Add matrix-user-creator role - automatic user account creation support

We no longer ask users to create Matrix user accounts for these bots: - Postmoogle - Honoroit - Reminder Bot Other bots and services (matrix-registration-bot, maubot, mjolnir, Dimension, etc.) require an Access Token to run (not a password), so this new role doesn't help for them. It does help for the above bots though, and for defining your own "initial user accounts" in the `matrix_user_creator_users_additional` variable.
2022-11-01 16:22:58 +02:00
parent 125ca5569d
commit c3dc64b1d5
15 changed files with 294 additions and 75 deletions
--- a/roles/matrix-user-creator/tasks/main.yml
+++ b/roles/matrix-user-creator/tasks/main.yml
@ -0,0 +1,9 @@
+---
+
+- when: matrix_user_creator_users | length > 0
+  ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup.yml"
+  tags:
+    # This role intentionally doesn't do work on a `setup-all` tag.
+    # If it did, the initial installation (`--tags=setup-all`) would also potentially polute the database with data,
+    # which would make importing a database dump problematic.
+    - ensure-matrix-users-created
--- a/roles/matrix-user-creator/tasks/setup.yml
+++ b/roles/matrix-user-creator/tasks/setup.yml
@ -0,0 +1,33 @@
+---
+
+- name: Validate Matrix users to create
+  ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/validate_user.yml"
+  with_items: "{{ matrix_user_creator_users }}"
+  loop_control:
+    loop_var: user
+  # Suppress logging to avoid dumping the credentials to the shell
+  no_log: true
+
+- name: Ensure systemd is reloaded before starting the homeserver
+  ansible.builtin.service:
+    daemon_reload: true
+
+- name: Ensure homeserver is started before creating Matrix users
+  ansible.builtin.service:
+    name: "matrix-{{ matrix_homeserver_implementation }}.service"
+    state: started
+    daemon_reload: true
+  register: matrix_user_registrator_homeserver_start_result
+
+- name: Wait a while, so that the homeserver can manage to start before creating Matrix users
+  ansible.builtin.pause:
+    seconds: 7
+  when: matrix_user_registrator_homeserver_start_result.changed | bool
+
+- name: Ensure Matrix users are created
+  ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_{{ matrix_homeserver_implementation }}.yml"
+  with_items: "{{ matrix_user_creator_users }}"
+  loop_control:
+    loop_var: user
+  # Suppress logging to avoid dumping the credentials to the shell
+  no_log: true
--- a/roles/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml
+++ b/roles/matrix-user-creator/tasks/util/ensure_user_registered_conduit.yml
@ -0,0 +1,5 @@
+---
+
+- name: Ensure Conduit user registered - {{ user.username | quote }}
+  ansible.builtin.debug:
+    msg: "Not registering user. To register Conduit users, message the Conduit bot"
--- a/roles/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml
+++ b/roles/matrix-user-creator/tasks/util/ensure_user_registered_dendrite.yml
@ -0,0 +1,17 @@
+---
+
+- name: Ensure Dendrite user registered - {{ user.username | quote }}
+  ansible.builtin.command:
+    cmd: |-
+      {{ matrix_host_command_docker }} exec matrix-dendrite
+      create-account
+      -config /data/dendrite.yaml
+      -username {{ user.username | quote }}
+      -password {{ user.initial_password | quote }}
+      {% if user.initial_type == 'admin' %}
+        -admin
+      {% endif %}
+      -url http://localhost:{{ matrix_dendrite_http_bind_port }}
+  register: matrix_dendrite_register_user_result
+  changed_when: matrix_dendrite_register_user_result.rc == 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr
+  failed_when: matrix_dendrite_register_user_result.rc != 0 and 'Desired user ID is already taken' not in matrix_dendrite_register_user_result.stderr
--- a/roles/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml
+++ b/roles/matrix-user-creator/tasks/util/ensure_user_registered_synapse.yml
@ -0,0 +1,22 @@
+---
+
+- name: Ensure Synapse user registered - {{ user.username | quote }}
+  ansible.builtin.command:
+    cmd: |-
+      {{ matrix_host_command_docker }} exec matrix-synapse
+      register_new_matrix_user
+      -u  {{ user.username | quote }}
+      -p {{ user.initial_password | quote }}
+      -c /data/homeserver.yaml
+      {% if user.initial_type == 'admin' %}
+        --admin
+      {% else %}
+        --no-admin
+        {% if user.initial_type != 'user' %}
+          --user_type={{ user.initial_type | quote }}
+        {% endif %}
+      {% endif %}
+      http://localhost:{{ matrix_synapse_container_client_api_port }}
+  register: matrix_synapse_register_user_result
+  changed_when: matrix_synapse_register_user_result.rc == 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
+  failed_when: matrix_synapse_register_user_result.rc != 0 and 'User ID already taken' not in matrix_synapse_register_user_result.stdout
--- a/roles/matrix-user-creator/tasks/util/validate_user.yml
+++ b/roles/matrix-user-creator/tasks/util/validate_user.yml
@ -0,0 +1,16 @@
+---
+
+- name: Fail if invalid username
+  ansible.builtin.fail:
+    msg: "Empty usernames values are not allowed ({{ user }})"
+  when: not (user.username | default(''))
+
+- name: Fail if invalid initial_password for user - {{ user.username }}
+  ansible.builtin.fail:
+    msg: "Empty initial_password values are not allowed"
+  when: not (user.initial_password | default(''))
+
+- name: Fail if invalid initial_type for user - {{ user.username }}
+  ansible.builtin.fail:
+    msg: "User initial_type `{{ user.initial_type | default('undefined') }}` is not supported"
+  when: user.initial_type | default('undefined') not in ['admin', 'user', 'bot', 'support']