ matrix_domain }}"
dbdir: "/data"
matrix_admin_room: "{{ matrix_appservice_slack_control_room_id }}"

12
roles/matrix-bridge-appservice-slack/templates/systemd/matrix-appservice-slack.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-slack
ExecStartPre=-/usr/bin/docker rm matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-slack \
{{ matrix_appservice_slack_docker_image }} \
node app.js -p {{matrix_appservice_slack_matrix_port}} -c /config/config.yaml -f /config/slack-registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-slack
ExecStop=-/usr/bin/docker rm matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-slack
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-slack

30
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
View File

@ -49,35 +49,7 @@ matrix_appservice_webhooks_api_secret: ''
# Logging information (info and verbose is available) default is: info
matrix_appservice_webhooks_log_level: 'info'
matrix_appservice_webhooks_configuration_yaml: |
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
homeserver:
# The domain for the client-server API calls.
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
# home server's URL.
domain: "{{ matrix_domain }}"
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
webhookBot:
# The localpart to use for the bot. May require re-registering the application service.
localpart: "_webhook"
# Provisioning API options
provisioning:
# Your secret for the API. Required for all provisioning API requests.
secret: '{{ matrix_appservice_webhooks_api_secret }}'
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
web:
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
logging:
console: true
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
writeFiles: false
matrix_appservice_webhooks_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_appservice_webhooks_configuration_extension_yaml: |
#

28
roles/matrix-bridge-appservice-webhooks/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,28 @@
#jinja2: lstrip_blocks: True
# Configuration specific to the application service. All fields (unless otherwise marked) are required.
homeserver:
# The domain for the client-server API calls.
url: "{{ matrix_appservice_webhooks_homeserver_url }}"
# The domain part for user IDs on this home server. Usually, but not always, this is the same as the
# home server's URL.
domain: "{{ matrix_domain }}"
# Configuration specific to the bridge. All fields (unless otherwise marked) are required.
webhookBot:
# The localpart to use for the bot. May require re-registering the application service.
localpart: "_webhook"
# Provisioning API options
provisioning:
# Your secret for the API. Required for all provisioning API requests.
secret: '{{ matrix_appservice_webhooks_api_secret }}'
# Configuration related to the web portion of the bridge. Handles the inbound webhooks
web:
hookUrlBase: "{{ matrix_appservice_webhooks_inbound_uri_prefix }}"
logging:
console: true
consoleLevel: {{ matrix_appservice_webhooks_log_level }}
writeFiles: false

12
roles/matrix-bridge-appservice-webhooks/templates/systemd/matrix-appservice-webhooks.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-appservice-webhooks
ExecStartPre=-/usr/bin/docker rm matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-webhooks \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -33,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-appservice-webhooks \
{{ matrix_appservice_webhooks_docker_image }} \
node index.js -p {{ matrix_appservice_webhooks_matrix_port }} -c /config/config.yaml -f /config/webhooks-registration.yaml
ExecStop=-/usr/bin/docker kill matrix-appservice-webhooks
ExecStop=-/usr/bin/docker rm matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} kill matrix-appservice-webhooks
ExecStop=-{{ matrix_host_command_docker }} rm matrix-appservice-webhooks
Restart=always
RestartSec=30
SyslogIdentifier=matrix-appservice-webhooks

155
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View File

@ -38,160 +38,7 @@ matrix_mautrix_facebook_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_facebook_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_facebook_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_facebook_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_facebook_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-facebook.db
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Localpart template for per-user room grouping community IDs.
# The bridge will create these communities and add all of the specific user's portals to the community.
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
#
# `facebook_{localpart}={server}` is a good value.
community_template: null
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{displayname} (FB)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
hbmqtt:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_facebook_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_facebook_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

194
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,194 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_facebook_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_facebook_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_facebook_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29319
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-facebook.db
# Public part of web server for out-of-Matrix interaction with the bridge.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: false
# The prefix to use in the public-facing endpoints.
prefix: /public
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: https://example.com/public
# The unique ID of this appservice.
id: facebook
# Username of the appservice bot.
bot_username: facebookbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Facebook bridge bot
bot_avatar: mxc://maunium.net/ddtNPZSKMNqaUzqrHuWvUADv
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_facebook_appservice_token }}"
hs_token: "{{ matrix_mautrix_facebook_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Facebook users.
# {userid} is replaced with the user ID of the Facebook user.
username_template: "facebook_{userid}"
# Localpart template for per-user room grouping community IDs.
# The bridge will create these communities and add all of the specific user's portals to the community.
# {localpart} is the MXID localpart and {server} is the MXID server part of the user.
#
# `facebook_{localpart}={server}` is a good value.
community_template: null
# Displayname template for Facebook users.
# {displayname} is replaced with the display name of the Facebook user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{displayname} (FB)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Facebook.
delivery_receipts: false
# Whether to allow inviting arbitrary mxids to portal rooms
allow_invites: false
# Settings for backfilling messages from Facebook.
backfill:
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when backfilling history from Facebook. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# Maximum number of messages to backfill if messages were missed while
# the bridge was disconnected.
# Set to 0 to disable backfilling missed messages.
missed_limit: 1000
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: false
periodic_reconnect:
# Interval in seconds in which to automatically reconnect all users.
# This can be used to automatically mitigate the bug where Facebook stops sending messages.
# Set to -1 to disable periodic reconnections entirely.
interval: -1
# What to do in periodic reconnects. Either "refresh" or "reconnect"
mode: refresh
# Should even disconnected users be reconnected?
always: false
# The number of seconds that a disconnection can last without triggering an automatic re-sync
# and missed message backfilling when reconnecting.
# Set to 0 to always re-sync, or -1 to never re-sync automatically.
resync_max_disconnected_time: 5
# Whether or not temporary disconnections should send notices to the notice room.
# If this is false, disconnections will never send messages and connections will only send
# messages if it was disconnected for more than resync_max_disconnected_time seconds.
temporary_disconnect_notices: true
# Whether or not the bridge should try to "refresh" the connection if a normal reconnection
# attempt fails.
refresh_on_reconnection_fail: false
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_facebook.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
fbchat:
level: DEBUG
hbmqtt:
level: INFO
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

14
roles/matrix-bridge-mautrix-facebook/templates/systemd/matrix-mautrix-facebook.service.j2
View File

@ -11,9 +11,9 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-facebook
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-facebook-db \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-facebook \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-facebook \
{{ matrix_mautrix_facebook_docker_image }} \
python3 -m mautrix_facebook -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-facebook
ExecStop=-/usr/bin/docker rm matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-facebook
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-facebook
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-facebook

147
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View File

@ -40,152 +40,7 @@ matrix_mautrix_hangouts_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_hangouts_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_hangouts_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_hangouts_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_hangouts_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-hangouts.db
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Hangouts users.
# {userid} is replaced with the user ID of the Hangouts user.
username_template: "hangouts_{userid}"
# Displayname template for Hangouts users.
# {displayname} is replaced with the display name of the Hangouts user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (Hangouts)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Hangouts users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Hangouts account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_hangouts.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_hangouts_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_hangouts_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

145
roles/matrix-bridge-mautrix-hangouts/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,145 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_hangouts_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_hangouts_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_hangouts_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-hangouts.db
# The unique ID of this appservice.
id: hangouts
# Username of the appservice bot.
bot_username: hangoutsbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Hangouts bridge bot
bot_avatar: mxc://maunium.net/FBXZnpfORkBEruORbikmleAy
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_hangouts_appservice_token }}"
hs_token: "{{ matrix_mautrix_hangouts_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Hangouts users.
# {userid} is replaced with the user ID of the Hangouts user.
username_template: "hangouts_{userid}"
# Displayname template for Hangouts users.
# {displayname} is replaced with the display name of the Hangouts user
# as defined below in displayname_preference.
# Keys available for displayname_preference are also available here.
displayname_template: '{full_name} (Hangouts)'
# Available keys:
# "name" (full name)
# "first_name"
# "last_name"
# "nickname"
# "own_nickname" (user-specific!)
displayname_preference:
- name
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!HO"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
initial_chat_sync: 20
# Whether or not the Hangouts users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Hangouts account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_hangouts_login_shared_secret|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Public website and API configs
web:
# Auth server config
auth:
# Publicly accessible base URL for the login endpoints.
# The prefix below is not implicitly added. This URL and all subpaths should be proxied
# or otherwise pointed to the appservice's webserver to the path specified below (prefix).
# This path should usually include a trailing slash.
# Internal prefix in the appservice web server for the login endpoints.
public: "{{ matrix_homeserver_url }}{{ matrix_mautrix_hangouts_public_endpoint }}/login"
prefix: "{{ matrix_mautrix_hangouts_public_endpoint }}/login"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_hangouts.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
hangups:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

14
roles/matrix-bridge-mautrix-hangouts/templates/systemd/matrix-mautrix-hangouts.service.j2
View File

@ -11,9 +11,9 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts matrix-mautrix-hangouts-db
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -23,9 +23,9 @@ ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-hangouts-db \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-hangouts \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -38,8 +38,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-hangouts \
{{ matrix_mautrix_hangouts_docker_image }} \
python3 -m mautrix_hangouts -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-hangouts
ExecStop=-/usr/bin/docker rm matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-hangouts
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-hangouts
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-hangouts

402
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -4,7 +4,7 @@
matrix_mautrix_telegram_enabled: true
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.0"
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.7.2"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"
@ -51,405 +51,7 @@ matrix_mautrix_telegram_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_telegram_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_telegram_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_telegram_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-telegram.db
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# Defaults to no local limit (-> limited to 10000 by server)
max_initial_member_sync: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Dialogs include groups and private chats, but only groups are synced.
# Set to 0 to remove limit.
sync_dialog_limit: 30
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: false
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
# login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to bridge plaintext highlights.
# Only enable this if your displayname_template has some static part that the bridge can use to
# reliably identify what is a plaintext highlight.
plaintext_highlights: false
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: true
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Telegram account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Use inline images instead of a separate message for the caption.
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
inline_images: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum size of Telegram documents in megabytes to bridge.
max_document_size: 100
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif, but loses transparency
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
target: gif
# Arguments for converter. All converters take width and height.
# GIF converter takes background as a hex color.
args:
width: 256
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# Some config options related to Telegram message deduplication.
# The default values are usually fine, but some debug messages/warnings might recommend you
# change these.
deduplication:
# Whether or not to check the database if the message about to be sent is a duplicate.
pre_db_check: false
# The number of latest events to keep when checking for duplicates.
# You might need to increase this on high-traffic bridge instances.
cache_queue_length: 20
# The formats to use when sending messages to Telegram via the relay bot.
#
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content as HTML
message_formats:
m.text: "<b>$sender_displayname</b>: $message"
m.notice: "<b>$sender_displayname</b>: $message"
m.emote: "* <b>$sender_displayname</b> $message"
m.file: "<b>$sender_displayname</b> sent a file: $message"
m.image: "<b>$sender_displayname</b> sent an image: $message"
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
m.video: "<b>$sender_displayname</b> sent a video: $message"
m.location: "<b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "<b>$displayname</b> joined the room."
leave: "<b>$displayname</b> left the room."
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist: []
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: auto
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely.
rdns: true
# Proxy authentication (optional).
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
precise:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
mau:
level: DEBUG
telethon:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]
matrix_mautrix_telegram_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_telegram_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

397
roles/matrix-bridge-mautrix-telegram/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,397 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_telegram_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_telegram_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_telegram_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. SQLite and Postgres are fully supported.
# Other DBMSes supported by SQLAlchemy may or may not work.
# Format examples:
# SQLite: sqlite:///filename.db
# Postgres: postgres://username:password@hostname/dbname
database: sqlite:////data/mautrix-telegram.db
# Public part of web server for out-of-Matrix interaction with the bridge.
# Used for things like login if the user wants to make sure the 2FA password isn't stored in
# the HS database.
public:
# Whether or not the public-facing endpoints should be enabled.
enabled: true
# The prefix to use in the public-facing endpoints.
prefix: {{ matrix_mautrix_telegram_public_endpoint }}
# The base URL where the public-facing endpoints are available. The prefix is not added
# implicitly.
external: {{ matrix_mautrix_telegram_appservice_public_external }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like Dimension (https://dimension.t2bot.io/).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: false
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: telegram
# Username of the appservice bot.
bot_username: telegrambot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Telegram bridge bot
bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
# Authentication tokens for AS <-> HS communication.
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
hs_token: "{{ matrix_mautrix_telegram_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Telegram users.
# {userid} is replaced with the user ID of the Telegram user.
username_template: "telegram_{userid}"
# Localpart template of room aliases for Telegram portal rooms.
# {groupname} is replaced with the name part of the public channel/group invite link ( https://t.me/{} )
alias_template: "telegram_{groupname}"
# Displayname template for Telegram users.
# {displayname} is replaced with the display name of the Telegram user.
displayname_template: "{displayname} (Telegram)"
# Set the preferred order of user identifiers which to use in the Matrix puppet display name.
# In the (hopefully unlikely) scenario that none of the given keys are found, the numeric user
# ID is used.
#
# If the bridge is working properly, a phone number or an username should always be known, but
# the other one can very well be empty.
#
# Valid keys:
# "full name" (First and/or last name)
# "full name reversed" (Last and/or first name)
# "first name"
# "last name"
# "username"
# "phone number"
displayname_preference:
- full name
- username
- phone number
# Maximum length of displayname
displayname_max_length: 100
# Maximum number of members to sync per portal when starting up. Other members will be
# synced when they send messages. The maximum is 10000, after which the Telegram server
# will not send any more members.
# Defaults to no local limit (-> limited to 10000 by server)
max_initial_member_sync: -1
# Whether or not to sync the member list in channels.
# If no channel admins have logged into the bridge, the bridge won't be able to sync the member
# list regardless of this setting.
sync_channel_members: true
# Whether or not to skip deleted members when syncing members.
skip_deleted_members: true
# Whether or not to automatically synchronize contacts and chats of Matrix users logged into
# their Telegram account at startup.
startup_sync: true
# Number of most recently active dialogs to check when syncing chats.
# Dialogs include groups and private chats, but only groups are synced.
# Set to 0 to remove limit.
sync_dialog_limit: 30
# Whether or not to sync and create portals for direct chats at startup.
sync_direct_chats: false
# The maximum number of simultaneous Telegram deletions to handle.
# A large number of simultaneous redactions could put strain on your homeserver.
max_telegram_delete: 10
# Whether or not to automatically sync the Matrix room state (mostly unpuppeted displaynames)
# at startup and when creating a bridge.
sync_matrix_state: true
# Allow logging in within Matrix. If false, the only way to log in is using the out-of-Matrix
# login website (see appservice.public config section)
allow_matrix_login: true
# Whether or not to bridge plaintext highlights.
# Only enable this if your displayname_template has some static part that the bridge can use to
# reliably identify what is a plaintext highlight.
plaintext_highlights: false
# Whether or not to make portals of publicly joinable channels/supergroups publicly joinable on Matrix.
public_portals: true
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Telegram account.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_telegram_login_shared_secret|to_json }}
# Set to false to disable link previews in messages sent to Telegram.
telegram_link_preview: true
# Use inline images instead of a separate message for the caption.
# N.B. Inline images are not supported on all clients (e.g. Riot iOS).
inline_images: false
# Maximum size of image in megabytes before sending to Telegram as a document.
image_as_file_size: 10
# Maximum size of Telegram documents in megabytes to bridge.
max_document_size: 100
# Enable experimental parallel file transfer, which makes uploads/downloads much faster by
# streaming from/to Matrix and using many connections for Telegram.
# Note that generating HQ thumbnails for videos is not possible with streamed transfers.
parallel_file_transfer: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for converting animated stickers.
animated_sticker:
# Format to which animated stickers should be converted.
# disable - No conversion, send as-is (gzipped lottie)
# png - converts to non-animated png (fastest),
# gif - converts to animated gif, but loses transparency
# webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support
target: gif
# Arguments for converter. All converters take width and height.
# GIF converter takes background as a hex color.
args:
width: 256
height: 256
background: "020202" # only for gif
fps: 30 # only for webm
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip
# and login_shared_secret to be configured in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Overrides for base power levels.
initial_power_level_overrides:
user: {}
group: {}
# Whether to bridge Telegram bot messages as m.notices or m.texts.
bot_messages_as_notices: true
bridge_notices:
# Whether or not Matrix bot messages (type m.notice) should be bridged.
default: false
# List of user IDs for whom the previous flag is flipped.
# e.g. if bridge_notices.default is false, notices from other users will not be bridged, but
# notices from users listed here will be bridged.
exceptions: []
# Some config options related to Telegram message deduplication.
# The default values are usually fine, but some debug messages/warnings might recommend you
# change these.
deduplication:
# Whether or not to check the database if the message about to be sent is a duplicate.
pre_db_check: false
# The number of latest events to keep when checking for duplicates.
# You might need to increase this on high-traffic bridge instances.
cache_queue_length: 20
# The formats to use when sending messages to Telegram via the relay bot.
#
# Telegram doesn't have built-in emotes, so the m.emote format is also used for non-relaybot users.
#
# Available variables:
# $sender_displayname - The display name of the sender (e.g. Example User)
# $sender_username - The username (Matrix ID localpart) of the sender (e.g. exampleuser)
# $sender_mxid - The Matrix ID of the sender (e.g. @exampleuser:example.com)
# $message - The message content as HTML
message_formats:
m.text: "<b>$sender_displayname</b>: $message"
m.notice: "<b>$sender_displayname</b>: $message"
m.emote: "* <b>$sender_displayname</b> $message"
m.file: "<b>$sender_displayname</b> sent a file: $message"
m.image: "<b>$sender_displayname</b> sent an image: $message"
m.audio: "<b>$sender_displayname</b> sent an audio file: $message"
m.video: "<b>$sender_displayname</b> sent a video: $message"
m.location: "<b>$sender_displayname</b> sent a location: $message"
# Telegram doesn't have built-in emotes, this field specifies how m.emote's from authenticated
# users are sent to telegram. All fields in message_formats are supported. Additionally, the
# Telegram user info is available in the following variables:
# $displayname - Telegram displayname
# $username - Telegram username (may not exist)
# $mention - Telegram @username or displayname mention (depending on which exists)
emote_format: "* $mention $formatted_body"
# The formats to use when sending state events to Telegram via the relay bot.
#
# Variables from `message_formats` that have the `sender_` prefix are available without the prefix.
# In name_change events, `$prev_displayname` is the previous displayname.
#
# Set format to an empty string to disable the messages for that event.
state_event_formats:
join: "<b>$displayname</b> joined the room."
leave: "<b>$displayname</b> left the room."
name_change: "<b>$prev_displayname</b> changed their name to <b>$displayname</b>"
# Filter rooms that can/can't be bridged. Can also be managed using the `filter` and
# `filter-mode` management commands.
#
# Filters do not affect direct chats.
# An empty blacklist will essentially disable the filter.
filter:
# Filter mode to use. Either "blacklist" or "whitelist".
# If the mode is "blacklist", the listed chats will never be bridged.
# If the mode is "whitelist", only the listed chats can be bridged.
mode: blacklist
# The list of group/channel IDs to filter.
list: []
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tg"
# Permissions for using the bridge.
# Permitted values:
# relaybot - Only use the bridge via the relaybot, no access to commands.
# user - Relaybot level + access to commands to create bridges.
# puppeting - User level + logging in with a Telegram account.
# full - Full access to use the bridge, i.e. previous levels + Matrix login.
# admin - Full access to use the bridge and some extra administration commands.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
# Options related to the message relay Telegram bot.
relaybot:
private_chat:
# List of users to invite to the portal when someone starts a private chat with the bot.
# If empty, private chats with the bot won't create a portal.
invite: []
# Whether or not to bridge state change messages in relaybot private chats.
state_changes: true
# When private_chat_invite is empty, this message is sent to users /starting the
# relaybot. Telegram's "markdown" is supported.
message: This is a Matrix bridge relaybot and does not support direct chats
# List of users to invite to all group chat portals created by the bridge.
group_chat_invite: []
# Whether or not the relaybot should not bridge events in unbridged group chats.
# If false, portals will be created when the relaybot receives messages, just like normal
# users. This behavior is usually not desirable, as it interferes with manually bridging
# the chat to another room.
ignore_unbridged_group_chat: true
# Whether or not to allow creating portals from Telegram.
authless_portals: true
# Whether or not to allow Telegram group admins to use the bot commands.
whitelist_group_admins: true
# Whether or not to ignore incoming events sent by the relay bot.
ignore_own_incoming_events: true
# List of usernames/user IDs who are also allowed to use the bot commands.
whitelist: []
# Telegram config
telegram:
# Get your own API keys at https://my.telegram.org/apps
api_id: {{ matrix_mautrix_telegram_api_id }}
api_hash: {{ matrix_mautrix_telegram_api_hash }}
# (Optional) Create your own bot at https://t.me/BotFather
bot_token: {{ matrix_mautrix_telegram_bot_token }}
# Telethon connection options.
connection:
# The timeout in seconds to be used when connecting.
timeout: 120
# How many times the reconnection should retry, either on the initial connection or when
# Telegram disconnects us. May be set to a negative or null value for infinite retries, but
# this is not recommended, since the program can get stuck in an infinite loop.
retries: 5
# The delay in seconds to sleep between automatic reconnections.
retry_delay: 1
# The threshold below which the library should automatically sleep on flood wait errors
# (inclusive). For instance, if a FloodWaitError for 17s occurs and flood_sleep_threshold
# is 20s, the library will sleep automatically. If the error was for 21s, it would raise
# the error instead. Values larger than a day (86400) will be changed to a day.
flood_sleep_threshold: 60
# How many times a request should be retried. Request are retried when Telegram is having
# internal issues, when there is a FloodWaitError less than flood_sleep_threshold, or when
# there's a migrate error. May take a negative or null value for infinite retries, but this
# is not recommended, since some requests can always trigger a call fail (such as searching
# for messages).
request_retries: 5
# Device info sent to Telegram.
device_info:
# "auto" = OS name+version.
device_model: auto
# "auto" = Telethon version.
system_version: auto
# "auto" = mautrix-telegram version.
app_version: auto
lang_code: en
system_lang_code: en
# Custom server to connect to.
server:
# Set to true to use these server settings. If false, will automatically
# use production server assigned by Telegram. Set to false in production.
enabled: false
# The DC ID to connect to.
dc: 2
# The IP to connect to.
ip: 149.154.167.40
# The port to connect to. 443 may not work, 80 is better and both are equally secure.
port: 80
# Telethon proxy configuration.
# You must install PySocks from pip for proxies to work.
proxy:
# Allowed types: disabled, socks4, socks5, http
type: disabled
# Proxy IP address and port.
address: 127.0.0.1
port: 1080
# Whether or not to perform DNS resolving remotely.
rdns: true
# Proxy authentication (optional).
username: ""
password: ""
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
precise:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: precise
loggers:
mau:
level: DEBUG
telethon:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

15
roles/matrix-bridge-mautrix-telegram/templates/systemd/matrix-mautrix-telegram.service.j2
View File

@ -11,21 +11,22 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-telegram
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-telegram
ExecStartPre=/usr/bin/docker run --rm --name matrix-mautrix-telegram-db \
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
ExecStartPre={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram-db \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_telegram_config_path }}:/config:z \
-v {{ matrix_mautrix_telegram_data_path }}:/data:z \
{{ matrix_mautrix_telegram_docker_image }} \
alembic -x config=/config/config.yaml upgrade head
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-telegram \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -41,8 +42,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-telegram \
{{ matrix_mautrix_telegram_docker_image }} \
python3 -m mautrix_telegram -c /config/config.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-telegram
ExecStop=-/usr/bin/docker rm matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-telegram
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-telegram
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-telegram

170
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@ -35,175 +35,7 @@ matrix_mautrix_whatsapp_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_whatsapp_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_whatsapp_configuration_yaml: |
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: sqlite3
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database
uri: mautrix-whatsapp.db
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users.
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
# WhatsApp connection timeout in seconds.
connection_timeout: 20
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Maximum number of seconds to wait for chats to be sent at startup.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
chat_list_wait: 30
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
portal_sync_wait: 600
# Whether or not to send call start/end notices to Matrix.
call_notices:
start: true
end: true
# Number of chats to sync for new users.
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
relaybot:
# Whether or not relaybot support is enabled.
enabled: false
# The management room for the bot. This is where all status notifications are posted and
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug
matrix_mautrix_whatsapp_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

169
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,169 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_whatsapp_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_whatsapp_homeserver_domain }}
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_whatsapp_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: sqlite3
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database
uri: mautrix-whatsapp.db
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Path to the Matrix room state store.
state_store_path: ./mx-state.json
# The unique ID of this appservice.
id: whatsapp
# Appservice bot details.
bot:
# Username of the appservice bot.
username: whatsappbot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: WhatsApp bridge bot
avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_whatsapp_appservice_token }}"
hs_token: "{{ matrix_mautrix_whatsapp_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for WhatsApp users.
# {{ '{{.}}' }} is replaced with the phone number of the WhatsApp user.
username_template: "{{ 'whatsapp_{{.}}' }}"
# Displayname template for WhatsApp users.
# {{ '{{.Notify'}}' }} - nickname set by the WhatsApp user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
displayname_template: "{{ '{{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}} (WA)' }}"
# WhatsApp connection timeout in seconds.
connection_timeout: 20
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Maximum number of seconds to wait for chats to be sent at startup.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
chat_list_wait: 30
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
portal_sync_wait: 600
# Whether or not to send call start/end notices to Matrix.
call_notices:
start: true
end: true
# Number of chats to sync for new users.
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_whatsapp_login_shared_secret|to_json }}
# Whether or not to invite own WhatsApp user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: false
# Allow invite permission for user. User can invite any bots to room with whatsapp
# users (private chat and groups)
allow_user_invite: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to chat with a WhatsApp account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
relaybot:
# Whether or not relaybot support is enabled.
enabled: false
# The management room for the bot. This is where all status notifications are posted and
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to WhatsApp via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug

12
roles/matrix-bridge-mautrix-whatsapp/templates/systemd/matrix-mautrix-whatsapp.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStartPre=-/usr/bin/docker rm matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-whatsapp \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mautrix-whatsapp \
{{ matrix_mautrix_whatsapp_docker_image }} \
/usr/bin/mautrix-whatsapp -c /config/config.yaml -r /config/registration.yaml
ExecStop=-/usr/bin/docker kill matrix-mautrix-whatsapp
ExecStop=-/usr/bin/docker rm matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mautrix-whatsapp
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mautrix-whatsapp
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-whatsapp

140
roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
View File

@ -56,145 +56,7 @@ matrix_mx_puppet_skype_login_shared_secret: ''
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_skype_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_skype_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Address for the bridge to bind to; if running as a Docker container, you
# probably want 0.0.0.0 here
bindAddress: 0.0.0.0
# Port to host the bridge on which your homeserver will connect to
port: {{ matrix_mx_puppet_skype_appservice_port }}
# Name of your homeserver
domain: {{ matrix_domain }}
# URL where the bridge can connect to your homeserver
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
# Optionally specify a different media URL used for the media store
mediaURL: https://{{ matrix_server_fqn_matrix }}
# This enabled automatic double-puppeting:
# A map for shared secrets of the homeserver URL to the shared secret
# See https://github.com/devture/matrix-synapse-shared-secret-auth
#loginSharedSecretMap:
# yourserver.com: supersecretsharedsecret
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{% endif %}
# optionally override the display name of the bridge bot
#displayname: Protocol Bot
# optionally set the avatar of the bridge bot
#avatarUrl: mxc://yourserver.com/somefile
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Optionally, you can apply filters to the console logging
#console:
# level: info
# enabled:
# - Store
# disabled:
# - PresenceHandler
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
presence:
# Bridge online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
# if the im.vector.user_status state setting should be diabled
#disableStatusState: false
# A blacklist of remote user IDs for the im.vector.user_status state setting
#statusStateBlacklist:
# - baduser
relay:
# Regex of Matrix IDs to allow to use the relay mode
# Same format as in provisioning
#whitelist:
#- "@.*:yourserver\\.com"
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
#blacklist:
#- "@user:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
# Map certain homeserver URLs to the C-S API endpoint
# Useful for double-puppeting if .well-known is unavailable for some reason
#homeserverUrlMap:
# yourserver.com: http://localhost:1234
namePatterns:
# Override the protocols set default name patterns
# Which variables are available depends on protocol implementation
user: :name
room: :name
limits:
# Up to how many users should be auto-joined on room creation? -1 to disable
# Defaults to 200
maxAutojoinUsers: 200
# How long the delay between two autojoin users should be, in millisectonds.
# Defaults to 5000
roomUserAutojoinDelay: 5000
matrix_mx_puppet_skype_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_skype_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

138
roles/matrix-bridge-mx-puppet-skype/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,138 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Address for the bridge to bind to; if running as a Docker container, you
# probably want 0.0.0.0 here
bindAddress: 0.0.0.0
# Port to host the bridge on which your homeserver will connect to
port: {{ matrix_mx_puppet_skype_appservice_port }}
# Name of your homeserver
domain: {{ matrix_domain }}
# URL where the bridge can connect to your homeserver
homeserverUrl: {{ matrix_mx_puppet_skype_homeserver_address }}
# Optionally specify a different media URL used for the media store
mediaURL: https://{{ matrix_server_fqn_matrix }}
# This enabled automatic double-puppeting:
# A map for shared secrets of the homeserver URL to the shared secret
# See https://github.com/devture/matrix-synapse-shared-secret-auth
#loginSharedSecretMap:
# yourserver.com: supersecretsharedsecret
{% if matrix_mx_puppet_skype_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_skype_login_shared_secret }}
{% endif %}
# optionally override the display name of the bridge bot
#displayname: Protocol Bot
# optionally set the avatar of the bridge bot
#avatarUrl: mxc://yourserver.com/somefile
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Optionally, you can apply filters to the console logging
#console:
# level: info
# enabled:
# - Store
# disabled:
# - PresenceHandler
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
# Optionally enable/disable logging for certain modules
#disabled:
# - PresenceHandler
# - module: bot-sdk-MatrixLiteClient
# regex: /_matrix/client/r0/presence/ # this regex needs to match to disable the log
#enabled:
# - Store
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_skype_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_provisioning_blacklist|to_json }}
presence:
# Bridge online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
# if the im.vector.user_status state setting should be diabled
#disableStatusState: false
# A blacklist of remote user IDs for the im.vector.user_status state setting
#statusStateBlacklist:
# - baduser
relay:
# Regex of Matrix IDs to allow to use the relay mode
# Same format as in provisioning
#whitelist:
#- "@.*:yourserver\\.com"
whitelist: {{ matrix_mx_puppet_skype_relay_whitelist|to_json }}
#blacklist:
#- "@user:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_skype_relay_blacklist|to_json }}
# Map certain homeserver URLs to the C-S API endpoint
# Useful for double-puppeting if .well-known is unavailable for some reason
#homeserverUrlMap:
# yourserver.com: http://localhost:1234
namePatterns:
# Override the protocols set default name patterns
# Which variables are available depends on protocol implementation
user: :name
room: :name
limits:
# Up to how many users should be auto-joined on room creation? -1 to disable
# Defaults to 200
maxAutojoinUsers: 200
# How long the delay between two autojoin users should be, in millisectonds.
# Defaults to 5000
roomUserAutojoinDelay: 5000

12
roles/matrix-bridge-mx-puppet-skype/templates/systemd/matrix-mx-puppet-skype.service.j2
View File

@ -11,13 +11,13 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-skype
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-skype \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -31,8 +31,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-skype \
{% endfor %}
{{ matrix_mx_puppet_skype_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-skype
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-skype
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-skype
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-skype

102
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
View File

@ -5,6 +5,11 @@ matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_container_image_self_build: false
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_slack_container_http_host_bind_port: ''
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
@ -47,104 +52,15 @@ matrix_mx_puppet_slack_systemd_wanted_services_list: []
matrix_mx_puppet_slack_appservice_token: ''
matrix_mx_puppet_slack_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mx_puppet_slack_login_shared_secret: ''
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mx_puppet_slack_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mx_puppet_slack_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_slack_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: false
# Slack app credentials.
# N.B. This must be quoted so YAML wouldn't parse it as a float.
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
# then set this field and the Slack app redirect URI field to the former.
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m
matrix_mx_puppet_slack_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mx_puppet_slack_configuration_extension_yaml: |
# Your custom YAML configuration goes here.

8
roles/matrix-bridge-mx-puppet-slack/tasks/init.yml
View File

@ -50,17 +50,17 @@
}}
tags:
- always
when: matrix_appservice_slack_enabled|bool
when: matrix_mx_puppet_slack_enabled|bool
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
debug:
msg: >-
NOTE: You've enabled the Matrix Slack bridge but are not using the matrix-nginx-proxy
reverse proxy.
Please make sure that you're proxying the `{{ something }}`
URL endpoint to the matrix-appservice-slack container.
Please make sure that you're proxying the `{{ matrix_mx_puppet_slack_redirect_path }}`
URL endpoint to the matrix-mx-puppet-slack container.
You can expose the container's port using the `matrix_appservice_slack_container_http_host_bind_port` variable.
when: "matrix_appservice_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
when: "matrix_mx_puppet_slack_enabled|bool and matrix_nginx_proxy_enabled is not defined"
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here

96
roles/matrix-bridge-mx-puppet-slack/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,96 @@
#jinja2: lstrip_blocks: "True"
bridge:
# Port to host the bridge on
# Used for communication between the homeserver and the bridge
port: {{ matrix_mx_puppet_slack_appservice_port }}
# The host connections to the bridge's webserver are allowed from
bindAddress: 0.0.0.0
# Public domain of the homeserver
domain: {{ matrix_mx_puppet_slack_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_slack_homeserver_address }}
{% if matrix_mx_puppet_slack_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_slack_login_shared_secret }}
{% endif %}
# Slack OAuth settings. Create a slack app at https://api.slack.com/apps
oauth:
enabled: true
# Slack app credentials.
# N.B. This must be quoted so YAML wouldn't parse it as a float.
clientId: "{{ matrix_mx_puppet_slack_client_id }}"
clientSecret: {{ matrix_mx_puppet_slack_client_secret }}
# Path where to listen for OAuth redirect callbacks.
redirectPath: {{ matrix_mx_puppet_slack_redirect_path }}
# Set up proxying from https://your.domain/redirect_path to http://bindAddress:port/redirect_path,
# then set this field and the Slack app redirect URI field to the former.
redirectUri: {{ matrix_mx_puppet_slack_redirect_uri }}
presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
whitelist: {{ matrix_mx_puppet_slack_provisioning_whitelist|to_json }}
# Allow a specific user
#- "@user:server\\.com"
# Allow users on a specific homeserver
#- "@.*:yourserver\\.com"
# Allow anyone
#- ".*"
# Regex of Matrix IDs forbidden from using the puppet bridge
#blacklist:
# Disallow a specific user
#- "@user:server\\.com"
# Disallow users on a specific homeserver
#- "@.*:yourserver\\.com"
blacklist: {{ matrix_mx_puppet_slack_provisioning_blacklist|to_json }}
# Shared secret for the provisioning API for use by integration managers.
# If this is not set, the provisioning API will not be enabled.
#sharedSecret: random string
# Path prefix for the provisioning API. /v1 will be appended to the prefix automatically.
apiPrefix: /_matrix/provision
database:
# Use Postgres as a database backend
# If set, will be used instead of SQLite3
# Connection string to connect to the Postgres instance
# with username "user", password "pass", host "localhost" and database name "dbname".
# Modify each value as necessary
#connString: "postgres://user:pass@localhost/dbname?sslmode=disable"
# Use SQLite3 as a database backend
# The name of the database file
filename: /data/database.db
logging:
# Log level of console output
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
console: info
# Date and time formatting
lineDateFormat: MMM-D HH:mm:ss.SSS
# Logging files
# Log files are rotated daily by default
files:
# Log file path
- file: "/data/bridge.log"
# Log level for this file
# Allowed values starting with most verbose:
# silly, debug, verbose, info, warn, error
level: info
# Date and time formatting
datePattern: YYYY-MM-DD
# Maximum number of logs to keep.
# This can be a number of files or number of days.
# If using days, add 'd' as a suffix
maxFiles: 14d
# Maximum size of the file after which it will rotate. This can be a
# number of bytes, or units of kb, mb, and gb. If using the units, add
# 'k', 'm', or 'g' as the suffix
maxSize: 50m

15
roles/matrix-bridge-mx-puppet-slack/templates/systemd/matrix-mx-puppet-slack.service.j2
View File

@ -11,17 +11,20 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStartPre=-/usr/bin/docker rm matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mx-puppet-slack \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_mx_puppet_slack_container_http_host_bind_port %}
-p {{ matrix_mx_puppet_slack_container_http_host_bind_port }}:{{ matrix_mx_puppet_slack_appservice_port }} \
{% endif %}
-e CONFIG_PATH=/config/config.yaml \
-e REGISTRATION_PATH=/config/registration.yaml \
-v {{ matrix_mx_puppet_slack_config_path }}:/config:z \
@ -31,8 +34,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mx-puppet-slack \
{% endfor %}
{{ matrix_mx_puppet_slack_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mx-puppet-slack
ExecStop=-/usr/bin/docker rm matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mx-puppet-slack
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mx-puppet-slack
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mx-puppet-slack

10
roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-corporal
ExecStartPre=-/usr/bin/docker rm matrix-corporal
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-corporal
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -32,8 +32,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
{{ matrix_corporal_docker_image }} \
/matrix-corporal -config=/etc/matrix-corporal/config.json
ExecStop=-/usr/bin/docker kill matrix-corporal
ExecStop=-/usr/bin/docker rm matrix-corporal
ExecStop=-{{ matrix_host_command_docker }} kill matrix-corporal
ExecStop=-{{ matrix_host_command_docker }} rm matrix-corporal
Restart=always
RestartSec=30
SyslogIdentifier=matrix-corporal

2
roles/matrix-coturn/tasks/setup_coturn.yml
View File

@ -99,7 +99,7 @@
hour: "4"
minute: "20"
day: "*/5"
job: /bin/systemctl reload matrix-coturn.service
job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"

12
roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-coturn
ExecStartPre=-/usr/bin/docker rm matrix-coturn
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-coturn
ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -40,12 +40,12 @@ ExecStart=/usr/bin/docker run --rm --name matrix-coturn \
{{ matrix_coturn_docker_image }} \
-c /turnserver.conf
ExecStop=-/usr/bin/docker kill matrix-coturn
ExecStop=-/usr/bin/docker rm matrix-coturn
ExecStop=-{{ matrix_host_command_docker }} kill matrix-coturn
ExecStop=-{{ matrix_host_command_docker }} rm matrix-coturn
# This only reloads certificates (not other configuration).
# See: https://github.com/coturn/coturn/pull/236
ExecReload=/usr/bin/docker exec matrix-coturn kill -USR2 1
ExecReload={{ matrix_host_command_docker }} exec matrix-coturn kill -USR2 1
Restart=always
RestartSec=30

84
roles/matrix-dimension/defaults/main.yml
View File

@ -39,89 +39,7 @@ matrix_dimension_homeserver_federationUrl: "http://matrix-synapse:8048"
#
# For a more advanced customization, you can extend the default (see `matrix_dimension_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_dimension_configuration_yaml: |
#jinja2: lstrip_blocks: True
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 8184
address: '0.0.0.0'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "{{ matrix_domain }}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "http://matrix-synapse:8008"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
# The access token Dimension should use for miscellaneous access to the homeserver. This
# should be for a user on the configured homeserver: any user will do, however it is
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "{{ matrix_dimension_access_token }}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins: {{ matrix_dimension_admins|to_json }}
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
# Where the database for Dimension is
database:
file: "dimension.db"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for how Dimension is represented to the public
dimension:
# This is where Dimension is accessible from clients. Be sure to set this
# to your own Dimension instance.
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
# Settings for controlling how logging works
logging:
file: /dev/null
console: true
consoleLevel: verbose
fileLevel: info
rotate:
size: 52428800 # bytes, default is 50mb
count: 5
matrix_dimension_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_dimension_configuration_extension_yaml: |
# Your custom YAML configuration for Dimension goes here.

81
roles/matrix-dimension/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,81 @@
#jinja2: lstrip_blocks: True
# The web settings for the service (API and UI).
# It is best to have this run on localhost and use a reverse proxy to access Dimension.
web:
port: 8184
address: '0.0.0.0'
# Homeserver configuration
homeserver:
# The domain name of the homeserver. This is used in many places, such as with go-neb
# setups, to identify the homeserver.
name: "{{ matrix_domain }}"
# The URL that Dimension, go-neb, and other services provisioned by Dimension should
# use to access the homeserver with.
clientServerUrl: "http://matrix-synapse:8008"
# The URL that Dimension should use when trying to communicate with federated APIs on
# the homeserver. If not supplied or left empty Dimension will try to resolve the address
# through the normal federation process.
federationUrl: "{{ matrix_dimension_homeserver_federationUrl }}"
# The URL that Dimension will redirect media requests to for downloading media such as
# stickers. If not supplied or left empty Dimension will use the clientServerUrl.
mediaUrl: "https://{{ matrix_server_fqn_matrix }}"
# The access token Dimension should use for miscellaneous access to the homeserver. This
# should be for a user on the configured homeserver: any user will do, however it is
# recommended to use a dedicated user (such as @dimension:t2bot.io). For information on
# how to acquire an access token, visit https://t2bot.io/docs/access_tokens
accessToken: "{{ matrix_dimension_access_token }}"
# These users can modify the integrations this Dimension supports.
# To access the admin interface, open Dimension in Riot and click the settings icon.
admins: {{ matrix_dimension_admins|to_json }}
# IPs and CIDR ranges listed here will be blocked from being widgets.
# Note: Widgets may still be embedded with restricted content, although not through Dimension directly.
widgetBlacklist:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
# Where the database for Dimension is
database:
file: "dimension.db"
# Display settings that apply to self-hosted go-neb instances
goneb:
# The avatars to set for each bot. Usually these don't need to be changed, however if your homeserver
# is not able to reach t2bot.io then you should specify your own here. To not use an avatar for a bot,
# make the bot's avatar an empty string.
avatars:
giphy: "mxc://t2bot.io/c5eaab3ef0133c1a61d3c849026deb27"
imgur: "mxc://t2bot.io/6749eaf2b302bb2188ae931b2eeb1513"
github: "mxc://t2bot.io/905b64b3cd8e2347f91a60c5eb0832e1"
wikipedia: "mxc://t2bot.io/7edfb54e9ad9e13fec0df22636feedf1"
travisci: "mxc://t2bot.io/7f4703126906fab8bb27df34a17707a8"
rss: "mxc://t2bot.io/aace4fcbd045f30afc1b4e5f0928f2f3"
google: "mxc://t2bot.io/636ad10742b66c4729bf89881a505142"
guggy: "mxc://t2bot.io/e7ef0ed0ba651aaf907655704f9a7526"
echo: "mxc://t2bot.io/3407ff2db96b4e954fcbf2c6c0415a13"
circleci: "mxc://t2bot.io/cf7d875845a82a6b21f5f66de78f6bee"
jira: "mxc://t2bot.io/f4a38ebcc4280ba5b950163ca3e7c329"
# Settings for how Dimension is represented to the public
dimension:
# This is where Dimension is accessible from clients. Be sure to set this
# to your own Dimension instance.
publicUrl: "https://{{ matrix_server_fqn_dimension }}"
# Settings for controlling how logging works
logging:
file: /dev/null
console: true
consoleLevel: verbose
fileLevel: info
rotate:
size: 52428800 # bytes, default is 50mb
count: 5

12
roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
View File

@ -6,13 +6,13 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-dimension
ExecStartPre=-/usr/bin/docker rm matrix-dimension
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-dimension
# Fixup database ownership if it got changed somehow (during a server migration, etc.)
ExecStartPre=-/usr/bin/chown {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
ExecStartPre=-{{ matrix_host_command_chown }} {{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} {{ matrix_dimension_base_path }}/dimension.db
ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
--log-driver=none \
--user={{ matrix_dimension_user_uid }}:{{ matrix_dimension_user_gid }} \
--cap-drop=ALL \
@ -29,8 +29,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-dimension \
{% endfor %}
{{ matrix_dimension_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-dimension
ExecStop=-/usr/bin/docker rm matrix-dimension
ExecStop=-{{ matrix_host_command_docker }} kill matrix-dimension
ExecStop=-{{ matrix_host_command_docker }} rm matrix-dimension
Restart=always
RestartSec=30
SyslogIdentifier=matrix-dimension

10
roles/matrix-email2matrix/templates/systemd/matrix-email2matrix.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-email2matrix
ExecStartPre=-/usr/bin/docker rm matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-email2matrix
ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-email2matrix \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-email2matrix \
{% endfor %}
{{ matrix_email2matrix_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-email2matrix
ExecStop=-/usr/bin/docker rm matrix-email2matrix
ExecStop=-{{ matrix_host_command_docker }} kill matrix-email2matrix
ExecStop=-{{ matrix_host_command_docker }} rm matrix-email2matrix
Restart=always
RestartSec=30
SyslogIdentifier=matrix-email2matrix

10
roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
@ -21,8 +21,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jicofo \
{% endfor %}
{{ matrix_jitsi_jicofo_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jicofo
ExecStop=-/usr/bin/docker rm matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jicofo
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jicofo
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jicofo

10
roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jvb_base_path }}/env \
@ -27,8 +27,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-jvb \
{% endfor %}
{{ matrix_jitsi_jvb_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-jvb
ExecStop=-/usr/bin/docker rm matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-jvb
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-jvb
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-jvb

10
roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
@ -22,8 +22,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-prosody \
{% endfor %}
{{ matrix_jitsi_prosody_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-prosody
ExecStop=-/usr/bin/docker rm matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-prosody
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-prosody
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-prosody

10
roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-jitsi-web
ExecStartPre=-/usr/bin/docker rm matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_web_base_path }}/env \
@ -25,8 +25,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-jitsi-web \
{% endfor %}
{{ matrix_jitsi_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-jitsi-web
ExecStop=-/usr/bin/docker rm matrix-jitsi-web
ExecStop=-{{ matrix_host_command_docker }} kill matrix-jitsi-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-jitsi-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-jitsi-web

71
roles/matrix-ma1sd/defaults/main.yml
View File

@ -85,76 +85,7 @@ matrix_ma1sd_v2_enabled: true
#
# For a more advanced customization, you can extend the default (see `matrix_ma1sd_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_ma1sd_configuration_yaml: |
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
provider:
sqlite:
database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}
matrix_ma1sd_configuration_yaml: "{{ lookup('template', 'templates/ma1sd.yaml.j2') }}"
matrix_ma1sd_configuration_extension_yaml: |
# Your custom YAML configuration for ma1sd goes here.

69
roles/matrix-ma1sd/templates/ma1sd.yaml.j2 Normal file
View File

@ -0,0 +1,69 @@
#jinja2: lstrip_blocks: True
matrix:
domain: {{ matrix_domain }}
v1: {{ matrix_ma1sd_v1_enabled|to_json }}
v2: {{ matrix_ma1sd_v2_enabled|to_json }}
server:
name: {{ matrix_server_fqn_matrix }}
key:
path: /var/ma1sd/sign.key
storage:
provider:
sqlite:
database: /var/ma1sd/ma1sd.db
{% if matrix_ma1sd_dns_overwrite_enabled %}
dns:
overwrite:
homeserver:
client:
- name: {{ matrix_ma1sd_dns_overwrite_homeserver_client_name }}
value: {{ matrix_ma1sd_dns_overwrite_homeserver_client_value }}
{% endif %}
{% if matrix_ma1sd_matrixorg_forwarding_enabled %}
forward:
servers: ['matrix-org']
{% endif %}
threepid:
medium:
email:
identity:
from: {{ matrix_ma1sd_threepid_medium_email_identity_from }}
connectors:
smtp:
host: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_host }}
port: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_port }}
tls: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_tls }}
login: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_login }}
password: {{ matrix_ma1sd_threepid_medium_email_connectors_smtp_password }}
{% if matrix_ma1sd_threepid_medium_email_custom_templates_enabled %}
generators:
template:
{% if matrix_ma1sd_threepid_medium_email_custom_invite_template %}
invite: '/var/ma1sd/invite-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template or matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
session:
{% if matrix_ma1sd_threepid_medium_email_custom_session_validation_template %}
validation: '/var/ma1sd/validate-template.eml'
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template %}
unbind:
frandulent: '/var/ma1sd/unbind-fraudulent.eml'
{% endif %}
{% endif %}
{% if matrix_ma1sd_threepid_medium_email_custom_matrixid_template %}
generic:
matrixId: '/var/ma1sd/mxid-template.eml'
{% endif %}
{% endif %}
synapseSql:
enabled: {{ matrix_ma1sd_synapsesql_enabled }}
type: {{ matrix_ma1sd_synapsesql_type }}
connection: {{ matrix_ma1sd_synapsesql_connection }}

10
roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
View File

@ -11,12 +11,12 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-ma1sd
ExecStartPre=-/usr/bin/docker rm matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd
# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -36,8 +36,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-ma1sd \
{% endfor %}
{{ matrix_ma1sd_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-ma1sd
ExecStop=-/usr/bin/docker rm matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
Restart=always
RestartSec=30
SyslogIdentifier=matrix-ma1sd

7
roles/matrix-mailer/defaults/main.yml
View File

@ -2,7 +2,12 @@ matrix_mailer_enabled: true
matrix_mailer_base_path: "{{ matrix_base_data_path }}/mailer"
matrix_mailer_docker_image: "devture/exim-relay:4.92.2-r0-0"
matrix_mailer_container_image_self_build: false
matrix_mailer_container_image_self_build_repository_url: "https://github.com/devture/exim-relay"
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
# The user/group that the container runs with.

29
roles/matrix-mailer/tasks/setup_mailer.yml
View File

@ -6,12 +6,15 @@
- name: Ensure mailer base path exists
file:
path: "{{ matrix_mailer_base_path }}"
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_mailer_enabled|bool
with_items:
- { path: "{{ matrix_mailer_base_path }}", when: true }
- { path: "{{ matrix_mailer_container_image_self_build_src_files_path }}", when: "{{ matrix_mailer_container_image_self_build }}" }
when: "matrix_mailer_enabled|bool and item.when"
- name: Ensure mailer environment variables file created
template:
@ -20,13 +23,31 @@
mode: 0640
when: matrix_mailer_enabled|bool
- name: Ensure mailer image is pulled
- name: Ensure exim-relay repository is present on self-build
git:
repo: "{{ matrix_mailer_container_image_self_build_repository_url }}"
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
version: "{{ matrix_mailer_container_image_self_build_version }}"
force: "yes"
when: "matrix_mailer_container_image_self_build|bool"
- name: Ensure exim-relay Docker image is built
docker_image:
name: "{{ matrix_mailer_docker_image }}"
source: build
build:
dockerfile: Dockerfile
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
pull: yes
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
- name: Ensure exim-relay image is pulled
docker_image:
name: "{{ matrix_mailer_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mailer_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mailer_docker_image_force_pull }}"
when: matrix_mailer_enabled|bool
when: "matrix_mailer_enabled|bool and not matrix_mailer_container_image_self_build|bool"
- name: Ensure matrix-mailer.service installed
template:

10
roles/matrix-mailer/templates/systemd/matrix-mailer.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mailer
ExecStartPre=-/usr/bin/docker rm matrix-mailer
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-mailer
ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mailer \
--log-driver=none \
--user={{ matrix_mailer_container_user_uid }}:{{ matrix_mailer_container_user_gid }} \
--cap-drop=ALL \
@ -24,8 +24,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-mailer \
{% endfor %}
{{ matrix_mailer_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-mailer
ExecStop=-/usr/bin/docker rm matrix-mailer
ExecStop=-{{ matrix_host_command_docker }} kill matrix-mailer
ExecStop=-{{ matrix_host_command_docker }} rm matrix-mailer
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mailer

4
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.17.10-alpine"
matrix_nginx_proxy_docker_image: "nginx:1.19.0-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@ -220,7 +220,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.4.0"
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.5.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~

2
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
View File

@ -84,7 +84,7 @@
hour: "5"
minute: "20"
day: "*"
job: /bin/systemctl reload matrix-nginx-proxy.service
job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
when: matrix_nginx_proxy_enabled|bool
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"

4
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
View File

@ -16,7 +16,7 @@
# We suppress the error, as we'll try another method below.
- name: Attempt initial SSL certificate retrieval with standalone authenticator (directly)
shell: >-
/usr/bin/docker run
{{ matrix_host_command_docker }} run
--rm
--name=matrix-certbot
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
@ -43,7 +43,7 @@
# and it's running now, it may be able to proxy requests to `matrix_ssl_lets_encrypt_certbot_standalone_http_port`.
- name: Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)
shell: >-
/usr/bin/docker run
{{ matrix_host_command_docker }} run
--rm
--name=matrix-certbot
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2
View File

@ -150,7 +150,7 @@
}
{% endif %}
location /_synapse/admin {
location /_synapse {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;

12
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
View File

@ -11,10 +11,10 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-nginx-proxy
ExecStartPre=-/usr/bin/docker rm matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -43,9 +43,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-nginx-proxy \
{% endfor %}
{{ matrix_nginx_proxy_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-nginx-proxy
ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
ExecStop=-{{ matrix_host_command_docker }} kill matrix-nginx-proxy
ExecStop=-{{ matrix_host_command_docker }} rm matrix-nginx-proxy
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
Restart=always
RestartSec=30
SyslogIdentifier=matrix-nginx-proxy

8
roles/matrix-postgres/defaults/main.yml
View File

@ -8,10 +8,10 @@ matrix_postgres_db_name: ""
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "postgres:9.6.17-alpine"
matrix_postgres_docker_image_v10: "postgres:10.12-alpine"
matrix_postgres_docker_image_v11: "postgres:11.7-alpine"
matrix_postgres_docker_image_v12: "postgres:12.2-alpine"
matrix_postgres_docker_image_v9: "postgres:9.6.18-alpine"
matrix_postgres_docker_image_v10: "postgres:10.13-alpine"
matrix_postgres_docker_image_v11: "postgres:11.8-alpine"
matrix_postgres_docker_image_v12: "postgres:12.3-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v12 }}"
# This variable is assigned at runtime. Overriding its value has no effect.

2
roles/matrix-postgres/tasks/import_postgres.yml
View File

@ -63,7 +63,7 @@
- name: Generate Postgres database import command
set_fact:
matrix_postgres_import_command: >-
/usr/bin/docker run --rm --name matrix-postgres-import
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

1
roles/matrix-postgres/tasks/import_sqlite_db.yml
View File

@ -79,6 +79,7 @@
--network={{ matrix_docker_network }}
--entrypoint=python
-v {{ matrix_synapse_config_dir_path }}:/data
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}:ro
{{ matrix_synapse_docker_image }}
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml

2
roles/matrix-postgres/tasks/run_synapse_janitor.yml
View File

@ -66,7 +66,7 @@
- name: Generate Postgres database synapse-janitor command
set_fact:
matrix_postgres_synapse_janitor_command: >-
/usr/bin/docker run --rm --name matrix-postgres-synapse-janitor
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-janitor
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

2
roles/matrix-postgres/tasks/run_vacuum.yml
View File

@ -45,7 +45,7 @@
- name: Generate Postgres database vacuum command
set_fact:
matrix_postgres_vacuum_command: >-
/usr/bin/docker run --rm --name matrix-postgres-synapse-vacuum
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-synapse-vacuum
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

4
roles/matrix-postgres/tasks/upgrade_postgres.yml
View File

@ -79,7 +79,7 @@
# we need to remove these from the dump, or we'll get errors saying these already exist.
- name: Perform Postgres database dump
command: >-
/usr/bin/docker run --rm --name matrix-postgres-dump
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-dump
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
@ -123,7 +123,7 @@
- name: Generate Postgres database import command
set_fact:
matrix_postgres_import_command: >-
/usr/bin/docker run --rm --name matrix-postgres-import
{{ matrix_host_command_docker }} run --rm --name matrix-postgres-import
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}

10
roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker stop matrix-postgres
ExecStartPre=-/usr/bin/docker rm matrix-postgres
ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-postgres
ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -28,8 +28,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-postgres \
{% endfor %}
{{ matrix_postgres_docker_image_to_use }}
ExecStop=-/usr/bin/docker stop matrix-postgres
ExecStop=-/usr/bin/docker rm matrix-postgres
ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres
ExecStop=-{{ matrix_host_command_docker }} rm matrix-postgres
Restart=always
RestartSec=30
SyslogIdentifier=matrix-postgres

2
roles/matrix-riot-web/defaults/main.yml
View File

@ -2,7 +2,7 @@ matrix_riot_web_enabled: true
matrix_riot_web_container_image_self_build: false
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.1"
matrix_riot_web_docker_image: "vectorim/riot-web:v1.6.4"
matrix_riot_web_docker_image_force_pull: "{{ matrix_riot_web_docker_image.endswith(':latest') }}"
matrix_riot_web_data_path: "{{ matrix_base_data_path }}/riot-web"

11
roles/matrix-riot-web/templates/systemd/matrix-riot-web.service.j2
View File

@ -8,10 +8,10 @@ After={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-riot-web
ExecStartPre=-/usr/bin/docker rm matrix-riot-web
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-riot-web
ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-riot-web \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -22,7 +22,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-v {{ matrix_riot_web_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /dev/null:/etc/nginx/conf.d/default.conf:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.json:ro \
-v {{ matrix_riot_web_data_path }}/config.json:/app/config.{{ matrix_server_fqn_riot }}.json:ro \
{% if matrix_riot_web_embedded_pages_home_path is not none %}
@ -34,8 +33,8 @@ ExecStart=/usr/bin/docker run --rm --name matrix-riot-web \
{% endfor %}
{{ matrix_riot_web_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-riot-web
ExecStop=-/usr/bin/docker rm matrix-riot-web
ExecStop=-{{ matrix_host_command_docker }} kill matrix-riot-web
ExecStop=-{{ matrix_host_command_docker }} rm matrix-riot-web
Restart=always
RestartSec=30
SyslogIdentifier=matrix-riot-web

10
roles/matrix-synapse/defaults/main.yml
View File

@ -5,7 +5,7 @@ matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.13.0"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.15.0"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -202,12 +202,12 @@ matrix_synapse_password_config_localdb_enabled: true
# Controls the number of events that Synapse caches in memory.
matrix_synapse_event_cache_size: "100K"
# Controls cache sizes for Synapse via the SYNAPSE_CACHE_FACTOR environment variable.
# Controls cache sizes for Synapse.
# Raise this to increase cache sizes or lower it to potentially lower memory use.
# To learn more, see:
# - https://github.com/matrix-org/synapse#help-synapse-eats-all-my-ram
# - https://github.com/matrix-org/synapse/issues/3939
matrix_synapse_cache_factor: 0.5
matrix_synapse_caches_global_factor: 0.5
# Controls whether Synapse will federate at all.
# Disable this to completely isolate your server from the rest of the Matrix network.
@ -299,7 +299,7 @@ matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: fals
# Enable this to activate the Shared Secret Auth password provider module.
# See: https://github.com/devture/matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: false
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.1/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_download_url: "https://raw.githubusercontent.com/devture/matrix-synapse-shared-secret-auth/1.0.2/shared_secret_authenticator.py"
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: ""
# Enable this to activate LDAP password provider
@ -357,7 +357,7 @@ matrix_synapse_default_room_version: "5"
#
# If a spam-checker extension is enabled, this variable's value is set automatically by the playbook during runtime.
# If not, you can also control its value manually.
matrix_synapse_spam_checker: ~
matrix_synapse_spam_checker: []
matrix_synapse_trusted_key_servers:
- server_name: "matrix.org"

13
roles/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml
View File

@ -38,10 +38,15 @@
become_user: "{{ matrix_user_username }}"
- set_fact:
matrix_synapse_spam_checker:
module: "synapse_simple_antispam.AntiSpamInvites"
config:
blocked_homeservers: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}"
matrix_synapse_spam_checker: >
{{ matrix_synapse_spam_checker }}
+
[{
"module": "synapse_simple_antispam.AntiSpamInvites",
"config": {
"blocked_homeservers": {{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers }}
}
}]
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}

2
roles/matrix-synapse/tasks/self_check_federation_api.yml
View File

@ -11,7 +11,7 @@
- name: Fail if Matrix Federation API not working
fail:
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port 8448 open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
msg: "Failed checking Matrix Federation API is up at `{{ matrix_server_fqn_matrix }}` (checked endpoint: `{{ matrix_synapse_federation_api_url_endpoint_public }}`). Is Synapse running? Is port {{ matrix_federation_public_port }} open in your firewall? Full error: {{ result_matrix_synapse_federation_api }}"
when: "matrix_synapse_enabled|bool and matrix_synapse_federation_enabled|bool and (result_matrix_synapse_federation_api.failed or 'json' not in result_matrix_synapse_federation_api)"
- name: Fail if Matrix Federation API unexpectedly enabled

2
roles/matrix-synapse/tasks/update_user_password.yml
View File

@ -36,7 +36,7 @@
when: "start_result.changed or postgres_start_result.changed"
- name: Generate password hash
shell: "/usr/bin/docker exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
shell: "{{ matrix_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password|quote }}"
register: password_hash
- name: Update user password hash

1
roles/matrix-synapse/tasks/validate_config.yml
View File

@ -31,3 +31,4 @@
- {'old': 'matrix_synapse_container_expose_client_api_port', 'new': '<superseded by matrix_synapse_container_client_api_host_bind_port>'}
- {'old': 'matrix_synapse_container_expose_federation_api_port', 'new': '<superseded by matrix_synapse_container_federation_api_plain_host_bind_port>'}
- {'old': 'matrix_synapse_container_expose_metrics_port', 'new': '<superseded by matrix_synapse_container_metrics_api_host_bind_port>'}
- {'old': 'matrix_synapse_cache_factor', 'new': 'matrix_synapse_caches_global_factor'}

14
roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
View File

@ -6,10 +6,10 @@ Requires=docker.service
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=-{{ matrix_host_command_docker }} kill %n
ExecStartPre=-{{ matrix_host_command_docker }} rm %n
ExecStart=/usr/bin/docker run --rm --name %n \
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-v /etc/passwd:/etc/passwd:ro \
@ -25,10 +25,10 @@ ExecStart=/usr/bin/docker run --rm --name %n \
-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
TimeoutStartSec=5min
ExecStop=-/usr/bin/docker stop %n
ExecStop=-/usr/bin/docker kill %n
ExecStop=-/usr/bin/docker rm %n
ExecStop=-/bin/fusermount -u {{ matrix_synapse_media_store_path }}
ExecStop=-{{ matrix_host_command_docker }} stop %n
ExecStop=-{{ matrix_host_command_docker }} kill %n
ExecStop=-{{ matrix_host_command_docker }} rm %n
ExecStop=-{{ matrix_host_command_fusermount }} -u {{ matrix_synapse_media_store_path }}
Restart=always
RestartSec=5
SyslogIdentifier=matrix-goofys

335
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -320,22 +320,27 @@ listeners:
# Used by phonehome stats to group together related servers.
#server_context: context
# Resource-constrained homeserver Settings
# Resource-constrained homeserver settings
#
# If limit_remote_rooms.enabled is True, the room complexity will be
# checked before a user joins a new remote room. If it is above
# limit_remote_rooms.complexity, it will disallow joining or
# instantly leave.
# When this is enabled, the room "complexity" will be checked before a user
# joins a new remote room. If it is above the complexity limit, the server will
# disallow joining, or will instantly leave.
#
# limit_remote_rooms.complexity_error can be set to customise the text
# displayed to the user when a room above the complexity threshold has
# its join cancelled.
# Room complexity is an arbitrary measure based on factors such as the number of
# users in the room.
#
# Uncomment the below lines to enable:
#limit_remote_rooms:
# enabled: True
# complexity: 1.0
# complexity_error: "This room is too complex."
limit_remote_rooms:
# Uncomment to enable room complexity checking.
#
#enabled: true
# the limit above which rooms cannot be joined. The default is 1.0.
#
#complexity: 0.5
# override the error which is returned when the room is too complex.
#
#complexity_error: "This room is too complex."
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
@ -605,6 +610,50 @@ acme:
## Caching ##
# Caching can be configured through the following options.
#
# A cache 'factor' is a multiplier that can be applied to each of
# Synapse's caches in order to increase or decrease the maximum
# number of entries that can be stored.
# The number of events to cache in memory. Not affected by
# caches.global_factor.
#
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
caches:
# Controls the global cache factor, which is the default cache factor
# for all caches if a specific factor for that cache is not otherwise
# set.
#
# This can also be set by the "SYNAPSE_CACHE_FACTOR" environment
# variable. Setting by environment variable takes priority over
# setting through the config file.
#
# Defaults to 0.5, which will half the size of all caches.
#
global_factor: {{ matrix_synapse_caches_global_factor }}
# A dictionary of cache name to cache factor for that individual
# cache. Overrides the global cache factor for a given cache.
#
# These can also be set through environment variables comprised
# of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital
# letters and underscores. Setting by environment variable
# takes priority over setting through the config file.
# Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0
#
# Some caches have '*' and other characters that are not
# alphanumeric or underscores. These caches can be named with or
# without the special characters stripped. For example, to specify
# the cache factor for `*stateGroupCache*` via an environment
# variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`.
#
per_cache_factors:
#get_users_who_share_room_with_user: 2.0
## Database ##
database:
@ -618,10 +667,6 @@ database:
cp_min: 5
cp_max: 10
# Number of events to cache in memory.
#
event_cache_size: "{{ matrix_synapse_event_cache_size }}"
## Logging ##
@ -884,25 +929,28 @@ url_preview_accept_language:
## Captcha ##
# See docs/CAPTCHA_SETUP for full details of configuring this.
# See docs/CAPTCHA_SETUP.md for full details of configuring this.
# This homeserver's ReCAPTCHA public key.
# This homeserver's ReCAPTCHA public key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_public_key: "YOUR_PUBLIC_KEY"
# This homeserver's ReCAPTCHA private key.
# This homeserver's ReCAPTCHA private key. Must be specified if
# enable_registration_captcha is enabled.
#
#recaptcha_private_key: "YOUR_PRIVATE_KEY"
# Enables ReCaptcha checks when registering, preventing signup
# Uncomment to enable ReCaptcha checks when registering, preventing signup
# unless a captcha is answered. Requires a valid ReCaptcha
# public/private key.
# public/private key. Defaults to 'false'.
#
#enable_registration_captcha: false
#enable_registration_captcha: true
# The API endpoint to use for verifying m.login.recaptcha responses.
# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify".
#
#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify"
#recaptcha_siteverify_api: "https://my.recaptcha.site"
## TURN ##
@ -1151,6 +1199,13 @@ auto_join_rooms:
#
autocreate_auto_join_rooms: {{ matrix_synapse_autocreate_auto_join_rooms|to_json }}
# When auto_join_rooms is specified, setting this flag to false prevents
# guest accounts from being automatically joined to the rooms.
#
# Defaults to true.
#
#auto_join_rooms_for_guests: false
## Metrics ###
@ -1182,6 +1237,7 @@ metrics_flags:
#known_servers: true
# Whether or not to report anonymized homeserver usage statistics.
#
report_stats: {{ matrix_synapse_report_stats|to_json }}
# The endpoint to report the anonymized homeserver usage statistics to.
@ -1307,6 +1363,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
#key_server_signing_keys_path: "key_server_signing_keys.key"
## Single sign-on integration ##
# Enable SAML2 for registration and login. Uses pysaml2.
#
# At least one of `sp_config` or `config_path` must be set in this section to
@ -1440,7 +1498,13 @@ saml2_config:
# * HTML page to display to users if something goes wrong during the
# authentication process: 'saml_error.html'.
#
# This template doesn't currently need any variable to render.
# When rendering, this template is given the following variables:
# * code: an HTML error code corresponding to the error that is being
# returned (typically 400 or 500)
#
# * msg: a textual message describing the error.
#
# The variables will automatically be HTML-escaped.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
@ -1448,6 +1512,121 @@ saml2_config:
#template_dir: "res/templates"
# OpenID Connect integration. The following settings can be used to make Synapse
# use an OpenID Connect Provider for authentication, instead of its internal
# password database.
#
# See https://github.com/matrix-org/synapse/blob/master/openid.md.
#
oidc_config:
# Uncomment the following to enable authorization against an OpenID Connect
# server. Defaults to false.
#
#enabled: true
# Uncomment the following to disable use of the OIDC discovery mechanism to
# discover endpoints. Defaults to true.
#
#discover: false
# the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
# discover the provider's endpoints.
#
# Required if 'enabled' is true.
#
#issuer: "https://accounts.example.com/"
# oauth2 client id to use.
#
# Required if 'enabled' is true.
#
#client_id: "provided-by-your-issuer"
# oauth2 client secret to use.
#
# Required if 'enabled' is true.
#
#client_secret: "provided-by-your-issuer"
# auth method to use when exchanging the token.
# Valid values are 'client_secret_basic' (default), 'client_secret_post' and
# 'none'.
#
#client_auth_method: client_secret_post
# list of scopes to request. This should normally include the "openid" scope.
# Defaults to ["openid"].
#
#scopes: ["openid", "profile"]
# the oauth2 authorization endpoint. Required if provider discovery is disabled.
#
#authorization_endpoint: "https://accounts.example.com/oauth2/auth"
# the oauth2 token endpoint. Required if provider discovery is disabled.
#
#token_endpoint: "https://accounts.example.com/oauth2/token"
# the OIDC userinfo endpoint. Required if discovery is disabled and the
# "openid" scope is not requested.
#
#userinfo_endpoint: "https://accounts.example.com/userinfo"
# URI where to fetch the JWKS. Required if discovery is disabled and the
# "openid" scope is used.
#
#jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
# Uncomment to skip metadata verification. Defaults to false.
#
# Use this if you are connecting to a provider that is not OpenID Connect
# compliant.
# Avoid this in production.
#
#skip_verification: true
# An external module can be provided here as a custom solution to mapping
# attributes returned from a OIDC provider onto a matrix user.
#
user_mapping_provider:
# The custom module's class. Uncomment to use a custom module.
# Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'.
#
# See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
# for information on implementing a custom mapping provider.
#
#module: mapping_provider.OidcMappingProvider
# Custom configuration values for the module. This section will be passed as
# a Python dictionary to the user mapping provider module's `parse_config`
# method.
#
# The examples below are intended for the default provider: they should be
# changed if using a custom provider.
#
config:
# name of the claim containing a unique identifier for the user.
# Defaults to `sub`, which OpenID Connect compliant providers should provide.
#
#subject_claim: "sub"
# Jinja2 template for the localpart of the MXID.
#
# When rendering, this template is given the following variables:
# * user: The claims returned by the UserInfo Endpoint and/or in the ID
# Token
#
# This must be configured if using the default mapping provider.
#
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
# Jinja2 template for the display name to set on first login.
#
# If unset, no displayname will be set.
#
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
# Enable CAS for registration and login.
#
@ -1455,10 +1634,97 @@ saml2_config:
# enabled: true
# server_url: "https://cas-server.com"
# service_url: "https://homeserver.domain.com:8448"
# #displayname_attribute: name
# #required_attributes:
# # name: value
# Additional settings to use with single-sign on systems such as OpenID Connect,
# SAML2 and CAS.
#
sso:
# A list of client URLs which are whitelisted so that the user does not
# have to confirm giving access to their account to the URL. Any client
# whose URL starts with an entry in the following list will not be subject
# to an additional confirmation step after the SSO login is completed.
#
# WARNING: An entry such as "https://my.client" is insecure, because it
# will also match "https://my.client.evil.site", exposing your users to
# phishing attacks from evil.site. To avoid this, include a slash after the
# hostname: "https://my.client/".
#
# If public_baseurl is set, then the login fallback page (used by clients
# that don't natively support the required login flows) is whitelisted in
# addition to any URLs in this list.
#
# By default, this list is empty.
#
#client_whitelist:
# - https://riot.im/develop
# - https://my.custom.client/
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page for a confirmation step before redirecting back to the client
# with the login token: 'sso_redirect_confirm.html'.
#
# When rendering, this template is given three variables:
# * redirect_url: the URL the user is about to be redirected to. Needs
# manual escaping (see
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * display_url: the same as `redirect_url`, but with the query
# parameters stripped. The intention is to have a
# human-readable URL to show to users, not to use it as
# the final address to redirect to. Needs manual escaping
# (see https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * server_name: the homeserver's name.
#
# * HTML page which notifies the user that they are authenticating to confirm
# an operation on their account during the user interactive authentication
# process: 'sso_auth_confirm.html'.
#
# When rendering, this template is given the following variables:
# * redirect_url: the URL the user is about to be redirected to. Needs
# manual escaping (see
# https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
#
# * description: the operation which the user is being asked to confirm
#
# * HTML page shown after a successful user interactive authentication session:
# 'sso_auth_success.html'.
#
# Note that this page must include the JavaScript which notifies of a successful authentication
# (see https://matrix.org/docs/spec/client_server/r0.6.0#fallback).
#
# This template has no additional variables.
#
# * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
# attempts to login: 'sso_account_deactivated.html'.
#
# This template has no additional variables.
#
# * HTML page to display to users if something goes wrong during the
# OpenID Connect authentication process: 'sso_error.html'.
#
# When rendering, this template is given two variables:
# * error: the technical name of the error
# * error_description: a human-readable message for the error
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# The JWT needs to contain a globally unique "sub" (subject) claim.
#
#jwt_config:
@ -1501,8 +1767,8 @@ email:
# Username/password for authentication to the SMTP server. By default, no
# authentication is attempted.
#
# smtp_user: "exampleusername"
# smtp_pass: "examplepassword"
#smtp_user: "exampleusername"
#smtp_pass: "examplepassword"
# Uncomment the following to require TLS transport security for SMTP.
# By default, Synapse will connect over plain text, and will then switch to
@ -1681,10 +1947,17 @@ push:
include_content: {{ matrix_synapse_push_include_content|to_json }}
#spam_checker:
# module: "my_custom_project.SuperSpamChecker"
# config:
# example_option: 'things'
# Spam checkers are third-party modules that can block specific actions
# of local users, such as creating rooms and registering undesirable
# usernames, as well as remote users by redacting incoming events.
#
# spam_checker:
#- module: "my_custom_project.SuperSpamChecker"
# config:
# example_option: 'things'
#- module: "some_other_project.BadEventStopper"
# config:
# example_stop_events_from: ['@bad:example.com']
spam_checker: {{ matrix_synapse_spam_checker|to_json }}
# Uncomment to allow non-server-admin users to create groups on this server

15
roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
View File

@ -11,16 +11,16 @@ Wants={{ service }}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-synapse
ExecStartPre=-/usr/bin/docker rm matrix-synapse
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-synapse
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-synapse
{% if matrix_s3_media_store_enabled %}
# Allow for some time before starting, so that media store can mount.
# Mounting can happen later too, but if we start writing,
# we'd write files to the local filesystem and fusermount will complain.
ExecStartPre=/bin/sleep 3
ExecStartPre={{ matrix_host_command_sleep }} 3
{% endif %}
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
@ -28,7 +28,6 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
--read-only \
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
--network={{ matrix_docker_network }} \
-e SYNAPSE_CACHE_FACTOR={{ matrix_synapse_cache_factor }} \
{% if matrix_synapse_container_client_api_host_bind_port %}
-p {{ matrix_synapse_container_client_api_host_bind_port }}:8008 \
{% endif %}
@ -55,9 +54,9 @@ ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
{{ matrix_synapse_docker_image }} \
-m synapse.app.homeserver -c /data/homeserver.yaml
ExecStop=-/usr/bin/docker kill matrix-synapse
ExecStop=-/usr/bin/docker rm matrix-synapse
ExecReload=/usr/bin/docker exec matrix-synapse kill -HUP 1
ExecStop=-{{ matrix_host_command_docker }} kill matrix-synapse
ExecStop=-{{ matrix_host_command_docker }} rm matrix-synapse
ExecReload={{ matrix_host_command_docker }} exec matrix-synapse kill -HUP 1
Restart=always
RestartSec=30
SyslogIdentifier=matrix-synapse

2
roles/matrix-synapse/vars/main.yml
View File

@ -3,7 +3,7 @@
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:8448/_matrix/federation/v1/version"
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
# Tells whether this role had executed or not. Toggled to `true` during runtime.
matrix_synapse_role_executed: false