finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into synapse-workers

Browse Source
This commit is contained in:
Marcel Partap
2020-12-01 21:24:26 +01:00
parent 4678c5d7bd 06ade5e187
commit b73ac965ac
101 changed files with 941 additions and 1127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/matrix-base/templates/usr-local-bin/matrix-remove-all.j2
View File

@ -24,9 +24,9 @@ else
find /etc/cron.d/ -name "matrix-*" -delete
echo "Remove matrix scripts"
find {{ matrix_local_bin_path }}/ -name "matrix-*" -delete
echo "Remove every docker images"
docker rmi $(docker images -aq)
echo "Remove docker matrix network"
echo "Remove unused Docker images and resources"
docker system prune -af
echo "Remove Docker matrix network (should be gone already, but ..)"
docker network rm {{ matrix_docker_network }}
echo "Remove {{ matrix_base_data_path }} directory"
rm -fr "{{ matrix_base_data_path }}"

2
roles/matrix-bot-matrix-reminder-bot/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_bot_matrix_reminder_bot_enabled: true
matrix_bot_matrix_reminder_bot_docker_image: "anoa/matrix-reminder-bot:release-v0.2.0"
matrix_bot_matrix_reminder_bot_docker_image: "docker.io/anoa/matrix-reminder-bot:release-v0.2.0"
matrix_bot_matrix_reminder_bot_docker_image_force_pull: "{{ matrix_bot_matrix_reminder_bot_docker_image.endswith(':latest') }}"
matrix_bot_matrix_reminder_bot_base_path: "{{ matrix_base_data_path }}/matrix-reminder-bot"

4
roles/matrix-bot-matrix-reminder-bot/templates/systemd/matrix-bot-matrix-reminder-bot.service.j2
View File

@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-matrix-rem
--read-only \
--network={{ matrix_docker_network }} \
-e 'TZ={{ matrix_bot_matrix_reminder_bot_reminders_timezone }}' \
-v {{ matrix_bot_matrix_reminder_bot_config_path }}:/config:ro \
-v {{ matrix_bot_matrix_reminder_bot_data_path }}:/data:rw \
--mount type=bind,src={{ matrix_bot_matrix_reminder_bot_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_bot_matrix_reminder_bot_data_path }},dst=/data \
--entrypoint=/bin/sh \
{% for arg in matrix_bot_matrix_reminder_bot_container_extra_arguments %}
{{ arg }} \

2
roles/matrix-bridge-appservice-discord/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_appservice_discord_enabled: true
matrix_appservice_discord_docker_image: "halfshot/matrix-appservice-discord:latest"
matrix_appservice_discord_docker_image: "docker.io/halfshot/matrix-appservice-discord:latest"
matrix_appservice_discord_docker_image_force_pull: "{{ matrix_appservice_discord_docker_image.endswith(':latest') }}"
matrix_appservice_discord_base_path: "{{ matrix_base_data_path }}/appservice-discord"

2
roles/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -63,7 +63,7 @@
{{ matrix_host_command_docker }} run --rm --name matrix-appservice-discord-link-gen
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_appservice_discord_config_path }}:/cfg
--mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg
-w /cfg
{{ matrix_appservice_discord_docker_image }}
/bin/sh -c "node /build/tools/addbot.js > /cfg/invite_link"

4
roles/matrix-bridge-appservice-discord/templates/systemd/matrix-appservice-discord.service.j2
View File

@ -25,8 +25,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-appservice-dis
{% if matrix_appservice_discord_container_http_host_bind_port %}
-p {{ matrix_appservice_discord_container_http_host_bind_port }}:9005 \
{% endif %}
-v {{ matrix_appservice_discord_config_path }}:/cfg \
-v {{ matrix_appservice_discord_data_path }}:/data \
--mount type=bind,src={{ matrix_appservice_discord_config_path }},dst=/cfg \
--mount type=bind,src={{ matrix_appservice_discord_data_path }},dst=/data \
{% for arg in matrix_appservice_discord_container_extra_arguments %}
{{ arg }} \
{% endfor %}

2
roles/matrix-bridge-appservice-irc/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_appservice_irc_enabled: true
matrix_appservice_irc_docker_image: "matrixdotorg/matrix-appservice-irc:release-0.17.1"
matrix_appservice_irc_docker_image: "docker.io/matrixdotorg/matrix-appservice-irc:release-0.17.1"
matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}"
matrix_appservice_irc_base_path: "{{ matrix_base_data_path }}/appservice-irc"

2
roles/matrix-bridge-appservice-slack/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_appservice_slack_enabled: true
matrix_appservice_slack_docker_image: "matrixdotorg/matrix-appservice-slack:release-1.5.0"
matrix_appservice_slack_docker_image: "docker.io/matrixdotorg/matrix-appservice-slack:release-1.5.0"
matrix_appservice_slack_docker_image_force_pull: "{{ matrix_appservice_slack_docker_image.endswith(':latest') }}"
matrix_appservice_slack_base_path: "{{ matrix_base_data_path }}/appservice-slack"

2
roles/matrix-bridge-appservice-webhooks/defaults/main.yml
View File

@ -3,7 +3,7 @@
matrix_appservice_webhooks_enabled: true
matrix_appservice_webhooks_docker_image: "turt2live/matrix-appservice-webhooks:latest"
matrix_appservice_webhooks_docker_image: "docker.io/turt2live/matrix-appservice-webhooks:latest"
matrix_appservice_webhooks_docker_image_force_pull: "{{ matrix_appservice_webhooks_docker_image.endswith(':latest') }}"
matrix_appservice_webhooks_base_path: "{{ matrix_base_data_path }}/appservice-webhooks"

8
roles/matrix-bridge-mautrix-facebook/defaults/main.yml
View File

@ -4,9 +4,11 @@
matrix_mautrix_facebook_enabled: true
matrix_mautrix_facebook_container_image_self_build: false
matrix_mautrix_facebook_container_image_self_build_repo: "https://github.com/tulir/mautrix-facebook.git"
# See: https://mau.dev/tulir/mautrix-facebook/container_registry
matrix_mautrix_facebook_docker_image: "dock.mau.dev/tulir/mautrix-facebook:latest"
matrix_mautrix_facebook_docker_image: "{{ matrix_mautrix_facebook_docker_image_name_prefix }}tulir/mautrix-facebook:latest"
matrix_mautrix_facebook_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_facebook_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_facebook_docker_image_force_pull: "{{ matrix_mautrix_facebook_docker_image.endswith(':latest') }}"
matrix_mautrix_facebook_base_path: "{{ matrix_base_data_path }}/mautrix-facebook"
@ -33,6 +35,10 @@ matrix_mautrix_facebook_homeserver_token: ''
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_facebook_login_shared_secret: ''
matrix_mautrix_facebook_bridge_login_shared_secret_map: "{{ {matrix_mautrix_facebook_homeserver_domain: matrix_mautrix_facebook_login_shared_secret} if matrix_mautrix_facebook_login_shared_secret else {} }}"
matrix_mautrix_facebook_bridge_presence: true
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#

6
roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View File

@ -32,7 +32,7 @@
- name: Ensure Mautrix Facebook repository is present on self-build
git:
repo: https://github.com/tulir/mautrix-facebook.git
repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
# version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
force: "yes"
@ -43,12 +43,12 @@
docker_image:
name: "{{ matrix_mautrix_facebook_docker_image }}"
source: build
force_source: yes
force_source: "{{ matrix_mautrix_facebook_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build and matrix_mautrix_facebook_git_pull_results.changed"
when: "matrix_mautrix_facebook_enabled|bool and matrix_mautrix_facebook_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:

25
roles/matrix-bridge-mautrix-facebook/templates/config.yaml.j2
View File

@ -81,23 +81,32 @@ bridge:
command_prefix: "!fb"
# Number of chats to sync (and create portals for) on startup/login.
# Maximum 20, set 0 to disable automatic syncing.
# Set 0 to disable automatic syncing.
initial_chat_sync: 10
# Whether or not the Facebook users of logged in Matrix users should be
# invited to private chats when the user sends a message from another client.
invite_own_puppet_to_pm: false
# Whether or not to use /sync to get presence, read receipts and typing notifications when using
# your own Matrix account as the Matrix puppet for your Facebook account.
# Whether or not to use /sync to get presence, read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: true
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# example.com: https://example.com
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret: {{ matrix_mautrix_facebook_login_shared_secret|to_json }}
# Whether or not to bridge presence in both directions. Facebook allows users not to broadcast
# presence, but then it won't send other users' presence to the client.
presence: true
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map: {{ matrix_mautrix_facebook_bridge_login_shared_secret_map|to_json }}
presence: {{ matrix_mautrix_facebook_bridge_presence|to_json }}
# Whether or not to update avatars when syncing all contacts at startup.
update_avatar_initial_sync: true
# End-to-bridge encryption support options. These require matrix-nio to be installed with pip

4
roles/matrix-bridge-mautrix-hangouts/defaults/main.yml
View File

@ -4,9 +4,11 @@
matrix_mautrix_hangouts_enabled: true
matrix_mautrix_hangouts_container_image_self_build: false
matrix_mautrix_hangouts_container_image_self_build_repo: "https://github.com/tulir/mautrix-hangouts.git"
# See: https://mau.dev/tulir/mautrix-hangouts/container_registry
matrix_mautrix_hangouts_docker_image: "dock.mau.dev/tulir/mautrix-hangouts:latest"
matrix_mautrix_hangouts_docker_image: "{{ matrix_mautrix_hangouts_docker_image_name_prefix }}tulir/mautrix-hangouts:latest"
matrix_mautrix_hangouts_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_hangouts_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_hangouts_docker_image_force_pull: "{{ matrix_mautrix_hangouts_docker_image.endswith(':latest') }}"
matrix_mautrix_hangouts_base_path: "{{ matrix_base_data_path }}/mautrix-hangouts"

8
roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View File

@ -32,22 +32,22 @@
- name: Ensure Mautrix Hangots repository is present on self build
git:
repo: https://github.com/tulir/mautrix-hangouts.git
repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
force: "yes"
register: matrix_mautrix_hangouts_git_pull_results
when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build"
when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build|bool"
- name: Ensure Mautrix Hangouts Docker image is built
docker_image:
name: "{{ matrix_mautrix_hangouts_docker_image }}"
source: build
force_source: yes
force_source: "{{ matrix_mautrix_hangouts_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build and matrix_mautrix_hangouts_git_pull_results.changed"
when: "matrix_mautrix_hangouts_enabled|bool and matrix_mautrix_hangouts_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:

2
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -4,7 +4,7 @@
matrix_mautrix_telegram_enabled: true
# See: https://mau.dev/tulir/mautrix-telegram/container_registry
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.8.2"
matrix_mautrix_telegram_docker_image: "dock.mau.dev/tulir/mautrix-telegram:v0.9.0"
matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}"
matrix_mautrix_telegram_base_path: "{{ matrix_base_data_path }}/mautrix-telegram"

4
roles/matrix-bridge-mx-puppet-discord/defaults/main.yml
View File

@ -4,13 +4,15 @@
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_container_image_self_build: false
matrix_mx_puppet_discord_container_image_self_build_repo: "https://github.com/matrix-discord/mx-puppet-discord.git"
# Controls whether the mx-puppet-discord container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_discord_container_http_host_bind_port: ''
matrix_mx_puppet_discord_docker_image: "sorunome/mx-puppet-discord:latest"
matrix_mx_puppet_discord_docker_image: "{{ matrix_mx_puppet_discord_docker_image_name_prefix }}sorunome/mx-puppet-discord:latest"
matrix_mx_puppet_discord_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_discord_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_discord_docker_image_force_pull: "{{ matrix_mx_puppet_discord_docker_image.endswith(':latest') }}"
matrix_mx_puppet_discord_base_path: "{{ matrix_base_data_path }}/mx-puppet-discord"

6
roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
View File

@ -32,20 +32,22 @@
- name: Ensure MX Puppet Discord repository is present on self build
git:
repo: https://github.com/matrix-discord/mx-puppet-discord.git
repo: "{{ matrix_mx_puppet_discord_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_discord_git_pull_results
when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
- name: Ensure MX Puppet Discord Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_discord_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_discord_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"
when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:

4
roles/matrix-bridge-mx-puppet-instagram/defaults/main.yml
View File

@ -4,8 +4,10 @@
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_image_self_build: false
matrix_mx_puppet_instagram_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-instagram.git"
matrix_mx_puppet_instagram_docker_image: "docker.io/sorunome/mx-puppet-instagram:latest"
matrix_mx_puppet_instagram_docker_image: "{{ matrix_mx_puppet_instagram_docker_image_name_prefix }}sorunome/mx-puppet-instagram:latest"
matrix_mx_puppet_instagram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_instagram_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_instagram_docker_image_force_pull: "{{ matrix_mx_puppet_instagram_docker_image.endswith(':latest') }}"
matrix_mx_puppet_instagram_base_path: "{{ matrix_base_data_path }}/mx-puppet-instagram"

8
roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
View File

@ -32,20 +32,22 @@
- name: Ensure mx-puppet-instagram repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-instagram.git
repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
force: "yes"
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
register: matrix_mx_puppet_instagram_git_pull_results
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool"
- name: Ensure mx-puppet-instagram Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_instagram_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_instagram_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build"
when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool"
- name: Ensure mx-puppet-instagram config.yaml installed
copy:

4
roles/matrix-bridge-mx-puppet-skype/defaults/main.yml
View File

@ -4,8 +4,10 @@
matrix_mx_puppet_skype_enabled: true
matrix_mx_puppet_skype_container_image_self_build: false
matrix_mx_puppet_skype_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-skype.git"
matrix_mx_puppet_skype_docker_image: "sorunome/mx-puppet-skype:latest"
matrix_mx_puppet_skype_docker_image: "{{ matrix_mx_puppet_skype_docker_image_name_prefix }}sorunome/mx-puppet-skype:latest"
matrix_mx_puppet_skype_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_skype_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_skype_docker_image_force_pull: "{{ matrix_mx_puppet_skype_docker_image.endswith(':latest') }}"
matrix_mx_puppet_skype_base_path: "{{ matrix_base_data_path }}/mx-puppet-skype"

8
roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
View File

@ -32,22 +32,22 @@
- name: Ensure MX Puppet Skype repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-skype.git
repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_skype_git_pull_results
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build"
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"
- name: Ensure MX Puppet Skype Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_skype_docker_image }}"
source: build
force_source: yes
force_source: "{{ matrix_mx_puppet_skype_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
pull: yes
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build and matrix_mx_puppet_skype_git_pull_results.changed"
when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"
- name: Check if an old database file already exists
stat:

4
roles/matrix-bridge-mx-puppet-slack/defaults/main.yml
View File

@ -4,13 +4,15 @@
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_container_image_self_build: false
matrix_mx_puppet_slack_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-slack.git"
# Controls whether the mx-puppet-slack container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_slack_container_http_host_bind_port: ''
matrix_mx_puppet_slack_docker_image: "sorunome/mx-puppet-slack:latest"
matrix_mx_puppet_slack_docker_image: "{{ matrix_mx_puppet_slack_docker_image_name_prefix }}sorunome/mx-puppet-slack:latest"
matrix_mx_puppet_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_slack_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_slack_docker_image_force_pull: "{{ matrix_mx_puppet_slack_docker_image.endswith(':latest') }}"
matrix_mx_puppet_slack_base_path: "{{ matrix_base_data_path }}/mx-puppet-slack"

4
roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
View File

@ -32,15 +32,17 @@
- name: Ensure MX Puppet Slack repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-slack.git
repo: "{{ matrix_mx_puppet_slack_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_slack_git_pull_results
when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"
- name: Ensure MX Puppet Slack Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_slack_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_slack_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"

4
roles/matrix-bridge-mx-puppet-steam/defaults/main.yml
View File

@ -4,13 +4,15 @@
matrix_mx_puppet_steam_enabled: true
matrix_mx_puppet_steam_container_image_self_build: false
matrix_mx_puppet_steam_container_image_self_build_repo: "https://github.com/icewind1991/mx-puppet-steam.git"
# Controls whether the mx-puppet-steam container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_steam_container_http_host_bind_port: ''
matrix_mx_puppet_steam_docker_image: "icewind1991/mx-puppet-steam:latest"
matrix_mx_puppet_steam_docker_image: "{{ matrix_mx_puppet_steam_docker_image_name_prefix }}icewind1991/mx-puppet-steam:latest"
matrix_mx_puppet_steam_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_steam_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_steam_docker_image_force_pull: "{{ matrix_mx_puppet_steam_docker_image.endswith(':latest') }}"
matrix_mx_puppet_steam_base_path: "{{ matrix_base_data_path }}/mx-puppet-steam"

4
roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
View File

@ -32,15 +32,17 @@
- name: Ensure MX Puppet Steam repository is present on self build
git:
repo: https://github.com/icewind1991/mx-puppet-steam.git
repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_steam_git_pull_results
when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"
- name: Ensure MX Puppet Steam Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_steam_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_steam_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"

4
roles/matrix-bridge-mx-puppet-twitter/defaults/main.yml
View File

@ -4,13 +4,15 @@
matrix_mx_puppet_twitter_enabled: true
matrix_mx_puppet_twitter_container_image_self_build: false
matrix_mx_puppet_twitter_container_image_self_build_repo: "https://github.com/Sorunome/mx-puppet-twitter.git"
# Controls whether the mx-puppet-twitter container exposes its HTTP port (tcp/8432 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8432"), or empty string to not expose.
matrix_mx_puppet_twitter_container_http_host_bind_port: ''
matrix_mx_puppet_twitter_docker_image: "sorunome/mx-puppet-twitter:latest"
matrix_mx_puppet_twitter_docker_image: "{{ matrix_mx_puppet_twitter_docker_image_name_prefix }}sorunome/mx-puppet-twitter:latest"
matrix_mx_puppet_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mx_puppet_twitter_container_image_self_build else 'docker.io/' }}"
matrix_mx_puppet_twitter_docker_image_force_pull: "{{ matrix_mx_puppet_twitter_docker_image.endswith(':latest') }}"
matrix_mx_puppet_twitter_base_path: "{{ matrix_base_data_path }}/mx-puppet-twitter"

4
roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
View File

@ -32,15 +32,17 @@
- name: Ensure MX Puppet Twitter repository is present on self build
git:
repo: https://github.com/Sorunome/mx-puppet-twitter.git
repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}"
dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
force: "yes"
register: matrix_mx_puppet_twitter_git_pull_results
when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"
- name: Ensure MX Puppet Twitter Docker image is built
docker_image:
name: "{{ matrix_mx_puppet_twitter_docker_image }}"
source: build
force_source: "{{ matrix_mx_puppet_twitter_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"

92
roles/matrix-bridge-sms/defaults/main.yml
View File

@ -3,43 +3,27 @@
matrix_sms_bridge_enabled: true
matrix_sms_bridge_docker_image: "folivonet/matrix-sms-bridge:0.3.2.RELEASE"
matrix_sms_bridge_database_docker_image: "neo4j:latest"
matrix_sms_bridge_database_docker_image_force_pull: "{{ matrix_sms_bridge_docker_image.endswith(':latest') }}"
matrix_sms_bridge_docker_image: "docker.io/folivonet/matrix-sms-bridge:0.5.4"
matrix_sms_bridge_base_path: "{{ matrix_base_data_path }}/matrix-sms-bridge"
matrix_sms_bridge_config_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/config"
matrix_sms_bridge_data_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data"
matrix_sms_bridge_data_log_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/log"
matrix_sms_bridge_data_spool_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool"
matrix_sms_bridge_data_spool_inbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox"
matrix_sms_bridge_data_spool_inbox_processed_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/inbox_processed"
matrix_sms_bridge_data_spool_outbox_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/outbox"
matrix_sms_bridge_data_spool_sent_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/sent"
matrix_sms_bridge_data_spool_error_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/data/spool/error"
matrix_sms_bridge_database_path: "{{ matrix_base_data_path }}/matrix-sms-bridge/database"
matrix_sms_bridge_appservice_token: ''
matrix_sms_bridge_homeserver_token: ''
matrix_sms_bridge_database_username: 'neo4j'
matrix_sms_bridge_database_password: ''
matrix_sms_bridge_container_http_host_bind_port: ''
# A list of extra arguments to pass to the container
matrix_sms_bridge_container_extra_arguments: []
# List of systemd services that service depends on.
matrix_sms_bridge_systemd_required_services_list: ['docker.service','matrix-sms-bridge-database.service']
matrix_sms_bridge_database_systemd_required_services_list: ['docker.service']
matrix_sms_bridge_systemd_required_services_list: ['docker.service']
# List of systemd services that service wants
matrix_sms_bridge_systemd_wanted_services_list: []
matrix_sms_bridge_database_systemd_wanted_services_list: []
matrix_sms_bridge_appservice_url: 'http://matrix-sms-bridge:8080'
matrix_sms_bridge_database_url: 'bolt://matrix-sms-bridge-database:7687'
matrix_sms_bridge_homeserver_hostname: 'matrix-synapse'
matrix_sms_bridge_homeserver_port: '8008'
@ -47,25 +31,19 @@ matrix_sms_bridge_homserver_domain: "{{ matrix_domain }}"
matrix_sms_bridge_default_room: ''
matrix_sms_bridge_default_region: ''
matrix_sms_bridge_default_timezone: ''
matrix_sms_bridge_single_mode_enabled: false
matrix_sms_bridge_gammu_modem: ''
matrix_sms_bridge_modem_group: 'dialout'
matrix_sms_bridge_gammu_reset_frequency: 0
matrix_sms_bridge_gammu_hard_reset_frequency: 0
matrix_sms_bridge_provider_android_baseurl: ''
matrix_sms_bridge_provider_android_username: ''
matrix_sms_bridge_provider_android_password: ''
matrix_sms_bridge_provider_android_truststore_local_path: ''
matrix_sms_bridge_provider_android_truststore_password: ''
matrix_sms_bridge_configuration_yaml: |
#jinja2: lstrip_blocks: "True"
# Database connection
org:
neo4j:
driver:
uri: {{ matrix_sms_bridge_database_url }}
authentication:
username: {{ matrix_sms_bridge_database_username }}
password: {{ matrix_sms_bridge_database_password }}
matrix:
bridge:
sms:
@ -74,17 +52,33 @@ matrix_sms_bridge_configuration_yaml: |
defaultRoomId: "{{ matrix_sms_bridge_default_room }}"
defaultRegion: "{{ matrix_sms_bridge_default_region }}"
defaultTimeZone: "{{ matrix_sms_bridge_default_timezone }}"
singleModeEnabled: "{{ matrix_sms_bridge_single_mode_enabled }}"
provider:
gammu:
android:
# (optional) default is disabled
enabled: true
# (optional) Path to the Gammu-Inbox directory.
inboxPath: /data/spool/inbox
# (optional) Path to the directory, where to put processed messages.
inboxProcessedPath: /data/spool/inbox_processed
# The url to the android-sms-gateway-server
baseUrl: {{ matrix_sms_bridge_provider_android_baseurl }}
# The username of the gateway
username: {{ matrix_sms_bridge_provider_android_username }}
# The password of the gateway
password: {{ matrix_sms_bridge_provider_android_password }}
# (optional) if you use a self signed certificate, you can add the public key here
{% if matrix_sms_bridge_provider_android_truststore_local_path %}
trustStore:
path: /config/matrix-sms-gateway-server.p12
password: {{ matrix_sms_bridge_provider_android_truststore_password }}
type: PKCS12
{% endif %}
bot:
# The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org
serverName: {{ matrix_sms_bridge_homserver_domain }}
migration:
url: "jdbc:h2:file:/data/database/db"
username: sa
database:
url: "r2dbc:h2:file:////data/database/db"
username: sa
client:
homeServer:
# The hostname of your Homeserver.
@ -112,31 +106,6 @@ matrix_sms_bridge_configuration_extension: "{{ matrix_sms_bridge_configuration_e
matrix_sms_bridge_configuration: "{{ matrix_sms_bridge_configuration_yaml|from_yaml|combine(matrix_sms_bridge_configuration_extension, recursive=True) }}"
matrix_sms_bridge_gammu_configuration: |
[gammu]
Device = {{ matrix_sms_bridge_gammu_modem }}
LogFile = /data/log/gammu.log
debugLevel = 1
[smsd]
Service = files
LoopSleep = 2
InboxPath = /data/spool/inbox/
OutboxPath = /data/spool/outbox/
SentSMSPath = /data/spool/sent/
ErrorSMSPath = /data/spool/error/
InboxFormat = detail
OutboxFormat = detail
TransmitFormat = auto
ResetFrequency = {{ matrix_sms_bridge_gammu_reset_frequency }}
HardResetFrequency = {{ matrix_sms_bridge_gammu_hard_reset_frequency }}
debugLevel = 1
LogFile = /data/log/smsd.log
DeliveryReport = no
HangupCalls = 1
CheckBattery = 0
matrix_sms_bridge_registration_yaml: |
id: sms
as_token: "{{ matrix_sms_bridge_appservice_token }}"
@ -145,6 +114,9 @@ matrix_sms_bridge_registration_yaml: |
users:
- exclusive: true
regex: '^@sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$'
aliases:
- exclusive: true
regex: '^#sms_.+:{{ matrix_sms_bridge_homserver_domain|regex_escape }}$'
url: {{ matrix_sms_bridge_appservice_url }}
sender_localpart: smsbot
rate_limited: false

2
roles/matrix-bridge-sms/tasks/init.yml
View File

@ -7,7 +7,7 @@
when: "matrix_sms_bridge_enabled and matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge','matrix-sms-bridge-database'] }}"
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-sms-bridge'] }}"
when: matrix_sms_bridge_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.

34
roles/matrix-bridge-sms/tasks/setup_install.yml
View File

@ -5,14 +5,6 @@
name: "{{ matrix_sms_bridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
- name: Ensure matrix-sms-bridge databse image is pulled
docker_image:
name: "{{ matrix_sms_bridge_database_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_sms_bridge_database_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_sms_bridge_database_docker_image_force_pull }}"
- name: Ensure matrix-sms-bridge paths exist
file:
path: "{{ item }}"
@ -24,14 +16,6 @@
- "{{ matrix_sms_bridge_base_path }}"
- "{{ matrix_sms_bridge_config_path }}"
- "{{ matrix_sms_bridge_data_path }}"
- "{{ matrix_sms_bridge_data_log_path }}"
- "{{ matrix_sms_bridge_data_spool_path }}"
- "{{ matrix_sms_bridge_data_spool_inbox_path }}"
- "{{ matrix_sms_bridge_data_spool_inbox_processed_path }}"
- "{{ matrix_sms_bridge_data_spool_outbox_path }}"
- "{{ matrix_sms_bridge_data_spool_sent_path }}"
- "{{ matrix_sms_bridge_data_spool_error_path }}"
- "{{ matrix_sms_bridge_database_path }}"
- name: Ensure matrix-sms-bridge application.yml installed
copy:
@ -49,13 +33,14 @@
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-sms-bridge gammu-smsdrc installed
- name: Ensure android-sms-gateway-server cert installed
copy:
content: "{{ matrix_sms_bridge_gammu_configuration }}"
dest: "{{ matrix_sms_bridge_config_path }}/gammu-smsdrc"
src: "{{ matrix_sms_bridge_provider_android_truststore_local_path }}"
dest: "{{ matrix_sms_bridge_config_path }}/matrix-sms-gateway-server.p12"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: matrix_sms_bridge_provider_android_truststore_local_path != ""
- name: Ensure matrix-sms-bridge.service installed
template:
@ -64,14 +49,7 @@
mode: 0644
register: matrix_sms_bridge_systemd_service_result
- name: Ensure matrix-sms-bridge-database.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-sms-bridge-database.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
mode: 0644
register: matrix_sms_bridge_database_systemd_service_result
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service installation
- name: Ensure systemd reloaded after matrix-sms-bridge.service installation
service:
daemon_reload: yes
when: matrix_sms_bridge_systemd_service_result.changed or matrix_sms_bridge_database_systemd_service_result.changed
when: matrix_sms_bridge_systemd_service_result.changed

25
roles/matrix-bridge-sms/tasks/setup_uninstall.yml
View File

@ -5,11 +5,6 @@
path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
register: matrix_sms_bridge_service_stat
- name: Check existence of matrix-sms-bridge-database service
stat:
path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
register: matrix_sms_bridge_database_service_stat
- name: Ensure matrix-sms-bridge is stopped
service:
name: matrix-sms-bridge
@ -17,26 +12,8 @@
daemon_reload: yes
when: "matrix_sms_bridge_service_stat.stat.exists"
- name: Ensure matrix-sms-bridge-database is stopped
service:
name: matrix-sms-bridge-database
state: stopped
daemon_reload: yes
when: "matrix_sms_bridge_database_service_stat.stat.exists"
- name: Ensure matrix-sms-bridge.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-sms-bridge.service"
state: absent
when: "matrix_sms_bridge_service_stat.stat.exists"
- name: Ensure matrix-sms-bridge-database.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-sms-bridge-database.service"
state: absent
when: "matrix_sms_bridge_database_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-sms-bridge.service or matrix-sms-bridge-database.service removal
service:
daemon_reload: yes
when: matrix_sms_bridge_service_stat.stat.exists or matrix_sms_bridge_database_service_stat.stat.exists
when: "matrix_sms_bridge_service_stat.stat.exists"

5
roles/matrix-bridge-sms/tasks/validate_config.yml
View File

@ -8,7 +8,8 @@
with_items:
- "matrix_sms_bridge_appservice_token"
- "matrix_sms_bridge_homeserver_token"
- "matrix_sms_bridge_database_password"
- "matrix_sms_bridge_gammu_modem"
- "matrix_sms_bridge_default_region"
- "matrix_sms_bridge_default_timezone"
- "matrix_sms_bridge_provider_android_baseurl"
- "matrix_sms_bridge_provider_android_username"
- "matrix_sms_bridge_provider_android_password"

36
roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge-database.service.j2
View File

@ -1,36 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix sms bridge database
{% for service in matrix_sms_bridge_database_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_sms_bridge_database_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-sms-bridge-database
ExecStartPre=-/usr/bin/docker rm matrix-sms-bridge-database
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre=/bin/sleep 5
ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge-database \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_sms_bridge_database_path }}:/data:z \
-e NEO4J_AUTH={{ matrix_sms_bridge_database_username }}/{{ matrix_sms_bridge_database_password }} \
{{ matrix_sms_bridge_database_docker_image }}
ExecStop=-/usr/bin/docker kill matrix-sms-bridge-database
ExecStop=-/usr/bin/docker rm matrix-sms-bridge-database
Restart=always
RestartSec=30
SyslogIdentifier=matrix-sms-bridge
[Install]
WantedBy=multi-user.target

5
roles/matrix-bridge-sms/templates/systemd/matrix-sms-bridge.service.j2
View File

@ -20,7 +20,6 @@ ExecStartPre=/bin/sleep 5
ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--group-add {{ matrix_sms_bridge_modem_group }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
{% if matrix_sms_bridge_container_http_host_bind_port %}
@ -28,9 +27,7 @@ ExecStart=/usr/bin/docker run --rm --name matrix-sms-bridge \
{% endif %}
-v {{ matrix_sms_bridge_config_path }}:/config:z \
-v {{ matrix_sms_bridge_data_path }}:/data:z \
-v {{ matrix_sms_bridge_config_path }}/gammu-smsdrc:/etc/gammu-smsdrc:z \
--privileged \
-v /dev:/dev:slave \
--env SPRING_CONFIG_ADDITIONAL_LOCATION=/config/application.yml \
{% for arg in matrix_sms_bridge_container_extra_arguments %}
{{ arg }} \
{% endfor %}

4
roles/matrix-client-element/defaults/main.yml
View File

@ -1,8 +1,10 @@
matrix_client_element_enabled: true
matrix_client_element_container_image_self_build: false
matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git"
matrix_client_element_docker_image: "vectorim/element-web:v1.7.13"
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.14"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else 'docker.io/' }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"
matrix_client_element_data_path: "{{ matrix_base_data_path }}/client-element"

8
roles/matrix-client-element/tasks/setup.yml
View File

@ -26,21 +26,23 @@
- name: Ensure Element repository is present on self-build
git:
repo: https://github.com/vector-im/riot-web.git
repo: "{{ matrix_client_element_container_image_self_build_repo }}"
dest: "{{ matrix_client_element_docker_src_files_path }}"
version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
force: "yes"
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
register: matrix_client_element_git_pull_results
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool"
- name: Ensure Element Docker image is built
docker_image:
name: "{{ matrix_client_element_docker_image }}"
source: build
force_source: "{{ matrix_client_element_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_client_element_docker_src_files_path }}"
pull: yes
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build"
when: "matrix_client_element_enabled|bool and matrix_client_element_container_image_self_build|bool"
- name: Ensure Element configuration installed
copy:

10
roles/matrix-client-element/templates/systemd/matrix-client-element.service.j2
View File

@ -21,13 +21,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-client-element
-p {{ matrix_client_element_container_http_host_bind_port }}:8080 \
{% endif %}
--tmpfs=/tmp:rw,noexec,nosuid,size=10m \
-v {{ matrix_client_element_data_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ matrix_client_element_data_path }}/config.json:/app/config.json:ro \
-v {{ matrix_client_element_data_path }}/config.json:/app/config.{{ matrix_server_fqn_element }}.json:ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.json,ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/config.json,dst=/app/config.{{ matrix_server_fqn_element }}.json,ro \
{% if matrix_client_element_embedded_pages_home_path is not none %}
-v {{ matrix_client_element_data_path }}/home.html:/app/home.html:ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/home.html,dst=/app/home.html,ro \
{% endif %}
-v {{ matrix_client_element_data_path }}/welcome.html:/app/welcome.html:ro \
--mount type=bind,src={{ matrix_client_element_data_path }}/welcome.html,dst=/app/welcome.html,ro \
{% for arg in matrix_client_element_container_extra_arguments %}
{{ arg }} \
{% endfor %}

6
roles/matrix-common-after/tasks/start.yml
View File

@ -1,5 +1,9 @@
---
- name: Deterimne whether we should make services autostart
set_fact:
matrix_services_autostart_enabled_bool: "{{ true if matrix_services_autostart_enabled|default('') == '' else matrix_services_autostart_enabled|bool }}"
- name: Ensure systemd is reloaded
service:
daemon_reload: yes
@ -14,7 +18,7 @@
- name: Ensure Matrix services are started
service:
name: "{{ item }}"
enabled: yes
enabled: "{{ matrix_services_autostart_enabled_bool }}"
state: started
with_items: "{{ matrix_systemd_services_list }}"
when: not ansible_check_mode

2
roles/matrix-corporal/defaults/main.yml
View File

@ -19,7 +19,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_docker_image: "devture/matrix-corporal:1.11.0"
matrix_corporal_docker_image: "docker.io/devture/matrix-corporal:1.11.0"
matrix_corporal_docker_image_force_pull: "{{ matrix_corporal_docker_image.endswith(':latest') }}"
matrix_corporal_base_path: "{{ matrix_base_data_path }}/corporal"

6
roles/matrix-corporal/templates/systemd/matrix-corporal.service.j2
View File

@ -23,9 +23,9 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-corporal \
{% if matrix_corporal_container_http_api_host_bind_port %}
-p {{ matrix_corporal_container_http_api_host_bind_port }}:41081 \
{% endif %}
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
--mount type=bind,src={{ matrix_corporal_config_dir_path }},dst=/etc/matrix-corporal,ro \
--mount type=bind,src={{ matrix_corporal_cache_dir_path }},dst=/var/cache/matrix-corporal \
--mount type=bind,src={{ matrix_corporal_var_dir_path }},dst=/var/matrix-corporal \
{% for arg in matrix_corporal_container_extra_arguments %}
{{ arg }} \
{% endfor %}

4
roles/matrix-coturn/defaults/main.yml
View File

@ -1,8 +1,10 @@
matrix_coturn_enabled: true
matrix_coturn_container_image_self_build: false
matrix_coturn_container_image_self_build_repo: "https://github.com/instrumentisto/coturn-docker-image.git"
matrix_coturn_docker_image: "instrumentisto/coturn:4.5.1.3"
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}instrumentisto/coturn:4.5.1.3"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else 'docker.io/' }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"
# The Docker network that Coturn would be put into.

6
roles/matrix-coturn/tasks/setup_coturn.yml
View File

@ -25,21 +25,23 @@
- name: Ensure Coturn repository is present on self-build
git:
repo: https://github.com/instrumentisto/coturn-docker-image.git
repo: "{{ matrix_coturn_container_image_self_build_repo }}"
dest: "{{ matrix_coturn_docker_src_files_path }}"
version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_coturn_git_pull_results
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
- name: Ensure Coturn Docker image is built
docker_image:
name: "{{ matrix_coturn_docker_image }}"
source: build
force_source: "{{ matrix_coturn_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_coturn_docker_src_files_path }}"
pull: yes
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build"
when: "matrix_coturn_enabled|bool and matrix_coturn_container_image_self_build|bool"
- name: Ensure Coturn configuration path exists
file:

2
roles/matrix-coturn/templates/systemd/matrix-coturn.service.j2
View File

@ -30,7 +30,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-coturn \
{% if matrix_coturn_container_turn_range_listen_interface is not none %}
-p {{ matrix_coturn_container_turn_range_listen_interface }}{{ ':' if matrix_coturn_container_turn_range_listen_interface else '' }}{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}:{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp \
{% endif %}
-v {{ matrix_coturn_config_path }}:/turnserver.conf:ro \
--mount type=bind,src={{ matrix_coturn_config_path }},dst=/turnserver.conf,ro \
{% for volume in matrix_coturn_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}

2
roles/matrix-dimension/defaults/main.yml
View File

@ -12,7 +12,7 @@ matrix_dimension_widgets_allow_self_signed_ssl_certificates: false
matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension"
matrix_dimension_docker_image: "turt2live/matrix-dimension:latest"
matrix_dimension_docker_image: "docker.io/turt2live/matrix-dimension:latest"
matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}"
# The user and group id correspond to the node user in the `turt2live/matrix-dimension` image.

2
roles/matrix-dimension/templates/systemd/matrix-dimension.service.j2
View File

@ -23,7 +23,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-dimension \
{% if matrix_dimension_container_http_host_bind_port %}
-p {{ matrix_dimension_container_http_host_bind_port }}:8184 \
{% endif %}
-v {{ matrix_dimension_base_path }}:/data:rw \
--mount type=bind,src={{ matrix_dimension_base_path }},dst=/data \
{% for arg in matrix_dimension_container_extra_arguments %}
{{ arg }} \
{% endfor %}

5
roles/matrix-dynamic-dns/defaults/main.yml
View File

@ -5,7 +5,9 @@ matrix_dynamic_dns_enabled: true
matrix_dynamic_dns_daemon_interval: '300'
# The docker container to use when in mode
matrix_dynamic_dns_docker_image: 'linuxserver/ddclient:v3.9.1-ls45'
matrix_dynamic_dns_docker_image: '{{ matrix_dynamic_dns_docker_image_name_prefix }}linuxserver/ddclient:v3.9.1-ls45'
matrix_dynamic_dns_docker_image_name_prefix: "{{ 'localhost/' if matrix_dynamic_dns_container_image_self_build else 'docker.io/' }}"
# The image to force pull
matrix_dynamic_dns_docker_image_force_pull: "{{ matrix_dynamic_dns_docker_image.endswith(':latest') }}"
@ -21,6 +23,7 @@ matrix_dynamic_dns_systemd_required_services_list: ['docker.service']
# Build the container from source when running in mode
matrix_dynamic_dns_container_image_self_build: false
matrix_dynamic_dns_container_image_self_build_repo: "https://github.com/linuxserver/docker-ddclient.git"
# Config paths
matrix_dynamic_dns_base_path: "{{ matrix_base_data_path }}/dynamic-dns"

8
roles/matrix-dynamic-dns/tasks/install.yml
View File

@ -23,20 +23,22 @@
- name: Ensure Dynamic DNS repository is present on self build
git:
repo: https://github.com/linuxserver/docker-ddclient.git
repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}"
dest: "{{ matrix_dynamic_dns_docker_src_files_path }}"
force: "yes"
when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build"
register: matrix_dynamic_dns_git_pull_results
when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool"
- name: Ensure Dynamic DNS Docker image is built
docker_image:
name: "{{ matrix_dynamic_dns_docker_image }}"
source: build
force_source: "{{ matrix_dynamic_dns_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_dynamic_dns_docker_src_files_path }}"
pull: yes
when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build"
when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool"
- name: Ensure Dynamic DNS ddclient.conf installed
template:

2
roles/matrix-email2matrix/defaults/main.yml
View File

@ -3,7 +3,7 @@ matrix_email2matrix_enabled: true
matrix_email2matrix_base_path: "{{ matrix_base_data_path }}/email2matrix"
matrix_email2matrix_config_dir_path: "{{ matrix_email2matrix_base_path }}/config"
matrix_email2matrix_docker_image: "devture/email2matrix:1.0.1"
matrix_email2matrix_docker_image: "docker.io/devture/email2matrix:1.0.1"
matrix_email2matrix_docker_image_force_pull: "{{ matrix_email2matrix_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container

131
roles/matrix-jitsi/defaults/main.yml
View File

@ -4,8 +4,9 @@ matrix_jitsi_base_path: "{{ matrix_base_data_path }}/jitsi"
matrix_jitsi_enable_auth: false
matrix_jitsi_enable_guests: false
matrix_jitsi_enable_recording: true
matrix_jitsi_enable_transcriptions: true
matrix_jitsi_enable_recording: false
matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_p2p: true
# Authentication type, must be one of internal, jwt or ldap. Currently only
# internal and ldap are supported by this playbook.
@ -51,9 +52,9 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_container_image_tag: "stable-4857"
matrix_jitsi_container_image_tag: "stable-5142"
matrix_jitsi_web_docker_image: "jitsi/web:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_web_docker_image: "docker.io/jitsi/web:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.endswith(':latest') }}"
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
@ -77,44 +78,88 @@ matrix_jitsi_web_container_extra_arguments: []
# List of systemd services that matrix-jitsi-web.service depends on
matrix_jitsi_web_systemd_required_services_list: ['docker.service']
matrix_jitsi_web_config_defaultLanguage: 'en'
matrix_jitsi_web_config_start_with_audio_muted: false
matrix_jitsi_web_config_start_with_video_muted: false
matrix_jitsi_web_config_testing_enableFirefoxSimulcast: false
matrix_jitsi_web_config_testing_p2pTestMode: false
# Some variables controlling the interface of Jitsi Web.
# These get applied to `templates/web/interface_config.js.j2`.
#
# Besides this, you can also use `matrix_jitsi_web_custom_interface_config_extension`
# to define any other configuration option.
matrix_jitsi_web_interface_config_lang_detection: false
matrix_jitsi_web_interface_config_show_jitsi_watermark: true
matrix_jitsi_web_interface_config_jitsi_watermark_link: "https://jitsi.org"
matrix_jitsi_web_interface_config_show_brand_watermark: false
matrix_jitsi_web_interface_config_brand_watermark_link: ""
matrix_jitsi_web_interface_config_show_watermark_for_guests: true
matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page: true
matrix_jitsi_web_interface_config_display_welcome_page_content: true
matrix_jitsi_web_interface_config_app_name: "Jitsi Meet"
matrix_jitsi_web_interface_config_native_app_name: "Jitsi Meet"
matrix_jitsi_web_interface_config_provider_name: "Jitsi"
matrix_jitsi_web_interface_config_invitation_powered_by: true
matrix_jitsi_web_interface_config_show_powered_by: false
matrix_jitsi_web_interface_config_disable_transcription_subtitles: false
matrix_jisti_web_interface_config_show_deep_linking_image: false
# Jitsi_web Fine Tune default values.
# Useful to manage bandwidth and CPU consumption in server and client side
matrix_jitsi_web_config_disableAudioLevels: false
matrix_jitsi_web_config_enableLayerSuspension: false
matrix_jitsi_web_config_channelLastN: -1
# If 'matrix_jitsi_web_config_constraints_enabled: false'
# the video constraints will be disabled and will take the default values of jitsi
matrix_jitsi_web_config_constraints_enabled: false
# This settings work if matrix_jitsi_web_config_constraints_enabled: true
# See their definitions in config.js.j2 (templates / web)
matrix_jitsi_web_config_constraints_video_aspectRatio: 16 / 9
matrix_jitsi_web_config_constraints_video_height_ideal: 720
matrix_jitsi_web_config_constraints_video_height_max: 720
matrix_jitsi_web_config_constraints_video_height_min: 240
# Custom configuration to be injected into `interface_config.js`, passed to Jitsi Web.
# This configuration gets appended to the final interface configuration that Jitsi Web uses.
#
# Note: not to be confused with `matrix_jitsi_web_custom_config_extension`.
#
# For interface configuration, the flow is like this:
# - the contents of `templates/web/interface_config.js.j2` is generated (based on various `matrix_jitsi_web_interface_config_*` variables you see in this file)
# - the contents of `matrix_jitsi_web_custom_interface_config_extension` is appended and can define new settings or override defaults.
#
# Example:
# matrix_jitsi_web_custom_interface_config_extension: |
# interfaceConfig.CONNECTION_INDICATOR_AUTO_HIDE_ENABLED = false;
# interfaceConfig.DISABLE_VIDEO_BACKGROUND = true;
matrix_jitsi_web_custom_interface_config_extension: ''
matrix_jitsi_prosody_docker_image: "jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
# Controls after which participant audio will be muted. If not specified, defaults to Jitsi's default value (likely 10)
matrix_jitsi_web_config_start_audio_muted_after_nth_participant: ~
# Controls after which participant video will be muted. If not specified, defaults to Jitsi's default value (likely 10)
matrix_jitsi_web_config_start_video_muted_after_nth_participant: ~
matrix_jitsi_web_config_defaultLanguage: 'en'
# Ideal and also maximum resolution width. If not specified, defaults to Jitsi's default value (likely 1280)
matrix_jitsi_web_config_resolution_width_ideal_and_max: ~
# Minimum resolution width. If not specified, defaults to Jitsi's default value (likely 320)
matrix_jitsi_web_config_resolution_width_min: ~
# Ideal and also maximum resolution height. If not specified, defaults to Jitsi's default value (likely 720)
matrix_jitsi_web_config_resolution_height_ideal_and_max: ~
# Minimum resolution height. If not specified, defaults to Jitsi's default value (likely 180)
matrix_jitsi_web_config_resolution_height_min: ~
# Custom configuration to be injected into `custom-config.js`, passed to Jitsi Web.
# This configuration gets appended to the final configuration that Jitsi Web uses.
#
# Note: not to be confused with `matrix_jitsi_web_custom_interface_config_extension`.
#
# The flow is like this:
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi Web container
# - the contents of `custom-config.js` is appended to it (see `templates/web/custom-config.js.j2`)
# - said `custom-config.js` contains your custom contents specified in `matrix_jitsi_web_custom_config_extension`.
#
# Example:
# matrix_jitsi_web_custom_config_extension: |
# if (!config.hasOwnProperty('testing')) config.testing = {};
# config.testing.p2pTestMode = true
matrix_jitsi_web_custom_config_extension: ''
# Additional environment variables to pass to the Jitsi Web container.
# You can use this to further influence the default configuration generated by the Jitsi Web container on every startup.
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
# by using `matrix_jitsi_web_custom_config_extension`.
#
# Example:
# matrix_jitsi_web_environment_variables_extension: |
# ENABLE_FILE_RECORDING_SERVICE=1
# DROPBOX_APPKEY=something
# DROPBOX_REDIRECT_URI=something
matrix_jitsi_web_environment_variables_extension: ''
matrix_jitsi_prosody_docker_image: "docker.io/jitsi/prosody:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_prosody_docker_image_force_pull: "{{ matrix_jitsi_prosody_docker_image.endswith(':latest') }}"
matrix_jitsi_prosody_base_path: "{{ matrix_base_data_path }}/jitsi/prosody"
@ -128,7 +173,7 @@ matrix_jitsi_prosody_container_extra_arguments: []
matrix_jitsi_prosody_systemd_required_services_list: ['docker.service']
matrix_jitsi_jicofo_docker_image: "jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jicofo_docker_image: "docker.io/jitsi/jicofo:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jicofo_docker_image_force_pull: "{{ matrix_jitsi_jicofo_docker_image.endswith(':latest') }}"
matrix_jitsi_jicofo_base_path: "{{ matrix_base_data_path }}/jitsi/jicofo"
@ -145,7 +190,7 @@ matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: ''
matrix_jitsi_jvb_docker_image: "jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image: "docker.io/jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"
matrix_jitsi_jvb_base_path: "{{ matrix_base_data_path }}/jitsi/jvb"
@ -168,6 +213,31 @@ matrix_jitsi_jvb_brewery_muc: jvbbrewery
matrix_jitsi_jvb_rtp_udp_port: 10000
matrix_jitsi_jvb_rtp_tcp_port: 4443
# Custom configuration to be injected into `custom-sip-communicator.properties`, passed to Jitsi JVB.
# This configuration gets appended to the final configuration that Jitsi JVB uses.
#
# The flow is like this:
# - some default configuration is automatically generated based on the environment variables passed to the Jitsi JVB container
# - the contents of `custom-sip-communicator.properties` is appended to it (see `templates/jvb/custom-sip-communicator.properties.j2`)
# - said `custom-sip-communicator.properties` contains your custom contents specified in `matrix_jitsi_jvb_custom_config_extension`.
#
# Example:
# matrix_jitsi_jvb_custom_config_extension: |
# org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=false
# org.jitsi.videobridge.ENABLE_STATISTICS=false
matrix_jitsi_jvb_custom_config_extension: ''
# Additional environment variables to pass to the Jitsi JVB container.
# You can use this to further influence the default configuration generated by the Jitsi JVB container on every startup.
# Besides influencing the final configuration by passing environment variables, you can also inject custom configuration
# by using `matrix_jitsi_jvb_custom_config_extension`.
#
# Example:
# matrix_jitsi_jvb_environment_variables_extension: |
# SOME_VARIABLE=1
# ANOTHER_VARIABLE=something
matrix_jitsi_jvb_environment_variables_extension: ''
# Controls whether the matrix-jitsi-jvb container exposes its RTP UDP port (udp/10000 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:10000"), or empty string to not expose.
@ -177,3 +247,8 @@ matrix_jitsi_jvb_container_rtp_udp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_udp_
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4443"), or empty string to not expose.
matrix_jitsi_jvb_container_rtp_tcp_host_bind_port: "{{ matrix_jitsi_jvb_rtp_tcp_port }}"
# Controls whether the matrix-jitsi-jvb container exposes its Colibri WebSocket port (tcp/9090 in the container).
#
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:12090"), or empty string to not expose.
matrix_jitsi_jvb_container_colibri_ws_host_bind_port: ''

2
roles/matrix-jitsi/tasks/setup_jitsi_jvb.yml
View File

@ -30,7 +30,7 @@
dest: "{{ matrix_jitsi_jvb_config_path }}/{{ item }}"
mode: 0644
with_items:
- sip-communicator.properties
- custom-sip-communicator.properties
- logging.properties
when: matrix_jitsi_enabled|bool

2
roles/matrix-jitsi/tasks/setup_jitsi_web.yml
View File

@ -38,7 +38,7 @@
dest: "{{ matrix_jitsi_web_config_path }}/{{ item }}"
mode: 0644
with_items:
- config.js
- custom-config.js
- interface_config.js
when: matrix_jitsi_enabled|bool

21
roles/matrix-jitsi/tasks/validate_config.yml
View File

@ -19,3 +19,24 @@
- "matrix_jitsi_jicofo_component_secret"
- "matrix_jitsi_jicofo_auth_password"
- "matrix_jitsi_jvb_auth_password"
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_jitsi_web_config_constraints_enabled', 'new': '<Now unnecessary. Constraints are always applied automatically>'}
- {'old': 'matrix_jitsi_web_config_constraints_video_aspectRatio', 'new': '<Not applicable anymore>'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_ideal', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_max', 'new': 'matrix_jitsi_web_config_resolution_height_ideal_and_max'}
- {'old': 'matrix_jitsi_web_config_constraints_video_height_min', 'new': 'matrix_jitsi_web_config_resolution_height_min'}
- {'old': 'matrix_jitsi_web_config_disableAudioLevels', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_enableLayerSuspension', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_channelLastN', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension. Example in docs/configuring-playbook-jitsi.md>'}
- {'old': 'matrix_jitsi_web_config_testing_p2pTestMode', 'new': '<Can be set by using matrix_jitsi_web_custom_config_extension>'}
- {'old': 'matrix_jitsi_web_config_start_with_audio_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_audio_muted_after_nth_participant>'}
- {'old': 'matrix_jitsi_web_config_start_with_video_muted', 'new': '<Superseded by matrix_jitsi_web_config_start_video_muted_after_nth_participant>'}
- {'old': 'matrix_jitsi_web_interface_config_show_watermark_for_guests', 'new': '<Not applicable anymore>'}
- {'old': 'matrix_jitsi_web_interface_config_invitation_powered_by', 'new': '<Not applicable anymore>'}

2
roles/matrix-jitsi/templates/jicofo/matrix-jitsi-jicofo.service.j2
View File

@ -15,7 +15,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jicofo \
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_jicofo_base_path }}/env \
-v {{ matrix_jitsi_jicofo_config_path }}:/config \
--mount type=bind,src={{ matrix_jitsi_jicofo_config_path }},dst=/config \
{% for arg in matrix_jitsi_jicofo_container_extra_arguments %}
{{ arg }} \
{% endfor %}

7
roles/matrix-jitsi/templates/jvb/custom-sip-communicator.properties.j2 Normal file
View File

@ -0,0 +1,7 @@
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.STATISTICS_INTERVAL=5000
{{ matrix_jitsi_jvb_custom_config_extension }}

19
roles/matrix-jitsi/templates/jvb/env.j2
View File

@ -1 +1,20 @@
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_TCP_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
JVB_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
HOSTNAME=matrix-jitsi-jvb
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
{{ matrix_jitsi_jvb_environment_variables_extension }}

5
roles/matrix-jitsi/templates/jvb/matrix-jitsi-jvb.service.j2
View File

@ -21,7 +21,10 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-jvb \
{% if matrix_jitsi_jvb_container_rtp_tcp_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_rtp_tcp_host_bind_port }}:{{ matrix_jitsi_jvb_rtp_tcp_port }} \
{% endif %}
-v {{ matrix_jitsi_jvb_config_path }}:/config \
{% if matrix_jitsi_jvb_container_colibri_ws_host_bind_port %}
-p {{ matrix_jitsi_jvb_container_colibri_ws_host_bind_port }}:9090 \
{% endif %}
--mount type=bind,src={{ matrix_jitsi_jvb_config_path }},dst=/config \
{% for arg in matrix_jitsi_jvb_container_extra_arguments %}
{{ arg }} \
{% endfor %}

19
roles/matrix-jitsi/templates/jvb/sip-communicator.properties.j2
View File

@ -1,19 +0,0 @@
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_udp_port }}
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=false
org.jitsi.videobridge.TCP_HARVESTER_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ matrix_jitsi_xmpp_server }}
org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ matrix_jitsi_jvb_auth_user }}
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ matrix_jitsi_jvb_auth_password }}
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ matrix_jitsi_jvb_brewery_muc }}@{{ matrix_jitsi_xmpp_internal_muc_domain }}
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=matrix-jitsi-jvb
org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.STATISTICS_INTERVAL=5000

4
roles/matrix-jitsi/templates/prosody/matrix-jitsi-prosody.service.j2
View File

@ -15,8 +15,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-prosody
--log-driver=none \
--network={{ matrix_docker_network }} \
--env-file={{ matrix_jitsi_prosody_base_path }}/env \
-v {{ matrix_jitsi_prosody_config_path }}:/config \
-v {{ matrix_jitsi_prosody_plugins_path }}:/prosody-plugins-custom \
--mount type=bind,src={{ matrix_jitsi_prosody_config_path }},dst=/config \
--mount type=bind,src={{ matrix_jitsi_prosody_plugins_path }},dst=/prosody-plugins-custom \
{% for arg in matrix_jitsi_prosody_container_extra_arguments %}
{{ arg }} \
{% endfor %}

491
roles/matrix-jitsi/templates/web/config.js.j2
View File

@ -1,491 +0,0 @@
/* eslint-disable no-unused-vars, no-var */
var config = {
// Configuration
//
// Alternative location for the configuration.
// configLocation: './config.json',
// Custom function which given the URL path should return a room name.
// getroomnode: function (path) { return 'someprefixpossiblybasedonpath'; },
// Connection
//
hosts: {
// XMPP domain.
domain: '{{ matrix_jitsi_xmpp_domain }}',
{% if matrix_jitsi_enable_auth %}
{% if matrix_jitsi_enable_guests %}
// When using authentication, domain for guest users.
anonymousdomain: '{{ matrix_jitsi_xmpp_guest_domain }}',
{% endif %}
// Domain for authenticated users. Defaults to <domain>.
authdomain: '{{ matrix_jitsi_xmpp_domain }}',
{% endif %}
// Jirecon recording component domain.
// jirecon: 'jirecon.{{ matrix_jitsi_xmpp_domain }}',
// Call control component (Jigasi).
// call_control: 'callcontrol.{{ matrix_jitsi_xmpp_domain }}',
// Focus component domain. Defaults to focus.<domain>.
// focus: 'focus.{{ matrix_jitsi_xmpp_domain }}',
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
muc: {{ matrix_jitsi_xmpp_muc_domain|to_json }},
},
// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '/http-bind',
// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',
// The real JID of focus participant - can be overridden here
focusUserJid: {{ matrix_jitsi_jicofo_auth_user|to_json }} + '@' + {{ matrix_jitsi_xmpp_auth_domain|to_json }},
// Testing / experimental features.
//
testing: {
// Enables experimental simulcast support on Firefox.
enableFirefoxSimulcast: {{ matrix_jitsi_web_config_testing_enableFirefoxSimulcast|to_json }},
// P2P test mode disables automatic switching to P2P when there are 2
// participants in the conference.
p2pTestMode: {{ matrix_jitsi_web_config_testing_p2pTestMode|to_json }}
// Enables the test specific features consumed by jitsi-meet-torture
// testMode: false
},
// Disables ICE/UDP by filtering out local and remote UDP candidates in
// signalling.
// webrtcIceUdpDisable: false,
// Disables ICE/TCP by filtering out local and remote TCP candidates in
// signalling.
// webrtcIceTcpDisable: false,
// Media
//
// Audio
// Disable measuring of audio levels.
disableAudioLevels: {{ matrix_jitsi_web_config_disableAudioLevels|to_json }},
// Start the conference in audio only mode (no video is being received nor
// sent).
// startAudioOnly: false,
// Every participant after the Nth will start audio muted.
// startAudioMuted: 10,
// Start calls with audio muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithAudioMuted: false,
startWithAudioMuted: {{ matrix_jitsi_web_config_start_with_audio_muted|to_json }},
// Enabling it (with #params) will disable local audio output of remote
// participants and to enable it back a reload is needed.
// startSilent: false
// Video
// Sets the preferred resolution (height) for local video. Defaults to 720.
// resolution: 720,
// w3c spec-compliant video constraints to use for video capture. Currently
// used by browsers that return true from lib-jitsi-meet's
// util#browser#usesNewGumFlow. The constraints are independency from
// this config's resolution value. Defaults to requesting an ideal aspect
// ratio of 16:9 with an ideal resolution of 720.
{% if matrix_jitsi_web_config_constraints_enabled %}
constraints: {
video: {
aspectRatio: {{ matrix_jitsi_web_config_constraints_video_aspectRatio }},
height: {
ideal: {{ matrix_jitsi_web_config_constraints_video_height_ideal|to_json }},
max: {{ matrix_jitsi_web_config_constraints_video_height_max|to_json }},
min: {{ matrix_jitsi_web_config_constraints_video_height_min|to_json }}
}
}
},
{% endif %}
// Enable / disable simulcast support.
// disableSimulcast: false,
// Enable / disable layer suspension. If enabled, endpoints whose HD
// layers are not in use will be suspended (no longer sent) until they
// are requested again.
enableLayerSuspension: {{ matrix_jitsi_web_config_enableLayerSuspension|to_json }},
// Suspend sending video if bandwidth estimation is too low. This may cause
// problems with audio playback. Disabled until these are fixed.
disableSuspendVideo: true,
// Every participant after the Nth will start video muted.
// startVideoMuted: 10,
// Start calls with video muted. Unlike the option above, this one is only
// applied locally. FIXME: having these 2 options is confusing.
// startWithVideoMuted: false,
startWithVideoMuted: {{ matrix_jitsi_web_config_start_with_video_muted|to_json }},
// If set to true, prefer to use the H.264 video codec (if supported).
// Note that it's not recommended to do this because simulcast is not
// supported when using H.264. For 1-to-1 calls this setting is enabled by
// default and can be toggled in the p2p section.
// preferH264: true,
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// Desktop sharing
// The ID of the jidesha extension for Chrome.
desktopSharingChromeExtId: null,
// Whether desktop sharing should be disabled on Chrome.
// desktopSharingChromeDisabled: false,
// The media sources to use when using screen sharing with the Chrome
// extension.
desktopSharingChromeSources: [ 'screen', 'window', 'tab' ],
// Required version of Chrome extension
desktopSharingChromeMinExtVersion: '0.1',
// Whether desktop sharing should be disabled on Firefox.
// desktopSharingFirefoxDisabled: false,
// Optional desktop sharing frame rate options. Default value: min:5, max:5.
// desktopSharingFrameRate: {
// min: 5,
// max: 5
// },
// Try to start calls with screen-sharing instead of camera video.
// startScreenSharing: false,
// Recording
hiddenDomain: {{ matrix_jitsi_recorder_domain|to_json }},
// Whether to enable file recording or not.
fileRecordingsEnabled: {{ matrix_jitsi_enable_recording|to_json }},
// Enable the dropbox integration.
// dropbox: {
// appKey: '<APP_KEY>' // Specify your app key here.
// // A URL to redirect the user to, after authenticating
// // by default uses:
// // 'https://{{ matrix_jitsi_xmpp_domain }}/static/oauth.html'
// redirectURI:
// 'https://{{ matrix_jitsi_xmpp_domain }}/subfolder/static/oauth.html'
// },
// When integrations like dropbox are enabled only that will be shown,
// by enabling fileRecordingsServiceEnabled, we show both the integrations
// and the generic recording service (its configuration and storage type
// depends on jibri configuration)
// fileRecordingsServiceEnabled: false,
// Whether to show the possibility to share file recording with other people
// (e.g. meeting participants), based on the actual implementation
// on the backend.
// fileRecordingsServiceSharingEnabled: false,
// Whether to enable live streaming or not.
liveStreamingEnabled: {{ matrix_jitsi_enable_recording|to_json }},
// Transcription (in interface_config,
// subtitles and buttons can be configured)
transcribingEnabled: {{ matrix_jitsi_enable_transcriptions|to_json }},
// Misc
// Default value for the channel "last N" attribute. -1 for unlimited.
channelLastN: {{ matrix_jitsi_web_config_channelLastN|to_json }},
// Disables or enables RTX (RFC 4588) (defaults to false).
// disableRtx: false,
// Disables or enables TCC (the default is in Jicofo and set to true)
// (draft-holmer-rmcat-transport-wide-cc-extensions-01). This setting
// affects congestion control, it practically enables send-side bandwidth
// estimations.
// enableTcc: true,
// Disables or enables REMB (the default is in Jicofo and set to false)
// (draft-alvestrand-rmcat-remb-03). This setting affects congestion
// control, it practically enables recv-side bandwidth estimations. When
// both TCC and REMB are enabled, TCC takes precedence. When both are
// disabled, then bandwidth estimations are disabled.
// enableRemb: false,
// Defines the minimum number of participants to start a call (the default
// is set in Jicofo and set to 2).
// minParticipants: 2,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// Enable IPv6 support.
// useIPv6: true,
// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,
// UI
//
// Use display name as XMPP nickname.
// useNicks: false,
// Require users to always specify a display name.
// requireDisplayName: true,
// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,
// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,
// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,
// Default language for the user interface.
defaultLanguage: {{ matrix_jitsi_web_config_defaultLanguage|to_json }},
// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,
// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,
// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,
// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,
// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',
// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,
// Stats
//
// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,
// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',
// enables callstatsUsername to be reported as statsId and used
// by callstats as repoted remote id
// enableStatsID: false
// enables sending participants display name to callstats
// enableDisplayNameInStats: false
// Privacy
//
// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,
// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//
p2p: {
// Enables peer to peer mode. When enabled the system will try to
// establish a direct connection when there are exactly 2 participants
// in the room. If that succeeds the conference will stop sending data
// through the JVB and use the peer to peer connection instead. When a
// 3rd participant joins the conference will be moved back to the JVB
// connection.
enabled: true,
// Use XEP-0215 to fetch STUN and TURN servers.
// useStunTurn: true,
// The STUN servers that will be used in the peer to peer connections
{% if matrix_jitsi_web_stun_servers|length > 0 %}
stunServers: [
{% for url in matrix_jitsi_web_stun_servers %}
{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
{% endfor %}
],
{% endif %}
// Sets the ICE transport policy for the p2p connection. At the time
// of this writing the list of possible values are 'all' and 'relay',
// but that is subject to change in the future. The enum is defined in
// the WebRTC standard:
// https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
// If not set, the effective value is 'all'.
// iceTransportPolicy: 'all',
// If set to true, it will prefer to use H.264 for P2P calls (if H.264
// is supported).
preferH264: true
// If set to true, disable H.264 video codec by stripping it out of the
// SDP.
// disableH264: false,
// How long we're going to wait, before going back to P2P after the 3rd
// participant has left the conference (to filter out page reload).
// backToP2PDelay: 5
},
analytics: {
// The Google Analytics Tracking ID:
// googleAnalyticsTrackingId: 'your-tracking-id-UA-123456-1'
// The Amplitude APP Key:
// amplitudeAPPKey: '<APP_KEY>'
// Array of script URLs to load as lib-jitsi-meet "analytics handlers".
// scriptURLs: [
// "libs/analytics-ga.min.js", // google-analytics
// "https://example.com/my-custom-analytics.js"
// ],
},
// Information about the jitsi-meet instance we are connecting to, including
// the user region as seen by the server.
deploymentInfo: {
// shard: "shard1",
// region: "europe",
// userRegion: "asia"
}
// Local Recording
//
// localRecording: {
// Enables local recording.
// Additionally, 'localrecording' (all lowercase) needs to be added to
// TOOLBAR_BUTTONS in interface_config.js for the Local Recording
// button to show up on the toolbar.
//
// enabled: true,
//
// The recording format, can be one of 'ogg', 'flac' or 'wav'.
// format: 'flac'
//
// }
// Options related to end-to-end (participant to participant) ping.
// e2eping: {
// // The interval in milliseconds at which pings will be sent.
// // Defaults to 10000, set to <= 0 to disable.
// pingInterval: 10000,
//
// // The interval in milliseconds at which analytics events
// // with the measured RTT will be sent. Defaults to 60000, set
// // to <= 0 to disable.
// analyticsInterval: 60000,
// }
// If set, will attempt to use the provided video input device label when
// triggering a screenshare, instead of proceeding through the normal flow
// for obtaining a desktop stream.
// NOTE: This option is experimental and is currently intended for internal
// use only.
// _desktopSharingSourceDevice: 'sample-id-or-label'
// If true, any checks to handoff to another application will be prevented
// and instead the app will continue to display in the current browser.
// disableDeepLinking: false
// A property to disable the right click context menu for localVideo
// the menu has option to flip the locally seen video for local presentations
// disableLocalVideoFlip: false
// List of undocumented settings used in jitsi-meet
/**
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
*/
// List of undocumented settings used in lib-jitsi-meet
/**
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
*/
};
/* eslint-enable no-unused-vars, no-var */

15
roles/matrix-jitsi/templates/web/custom-config.js.j2 Normal file
View File

@ -0,0 +1,15 @@
config.defaultLanguage = {{ matrix_jitsi_web_config_defaultLanguage|to_json }};
if (!config.hasOwnProperty('p2p')) config.p2p = {% raw %}{}{% endraw %};
{% if matrix_jitsi_web_stun_servers|length > 0 %}
config.p2p.stunServers = [
{% for url in matrix_jitsi_web_stun_servers %}
{ urls: {{ url|to_json }} }{% if not loop.last %},{% endif %}
{% endfor %}
];
{% endif %}
{{ matrix_jitsi_web_custom_config_extension }}

12
roles/matrix-jitsi/templates/web/env.j2
View File

@ -3,6 +3,8 @@ ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
DISABLE_HTTPS=1
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
@ -26,3 +28,13 @@ JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
{{ matrix_jitsi_web_environment_variables_extension }}

377
roles/matrix-jitsi/templates/web/interface_config.js.j2
View File

@ -1,137 +1,23 @@
/* eslint-disable no-unused-vars, no-var, max-len */
/* eslint sort-keys: ["error", "asc", {"caseSensitive": false}] */
var interfaceConfig = {
// TO FIX: this needs to be handled from SASS variables. There are some
// methods allowing to use variables both in css and js.
DEFAULT_BACKGROUND: '#474747',
/**
* Whether or not the blurred video background for large video should be
* displayed on browsers that can support it.
*/
DISABLE_VIDEO_BACKGROUND: false,
INITIAL_TOOLBAR_TIMEOUT: 20000,
TOOLBAR_TIMEOUT: 4000,
TOOLBAR_ALWAYS_VISIBLE: false,
DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
DEFAULT_LOCAL_DISPLAY_NAME: 'me',
SHOW_JITSI_WATERMARK: {{ matrix_jitsi_web_interface_config_show_jitsi_watermark|to_json }},
JITSI_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_jitsi_watermark_link|to_json }},
// if watermark is disabled by default, it can be shown only for guests
SHOW_WATERMARK_FOR_GUESTS: {{ matrix_jitsi_web_interface_config_show_watermark_for_guests|to_json }},
SHOW_BRAND_WATERMARK: {{ matrix_jitsi_web_interface_config_show_brand_watermark|to_json }},
BRAND_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_brand_watermark_link|to_json }},
SHOW_POWERED_BY: {{ matrix_jitsi_web_interface_config_show_powered_by|to_json }},
SHOW_DEEP_LINKING_IMAGE: {{ matrix_jisti_web_interface_config_show_deep_linking_image|to_json }},
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: {{ matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page|to_json }},
DISPLAY_WELCOME_PAGE_CONTENT: {{ matrix_jitsi_web_interface_config_display_welcome_page_content|to_json }},
APP_NAME: {{ matrix_jitsi_web_interface_config_app_name|to_json }},
NATIVE_APP_NAME: {{ matrix_jitsi_web_interface_config_native_app_name|to_json }},
PROVIDER_NAME: {{ matrix_jitsi_web_interface_config_provider_name|to_json }},
LANG_DETECTION: {{ matrix_jitsi_web_interface_config_lang_detection|to_json }}, // Allow i18n to detect the system language
INVITATION_POWERED_BY: {{ matrix_jitsi_web_interface_config_invitation_powered_by|to_json }},
/**
* If we should show authentication block in profile
*/
AUTHENTICATION_ENABLE: true,
/**
* The name of the toolbar buttons to display in the toolbar. If present,
* the button will display. Exceptions are "livestreaming" and "recording"
* which also require being a moderator and some values in config.js to be
* enabled. Also, the "profile" button will not display for user's with a
* jwt.
*/
TOOLBAR_BUTTONS: [
{% if matrix_jitsi_enable_transcriptions %}
'closedcaptions',
{% endif %}
'microphone', 'camera', 'desktop', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'info', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur'
],
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
// Determines how the video would fit the screen. 'both' would fit the whole
// screen, 'height' would fit the original video height to the height of the
// screen, 'width' would fit the original video width to the width of the
// screen respecting ratio.
VIDEO_LAYOUT_FIT: 'both',
/**
* Whether to only show the filmstrip (and hide the toolbar).
*/
filmStripOnly: false,
/**
* Whether to show thumbnails in filmstrip as a column instead of as a row.
*/
VERTICAL_FILMSTRIP: true,
// A html text to be shown to guests on the close page, false disables it
CLOSE_PAGE_GUEST_HINT: false,
RANDOM_AVATAR_URL_PREFIX: false,
RANDOM_AVATAR_URL_SUFFIX: false,
FILM_STRIP_MAX_HEIGHT: 120,
// Enables feedback star animation.
ENABLE_FEEDBACK_ANIMATION: false,
DISABLE_FOCUS_INDICATOR: false,
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
/**
* Whether the speech to text transcription subtitles panel is disabled.
* If {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_TRANSCRIPTION_SUBTITLES: {{ matrix_jitsi_web_interface_config_disable_transcription_subtitles|to_json }},
/**
* Whether the ringing sound in the call/ring overlay is disabled. If
* {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_RINGING: false,
AUDIO_LEVEL_PRIMARY_COLOR: 'rgba(255,255,255,0.4)',
AUDIO_LEVEL_SECONDARY_COLOR: 'rgba(255,255,255,0.2)',
POLICY_LOGO: null,
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
// Documentation reference for the live streaming feature.
LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live',
/**
* Whether the mobile app Jitsi Meet is to be promoted to participants
* attempting to join a conference in a mobile Web browser. If
* {@code undefined}, defaults to {@code true}.
* A UX mode where the last screen share participant is automatically
* pinned. Valid values are the string "remote-only" so remote participants
* get pinned but not local, otherwise any truthy value for all participants,
* and any falsy value to disable the feature.
*
* @type {boolean}
* Note: this mode is experimental and subject to breakage.
*/
MOBILE_APP_PROMO: true,
/**
* Maximum coeficient of the ratio of the large video to the visible area
* after the large video is scaled to fit the window.
*
* @type {number}
*/
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
/*
* If indicated some of the error dialogs may point to the support URL for
* help.
*/
SUPPORT_URL: 'https://github.com/jitsi/jitsi-meet/issues/new',
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only',
BRAND_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_brand_watermark_link|to_json }},
CLOSE_PAGE_GUEST_HINT: false, // A html text to be shown to guests on the close page, false disables it
/**
* Whether the connection indicator icon should hide itself based on
* connection strength. If true, the connection indicator will remain
@ -158,6 +44,192 @@ var interfaceConfig = {
*/
CONNECTION_INDICATOR_DISABLED: false,
DEFAULT_BACKGROUND: '#474747',
DEFAULT_LOCAL_DISPLAY_NAME: 'me',
DEFAULT_LOGO_URL: 'images/watermark.svg',
DEFAULT_REMOTE_DISPLAY_NAME: 'Fellow Jitster',
DEFAULT_WELCOME_PAGE_LOGO_URL: 'images/watermark.svg',
DISABLE_DOMINANT_SPEAKER_INDICATOR: false,
DISABLE_FOCUS_INDICATOR: false,
/**
* If true, notifications regarding joining/leaving are no longer displayed.
*/
DISABLE_JOIN_LEAVE_NOTIFICATIONS: false,
/**
* If true, presence status: busy, calling, connected etc. is not displayed.
*/
DISABLE_PRESENCE_STATUS: false,
/**
* Whether the ringing sound in the call/ring overlay is disabled. If
* {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_RINGING: false,
/**
* Whether the speech to text transcription subtitles panel is disabled.
* If {@code undefined}, defaults to {@code false}.
*
* @type {boolean}
*/
DISABLE_TRANSCRIPTION_SUBTITLES: {{ matrix_jitsi_web_interface_config_disable_transcription_subtitles|to_json }},
/**
* Whether or not the blurred video background for large video should be
* displayed on browsers that can support it.
*/
DISABLE_VIDEO_BACKGROUND: false,
DISPLAY_WELCOME_FOOTER: true,
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
DISPLAY_WELCOME_PAGE_CONTENT: {{ matrix_jitsi_web_interface_config_display_welcome_page_content|to_json }},
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
ENABLE_DIAL_OUT: true,
ENABLE_FEEDBACK_ANIMATION: false, // Enables feedback star animation.
FILM_STRIP_MAX_HEIGHT: 120,
GENERATE_ROOMNAMES_ON_WELCOME_PAGE: {{ matrix_jitsi_web_interface_config_generate_room_names_on_welcome_page|to_json }},
/**
* Hide the logo on the deep linking pages.
*/
HIDE_DEEP_LINKING_LOGO: false,
/**
* Hide the invite prompt in the header when alone in the meeting.
*/
HIDE_INVITE_MORE_HEADER: false,
INITIAL_TOOLBAR_TIMEOUT: 20000,
JITSI_WATERMARK_LINK: {{ matrix_jitsi_web_interface_config_jitsi_watermark_link|to_json }},
LANG_DETECTION: {{ matrix_jitsi_web_interface_config_lang_detection|to_json }}, // Allow i18n to detect the system language
LIVE_STREAMING_HELP_LINK: 'https://jitsi.org/live', // Documentation reference for the live streaming feature.
LOCAL_THUMBNAIL_RATIO: 16 / 9, // 16:9
/**
* Maximum coefficient of the ratio of the large video to the visible area
* after the large video is scaled to fit the window.
*
* @type {number}
*/
MAXIMUM_ZOOMING_COEFFICIENT: 1.3,
/**
* Whether the mobile app Jitsi Meet is to be promoted to participants
* attempting to join a conference in a mobile Web browser. If
* {@code undefined}, defaults to {@code true}.
*
* @type {boolean}
*/
MOBILE_APP_PROMO: true,
/**
* Specify custom URL for downloading android mobile app.
*/
MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
/**
* Specify custom URL for downloading f droid app.
*/
MOBILE_DOWNLOAD_LINK_F_DROID: 'https://f-droid.org/en/packages/org.jitsi.meet/',
/**
* Specify URL for downloading ios mobile app.
*/
MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
NATIVE_APP_NAME: {{ matrix_jitsi_web_interface_config_native_app_name|to_json }},
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron', 'safari' ],
POLICY_LOGO: null,
PROVIDER_NAME: {{ matrix_jitsi_web_interface_config_provider_name|to_json }},
/**
* If true, will display recent list
*
* @type {boolean}
*/
RECENT_LIST_ENABLED: true,
REMOTE_THUMBNAIL_RATIO: 1, // 1:1
SETTINGS_SECTIONS: [ 'devices', 'language', 'moderator', 'profile', 'calendar' ],
SHOW_BRAND_WATERMARK: {{ matrix_jitsi_web_interface_config_show_brand_watermark|to_json }},
/**
* Decides whether the chrome extension banner should be rendered on the landing page and during the meeting.
* If this is set to false, the banner will not be rendered at all. If set to true, the check for extension(s)
* being already installed is done before rendering.
*/
SHOW_CHROME_EXTENSION_BANNER: false,
SHOW_DEEP_LINKING_IMAGE: {{ matrix_jisti_web_interface_config_show_deep_linking_image|to_json }},
SHOW_JITSI_WATERMARK: {{ matrix_jitsi_web_interface_config_show_jitsi_watermark|to_json }},
SHOW_POWERED_BY: {{ matrix_jitsi_web_interface_config_show_powered_by|to_json }},
SHOW_PROMOTIONAL_CLOSE_PAGE: false,
/*
* If indicated some of the error dialogs may point to the support URL for
* help.
*/
SUPPORT_URL: 'https://community.jitsi.org/',
TOOLBAR_ALWAYS_VISIBLE: false,
/**
* The name of the toolbar buttons to display in the toolbar, including the
* "More actions" menu. If present, the button will display. Exceptions are
* "livestreaming" and "recording" which also require being a moderator and
* some values in config.js to be enabled. Also, the "profile" button will
* not display for users with a JWT.
* Notes:
* - it's impossible to choose which buttons go in the "More actions" menu
* - it's impossible to control the placement of buttons
* - 'desktop' controls the "Share your screen" button
*/
TOOLBAR_BUTTONS: [
{% if matrix_jitsi_enable_transcriptions %}
'closedcaptions',
{% endif %}
'microphone', 'camera', 'desktop', 'embedmeeting', 'fullscreen',
'fodeviceselection', 'hangup', 'profile', 'chat', 'recording',
'livestreaming', 'etherpad', 'sharedvideo', 'settings', 'raisehand',
'videoquality', 'filmstrip', 'invite', 'feedback', 'stats', 'shortcuts',
'tileview', 'videobackgroundblur', 'download', 'help', 'mute-everyone', 'security'
],
TOOLBAR_TIMEOUT: 4000,
// Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [],
/**
* Whether to show thumbnails in filmstrip as a column instead of as a row.
*/
VERTICAL_FILMSTRIP: true,
// Determines how the video would fit the screen. 'both' would fit the whole
// screen, 'height' would fit the original video height to the height of the
// screen, 'width' would fit the original video width to the width of the
// screen respecting ratio.
VIDEO_LAYOUT_FIT: 'both',
/**
* If true, hides the video quality label indicating the resolution status
* of the current large video.
@ -166,33 +238,6 @@ var interfaceConfig = {
*/
VIDEO_QUALITY_LABEL_DISABLED: false,
/**
* If true, will display recent list
*
* @type {boolean}
*/
RECENT_LIST_ENABLED: true,
// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: [ 'chrome', 'chromium', 'firefox', 'nwjs', 'electron' ],
// Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: [],
/**
* A UX mode where the last screen share participant is automatically
* pinned. Valid values are the string "remote-only" so remote participants
* get pinned but not local, otherwise any truthy value for all participants,
* and any falsy value to disable the feature.
*
* Note: this mode is experimental and subject to breakage.
*/
AUTO_PIN_LATEST_SCREEN_SHARE: 'remote-only'
/**
* How many columns the tile view can expand to. The respected range is
* between 1 and 5.
@ -200,14 +245,15 @@ var interfaceConfig = {
// TILE_VIEW_MAX_COLUMNS: 5,
/**
* Specify custom URL for downloading android mobile app.
* Specify Firebase dynamic link properties for the mobile apps.
*/
// MOBILE_DOWNLOAD_LINK_ANDROID: 'https://play.google.com/store/apps/details?id=org.jitsi.meet',
/**
* Specify URL for downloading ios mobile app.
*/
// MOBILE_DOWNLOAD_LINK_IOS: 'https://itunes.apple.com/us/app/jitsi-meet/id1165103905',
// MOBILE_DYNAMIC_LINK: {
// APN: 'org.jitsi.meet',
// APP_CODE: 'w2atb',
// CUSTOM_DOMAIN: undefined,
// IBI: 'com.atlassian.JitsiMeet.ios',
// ISI: '1165103905'
// },
/**
* Specify mobile app scheme for opening the app from the mobile browser.
@ -225,6 +271,23 @@ var interfaceConfig = {
* milliseconds, those notifications should remain displayed.
*/
// ENFORCE_NOTIFICATION_AUTO_DISMISS_TIMEOUT: 15000,
// List of undocumented settings
/**
INDICATOR_FONT_SIZES
PHONE_NUMBER_REGEX
*/
// Allow all above example options to include a trailing comma and
// prevent fear when commenting out the last value.
// eslint-disable-next-line sort-keys
makeJsonParserHappy: 'even if last key had a trailing comma'
// No configuration value should follow this line.
};
{{ matrix_jitsi_web_custom_interface_config_extension }}
/* eslint-enable no-unused-vars, no-var, max-len */

4
roles/matrix-jitsi/templates/web/matrix-jitsi-web.service.j2
View File

@ -18,8 +18,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
{% if matrix_jitsi_web_container_http_host_bind_port %}
-p {{ matrix_jitsi_web_container_http_host_bind_port }}:80 \
{% endif %}
-v {{ matrix_jitsi_web_config_path }}:/config \
-v {{ matrix_jitsi_web_transcripts_path }}:/usr/share/jitsi-meet/transcripts \
--mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \
--mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \
{% for arg in matrix_jitsi_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}

4
roles/matrix-ma1sd/defaults/main.yml
View File

@ -4,10 +4,12 @@
matrix_ma1sd_enabled: true
matrix_ma1sd_container_image_self_build: false
matrix_ma1sd_container_image_self_build_repo: "https://github.com/ma1uta/ma1sd.git"
matrix_ma1sd_architecture: "amd64"
matrix_ma1sd_docker_image: "ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
matrix_ma1sd_docker_image: "{{ matrix_ma1sd_docker_image_name_prefix }}ma1uta/ma1sd:2.4.0-{{ matrix_ma1sd_architecture }}"
matrix_ma1sd_docker_image_name_prefix: "{{ 'localhost/' if matrix_ma1sd_container_image_self_build else 'docker.io/' }}"
matrix_ma1sd_docker_image_force_pull: "{{ matrix_ma1sd_docker_image.endswith(':latest') }}"
matrix_ma1sd_base_path: "{{ matrix_base_data_path }}/ma1sd"

8
roles/matrix-ma1sd/tasks/setup_ma1sd.yml
View File

@ -52,10 +52,11 @@
- name: Ensure ma1sd repository is present on self-build
git:
repo: https://github.com/ma1uta/ma1sd.git
repo: "{{ matrix_ma1sd_container_image_self_build_repo }}"
dest: "{{ matrix_ma1sd_docker_src_files_path }}"
version: "{{ matrix_ma1sd_docker_image.split(':')[1].split('-')[0] }}"
force: "yes"
register: matrix_ma1sd_git_pull_results
- name: Ensure ma1sd Docker image is built
shell: "./gradlew dockerBuild"
@ -64,7 +65,10 @@
- name: Ensure ma1sd Docker image is tagged correctly
docker_image:
name: "{{ matrix_ma1sd_docker_image.split('-')[0] }}"
# The build script always tags the image with something like `ma1uta/ma1sd:2.4.0`.
# Remove the `-{{ matrix_ma1sd_architecture }}` suffix and our `localhost/` prefix (applied when self-building)
# to get to what has actually been built, so we can retag it as `{{ matrix_ma1sd_docker_image }}`.
name: "{{ matrix_ma1sd_docker_image.split('-')[0].replace('localhost/', '') }}"
repository: "{{ matrix_ma1sd_docker_image }}"
force_tag: yes
source: local

4
roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2
View File

@ -29,8 +29,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
{% if matrix_ma1sd_verbose_logging %}
-e MA1SD_LOG_LEVEL=debug \
{% endif %}
-v {{ matrix_ma1sd_config_path }}:/etc/ma1sd:ro \
-v {{ matrix_ma1sd_data_path }}:/var/ma1sd:rw \
--mount type=bind,src={{ matrix_ma1sd_config_path }},dst=/etc/ma1sd,ro \
--mount type=bind,src={{ matrix_ma1sd_data_path }},dst=/var/ma1sd \
{% for arg in matrix_ma1sd_container_extra_arguments %}
{{ arg }} \
{% endfor %}

3
roles/matrix-mailer/defaults/main.yml
View File

@ -7,7 +7,8 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev
matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src"
matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}"
matrix_mailer_docker_image: "devture/exim-relay:4.93.1-r0"
matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:4.93.1-r0"
matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else 'docker.io/' }}"
matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}"
# The user/group that the container runs with.

4
roles/matrix-mailer/tasks/setup_mailer.yml
View File

@ -29,12 +29,14 @@
dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
version: "{{ matrix_mailer_container_image_self_build_version }}"
force: "yes"
when: "matrix_mailer_container_image_self_build|bool"
register: matrix_mailer_git_pull_results
when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"
- name: Ensure exim-relay Docker image is built
docker_image:
name: "{{ matrix_mailer_docker_image }}"
source: build
force_source: "{{ matrix_mailer_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mailer_container_image_self_build_src_files_path }}"

4
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -3,7 +3,7 @@ matrix_nginx_proxy_enabled: true
# We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but
# that is frequently out of date.
matrix_nginx_proxy_docker_image: "nginx:1.19.4-alpine"
matrix_nginx_proxy_docker_image: "docker.io/nginx:1.19.4-alpine"
matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.endswith(':latest') }}"
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
@ -259,7 +259,7 @@ matrix_ssl_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
matrix_ssl_lets_encrypt_staging: false
matrix_ssl_lets_encrypt_certbot_docker_image: "certbot/certbot:{{ matrix_ssl_architecture }}-v1.9.0"
matrix_ssl_lets_encrypt_certbot_docker_image: "docker.io/certbot/certbot:{{ matrix_ssl_architecture }}-v1.9.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
matrix_ssl_lets_encrypt_support_email: ~

8
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
View File

@ -35,8 +35,8 @@
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-p {{ matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port }}:8080
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt
-v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt
{{ matrix_ssl_lets_encrypt_certbot_docker_image }}
certonly
--non-interactive
@ -63,8 +63,8 @@
--cap-drop=ALL
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080
--network={{ matrix_docker_network }}
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt
-v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt
{{ matrix_ssl_lets_encrypt_certbot_docker_image }}
certonly
--non-interactive

21
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
View File

@ -23,6 +23,27 @@
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# colibri (JVB) websockets
location ~ ^/colibri-ws/([a-zA-Z0-9-\.]+)/(.*) {
{% if matrix_nginx_proxy_enabled %}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-jitsi-jvb:9090";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:12090;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
tcp_nodelay on;
}
{% endmacro %}
server {

12
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
View File

@ -30,11 +30,13 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %}
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \
{% endif %}
-v {{ matrix_nginx_proxy_base_path }}/nginx.conf:/etc/nginx/nginx.conf:ro \
-v {{ matrix_nginx_proxy_data_path }}:/nginx-data:ro \
-v {{ matrix_nginx_proxy_confd_path }}:/etc/nginx/conf.d:ro \
-v {{ matrix_ssl_config_dir_path }}:{{ matrix_ssl_config_dir_path }}:ro \
-v {{ matrix_static_files_base_path }}:{{ matrix_static_files_base_path }}:ro \
--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \
--mount type=bind,src={{ matrix_nginx_proxy_confd_path }},dst=/etc/nginx/conf.d,ro \
{% if matrix_ssl_retrieval_method != 'none' %}
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \
{% endif %}
--mount type=bind,src={{ matrix_static_files_base_path }},dst={{ matrix_static_files_base_path }},ro \
{% for volume in matrix_nginx_proxy_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}

4
roles/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
View File

@ -14,8 +14,8 @@ docker run \
--cap-drop=ALL \
--network="{{ matrix_docker_network }}" \
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \
-v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt \
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \
--mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \
{{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
renew \
--non-interactive \

10
roles/matrix-postgres/defaults/main.yml
View File

@ -8,11 +8,11 @@ matrix_postgres_db_name: ""
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
matrix_postgres_docker_image_v9: "postgres:9.6.19-alpine"
matrix_postgres_docker_image_v10: "postgres:10.14-alpine"
matrix_postgres_docker_image_v11: "postgres:11.9-alpine"
matrix_postgres_docker_image_v12: "postgres:12.4-alpine"
matrix_postgres_docker_image_v13: "postgres:13.0-alpine"
matrix_postgres_docker_image_v9: "docker.io/postgres:9.6.20-alpine"
matrix_postgres_docker_image_v10: "docker.io/postgres:10.15-alpine"
matrix_postgres_docker_image_v11: "docker.io/postgres:11.10-alpine"
matrix_postgres_docker_image_v12: "docker.io/postgres:12.5-alpine"
matrix_postgres_docker_image_v13: "docker.io/postgres:13.1-alpine"
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}"
# This variable is assigned at runtime. Overriding its value has no effect.

2
roles/matrix-postgres/tasks/import_postgres.yml
View File

@ -69,7 +69,7 @@
--cap-drop=ALL
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-v {{ server_path_postgres_dump }}:/{{ server_path_postgres_dump|basename }}:ro
--mount type=bind,src={{ server_path_postgres_dump }},dst=/{{ server_path_postgres_dump|basename }},ro
--entrypoint=/bin/sh
{{ matrix_postgres_docker_image_latest }}
-c "cat /{{ server_path_postgres_dump|basename }} |

6
roles/matrix-postgres/tasks/import_sqlite_db.yml
View File

@ -79,8 +79,8 @@
--cap-drop=ALL
--network={{ matrix_docker_network }}
--entrypoint=python
-v {{ matrix_synapse_config_dir_path }}:/data
-v {{ matrix_synapse_config_dir_path }}:/matrix-media-store-parent/media-store
-v {{ server_path_homeserver_db }}:/{{ server_path_homeserver_db|basename }}
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/matrix-media-store-parent/media-store
--mount type=bind,src={{ server_path_homeserver_db }},dst=/{{ server_path_homeserver_db|basename }}
{{ matrix_synapse_docker_image }}
/usr/local/bin/synapse_port_db --sqlite-database /{{ server_path_homeserver_db|basename }} --postgres-config /data/homeserver.yaml

4
roles/matrix-postgres/tasks/upgrade_postgres.yml
View File

@ -85,7 +85,7 @@
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
--entrypoint=/bin/sh
-v {{ postgres_dump_dir }}:/out
--mount type=bind,src={{ postgres_dump_dir }},dst=/out
{{ matrix_postgres_detected_version_corresponding_docker_image }}
-c "pg_dumpall -h matrix-postgres
{{ '| gzip -c ' if postgres_dump_name.endswith('.gz') else '' }}
@ -131,7 +131,7 @@
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
--entrypoint=/bin/sh
-v {{ postgres_dump_dir }}:/in:ro
--mount type=bind,src={{ postgres_dump_dir }},dst=/in,ro
{{ matrix_postgres_docker_image_latest }}
-c "cat /in/{{ postgres_dump_name }} |
{{ 'gunzip |' if postgres_dump_name.endswith('.gz') else '' }}

5
roles/matrix-postgres/tasks/validate_config.yml
View File

@ -20,3 +20,8 @@
- "matrix_postgres_connection_username"
- "matrix_postgres_connection_password"
- "matrix_postgres_db_name"
- name: Fail if Postgres password length exceeded
fail:
msg: "The maximum `matrix_postgres_connection_password` length is 99 characters"
when: "matrix_postgres_connection_hostname|length > 99"

4
roles/matrix-postgres/templates/systemd/matrix-postgres.service.j2
View File

@ -21,8 +21,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres \
-p {{ matrix_postgres_container_postgres_bind_port }}:5432 \
{% endif %}
--env-file={{ matrix_postgres_base_path }}/env-postgres-server \
-v {{ matrix_postgres_data_path }}:/var/lib/postgresql/data:rw \
-v /etc/passwd:/etc/passwd:ro \
--mount type=bind,src={{ matrix_postgres_data_path }},dst=/var/lib/postgresql/data \
--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
{% for arg in matrix_postgres_container_extra_arguments %}
{{ arg }} \
{% endfor %}

5
roles/matrix-registration/defaults/main.yml
View File

@ -4,6 +4,7 @@
matrix_registration_enabled: true
matrix_registration_container_image_self_build: false
matrix_registration_container_image_self_build_repo: "https://github.com/ZerataX/matrix-registration"
matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
@ -12,9 +13,9 @@ matrix_registration_docker_src_files_path: "{{ matrix_registration_base_path }}/
matrix_registration_version: "v0.7.0"
matrix_registration_docker_image: "devture/zeratax-matrix-registration:{{ matrix_registration_version }}"
matrix_registration_docker_image: "{{ matrix_registration_docker_image_name_prefix }}devture/zeratax-matrix-registration:{{ matrix_registration_version }}"
matrix_registration_docker_image_name_prefix: "{{ 'localhost/' if matrix_registration_container_image_self_build else 'docker.io/' }}"
matrix_registration_docker_image_force_pull: "{{ matrix_registration_docker_image.endswith(':latest') }}"
matrix_registration_docker_repo: "https://github.com/ZerataX/matrix-registration"
# A list of extra arguments to pass to the container
matrix_registration_container_extra_arguments: []

6
roles/matrix-registration/tasks/setup.yml
View File

@ -28,7 +28,7 @@
- name: Ensure matrix-registration repository is present when self-building
git:
repo: "{{ matrix_registration_docker_repo }}"
repo: "{{ matrix_registration_container_image_self_build_repo }}"
dest: "{{ matrix_registration_docker_src_files_path }}"
version: "{{ matrix_registration_version }}"
force: "yes"
@ -39,12 +39,12 @@
docker_image:
name: "{{ matrix_registration_docker_image }}"
source: build
force_source: yes
force_source: "{{ matrix_registration_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_registration_docker_src_files_path }}"
pull: yes
when: "matrix_registration_enabled|bool and matrix_registration_container_image_self_build|bool and matrix_registration_git_pull_results.changed"
when: "matrix_registration_enabled|bool and matrix_registration_container_image_self_build|bool"
- name: Ensure matrix-registration config installed
copy:

9
roles/matrix-registration/tasks/validate_config.yml
View File

@ -9,3 +9,12 @@
- "matrix_registration_shared_secret"
- "matrix_registration_admin_secret"
- "matrix_registration_server_location"
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_registration_docker_repo', 'new': 'matrix_registration_container_image_self_build_repo'}

4
roles/matrix-registration/templates/systemd/matrix-registration.service.j2
View File

@ -22,8 +22,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \
{% if matrix_registration_container_http_host_bind_port %}
-p {{ matrix_registration_container_http_host_bind_port }}:5000 \
{% endif %}
-v {{ matrix_registration_config_path }}:/config:ro \
-v {{ matrix_registration_data_path }}:/data \
--mount type=bind,src={{ matrix_registration_config_path }},dst=/config,ro \
--mount type=bind,src={{ matrix_registration_data_path }},dst=/data \
{% for arg in matrix_registration_container_extra_arguments %}
{{ arg }} \
{% endfor %}

6
roles/matrix-synapse-admin/defaults/main.yml
View File

@ -4,10 +4,12 @@
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_self_build: false
matrix_synapse_admin_docker_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
matrix_synapse_admin_docker_image: "awesometechnologies/synapse-admin:0.5.0"
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:0.5.0"
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else 'docker.io/' }}"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
# A list of extra arguments to pass to the container

6
roles/matrix-synapse-admin/tasks/main.yml
View File

@ -2,6 +2,12 @@
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: run_setup|bool
tags:
- setup-all
- setup-synapse-admin
- import_tasks: "{{ role_path }}/tasks/setup.yml"
tags:
- setup-all

6
roles/matrix-synapse-admin/tasks/setup.yml
View File

@ -14,7 +14,7 @@
- name: Ensure matrix-synapse-admin repository is present when self-building
git:
repo: "{{ matrix_synapse_admin_docker_repo }}"
repo: "{{ matrix_synapse_admin_container_self_build_repo }}"
dest: "{{ matrix_synapse_admin_docker_src_files_path }}"
force: "yes"
register: matrix_synapse_admin_git_pull_results
@ -24,12 +24,12 @@
docker_image:
name: "{{ matrix_synapse_admin_docker_image }}"
source: build
force_source: yes
force_source: "{{ matrix_synapse_admin_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_synapse_admin_docker_src_files_path }}"
pull: yes
when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool and matrix_synapse_admin_git_pull_results.changed"
when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool"
- name: Ensure matrix-synapse-admin.service installed
template:

10
roles/matrix-synapse-admin/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-
Your configuration contains a variable, which now has a different name.
Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
when: "item.old in vars"
with_items:
- {'old': 'matrix_synapse_admin_docker_repo', 'new': 'matrix_synapse_admin_container_self_build_repo'}

6
roles/matrix-synapse/defaults/main.yml
View File

@ -4,8 +4,10 @@
matrix_synapse_enabled: true
matrix_synapse_container_image_self_build: false
matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git"
matrix_synapse_docker_image: "matrixdotorg/synapse:v1.22.1"
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.23.0"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else 'docker.io/' }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
@ -58,7 +60,7 @@ matrix_synapse_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list: []
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.7/site-packages"
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.8/site-packages"
# Specifies which template files to use when configuring Synapse.
# If you'd like to have your own different configuration, feel free to copy and paste

4
roles/matrix-synapse/tasks/rust-synapse-compress-state/compress_room.yml
View File

@ -8,7 +8,7 @@
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
--network={{ matrix_docker_network }}
-v {{ matrix_synapse_rust_synapse_compress_state_base_path }}:/work
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work
{{ matrix_synapse_rust_synapse_compress_state_docker_image }}
/synapse-compress-state -t -o /work/state-compressor.sql
-p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}"
@ -30,7 +30,7 @@
--cap-drop=ALL
--network={{ matrix_docker_network }}
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
-v {{ matrix_synapse_rust_synapse_compress_state_base_path }}:/work:ro
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work,ro
--entrypoint=/bin/sh
{{ matrix_postgres_docker_image_latest }}
-c "cat /work/state-compressor.sql |

10
roles/matrix-synapse/tasks/synapse/setup_install.yml
View File

@ -20,21 +20,23 @@
- name: Ensure Synapse repository is present on self-build
git:
repo: https://github.com/matrix-org/synapse.git
repo: "{{ matrix_synapse_container_image_self_build_repo }}"
dest: "{{ matrix_synapse_docker_src_files_path }}"
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
force: "yes"
when: "matrix_synapse_container_image_self_build"
register: matrix_synapse_git_pull_results
when: "matrix_synapse_container_image_self_build|bool"
- name: Ensure Synapse Docker image is built
docker_image:
name: "{{ matrix_synapse_docker_image }}"
source: build
force_source: "{{ matrix_synapse_git_pull_results.changed }}"
build:
dockerfile: docker/Dockerfile
path: "{{ matrix_synapse_docker_src_files_path }}"
pull: yes
when: "matrix_synapse_container_image_self_build"
when: "matrix_synapse_container_image_self_build|bool"
- name: Ensure Synapse Docker image is pulled
docker_image:
@ -63,7 +65,7 @@
--name=matrix-config
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
--cap-drop=ALL
-v {{ matrix_synapse_config_dir_path }}:/data
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
-e UID={{ matrix_user_uid }}
-e GID={{ matrix_user_gid }}
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml

6
roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
View File

@ -12,13 +12,13 @@ ExecStartPre=-{{ matrix_host_command_docker }} rm %n
ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
-v /etc/passwd:/etc/passwd:ro \
-v /etc/group:/etc/group:ro \
--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
--mount type=bind,src=/etc/group,dst=/etc/group,ro \
--mount type=bind,src={{ matrix_synapse_media_store_path }},dst=/s3,bind-propagation=shared \
--security-opt apparmor:unconfined \
--cap-add mknod \
--cap-add sys_admin \
--device=/dev/fuse \
-v {{ matrix_synapse_media_store_path }}:/s3:shared \
--env-file={{ matrix_synapse_config_dir_path }}/env-goofys \
--entrypoint /bin/sh \
{{ matrix_s3_goofys_docker_image }} \

187
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -1516,10 +1516,8 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
## Single sign-on integration ##
# Enable SAML2 for registration and login. Uses pysaml2.
#
# At least one of `sp_config` or `config_path` must be set in this section to
# enable SAML login.
# The following settings can be used to make Synapse use a single sign-on
# provider for authentication, instead of its internal password database.
#
# You will probably also want to set the following options to `false` to
# disable the regular login/registration flows:
@ -1528,6 +1526,11 @@ trusted_key_servers: {{ matrix_synapse_trusted_key_servers|to_json }}
#
# You will also want to investigate the settings under the "sso" configuration
# section below.
# Enable SAML2 for registration and login. Uses pysaml2.
#
# At least one of `sp_config` or `config_path` must be set in this section to
# enable SAML login.
#
# Once SAML support is enabled, a metadata file will be exposed at
# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to
@ -1543,40 +1546,64 @@ saml2_config:
# so it is not normally necessary to specify them unless you need to
# override them.
#
#sp_config:
# # point this to the IdP's metadata. You can use either a local file or
# # (preferably) a URL.
# metadata:
# #local: ["saml2/idp.xml"]
# remote:
# - url: https://our_idp/metadata.xml
#
# # By default, the user has to go to our login page first. If you'd like
# # to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# # 'service.sp' section:
# #
# #service:
# # sp:
# # allow_unsolicited: true
#
# # The examples below are just used to generate our metadata xml, and you
# # may well not need them, depending on your setup. Alternatively you
# # may need a whole lot more detail - see the pysaml2 docs!
#
# description: ["My awesome SP", "en"]
# name: ["Test SP", "en"]
#
# organization:
# name: Example com
# display_name:
# - ["Example co", "en"]
# url: "http://example.com"
#
# contact_person:
# - given_name: Bob
# sur_name: "the Sysadmin"
# email_address": ["admin@example.com"]
# contact_type": technical
sp_config:
# Point this to the IdP's metadata. You must provide either a local
# file via the `local` attribute or (preferably) a URL via the
# `remote` attribute.
#
#metadata:
# local: ["saml2/idp.xml"]
# remote:
# - url: https://our_idp/metadata.xml
# By default, the user has to go to our login page first. If you'd like
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
# 'service.sp' section:
#
#service:
# sp:
# allow_unsolicited: true
# The examples below are just used to generate our metadata xml, and you
# may well not need them, depending on your setup. Alternatively you
# may need a whole lot more detail - see the pysaml2 docs!
#description: ["My awesome SP", "en"]
#name: ["Test SP", "en"]
#ui_info:
# display_name:
# - lang: en
# text: "Display Name is the descriptive name of your service."
# description:
# - lang: en
# text: "Description should be a short paragraph explaining the purpose of the service."
# information_url:
# - lang: en
# text: "https://example.com/terms-of-service"
# privacy_statement_url:
# - lang: en
# text: "https://example.com/privacy-policy"
# keywords:
# - lang: en
# text: ["Matrix", "Element"]
# logo:
# - lang: en
# text: "https://example.com/logo.svg"
# width: "200"
# height: "80"
#organization:
# name: Example com
# display_name:
# - ["Example co", "en"]
# url: "http://example.com"
#contact_person:
# - given_name: Bob
# sur_name: "the Sysadmin"
# email_address": ["admin@example.com"]
# contact_type": technical
# Instead of putting the config inline as above, you can specify a
# separate pysaml2 configuration file:
@ -1651,37 +1678,11 @@ saml2_config:
# - attribute: department
# value: "sales"
# Directory in which Synapse will try to find the template files below.
# If not set, default templates from within the Synapse package will be used.
#
# DO NOT UNCOMMENT THIS SETTING unless you want to customise the templates.
# If you *do* uncomment it, you will need to make sure that all the templates
# below are in the directory.
#
# Synapse will look for the following templates in this directory:
#
# * HTML page to display to users if something goes wrong during the
# authentication process: 'saml_error.html'.
#
# When rendering, this template is given the following variables:
# * code: an HTML error code corresponding to the error that is being
# returned (typically 400 or 500)
#
# * msg: a textual message describing the error.
#
# The variables will automatically be HTML-escaped.
#
# You can see the default templates at:
# https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
#
#template_dir: "res/templates"
# OpenID Connect integration. The following settings can be used to make Synapse
# use an OpenID Connect Provider for authentication, instead of its internal
# password database.
# Enable OpenID Connect (OIDC) / OAuth 2.0 for registration and login.
#
# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md.
# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md
# for some example configurations.
#
oidc_config:
# Uncomment the following to enable authorization against an OpenID Connect
@ -1804,17 +1805,47 @@ oidc_config:
#
#display_name_template: "{% raw %}{{ user.given_name }} {{ user.last_name }}{% endraw %}"
# Jinja2 templates for extra attributes to send back to the client during
# login.
#
# Note that these are non-standard and clients will ignore them without modifications.
#
#extra_attributes:
#birthdate: "{% raw %}{{ user.birthdate }}{% endraw %}"
# Enable CAS for registration and login.
# Enable Central Authentication Service (CAS) for registration and login.
#
#cas_config:
# enabled: true
# server_url: "https://cas-server.com"
# service_url: "https://homeserver.domain.com:8448"
# #displayname_attribute: name
# #required_attributes:
# # name: value
cas_config:
# Uncomment the following to enable authorization against a CAS server.
# Defaults to false.
#
#enabled: true
# The URL of the CAS authorization endpoint.
#
#server_url: "https://cas-server.com"
# The public URL of the homeserver.
#
#service_url: "https://homeserver.domain.com:8448"
# The attribute of the CAS response to use as the display name.
#
# If unset, no displayname will be set.
#
#displayname_attribute: name
# It is possible to configure Synapse to only allow logins if CAS attributes
# match particular values. All of the keys in the mapping below must exist
# and the values must match the given value. Alternately if the given value
# is None then any value is allowed (the attribute just must exist).
# All of the listed attributes must match for the login to be permitted.
#
#required_attributes:
# userGroup: "staff"
# department: None
# Additional settings to use with single-sign on systems such as OpenID Connect,
@ -1914,7 +1945,7 @@ sso:
# and issued at ("iat") claims are validated if present.
#
# Note that this is a non-standard login type and client support is
# expected to be non-existant.
# expected to be non-existent.
#
# See https://github.com/matrix-org/synapse/blob/master/docs/jwt.md.
#
@ -2445,7 +2476,7 @@ alias_creation_rules: {{ matrix_synapse_alias_creation_rules|to_json }}
#
# Options for the rules include:
#
# user_id: Matches agaisnt the creator of the alias
# user_id: Matches against the creator of the alias
# room_id: Matches against the room ID being published
# alias: Matches against any current local or canonical aliases
# associated with the room
@ -2493,7 +2524,7 @@ opentracing:
# This is a list of regexes which are matched against the server_name of the
# homeserver.
#
# By defult, it is empty, so no servers are matched.
# By default, it is empty, so no servers are matched.
#
#homeserver_whitelist:
# - ".*"

4
roles/matrix-synapse/templates/synapse/systemd/matrix-synapse.service.j2
View File

@ -51,8 +51,8 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-synapse \
{% endif %}
{% endfor %}
{% endif %}
-v {{ matrix_synapse_config_dir_path }}:/data:ro \
-v {{ matrix_synapse_storage_path }}:/matrix-media-store-parent:slave \
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data,ro \
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
{% for volume in matrix_synapse_container_additional_volumes %}
-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
{% endfor %}