Make bridge permissions more easily configurable

Not doing {% if matrix_admin %} checks in the YAML also fixes some issues
with indentation being incorrect sometimes.

This should be backward compatible, except for mautrix-signal's case
where `matrix_mautrix_signal_bridge_permissions` previously existed
as a string, not a dictionary. `tasks/validate_config.yml` will catch
the problem an even provide a quick fix.
This commit is contained in:
Slavi Pantaleev 2022-07-25 15:55:16 +03:00
parent b2f47fcfcd
commit ac72879bf5
21 changed files with 94 additions and 65 deletions

View File

@ -29,6 +29,12 @@ matrix_beeper_linkedin_bridge_presence: true
matrix_beeper_linkedin_command_prefix: "!li"
matrix_beeper_linkedin_bridge_permissions: |
{{
{matrix_beeper_linkedin_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_beeper_linkedin_container_extra_arguments: []

View File

@ -236,11 +236,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_beeper_linkedin_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_beeper_linkedin_bridge_permissions|to_json }}

View File

@ -85,6 +85,20 @@ matrix_go_skype_bridge_bridge_login_shared_secret_map:
matrix_go_skype_bridge_bridge_double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_go_skype_bridge_log_level: 'warn'
matrix_go_skype_bridge_bridge_permissions: |
{{
{matrix_go_skype_bridge_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default go-skype-bridge configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -124,11 +138,3 @@ matrix_go_skype_bridge_registration_yaml: |
de.sorunome.msc2409.push_ephemeral: true
matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_go_skype_bridge_log_level: 'warn'

View File

@ -197,11 +197,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_go_skype_bridge_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_go_skype_bridge_bridge_permissions|to_json }}
relaybot:
# Whether or not relaybot support is enabled.

View File

@ -46,6 +46,12 @@ matrix_mautrix_facebook_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_facebook_federate_rooms: true
matrix_mautrix_facebook_bridge_permissions: |
{{
{matrix_mautrix_facebook_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Controls whether the matrix-mautrix-facebook container exposes its HTTP port.
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9008"), or empty string to not expose.

View File

@ -201,11 +201,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_facebook_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_facebook_bridge_permissions|to_json }}
relay:
# Whether relay mode should be allowed. If allowed, `!fb set-relay` can be used to turn any

View File

@ -48,6 +48,12 @@ matrix_mautrix_googlechat_homeserver_token: ''
# If false, created portal rooms will never be federated.
matrix_mautrix_googlechat_federate_rooms: true
matrix_mautrix_googlechat_bridge_permissions: |
{{
{matrix_mautrix_googlechat_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.

View File

@ -117,11 +117,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_googlechat_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_googlechat_bridge_permissions|to_json }}
# Python logging configuration.
#

View File

@ -27,6 +27,12 @@ matrix_mautrix_hangouts_appservice_address: 'http://matrix-mautrix-hangouts:8080
matrix_mautrix_hangouts_command_prefix: "!HO"
matrix_mautrix_hangouts_bridge_permissions: |
{{
{matrix_mautrix_hangouts_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Controls whether the matrix-mautrix-hangouts container exposes its HTTP port (tcp/8080 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:9007"), or empty string to not expose.

View File

@ -114,11 +114,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_hangouts_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_hangouts_bridge_permissions|to_json }}
# Python logging configuration.
#

View File

@ -25,6 +25,12 @@ matrix_mautrix_instagram_appservice_address: 'http://matrix-mautrix-instagram:29
matrix_mautrix_instagram_command_prefix: "!ig"
matrix_mautrix_instagram_bridge_permissions: |
{{
{matrix_mautrix_instagram_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_instagram_container_extra_arguments: []

View File

@ -185,11 +185,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_instagram_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_mautrix_instagram_bridge_permissions|to_json }}
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:

View File

@ -103,12 +103,14 @@ matrix_mautrix_signal_relaybot_enabled: false
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
#
# This variable used to contain a YAML string, but now needs to contain a hashmap/dictionary.
matrix_mautrix_signal_bridge_permissions: |
'*': relay
'{{ matrix_mautrix_signal_homeserver_domain }}': user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
{{
{'*': 'relay'}
| combine({matrix_mautrix_signal_homeserver_domain: 'user'})
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.

View File

@ -11,6 +11,15 @@
- "matrix_mautrix_signal_homeserver_token"
- "matrix_mautrix_signal_appservice_token"
- name: (Deprecation) Fail if matrix_mautrix_signal_bridge_permissions specified as YAML string, instead of a dictionary
ansible.builtin.fail:
msg: >-
The `matrix_mautrix_signal_bridge_permissions` variable in your configuration is specified as a YAML string.
The playbook now expects a hashmap/dictionary in this variable.
Change your configuration like this:
matrix_mautrix_signal_bridge_permissions: {{ matrix_mautrix_signal_bridge_permissions | from_yaml | to_json }}
when: "matrix_mautrix_signal_bridge_permissions is string"
- name: (Deprecation) Catch and report renamed Signal variables
ansible.builtin.fail:
msg: >-

View File

@ -223,8 +223,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
{{ matrix_mautrix_signal_bridge_permissions|from_yaml }}
permissions: {{ matrix_mautrix_signal_bridge_permissions|to_json }}
relay:
# Whether or not relay mode should be allowed. If allowed, `!signal set-relay` can be used to turn any

View File

@ -27,6 +27,12 @@ matrix_mautrix_telegram_data_path: "{{ matrix_mautrix_telegram_base_path }}/data
matrix_mautrix_telegram_command_prefix: "!tg"
matrix_mautrix_telegram_bridge_permissions: |
{{
{matrix_mautrix_telegram_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Get your own API keys at https://my.telegram.org/apps
matrix_mautrix_telegram_api_id: ''
matrix_mautrix_telegram_api_hash: ''

View File

@ -289,11 +289,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_telegram_homeserver_domain }}': full
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_telegram_bridge_permissions|to_json }}
# Options related to the message relay Telegram bot.
relaybot:

View File

@ -25,6 +25,12 @@ matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
matrix_mautrix_twitter_command_prefix: "!tw"
matrix_mautrix_twitter_bridge_permissions: |
{{
{matrix_mautrix_twitter_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# A list of extra arguments to pass to the container
matrix_mautrix_twitter_container_extra_arguments: []

View File

@ -173,11 +173,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_twitter_homeserver_domain }}': user
{% if matrix_admin %}
'{{ matrix_admin }}': admin
{% endif %}
permissions: {{ matrix_mautrix_twitter_bridge_permissions|to_json }}
# Python logging configuration.

View File

@ -90,6 +90,17 @@ matrix_mautrix_whatsapp_bridge_login_shared_secret_map:
matrix_mautrix_whatsapp_bridge_double_puppet_server_map:
"{{ matrix_mautrix_whatsapp_homeserver_domain : matrix_mautrix_whatsapp_homeserver_address }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_permissions: |
{{
{matrix_mautrix_whatsapp_homeserver_domain: 'user'}
| combine({matrix_admin: 'admin'} if matrix_admin else {})
}}
# Default mautrix-whatsapp configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
@ -130,7 +141,3 @@ matrix_mautrix_whatsapp_registration_yaml: |
matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_yaml | from_yaml }}"
# Enable End-to-bridge encryption
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"

View File

@ -368,11 +368,7 @@ bridge:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_mautrix_whatsapp_homeserver_domain }}": user
{% if matrix_admin %}
"{{ matrix_admin }}": admin
{% endif %}
permissions: {{ matrix_mautrix_whatsapp_bridge_permissions|to_json }}
# Settings for relay mode
relay: