Merge remote-tracking branch 'upstream/master' into testing
This commit is contained in:
		
							
								
								
									
										25
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										25
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,3 +1,28 @@ | ||||
| # 2021-08-23 | ||||
|  | ||||
| ## LinkedIn bridging support via beeper-linkedin | ||||
|  | ||||
| Thanks to [Alexandar Mechev](https://github.com/apmechev), the playbook can now install the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. | ||||
|  | ||||
| This brings the total number of bridges supported by the playbook up to 20. See all supported bridges [here](docs/configuring-playbook.md#bridging-other-networks). | ||||
|  | ||||
| To get started with bridging to LinkedIn, see [Setting up Beeper LinkedIn bridging](docs/configuring-playbook-bridge-beeper-linkedin.md). | ||||
|  | ||||
|  | ||||
| # 2021-08-20 | ||||
|  | ||||
| # Sygnal upgraded - ARM support and no longer requires a database | ||||
|  | ||||
| The [Sygnal](docs/configuring-playbook-sygnal.md) push gateway has been upgraded from `v0.9.0` to `v0.10.1`. | ||||
|  | ||||
| This is an optional component for the playbook, so most of our users wouldn't care about this announcement. | ||||
|  | ||||
| Since this feels like a relatively big (and untested, as of yet) Sygnal change, we're putting up this changelog entry. | ||||
|  | ||||
| The new version is also available for the ARM architecture. It also no longer requires a database anymore. | ||||
| If you need to downgrade to the previous version, changing `matrix_sygnal_version` or `matrix_sygnal_docker_image` will not be enough, as we've removed the `database` configuration completely. You'd need to switch to an earlier playbook commit. | ||||
|  | ||||
|  | ||||
| # 2021-05-21 | ||||
|  | ||||
| ## Hydrogen support | ||||
|   | ||||
| @@ -57,6 +57,8 @@ Using this playbook, you can get the following services configured on your serve | ||||
|  | ||||
| - (optional) the [mautrix-signal](https://github.com/mautrix/signal) bridge for bridging your Matrix server to [Signal](https://www.signal.org/) | ||||
|  | ||||
| - (optional) the [beeper-linkedin](https://gitlab.com/beeper/linkedin) bridge for bridging your Matrix server to [LinkedIn](https://www.linkedin.com/) | ||||
|  | ||||
| - (optional) the [matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) bridge for bridging your Matrix server to [IRC](https://wikipedia.org/wiki/Internet_Relay_Chat) | ||||
|  | ||||
| - (optional) the [matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) bridge for bridging your Matrix server to [Discord](https://discordapp.com/) | ||||
|   | ||||
							
								
								
									
										59
									
								
								docs/configuring-playbook-bridge-beeper-linkedin.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								docs/configuring-playbook-bridge-beeper-linkedin.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | ||||
| # Setting up Beeper Linkedin (optional) | ||||
|  | ||||
| The playbook can install and configure [beeper-linkedin](https://gitlab.com/beeper/linkedin) for you, for bridging to [LinkedIn](https://www.linkedin.com/) Messaging. This bridge is based on the mautrix-python framework and can be configured in a similar way to the other mautrix bridges | ||||
|  | ||||
| See the project's [documentation](https://gitlab.com/beeper/linkedin/-/blob/master/README.md) to learn what it does and why it might be useful to you. | ||||
|  | ||||
| ```yaml | ||||
| matrix_beeper_linkedin_enabled: true | ||||
| ``` | ||||
|  | ||||
| There are some additional things you may wish to configure about the bridge before you continue. | ||||
|  | ||||
| Encryption support is off by default. If you would like to enable encryption, add the following to your `vars.yml` file: | ||||
| ```yaml | ||||
| matrix_beeper_linkedin_configuration_extension_yaml: | | ||||
|   bridge: | ||||
|     encryption: | ||||
|       allow: true | ||||
|       default: true | ||||
| ``` | ||||
|  | ||||
| If you would like to be able to administrate the bridge from your account it can be configured like this: | ||||
| ```yaml | ||||
| matrix_beeper_linkedin_configuration_extension_yaml: | | ||||
|   bridge: | ||||
|     permissions: | ||||
|       '@YOUR_USERNAME:YOUR_DOMAIN': admin | ||||
| ``` | ||||
|  | ||||
| You may wish to look at `roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2` to find other things you would like to configure. | ||||
|  | ||||
|  | ||||
| ## Set up Double Puppeting | ||||
|  | ||||
| If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it. | ||||
|  | ||||
| ### Method 1: automatically, by enabling Shared Secret Auth | ||||
|  | ||||
| The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook. | ||||
|  | ||||
| This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future. | ||||
|  | ||||
|  | ||||
| ## Usage | ||||
|  | ||||
| You then need to start a chat with `@linkedinbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain). | ||||
|  | ||||
| Send `login YOUR_LINKEDIN_EMAIL_ADDRESS` to the bridge bot to enable bridging for your LinkedIn account. | ||||
|  | ||||
| If you run into trouble, check the [Troubleshooting](#troubleshooting) section below. | ||||
|  | ||||
| After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so. | ||||
|  | ||||
|  | ||||
| ## Troubleshooting | ||||
|  | ||||
| ### Bridge asking for 2FA even if you don't have 2FA enabled | ||||
|  | ||||
| If you don't have 2FA enabled and are logging in from a strange IP for the first time, LinkedIn will send an email with a one-time code. You can use this code to authorize the bridge session. In my experience, once the IP is authorized, you will not be asked again. | ||||
| @@ -24,7 +24,7 @@ matrix_dimension_enabled: true | ||||
|  | ||||
| ## Define admin users | ||||
|  | ||||
| These users can modify the integrations this Dimension supports. Admin interface is accessible by opening Dimension in Element and clicking the settings icon. | ||||
| These users can modify the integrations this Dimension supports. Admin interface is accessible at `https://dimension.<your-domain>/riot-app/admin` after logging in to element. | ||||
| Add this to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`): | ||||
|  | ||||
| ```yaml | ||||
|   | ||||
| @@ -26,7 +26,6 @@ matrix_jitsi_enabled: true | ||||
|  | ||||
| # Run `bash inventory/scripts/jitsi-generate-passwords.sh` to generate these passwords, | ||||
| # or define your own strong passwords manually. | ||||
| matrix_jitsi_jicofo_component_secret: "" | ||||
| matrix_jitsi_jicofo_auth_password: "" | ||||
| matrix_jitsi_jvb_auth_password: "" | ||||
| matrix_jitsi_jibri_recorder_password: "" | ||||
|   | ||||
| @@ -104,6 +104,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins | ||||
|  | ||||
| - [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional) | ||||
|  | ||||
| - [Setting up Beeper LinkedIn bridging](configuring-playbook-bridge-beeper-linkedin.md) (optional) | ||||
|  | ||||
| - [Setting up Appservice Discord bridging](configuring-playbook-bridge-appservice-discord.md) (optional) | ||||
|  | ||||
| - [Setting up Appservice Slack bridging](configuring-playbook-bridge-appservice-slack.md) (optional) | ||||
|   | ||||
| @@ -27,8 +27,6 @@ ansible-playbook -i inventory/hosts setup.yml \ | ||||
| --tags=import-postgres | ||||
| ``` | ||||
|  | ||||
| We specify the `synapse` database as the default import database. If your dump is a single-database dump (`pg_dump`), then we need to tell it where to go to. If you're redefining `matrix_synapse_database_database` to something other than `synapse`, please adjust it here too. For database dumps spanning multiple databases (`pg_dumpall`), you can remove the `postgres_default_import_database` definition (but it doesn't hurt to keep it too). | ||||
|  | ||||
| **Note**: `<server-path-to-postgres-dump.sql>` must be a file path to a Postgres dump file on the server (not on your local machine!). | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -216,6 +216,42 @@ matrix_appservice_irc_database_password: "{{ matrix_synapse_macaroon_secret_key | ||||
| ###################################################################### | ||||
|  | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # matrix-bridge-beeper-linkedin | ||||
| # | ||||
| ###################################################################### | ||||
|  | ||||
| # We don't enable bridges by default. | ||||
| matrix_beeper_linkedin_enabled: false | ||||
|  | ||||
| matrix_beeper_linkedin_systemd_required_services_list: | | ||||
|   {{ | ||||
|     ['docker.service'] | ||||
|     + | ||||
|     (['matrix-synapse.service'] if matrix_synapse_enabled else []) | ||||
|     + | ||||
|     (['matrix-postgres.service'] if matrix_postgres_enabled else []) | ||||
|     + | ||||
|     (['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else []) | ||||
|   }} | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.as.token') | to_uuid }}" | ||||
|  | ||||
| matrix_beeper_linkedin_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'linked.hs.token') | to_uuid }}" | ||||
|  | ||||
| matrix_beeper_linkedin_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" | ||||
|  | ||||
| matrix_beeper_linkedin_bridge_presence: "{{ matrix_synapse_presence_enabled if matrix_synapse_enabled else true }}" | ||||
|  | ||||
| matrix_beeper_linkedin_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'maulinkedin.db') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # /matrix-bridge-beeper-linkedin | ||||
| # | ||||
| ###################################################################### | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # matrix-bridge-mautrix-facebook | ||||
| @@ -1372,6 +1408,12 @@ matrix_postgres_additional_databases: | | ||||
|       'password': matrix_appservice_irc_database_password, | ||||
|     }] if (matrix_appservice_irc_enabled and matrix_appservice_irc_database_engine == 'postgres' and matrix_appservice_irc_database_hostname == 'matrix-postgres') else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': matrix_beeper_linkedin_database_name, | ||||
|       'username': matrix_beeper_linkedin_database_username, | ||||
|       'password': matrix_beeper_linkedin_database_password, | ||||
|     }] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': matrix_mautrix_facebook_database_name, | ||||
|       'username': matrix_mautrix_facebook_database_username, | ||||
| @@ -1462,12 +1504,6 @@ matrix_postgres_additional_databases: | | ||||
|       'password': matrix_etherpad_database_password, | ||||
|     }] if (matrix_etherpad_enabled and matrix_etherpad_database_engine == 'postgres' and matrix_etherpad_database_hostname == 'matrix-postgres') else []) | ||||
|     + | ||||
|     ([{ | ||||
|       'name': matrix_sygnal_database_name, | ||||
|       'username': matrix_sygnal_database_username, | ||||
|       'password': matrix_sygnal_database_password, | ||||
|     }] if (matrix_sygnal_enabled and matrix_sygnal_database_engine == 'postgres' and matrix_sygnal_database_hostname == 'matrix-postgres') else []) | ||||
|      + | ||||
|     ([{ | ||||
|       'name': matrix_prometheus_postgres_exporter_database_name, | ||||
|       'username': matrix_prometheus_postgres_exporter_database_username, | ||||
| @@ -1512,10 +1548,6 @@ matrix_sygnal_metrics_prometheus_enabled: "{{ matrix_prometheus_enabled }}" | ||||
|  | ||||
| matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enabled else '127.0.0.1:6000' }}" | ||||
|  | ||||
| # Postgres is the default, except if not using `matrix_postgres` (internal postgres) | ||||
| matrix_sygnal_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}" | ||||
| matrix_sygnal_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'sygnal') | to_uuid }}" | ||||
|  | ||||
| ###################################################################### | ||||
| # | ||||
| # /matrix-sygnal | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_bot_mjolnir_enabled: true | ||||
|  | ||||
| matrix_bot_mjolnir_version: "v0.1.18" | ||||
| matrix_bot_mjolnir_version: "v0.1.19" | ||||
|  | ||||
| matrix_bot_mjolnir_container_image_self_build: false | ||||
| matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git" | ||||
|   | ||||
| @@ -7,7 +7,7 @@ matrix_appservice_irc_container_self_build: false | ||||
| matrix_appservice_irc_docker_repo: "https://github.com/matrix-org/matrix-appservice-irc.git" | ||||
| matrix_appservice_irc_docker_src_files_path: "{{ matrix_base_data_path }}/appservice-irc/docker-src" | ||||
|  | ||||
| matrix_appservice_irc_version: release-v0.29.0 | ||||
| matrix_appservice_irc_version: release-0.30.0 | ||||
| matrix_appservice_irc_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/matrix-appservice-irc:{{ matrix_appservice_irc_version }}" | ||||
| matrix_appservice_irc_docker_image_force_pull: "{{ matrix_appservice_irc_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
							
								
								
									
										100
									
								
								roles/matrix-bridge-beeper-linkedin/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										100
									
								
								roles/matrix-bridge-beeper-linkedin/defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,100 @@ | ||||
| # beeper-linkedin is a Matrix <-> LinkedIn bridge | ||||
| # See: https://gitlab.com/beeper/linkedin | ||||
|  | ||||
| matrix_beeper_linkedin_enabled: true | ||||
|  | ||||
| matrix_beeper_linkedin_version: v0.5.0 | ||||
| # See: https://gitlab.com/beeper/linkedin/container_registry | ||||
| matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64" | ||||
| matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}" | ||||
|  | ||||
| matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin" | ||||
| matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config" | ||||
| matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data" | ||||
|  | ||||
| matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}" | ||||
| matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}" | ||||
| matrix_beeper_linkedin_appservice_address: "http://matrix-beeper-linkedin:29319" | ||||
|  | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_beeper_linkedin_container_extra_arguments: [] | ||||
|  | ||||
| # List of systemd services that matrix-beeper-linkedin.service depends on. | ||||
| matrix_beeper_linkedin_systemd_required_services_list: ['docker.service'] | ||||
|  | ||||
| # List of systemd services that matrix-beeper-linkedin.service wants | ||||
| matrix_beeper_linkedin_systemd_wanted_services_list: [] | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_token: "" | ||||
| matrix_beeper_linkedin_homeserver_token: "" | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_bot_username: linkedinbot | ||||
|  | ||||
|  | ||||
| # Database-related configuration fields. | ||||
| # Only Postgres is supported. | ||||
| matrix_beeper_linkedin_database_engine: "postgres" | ||||
|  | ||||
| matrix_beeper_linkedin_database_username: 'matrix_beeper_linkedin' | ||||
| matrix_beeper_linkedin_database_password: "" | ||||
| matrix_beeper_linkedin_database_hostname: 'matrix-postgres' | ||||
| matrix_beeper_linkedin_database_port: 5432 | ||||
| matrix_beeper_linkedin_database_name: 'matrix_beeper_linkedin' | ||||
|  | ||||
| matrix_beeper_linkedin_database_connection_string: 'postgresql://{{ matrix_beeper_linkedin_database_username }}:{{ matrix_beeper_linkedin_database_password }}@{{ matrix_beeper_linkedin_database_hostname }}:{{ matrix_beeper_linkedin_database_port }}/{{ matrix_beeper_linkedin_database_name }}?sslmode=disable' | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_database_type: "{{ | ||||
| 	{ | ||||
| 		'postgres':'postgres', | ||||
| 	}[matrix_beeper_linkedin_database_engine] | ||||
| }}" | ||||
|  | ||||
| matrix_beeper_linkedin_appservice_database_uri: "{{ | ||||
| 	{ | ||||
| 		'postgres': matrix_beeper_linkedin_database_connection_string, | ||||
| 	}[matrix_beeper_linkedin_database_engine] | ||||
| }}" | ||||
|  | ||||
|  | ||||
| # Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth). | ||||
| matrix_beeper_linkedin_login_shared_secret: '' | ||||
|  | ||||
| # Default beeper-linkedin configuration template which covers the generic use case. | ||||
| # You can customize it by controlling the various variables inside it. | ||||
| # | ||||
| # For a more advanced customization, you can extend the default (see `matrix_beeper_linkedin_configuration_extension_yaml`) | ||||
| # or completely replace this variable with your own template. | ||||
| matrix_beeper_linkedin_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}" | ||||
|  | ||||
| matrix_beeper_linkedin_configuration_extension_yaml: | | ||||
|   # Your custom YAML configuration goes here. | ||||
|   # This configuration extends the default starting configuration (`matrix_beeper_linkedin_configuration_yaml`). | ||||
|   # | ||||
|   # You can override individual variables from the default configuration, or introduce new ones. | ||||
|   # | ||||
|   # If you need something more special, you can take full control by | ||||
|   # completely redefining `matrix_beeper_linkedin_configuration_yaml`. | ||||
|  | ||||
| matrix_beeper_linkedin_configuration_extension: "{{ matrix_beeper_linkedin_configuration_extension_yaml|from_yaml if matrix_beeper_linkedin_configuration_extension_yaml|from_yaml is mapping else {} }}" | ||||
|  | ||||
| # Holds the final configuration (a combination of the default and its extension). | ||||
| # You most likely don't need to touch this variable. Instead, see `matrix_beeper_linkedin_configuration_yaml`. | ||||
| matrix_beeper_linkedin_configuration: "{{ matrix_beeper_linkedin_configuration_yaml|from_yaml|combine(matrix_beeper_linkedin_configuration_extension, recursive=True) }}" | ||||
|  | ||||
| matrix_beeper_linkedin_registration_yaml: | | ||||
|   id: linkedin | ||||
|   url: {{ matrix_beeper_linkedin_appservice_address }} | ||||
|   as_token: "{{ matrix_beeper_linkedin_appservice_token }}" | ||||
|   hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" | ||||
|  | ||||
|   sender_localpart: _bot_{{ matrix_beeper_linkedin_appservice_bot_username }} | ||||
|   rate_limited: false | ||||
|   namespaces: | ||||
|       users: | ||||
|       - regex: '^@linkedin_.+:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' | ||||
|         exclusive: true | ||||
|       - exclusive: true | ||||
|         regex: '^@{{ matrix_beeper_linkedin_appservice_bot_username|regex_escape }}:{{ matrix_beeper_linkedin_homeserver_domain|regex_escape }}$' | ||||
|   de.sorunome.msc2409.push_ephemeral: true | ||||
|  | ||||
| matrix_beeper_linkedin_registration: "{{ matrix_beeper_linkedin_registration_yaml|from_yaml }}" | ||||
							
								
								
									
										16
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/init.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/init.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| - set_fact: | ||||
|     matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-beeper-linkedin.service'] }}" | ||||
|   when: matrix_beeper_linkedin_enabled|bool | ||||
|  | ||||
| # If the matrix-synapse role is not used, these variables may not exist. | ||||
| - set_fact: | ||||
|     matrix_synapse_container_extra_arguments: > | ||||
|       {{ matrix_synapse_container_extra_arguments|default([]) }} | ||||
|       + | ||||
|       ["--mount type=bind,src={{ matrix_beeper_linkedin_config_path }}/registration.yaml,dst=/matrix-beeper-linkedin-registration.yaml,ro"] | ||||
|  | ||||
|     matrix_synapse_app_service_config_files: > | ||||
|       {{ matrix_synapse_app_service_config_files|default([]) }} | ||||
|       + | ||||
|       {{ ["/matrix-beeper-linkedin-registration.yaml"] }} | ||||
|   when: matrix_beeper_linkedin_enabled|bool | ||||
							
								
								
									
										21
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| - import_tasks: "{{ role_path }}/tasks/init.yml" | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| - import_tasks: "{{ role_path }}/tasks/validate_config.yml" | ||||
|   when: "run_setup|bool and matrix_beeper_linkedin_enabled|bool" | ||||
|   tags: | ||||
|     - setup-all | ||||
|     - setup-beeper-linkedin | ||||
|  | ||||
| - import_tasks: "{{ role_path }}/tasks/setup_install.yml" | ||||
|   when: "run_setup and matrix_beeper_linkedin_enabled" | ||||
|   tags: | ||||
|     - setup-all | ||||
|     - setup-beeper-linkedin | ||||
|  | ||||
| - import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml" | ||||
|   when: "run_setup and not matrix_beeper_linkedin_enabled" | ||||
|   tags: | ||||
|     - setup-all | ||||
|     - setup-beeper-linkedin | ||||
							
								
								
									
										56
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										56
									
								
								roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,56 @@ | ||||
| --- | ||||
|  | ||||
| # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. | ||||
| # We don't want to fail in such cases. | ||||
| - name: Fail if matrix-synapse role already executed | ||||
|   fail: | ||||
|     msg: >- | ||||
|       The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role. | ||||
|   when: "matrix_synapse_role_executed|default(False)" | ||||
|  | ||||
| - name: Ensure Beeper LinkedIn image is pulled | ||||
|   docker_image: | ||||
|     name: "{{ matrix_beeper_linkedin_docker_image }}" | ||||
|     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" | ||||
|     force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" | ||||
|     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}" | ||||
|  | ||||
| - name: Ensure Beeper LinkedIn paths exists | ||||
|   file: | ||||
|     path: "{{ item }}" | ||||
|     state: directory | ||||
|     mode: 0750 | ||||
|     owner: "{{ matrix_user_username }}" | ||||
|     group: "{{ matrix_user_groupname }}" | ||||
|   with_items: | ||||
|     - "{{ matrix_beeper_linkedin_base_path }}" | ||||
|     - "{{ matrix_beeper_linkedin_config_path }}" | ||||
|     - "{{ matrix_beeper_linkedin_data_path }}" | ||||
|  | ||||
| - name: Ensure beeper-linkedin config.yaml installed | ||||
|   copy: | ||||
|     content: "{{ matrix_beeper_linkedin_configuration|to_nice_yaml }}" | ||||
|     dest: "{{ matrix_beeper_linkedin_config_path }}/config.yaml" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_username }}" | ||||
|     group: "{{ matrix_user_groupname }}" | ||||
|  | ||||
| - name: Ensure beeper-linkedin registration.yaml installed | ||||
|   copy: | ||||
|     content: "{{ matrix_beeper_linkedin_registration|to_nice_yaml }}" | ||||
|     dest: "{{ matrix_beeper_linkedin_config_path }}/registration.yaml" | ||||
|     mode: 0644 | ||||
|     owner: "{{ matrix_user_username }}" | ||||
|     group: "{{ matrix_user_groupname }}" | ||||
|  | ||||
| - name: Ensure matrix-beeper-linkedin.service installed | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/systemd/matrix-beeper-linkedin.service.j2" | ||||
|     dest: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" | ||||
|     mode: 0644 | ||||
|   register: matrix_beeper_linkedin_systemd_service_result | ||||
|  | ||||
| - name: Ensure systemd reloaded after matrix-beeper-linkedin.service installation | ||||
|   service: | ||||
|     daemon_reload: yes | ||||
|   when: "matrix_beeper_linkedin_systemd_service_result.changed" | ||||
| @@ -0,0 +1,24 @@ | ||||
| --- | ||||
|  | ||||
| - name: Check existence of matrix-beeper-linkedin service | ||||
|   stat: | ||||
|     path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" | ||||
|   register: matrix_beeper_linkedin_service_stat | ||||
|  | ||||
| - name: Ensure matrix-beeper-linkedin is stopped | ||||
|   service: | ||||
|     name: matrix-beeper-linkedin | ||||
|     state: stopped | ||||
|     daemon_reload: yes | ||||
|   when: "matrix_beeper_linkedin_service_stat.stat.exists" | ||||
|  | ||||
| - name: Ensure matrix-beeper-linkedin.service doesn't exist | ||||
|   file: | ||||
|     path: "{{ matrix_systemd_path }}/matrix-beeper-linkedin.service" | ||||
|     state: absent | ||||
|   when: "matrix_beeper_linkedin_service_stat.stat.exists" | ||||
|  | ||||
| - name: Ensure systemd reloaded after matrix-beeper-linkedin.service removal | ||||
|   service: | ||||
|     daemon_reload: yes | ||||
|   when: "matrix_beeper_linkedin_service_stat.stat.exists" | ||||
| @@ -0,0 +1,11 @@ | ||||
| --- | ||||
|  | ||||
| - name: Fail if required settings not defined | ||||
|   fail: | ||||
|     msg: >- | ||||
|       You need to define a required configuration setting (`{{ item }}`). | ||||
|   when: "vars[item] == ''" | ||||
|   with_items: | ||||
|     - "matrix_beeper_linkedin_appservice_token" | ||||
|     - "matrix_beeper_linkedin_homeserver_token" | ||||
|  | ||||
							
								
								
									
										267
									
								
								roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										267
									
								
								roles/matrix-bridge-beeper-linkedin/templates/config.yaml.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,267 @@ | ||||
| #jinja2: lstrip_blocks: "True" | ||||
| # Homeserver details. | ||||
| homeserver: | ||||
|     # The address that this appservice can use to connect to the homeserver. | ||||
|     address: {{ matrix_beeper_linkedin_homeserver_address }} | ||||
|     # The domain of the homeserver (for MXIDs, etc). | ||||
|     domain: {{ matrix_beeper_linkedin_homeserver_domain }} | ||||
|     # Whether or not to verify the SSL certificate of the homeserver. | ||||
|     # Only applies if address starts with https:// | ||||
|     verify_ssl: true | ||||
|     # Whether or not the homeserver supports asmux-specific endpoints, | ||||
|     # such as /_matrix/client/unstable/net.maunium.asmux/dms for atomically | ||||
|     # updating m.direct. | ||||
|     asmux: false | ||||
|     # Number of retries for all HTTP requests if the homeserver isn't reachable. | ||||
|     http_retry_count: 4 | ||||
|  | ||||
|  | ||||
| appservice: | ||||
|     # The address that the homeserver can use to connect to this appservice. | ||||
|     address: {{ matrix_beeper_linkedin_appservice_address }} | ||||
|  | ||||
|     # The hostname and port where this appservice should listen. | ||||
|     hostname: 0.0.0.0 | ||||
|     port: 29319 | ||||
|  | ||||
|     # The maximum body size of appservice API requests (from the homeserver) in mebibytes | ||||
|     # Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s | ||||
|     max_body_size: 1 | ||||
|  | ||||
|     # The full URI to the database. Only Postgres is currently supported. | ||||
|     database: {{ matrix_beeper_linkedin_appservice_database_uri|to_json }} | ||||
|     # Additional arguments for asyncpg.create_pool() | ||||
|     # https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool | ||||
|     database_opts: | ||||
|         min_size: 5 | ||||
|         max_size: 10 | ||||
|  | ||||
|     # Provisioning API part of the web server for automated portal creation and fetching information. | ||||
|     # Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager). | ||||
|     provisioning: | ||||
|         # Whether or not the provisioning API should be enabled. | ||||
|         enabled: true | ||||
|         # The prefix to use in the provisioning API endpoints. | ||||
|         prefix: /_matrix/provision/v1 | ||||
|         # The shared secret to authorize users of the API. | ||||
|         # Set to "generate" to generate and save a new token. | ||||
|         shared_secret: generate | ||||
|  | ||||
|     # The unique ID of this appservice. | ||||
|     id: beeper_linkedin | ||||
|     # Appservice bot details. | ||||
|     bot: | ||||
|         # Username of the appservice bot. | ||||
|         username: {{ matrix_beeper_linkedin_appservice_bot_username|to_json }} | ||||
|         # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty | ||||
|         # to leave display name/avatar as-is. | ||||
|         displayname: LinkedIn bridge bot | ||||
|         avatar: mxc://sumnerevans.com/XMtwdeUBnxYvWNFFrfeTSHqB  | ||||
|  | ||||
|     # Whether or not to receive ephemeral events via appservice transactions. | ||||
|     # Requires MSC2409 support (i.e. Synapse 1.22+). | ||||
|     # You should disable bridge -> sync_with_custom_puppets when this is enabled. | ||||
|     ephemeral_events: false | ||||
|  | ||||
|     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. | ||||
|     as_token: "{{ matrix_beeper_linkedin_appservice_token }}" | ||||
|     hs_token: "{{ matrix_beeper_linkedin_homeserver_token }}" | ||||
|  | ||||
|  | ||||
| # Prometheus telemetry config. Requires prometheus-client to be installed. | ||||
| metrics: | ||||
|     enabled: false | ||||
|     listen_port: 8000 | ||||
|  | ||||
| # Manhole config. | ||||
| manhole: | ||||
|     # Whether or not opening the manhole is allowed. | ||||
|     enabled: false | ||||
|     # The path for the unix socket. | ||||
|     path: /var/tmp/linkedin-matrix.manhole | ||||
|     # The list of UIDs who can be added to the whitelist. | ||||
|     # If empty, any UIDs can be specified in the open-manhole command. | ||||
|     whitelist: | ||||
|     - 0 | ||||
|  | ||||
|  | ||||
| # Bridge config | ||||
| bridge: | ||||
|     # Localpart template of MXIDs for LinkedIn  users. | ||||
|     username_template: "linkedin_{userid}" | ||||
|     # Displayname template for LinkedIn users. | ||||
|     # Localpart template for per-user room grouping community IDs. | ||||
|     # The bridge will create these communities and add all of the specific user's portals to the community. | ||||
|     # {localpart} is the MXID localpart and {server} is the MXID server part of the user. | ||||
|     # (Note that, by default, non-admins might not have your homeserver's permission to create | ||||
|     # communities. You should set `enable_group_creation: true` in homeserver.yaml to fix this.) | ||||
|     # `linkedin_{localpart}={server}` is a good value. | ||||
|     community_template: null | ||||
|  | ||||
|     # Displayname template for LinkedIn users. | ||||
|     # {displayname} is replaced with the display name of the LinkedIn user | ||||
|     #               as defined below in displayname_preference. | ||||
|     # Keys available for displayname_preference are also available here. | ||||
|     displayname_template: "{displayname} (LinkedIn)" | ||||
|  | ||||
|     # Number of chats to sync (and create portals for) on startup/login. | ||||
|     # Set 0 to disable automatic syncing. | ||||
|     initial_chat_sync: 10 | ||||
|  | ||||
|     # Whether or not the LinkedIn users of logged in Matrix users should be | ||||
|     # invited to private chats when the user sends a message from another client. | ||||
|     invite_own_puppet_to_pm: false | ||||
|     # Whether or not to use /sync to get presence, read receipts and typing notifications | ||||
|     # when double puppeting is enabled | ||||
|     sync_with_custom_puppets: true | ||||
|     # Whether or not to update the m.direct account data event when double puppeting is enabled. | ||||
|     # Note that updating the m.direct event is not atomic (except with mautrix-asmux) | ||||
|     # and is therefore prone to race conditions. | ||||
|     sync_direct_chat_list: false | ||||
|     # Servers to always allow double puppeting from | ||||
|     double_puppet_server_map: {} | ||||
|     #    example.com: https://example.com | ||||
|     # Allow using double puppeting from any server with a valid client .well-known file. | ||||
|  | ||||
|     # Maximum number of seconds since last message in chat to skip | ||||
|     # syncing the chat in any case. This setting will take priority | ||||
|     # over both recovery_chat_sync_limit and initial_chat_sync_count. | ||||
|     # Default is 3 days = 259200 seconds | ||||
|     sync_max_chat_age: 259200 | ||||
|  | ||||
|     # Whether or not to sync with custom puppets to receive EDUs that | ||||
|     # are not normally sent to appservices. | ||||
|     sync_with_custom_puppets: true | ||||
|     # Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth | ||||
|     # | ||||
|     # If set, custom puppets will be enabled automatically for local users | ||||
|     # instead of users having to find an access token and run `login-matrix` | ||||
|     # manually. | ||||
|     login_shared_secret: {{ matrix_beeper_linkedin_login_shared_secret|to_json }} | ||||
|  | ||||
|     # Allow using double puppeting from any server with a valid client .well-known file. | ||||
|     double_puppet_allow_discovery: false | ||||
|  | ||||
|     # Whether or not to bridge presence in both directions. LinkedIn allows users not to broadcast | ||||
|     # presence, but then it won't send other users' presence to the client. | ||||
|     presence: {{ matrix_beeper_linkedin_bridge_presence|to_json }} | ||||
|     # Whether or not to update avatars when syncing all contacts at startup. | ||||
|     update_avatar_initial_sync: true | ||||
|  | ||||
|  | ||||
|     # End-to-bridge encryption support options. These require matrix-nio to be installed with pip | ||||
|     # and login_shared_secret to be configured in order to get a device for the bridge bot. | ||||
|     # | ||||
|     # Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal | ||||
|     # application service. | ||||
|     encryption: | ||||
|         # Allow encryption, work in group chat rooms with e2ee enabled | ||||
|         allow: false | ||||
|         # Default to encryption, force-enable encryption in all portals the bridge creates | ||||
|         # This will cause the bridge bot to be in private chats for the encryption to work properly. | ||||
|         default: false | ||||
|         # Options for automatic key sharing. | ||||
|         key_sharing: | ||||
|             # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. | ||||
|             # You must use a client that supports requesting keys from other users to use this feature. | ||||
|             allow: false | ||||
|             # Require the requesting device to have a valid cross-signing signature? | ||||
|             # This doesn't require that the bridge has verified the device, only that the user has verified it. | ||||
|             # Not yet implemented. | ||||
|             require_cross_signing: false | ||||
|             # Require devices to be verified by the bridge? | ||||
|             # Verification by the bridge is not yet implemented. | ||||
|             require_verification: true | ||||
|     # Whether or not the bridge should send a read receipt from the bridge bot when a message has | ||||
|     # been sent to LinkedIn. | ||||
|     delivery_receipts: false | ||||
|     # Whether to allow inviting arbitrary mxids to portal rooms | ||||
|     allow_invites: false | ||||
|  | ||||
|     # Settings for backfilling messages from LinkedIn. | ||||
|     backfill: | ||||
|         # Whether or not the LinkedIn users of logged in Matrix users should be | ||||
|         # invited to private chats when backfilling history from LinkedIn. This is | ||||
|         # usually needed to prevent rate limits and to allow timestamp massaging. | ||||
|         invite_own_puppet: true | ||||
|         # Maximum number of messages to backfill initially. | ||||
|         # Set to 0 to disable backfilling when creating portal. | ||||
|         initial_limit: 0 | ||||
|         # Maximum number of messages to backfill if messages were missed while | ||||
|         # the bridge was disconnected. | ||||
|         # Set to 0 to disable backfilling missed messages. | ||||
|         missed_limit: 1000 | ||||
|         # If using double puppeting, should notifications be disabled | ||||
|         # while the initial backfill is in progress? | ||||
|         disable_notifications: false | ||||
|     periodic_reconnect: | ||||
|         # TODO needed? | ||||
|         # Interval in seconds in which to automatically reconnect all users. | ||||
|         # This can be used to automatically mitigate the bug where Linkedin stops sending messages. | ||||
|         # Set to -1 to disable periodic reconnections entirely. | ||||
|         interval: -1 | ||||
|         # What to do in periodic reconnects. Either "refresh" or "reconnect" | ||||
|         mode: refresh | ||||
|         # Should even disconnected users be reconnected? | ||||
|         always: false | ||||
|     # The number of seconds that a disconnection can last without triggering an automatic re-sync | ||||
|     # and missed message backfilling when reconnecting. | ||||
|     # Set to 0 to always re-sync, or -1 to never re-sync automatically. | ||||
|     resync_max_disconnected_time: 5 | ||||
|     # Whether or not temporary disconnections should send notices to the notice room. | ||||
|     # If this is false, disconnections will never send messages and connections will only send | ||||
|     # messages if it was disconnected for more than resync_max_disconnected_time seconds. | ||||
|     temporary_disconnect_notices: true | ||||
|     # Whether or not the bridge should try to "refresh" the connection if a normal reconnection | ||||
|     # attempt fails. | ||||
|     refresh_on_reconnection_fail: false | ||||
|     # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. | ||||
|     # This field will automatically be changed back to false after it, | ||||
|     # except if the config file is not writable. | ||||
|     resend_bridge_info: false | ||||
|     # When using double puppeting, should muted chats be muted in Matrix? | ||||
|     mute_bridging: false | ||||
|     # Whether or not mute status and tags should only be bridged when the portal room is created. | ||||
|     tag_only_on_create: true | ||||
|  | ||||
|  | ||||
|     # The prefix for commands. Only required in non-management rooms. | ||||
|     command_prefix: "!li" | ||||
|  | ||||
|     # Permissions for using the bridge. | ||||
|     # Permitted values: | ||||
|     #     user - Access to use the bridge to chat with a Linkedin account. | ||||
|     #    admin - User level and some additional administration tools | ||||
|     # Permitted keys: | ||||
|     #        * - All Matrix users | ||||
|     #   domain - All users on that homeserver | ||||
|     #     mxid - Specific user | ||||
|     permissions: | ||||
|         "{{ matrix_beeper_linkedin_homeserver_domain }}": user | ||||
|  | ||||
|  | ||||
|  | ||||
| # Logging config. | ||||
| logging: | ||||
|     version: 1 | ||||
|     formatters: | ||||
|         colored: | ||||
|             (): mautrix.util.logging.color.ColorFormatter | ||||
|             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||
|         normal: | ||||
|             format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s" | ||||
|     handlers: | ||||
|         console: | ||||
|             class: logging.StreamHandler | ||||
|             formatter: colored | ||||
|     loggers: | ||||
|         mau: | ||||
|             level: DEBUG | ||||
|         paho: | ||||
|             level: INFO | ||||
|         aiohttp: | ||||
|             level: INFO | ||||
|     root: | ||||
|         level: DEBUG | ||||
|         handlers: [ console] | ||||
|  | ||||
| @@ -0,0 +1,42 @@ | ||||
| #jinja2: lstrip_blocks: "True" | ||||
| [Unit] | ||||
| Description=Matrix Beeper Linkedin bridge | ||||
| {% for service in matrix_beeper_linkedin_systemd_required_services_list %} | ||||
| Requires={{ service }} | ||||
| After={{ service }} | ||||
| {% endfor %} | ||||
| {% for service in matrix_beeper_linkedin_systemd_wanted_services_list %} | ||||
| Wants={{ service }} | ||||
| {% endfor %} | ||||
| DefaultDependencies=no | ||||
|  | ||||
| [Service] | ||||
| Type=simple | ||||
| Environment="HOME={{ matrix_systemd_unit_home_path }}" | ||||
| ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' | ||||
| ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' | ||||
|  | ||||
| # Intentional delay, so that the homeserver (we likely depend on) can manage to start. | ||||
| ExecStartPre={{ matrix_host_command_sleep }} 5 | ||||
|  | ||||
| ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-beeper-linkedin \ | ||||
| 			--log-driver=none \ | ||||
| 			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ | ||||
| 			--cap-drop=ALL \ | ||||
| 			--network={{ matrix_docker_network }} \ | ||||
| 			-v {{ matrix_beeper_linkedin_config_path }}:/data:z \ | ||||
| 			--workdir=/opt/linkedin-matrix \ | ||||
| 			{% for arg in matrix_beeper_linkedin_container_extra_arguments %} | ||||
| 			{{ arg }} \ | ||||
| 			{% endfor %} | ||||
| 			{{ matrix_beeper_linkedin_docker_image }} \ | ||||
|                         python3 -m linkedin_matrix -c /data/config.yaml -r /data/registration.yaml | ||||
|  | ||||
| ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-beeper-linkedin 2>/dev/null' | ||||
| ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-beeper-linkedin 2>/dev/null' | ||||
| Restart=always | ||||
| RestartSec=30 | ||||
| SyslogIdentifier=matrix-beeper-linkedin | ||||
|  | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_heisenbridge_enabled: true | ||||
|  | ||||
| matrix_heisenbridge_version: 1.0.0 | ||||
| matrix_heisenbridge_version: 1.0.1 | ||||
| matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}" | ||||
| matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -60,7 +60,7 @@ | ||||
|   git: | ||||
|     repo: "{{ matrix_mautrix_facebook_container_image_self_build_repo }}" | ||||
|     dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}" | ||||
| #    version: "{{ matrix_coturn_docker_image.split(':')[1] }}" | ||||
|     version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}" | ||||
|     force: "yes" | ||||
|   register: matrix_mautrix_facebook_git_pull_results | ||||
|   when: "matrix_mautrix_facebook_container_image_self_build|bool" | ||||
|   | ||||
| @@ -13,7 +13,7 @@ matrix_mautrix_telegram_container_self_build: false | ||||
| matrix_mautrix_telegram_docker_repo: "https://mau.dev/mautrix/telegram.git" | ||||
| matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src" | ||||
|  | ||||
| matrix_mautrix_telegram_version: v0.9.0 | ||||
| matrix_mautrix_telegram_version: v0.10.1 | ||||
| # See: https://mau.dev/mautrix/telegram/container_registry | ||||
| matrix_mautrix_telegram_docker_image: "dock.mau.dev/mautrix/telegram:{{ matrix_mautrix_telegram_version }}" | ||||
| matrix_mautrix_telegram_docker_image_force_pull: "{{ matrix_mautrix_telegram_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -3,7 +3,7 @@ matrix_client_element_enabled: true | ||||
| matrix_client_element_container_image_self_build: false | ||||
| matrix_client_element_container_image_self_build_repo: "https://github.com/vector-im/riot-web.git" | ||||
|  | ||||
| matrix_client_element_version: v1.8.1 | ||||
| matrix_client_element_version: v1.8.2 | ||||
| matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}" | ||||
| matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true | ||||
| matrix_client_hydrogen_container_image_self_build: true | ||||
| matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git" | ||||
|  | ||||
| matrix_client_hydrogen_version: v0.2.5 | ||||
| matrix_client_hydrogen_version: v0.2.7 | ||||
| matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}" | ||||
| matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}" | ||||
| matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -33,6 +33,17 @@ | ||||
|   register: matrix_client_hydrogen_git_pull_results | ||||
|   when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" | ||||
|  | ||||
| - name: Ensure Hydrogen Docker image is built | ||||
|   docker_image: | ||||
|     name: "{{ matrix_client_hydrogen_docker_image }}" | ||||
|     source: build | ||||
|     force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" | ||||
|     build: | ||||
|       dockerfile: Dockerfile | ||||
|       path: "{{ matrix_client_hydrogen_docker_src_files_path }}" | ||||
|       pull: yes | ||||
|   when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" | ||||
|  | ||||
| - name: Ensure Hydrogen configuration installed | ||||
|   copy: | ||||
|     content: "{{ matrix_client_hydrogen_configuration|to_nice_json }}" | ||||
| @@ -53,17 +64,6 @@ | ||||
|     - {src: "{{ role_path }}/templates/nginx.conf.j2", name: "nginx.conf"} | ||||
|   when: "matrix_client_hydrogen_enabled|bool and item.src is not none" | ||||
|  | ||||
| - name: Ensure Hydrogen Docker image is built | ||||
|   docker_image: | ||||
|     name: "{{ matrix_client_hydrogen_docker_image }}" | ||||
|     source: build | ||||
|     force_source: "{{ matrix_client_hydrogen_git_pull_results.changed }}" | ||||
|     build: | ||||
|       dockerfile: Dockerfile | ||||
|       path: "{{ matrix_client_hydrogen_docker_src_files_path }}" | ||||
|       pull: yes | ||||
|   when: "matrix_client_hydrogen_enabled|bool and matrix_client_hydrogen_container_image_self_build|bool" | ||||
|  | ||||
| - name: Ensure matrix-client-hydrogen.service installed | ||||
|   template: | ||||
|     src: "{{ role_path }}/templates/systemd/matrix-client-hydrogen.service.j2" | ||||
|   | ||||
| @@ -22,7 +22,7 @@ matrix_corporal_container_extra_arguments: [] | ||||
| # List of systemd services that matrix-corporal.service depends on | ||||
| matrix_corporal_systemd_required_services_list: ['docker.service'] | ||||
|  | ||||
| matrix_corporal_version: 2.1.1 | ||||
| matrix_corporal_version: 2.1.2 | ||||
| matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}" | ||||
| matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility | ||||
|   | ||||
| @@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn | ||||
| matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}" | ||||
| matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile" | ||||
|  | ||||
| matrix_coturn_version: 4.5.2-r3 | ||||
| matrix_coturn_version: 4.5.2-r4 | ||||
| matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine" | ||||
| matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_grafana_enabled: false | ||||
|  | ||||
| matrix_grafana_version: 8.0.6 | ||||
| matrix_grafana_version: 8.1.2 | ||||
| matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}" | ||||
| matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -7,6 +7,7 @@ matrix_jitsi_enable_guests: false | ||||
| matrix_jitsi_enable_recording: false | ||||
| matrix_jitsi_enable_transcriptions: false | ||||
| matrix_jitsi_enable_p2p: true | ||||
| matrix_jitsi_enable_av_moderation: true | ||||
|  | ||||
| # Authentication type, must be one of internal, jwt or ldap. Currently only | ||||
| # internal and ldap are supported by this playbook. | ||||
| @@ -53,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: '' | ||||
|  | ||||
| matrix_jitsi_enable_lobby: false | ||||
|  | ||||
| matrix_jitsi_version: stable-5963 | ||||
| matrix_jitsi_version: stable-6173 | ||||
| matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility | ||||
|  | ||||
| matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}" | ||||
| @@ -69,6 +70,14 @@ matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}" | ||||
| # Addresses need to be prefixed with one of `stun:`, `turn:` or `turns:`. | ||||
| matrix_jitsi_web_stun_servers: ['stun:meet-jit-si-turnrelay.jitsi.net:443'] | ||||
|  | ||||
| # Setting up TURN | ||||
| # Default set with Coturn container | ||||
| matrix_jitsi_turn_credentials: "{{ matrix_coturn_turn_static_auth_secret }}" | ||||
| matrix_jitsi_turn_host: "turn.{{ matrix_server_fqn_matrix }}" | ||||
| matrix_jitsi_turns_host: "turn.{{ matrix_server_fqn_matrix }}" | ||||
| matrix_jitsi_turn_port: "{{ matrix_coturn_container_stun_plain_host_bind_port }}" | ||||
| matrix_jitsi_turns_port: "{{ matrix_coturn_container_stun_tls_host_bind_port }}" | ||||
|  | ||||
| # Controls whether Etherpad will be available within Jitsi | ||||
| matrix_jitsi_etherpad_enabled: false | ||||
|  | ||||
|   | ||||
| @@ -2,6 +2,7 @@ AUTH_TYPE={{ matrix_jitsi_auth_type }} | ||||
| ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }} | ||||
| ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }} | ||||
| ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }} | ||||
| ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}} | ||||
| ENABLE_XMPP_WEBSOCKET | ||||
| GLOBAL_MODULES | ||||
| GLOBAL_CONFIG | ||||
| @@ -48,4 +49,9 @@ JWT_AUTH_TYPE | ||||
| JWT_TOKEN_AUTH_MODULE | ||||
| LOG_LEVEL | ||||
| PUBLIC_URL={{ matrix_jitsi_web_public_url }} | ||||
| TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }} | ||||
| TURN_HOST={{ matrix_jitsi_turn_host }} | ||||
| TURNS_HOST={{ matrix_jitsi_turns_host }} | ||||
| TURN_PORT={{ matrix_jitsi_turn_port }} | ||||
| TURNS_PORT={{ matrix_jitsi_turns_port }} | ||||
| TZ={{ matrix_jitsi_timezone }} | ||||
|   | ||||
| @@ -7,7 +7,7 @@ matrix_mailer_container_image_self_build_repository_url: "https://github.com/dev | ||||
| matrix_mailer_container_image_self_build_src_files_path: "{{ matrix_mailer_base_path }}/docker-src" | ||||
| matrix_mailer_container_image_self_build_version: "{{ matrix_mailer_docker_image.split(':')[1] }}" | ||||
|  | ||||
| matrix_mailer_version: 4.94.2-r0-2 | ||||
| matrix_mailer_version: 4.94.2-r0-4 | ||||
| matrix_mailer_docker_image: "{{ matrix_mailer_docker_image_name_prefix }}devture/exim-relay:{{ matrix_mailer_version }}" | ||||
| matrix_mailer_docker_image_name_prefix: "{{ 'localhost/' if matrix_mailer_container_image_self_build else matrix_container_global_registry_prefix }}" | ||||
| matrix_mailer_docker_image_force_pull: "{{ matrix_mailer_docker_image.endswith(':latest') }}" | ||||
|   | ||||
| @@ -282,6 +282,23 @@ matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks: [] | ||||
| # A list of strings containing additional configuration blocks to add to the base domain server configuration (matrix-base-domain.conf). | ||||
| matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks: [] | ||||
|  | ||||
| # To increase request timeout in NGINX using proxy_read_timeout, proxy_connect_timeout, proxy_send_timeout, send_timeout directives | ||||
| # Nginx Default: proxy_connect_timeout 60s;   #Defines a timeout for establishing a connection with a proxied server | ||||
| # Nginx Default: proxy_send_timeout 60s;      #Sets a timeout for transmitting a request to the proxied server. | ||||
| # Nginx Default: proxy_read_timeout 60s;      #Defines a timeout for reading a response from the proxied server. | ||||
| # Nginx Default: send_timeout 60s;            #Sets a timeout for transmitting a response to the client. | ||||
| # | ||||
| # For more information visit: | ||||
| # http://nginx.org/en/docs/http/ngx_http_proxy_module.html | ||||
| # http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout | ||||
| # https://www.nginx.com/resources/wiki/start/topics/examples/fullexample2/ | ||||
| # | ||||
| # Here we are sticking with nginx default values change this value carefully. | ||||
| matrix_nginx_proxy_connect_timeout: 60 | ||||
| matrix_nginx_proxy_send_timeout: 60 | ||||
| matrix_nginx_proxy_read_timeout: 60 | ||||
| matrix_nginx_send_timeout: 60 | ||||
|  | ||||
| # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users. | ||||
| # | ||||
| # Learn more about what it is here: | ||||
| @@ -409,7 +426,7 @@ matrix_ssl_additional_domains_to_obtain_certificates_for: [] | ||||
|  | ||||
| # Controls whether to obtain production or staging certificates from Let's Encrypt. | ||||
| matrix_ssl_lets_encrypt_staging: false | ||||
| matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.17.0" | ||||
| matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.18.0" | ||||
| matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" | ||||
| matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 | ||||
| matrix_ssl_lets_encrypt_support_email: ~ | ||||
|   | ||||
| @@ -43,6 +43,11 @@ http { | ||||
| 	access_log off; | ||||
| 	{% endif %} | ||||
| 	 | ||||
| 	proxy_connect_timeout       {{ matrix_nginx_proxy_connect_timeout }}; | ||||
| 	proxy_send_timeout          {{  matrix_nginx_proxy_send_timeout }}; | ||||
| 	proxy_read_timeout          {{ matrix_nginx_proxy_read_timeout }}; | ||||
| 	send_timeout                {{ matrix_nginx_send_timeout }}; | ||||
|  | ||||
| 	sendfile on; | ||||
| 	#tcp_nopush on; | ||||
|  | ||||
|   | ||||
| @@ -17,11 +17,11 @@ matrix_postgres_architecture: amd64 | ||||
| # > LOG:  startup process (PID 37) was terminated by signal 11: Segmentation fault | ||||
| matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}" | ||||
|  | ||||
| matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.22{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.17{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.12{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.7{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.3{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.23{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.18{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.13{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.8{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.4{{ matrix_postgres_docker_image_suffix }}" | ||||
| matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v13 }}" | ||||
|  | ||||
| # This variable is assigned at runtime. Overriding its value has no effect. | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_prometheus_node_exporter_enabled: false | ||||
|  | ||||
| matrix_prometheus_node_exporter_version: v1.2.0 | ||||
| matrix_prometheus_node_exporter_version: v1.2.2 | ||||
| matrix_prometheus_node_exporter_docker_image: "{{ matrix_container_global_registry_prefix }}prom/node-exporter:{{ matrix_prometheus_node_exporter_version }}" | ||||
| matrix_prometheus_node_exporter_docker_image_force_pull: "{{ matrix_prometheus_node_exporter_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_prometheus_postgres_exporter_enabled: false | ||||
|  | ||||
| matrix_prometheus_postgres_exporter_version: v0.9.0 | ||||
| matrix_prometheus_postgres_exporter_version: v0.10.0 | ||||
| matrix_prometheus_postgres_exporter_port: 9187 | ||||
|  | ||||
| matrix_prometheus_postgres_exporter_docker_image: "quay.io/prometheuscommunity/postgres-exporter:{{ matrix_prometheus_postgres_exporter_version }}" | ||||
|   | ||||
| @@ -3,7 +3,7 @@ | ||||
|  | ||||
| matrix_prometheus_enabled: false | ||||
|  | ||||
| matrix_prometheus_version: v2.28.1 | ||||
| matrix_prometheus_version: v2.29.2 | ||||
| matrix_prometheus_docker_image: "{{ matrix_container_global_registry_prefix }}prom/prometheus:{{ matrix_prometheus_version }}" | ||||
| matrix_prometheus_docker_image_force_pull: "{{ matrix_prometheus_docker_image.endswith(':latest') }}" | ||||
|  | ||||
|   | ||||
| @@ -7,7 +7,7 @@ matrix_sygnal_base_path: "{{ matrix_base_data_path }}/sygnal" | ||||
| matrix_sygnal_config_path: "{{ matrix_sygnal_base_path }}/config" | ||||
| matrix_sygnal_data_path: "{{ matrix_sygnal_base_path }}/data" | ||||
|  | ||||
| matrix_sygnal_version: v0.9.0 | ||||
| matrix_sygnal_version: v0.10.1 | ||||
| matrix_sygnal_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/sygnal:{{ matrix_sygnal_version }}" | ||||
| matrix_sygnal_docker_image_force_pull: "{{ matrix_sygnal_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| @@ -25,26 +25,6 @@ matrix_sygnal_container_http_host_bind_port: '' | ||||
| # A list of extra arguments to pass to the container | ||||
| matrix_sygnal_container_extra_arguments: [] | ||||
|  | ||||
| # Database-related configuration fields. | ||||
| # | ||||
| # To use SQLite, stick to these defaults. | ||||
| # | ||||
| # To use Postgres: | ||||
| # - change the engine (`matrix_sygnal_database_engine: 'postgres'`) | ||||
| # - adjust your database credentials via the `matrix_sygnal_postgres_*` variables | ||||
| matrix_sygnal_database_engine: 'sqlite' | ||||
|  | ||||
| matrix_sygnal_sqlite_database_path_local: "{{ matrix_sygnal_data_path }}/sygnal.db" | ||||
| matrix_sygnal_sqlite_database_path_in_container: "/data/sygnal.db" | ||||
|  | ||||
| matrix_sygnal_database_username: 'matrix_sygnal' | ||||
| matrix_sygnal_database_password: 'some-password' | ||||
| matrix_sygnal_database_hostname: 'matrix-postgres' | ||||
| matrix_sygnal_database_port: 5432 | ||||
| matrix_sygnal_database_name: 'matrix_sygnal' | ||||
|  | ||||
| matrix_sygnal_database_connection_string: 'postgres://{{ matrix_sygnal_database_username }}:{{ matrix_sygnal_database_password }}@{{ matrix_sygnal_database_hostname }}:{{ matrix_sygnal_database_port }}/{{ matrix_sygnal_database_name }}' | ||||
|  | ||||
| # A map (dictionary) of apps instances that this server works with. | ||||
| # | ||||
| # Example configuration: | ||||
|   | ||||
| @@ -1,32 +1,5 @@ | ||||
| --- | ||||
|  | ||||
| - set_fact: | ||||
|     matrix_sygnal_requires_restart: false | ||||
|  | ||||
| - block: | ||||
|     - name: Check if an SQLite database already exists | ||||
|       stat: | ||||
|         path: "{{ matrix_sygnal_sqlite_database_path_local }}" | ||||
|       register: matrix_sygnal_sqlite_database_path_local_stat_result | ||||
|  | ||||
|     - block: | ||||
|         - set_fact: | ||||
|             matrix_postgres_db_migration_request: | ||||
|               src: "{{ matrix_sygnal_sqlite_database_path_local }}" | ||||
|               dst: "{{ matrix_sygnal_database_connection_string }}" | ||||
|               caller: "{{ role_path|basename }}" | ||||
|               engine_variable_name: 'matrix_sygnal_database_engine' | ||||
|               engine_old: 'sqlite' | ||||
|               systemd_services_to_stop: ['matrix-sygnal.service'] | ||||
|               pgloader_options: ['--with "quote identifiers"'] | ||||
|  | ||||
|         - import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml" | ||||
|  | ||||
|         - set_fact: | ||||
|             matrix_sygnal_requires_restart: true | ||||
|       when: "matrix_sygnal_sqlite_database_path_local_stat_result.stat.exists|bool" | ||||
|   when: "matrix_sygnal_database_engine == 'postgres'" | ||||
|  | ||||
| - name: Ensure Sygnal image is pulled | ||||
|   docker_image: | ||||
|     name: "{{ matrix_sygnal_docker_image }}" | ||||
| @@ -65,9 +38,3 @@ | ||||
|   service: | ||||
|     daemon_reload: yes | ||||
|   when: "matrix_sygnal_systemd_service_result.changed|bool" | ||||
|  | ||||
| - name: Ensure matrix-sygnal.service restarted, if necessary | ||||
|   service: | ||||
|     name: "matrix-sygnal.service" | ||||
|     state: restarted | ||||
|   when: "matrix_sygnal_requires_restart|bool" | ||||
|   | ||||
| @@ -3,11 +3,3 @@ | ||||
|     msg: >- | ||||
|       Enabling Sygnal requires that you specify at least one app in `matrix_sygnal_apps` | ||||
|   when: "matrix_sygnal_enabled and matrix_sygnal_apps|length == 0" | ||||
|  | ||||
| - name: Fail if running on a non-supported architecture | ||||
|   fail: | ||||
|     msg: >- | ||||
|       Sygnal can only be used on the amd64 architecture for now. | ||||
|       Only amd64 container images are pushed for the `docker.io/matrixdotorg/sygnal` container image. | ||||
|       Either use a different image (by redefining `matrix_sygnal_docker_image`) or consider contributing self-building support to this role. | ||||
|   when: "matrix_sygnal_enabled and matrix_architecture != 'amd64' and matrix_sygnal_docker_image.startswith('docker.io/matrixdotorg/sygnal')" | ||||
|   | ||||
| @@ -3,57 +3,6 @@ | ||||
| # See: matrix.org | ||||
| ## | ||||
|  | ||||
| # The 'database' setting defines the database that sygnal uses to store all of | ||||
| # its data. | ||||
| # | ||||
| # 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or | ||||
| # 'psycopg2' (for PostgreSQL). | ||||
| # | ||||
| # 'args' gives options which are passed through to the database engine, | ||||
| # except for options starting 'cp_', which are used to configure the Twisted | ||||
| # connection pool. For a reference to valid arguments, see: | ||||
| #   * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect | ||||
| #   * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS | ||||
| #   * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ | ||||
| # | ||||
| # | ||||
| # Example SQLite configuration: | ||||
| # | ||||
| #database: | ||||
| #  name: sqlite3 | ||||
| #  args: | ||||
| #    dbfile: /path/to/database.db | ||||
| # | ||||
| # | ||||
| # Example Postgres configuration: | ||||
| # | ||||
| #database: | ||||
| #  name: psycopg2 | ||||
| #  args: | ||||
| #    host: localhost | ||||
| #    database: sygnal | ||||
| #    user: sygnal | ||||
| #    password: pass | ||||
| #    cp_min: 1 | ||||
| #    cp_max: 5 | ||||
| # | ||||
| {% if matrix_sygnal_database_engine == 'sqlite' %} | ||||
| database: | ||||
|   name: sqlite3 | ||||
|   args: | ||||
|     dbfile: {{ matrix_sygnal_sqlite_database_path_in_container|to_json }} | ||||
| {% else %} | ||||
| database: | ||||
|   name: psycopg2 | ||||
|   args: | ||||
|     host: {{ matrix_sygnal_database_hostname|to_json }} | ||||
|     database: {{ matrix_sygnal_database_name|to_json }} | ||||
|     user: {{ matrix_sygnal_database_username|to_json }} | ||||
|     password: {{ matrix_sygnal_database_password|to_json }} | ||||
|     cp_min: 1 | ||||
|     cp_max: 5 | ||||
| {% endif %} | ||||
|  | ||||
| ## Logging # | ||||
| # | ||||
| log: | ||||
|   | ||||
| @@ -16,6 +16,7 @@ | ||||
|   git: | ||||
|     repo: "{{ matrix_synapse_admin_container_self_build_repo }}" | ||||
|     dest: "{{ matrix_synapse_admin_docker_src_files_path }}" | ||||
|     version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}" | ||||
|     force: "yes" | ||||
|   register: matrix_synapse_admin_git_pull_results | ||||
|   when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_self_build|bool" | ||||
|   | ||||
| @@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont | ||||
| # amd64 gets released first. | ||||
| # arm32 relies on self-building, so the same version can be built immediately. | ||||
| # arm64 users need to wait for a prebuilt image to become available. | ||||
| matrix_synapse_version: v1.40.0 | ||||
| matrix_synapse_version_arm64: v1.40.0 | ||||
| matrix_synapse_version: v1.41.1 | ||||
| matrix_synapse_version_arm64: v1.41.1 | ||||
| matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}" | ||||
| matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}" | ||||
|  | ||||
| @@ -470,6 +470,7 @@ matrix_synapse_email_smtp_port: 587 | ||||
| matrix_synapse_email_smtp_require_transport_security: false | ||||
| matrix_synapse_email_notif_from: "Matrix <matrix@{{ matrix_domain }}>" | ||||
| matrix_synapse_email_client_base_url: "https://{{ matrix_server_fqn_element }}" | ||||
| matrix_synapse_email_invite_client_location: "https://app.element.io" | ||||
|  | ||||
|  | ||||
| # Enable this to activate the REST auth password provider module. | ||||
|   | ||||
| @@ -185,6 +185,8 @@ default_room_version: {{ matrix_synapse_default_room_version|to_json }} | ||||
| # | ||||
| # This option replaces federation_ip_range_blacklist in Synapse v1.25.0. | ||||
| # | ||||
| # Note: The value is ignored when an HTTP proxy is in use | ||||
| # | ||||
| #ip_range_blacklist: | ||||
| #  - '127.0.0.0/8' | ||||
| #  - '10.0.0.0/8' | ||||
| @@ -583,6 +585,19 @@ retention: | ||||
| # | ||||
| #next_link_domain_whitelist: ["matrix.org"] | ||||
|  | ||||
| # Templates to use when generating email or HTML page contents. | ||||
| # | ||||
| templates: | ||||
|   # Directory in which Synapse will try to find template files to use to generate | ||||
|   # email or HTML page contents. | ||||
|   # If not set, or a file is not found within the template directory, a default | ||||
|   # template from within the Synapse package will be used. | ||||
|   # | ||||
|   # See https://matrix-org.github.io/synapse/latest/templates.html for more | ||||
|   # information about using custom templates. | ||||
|   # | ||||
|   #custom_template_directory: /path/to/custom/templates/ | ||||
|  | ||||
|  | ||||
| ## TLS ## | ||||
|  | ||||
| @@ -729,6 +744,21 @@ caches: | ||||
|    per_cache_factors: | ||||
|      #get_users_who_share_room_with_user: 2.0 | ||||
|  | ||||
|   # Controls how long an entry can be in a cache without having been | ||||
|   # accessed before being evicted. Defaults to None, which means | ||||
|   # entries are never evicted based on time. | ||||
|   # | ||||
|   #expiry_time: 30m | ||||
|  | ||||
|   # Controls how long the results of a /sync request are cached for after | ||||
|   # a successful response is returned. A higher duration can help clients with | ||||
|   # intermittent connections, at the cost of higher memory usage. | ||||
|   # | ||||
|   # By default, this is zero, which means that sync responses are not cached | ||||
|   # at all. | ||||
|   # | ||||
|   #sync_response_cache_duration: 2m | ||||
|  | ||||
|  | ||||
| ## Database ## | ||||
|  | ||||
| @@ -996,6 +1026,8 @@ url_preview_enabled: {{ matrix_synapse_url_preview_enabled|to_json }} | ||||
| # This must be specified if url_preview_enabled is set. It is recommended that | ||||
| # you uncomment the following list as a starting point. | ||||
| # | ||||
| # Note: The value is ignored when an HTTP proxy is in use | ||||
| # | ||||
| url_preview_ip_range_blacklist: | ||||
|   - '127.0.0.0/8' | ||||
|   - '10.0.0.0/8' | ||||
| @@ -1924,6 +1956,9 @@ cas_config: | ||||
| # Additional settings to use with single-sign on systems such as OpenID Connect, | ||||
| # SAML2 and CAS. | ||||
| # | ||||
| # Server admins can configure custom templates for pages related to SSO. See | ||||
| # https://matrix-org.github.io/synapse/latest/templates.html for more information. | ||||
| # | ||||
| sso: | ||||
|     # A list of client URLs which are whitelisted so that the user does not | ||||
|     # have to confirm giving access to their account to the URL. Any client | ||||
| @@ -2250,6 +2285,9 @@ ui_auth: | ||||
| {% if matrix_synapse_email_enabled %} | ||||
| # Configuration for sending emails from Synapse. | ||||
| # | ||||
| # Server admins can configure custom templates for email content. See | ||||
| # https://matrix-org.github.io/synapse/latest/templates.html for more information. | ||||
| # | ||||
| email: | ||||
|   # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. | ||||
|   # | ||||
| @@ -2275,10 +2313,13 @@ email: | ||||
|   #require_transport_security: true | ||||
|   require_transport_security: {{ matrix_synapse_email_smtp_require_transport_security|to_json }} | ||||
|  | ||||
|   # Enable sending emails for messages that the user has missed | ||||
|   # Uncomment the following to disable TLS for SMTP. | ||||
|   # | ||||
|   #enable_notifs: false | ||||
|   enable_notifs: true | ||||
|   # By default, if the server supports TLS, it will be used, and the server | ||||
|   # must present a certificate that is valid for 'smtp_host'. If this option | ||||
|   # is set to false, TLS will not be used. | ||||
|   # | ||||
|   #enable_tls: false | ||||
|  | ||||
|   # notif_from defines the "From" address to use when sending emails. | ||||
|   # It must be set if email sending is enabled. | ||||
| @@ -2299,6 +2340,11 @@ email: | ||||
|   #app_name: my_branded_matrix_server | ||||
|   app_name: Matrix | ||||
|  | ||||
|   # Enable sending emails for messages that the user has missed | ||||
|   # | ||||
|   #enable_notifs: false | ||||
|   enable_notifs: true | ||||
|  | ||||
|   # Uncomment the following to disable automatic subscription to email | ||||
|   # notifications for new users. Enabled by default. | ||||
|   # | ||||
| @@ -2319,48 +2365,11 @@ email: | ||||
|   # | ||||
|   #validation_token_lifetime: 15m | ||||
|  | ||||
|   # Directory in which Synapse will try to find the template files below. | ||||
|   # If not set, or the files named below are not found within the template | ||||
|   # directory, default templates from within the Synapse package will be used. | ||||
|   # The web client location to direct users to during an invite. This is passed | ||||
|   # to the identity server as the org.matrix.web_client_location key. Defaults | ||||
|   # to unset, giving no guidance to the identity server. | ||||
|   # | ||||
|   # Synapse will look for the following templates in this directory: | ||||
|   # | ||||
|   # * The contents of email notifications of missed events: 'notif_mail.html' and | ||||
|   #   'notif_mail.txt'. | ||||
|   # | ||||
|   # * The contents of account expiry notice emails: 'notice_expiry.html' and | ||||
|   #   'notice_expiry.txt'. | ||||
|   # | ||||
|   # * The contents of password reset emails sent by the homeserver: | ||||
|   #   'password_reset.html' and 'password_reset.txt' | ||||
|   # | ||||
|   # * An HTML page that a user will see when they follow the link in the password | ||||
|   #   reset email. The user will be asked to confirm the action before their | ||||
|   #   password is reset: 'password_reset_confirmation.html' | ||||
|   # | ||||
|   # * HTML pages for success and failure that a user will see when they confirm | ||||
|   #   the password reset flow using the page above: 'password_reset_success.html' | ||||
|   #   and 'password_reset_failure.html' | ||||
|   # | ||||
|   # * The contents of address verification emails sent during registration: | ||||
|   #   'registration.html' and 'registration.txt' | ||||
|   # | ||||
|   # * HTML pages for success and failure that a user will see when they follow | ||||
|   #   the link in an address verification email sent during registration: | ||||
|   #   'registration_success.html' and 'registration_failure.html' | ||||
|   # | ||||
|   # * The contents of address verification emails sent when an address is added | ||||
|   #   to a Matrix account: 'add_threepid.html' and 'add_threepid.txt' | ||||
|   # | ||||
|   # * HTML pages for success and failure that a user will see when they follow | ||||
|   #   the link in an address verification email sent when an address is added | ||||
|   #   to a Matrix account: 'add_threepid_success.html' and | ||||
|   #   'add_threepid_failure.html' | ||||
|   # | ||||
|   # You can see the default templates at: | ||||
|   # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates | ||||
|   # | ||||
|   #template_dir: "res/templates" | ||||
|   invite_client_location: {{ matrix_synapse_email_invite_client_location|string|to_json }} | ||||
|  | ||||
|   # Subjects to use when sending emails from Synapse. | ||||
|   # | ||||
|   | ||||
| @@ -37,6 +37,7 @@ matrix_synapse_workers_generic_worker_endpoints: | ||||
|   - ^/_matrix/federation/v1/send/ | ||||
|  | ||||
|   # Client API requests | ||||
|   - ^/_matrix/client/(api/v1|r0|unstable)/createRoom$ | ||||
|   - ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$ | ||||
|   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ | ||||
|   - ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ | ||||
| @@ -253,10 +254,12 @@ matrix_synapse_workers_media_repository_endpoints: | ||||
|   - ^/_synapse/admin/v1/user/.*/media.*$ | ||||
|   - ^/_synapse/admin/v1/media/.*$ | ||||
|   - ^/_synapse/admin/v1/quarantine_media/.*$ | ||||
|   - ^/_synapse/admin/v1/users/.*/media$ | ||||
|  | ||||
|   # You should also set `enable_media_repo: False` in the shared configuration | ||||
|   # file to stop the main synapse running background jobs related to managing the | ||||
|   # media repository. | ||||
|   # media repository. Note that doing so will prevent the main process from being | ||||
|   # able to handle the above endpoints. | ||||
|  | ||||
|   # In the `media_repository` worker configuration file, configure the http listener to | ||||
|   # expose the `media` resource. For example: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user