* Allow the mautrix whatsapp relaybot to be enable with a variable
This allows a user to enable the relaybot by setting a variable in
`vars.yml` in the same way that the mautrix signal relaybot is
configured.
* Correct default values for mautrix whatsapp relaybot variables
* Add documentation for using the relaybot with mautrix whatsapp
* Adjust variable names to better reflect what they do
* Set default variables properly and use to_json in template
This extends the collection with support for seamless authentication at the Jitsi server using Matrix OpenID.
1. New role for installing the [Matrix User Verification Service](https://github.com/matrix-org/matrix-user-verification-service)
2. Changes to Jitsi role: Installing Jitsi Prosody Mods and configuring Jitsi Auth
3. Changes to Jitsi and nginx-proxy roles: Serving .well-known/element/jitsi from jitsi.DOMAIN
4. We updated the Jitsi documentation on authentication and added documentation for the user verification service.
* Changes to allow a user to set the max participants on a jitsi
conference
* changed var name from jitsi_max_participants to matrix_prosody_jitsi_max_participants
* add prometheus-nginxlog-exporter role
* Rename matrix_prometheus_nginxlog_exporter_container_url to matrix_prometheus_nginxlog_exporter_container_hostname
* avoid referencing variables from other roles, handover info using group_vars/matrix_servers
* fix: stop service when uninstalling
fix: typo
move available arch's into a var
fix: text
* fix: prometheus enabled condition
Co-authored-by: ikkemaniac <ikkemaniac@localhost>
This role is usable on its own and it's not tied to Matrix, so
extracting it out into an independent role that we install via
ansible-galaxy makes sense.
This also fixes the confusion from the other day, where
`matrix_postgres_*` had to be renamed to `devture_postgres_*`
(unless it was about `matrix_postgres_backup_*`).
We now can safely say that ALL `matrix_postgres_*` variables need to be
renamed.
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/2305
Tests were carried out like this:
- `virtualenv3 env`
- `./env/bin/pip install ansible==4.10.0 ansible-core==2.11.7`
- `./env/bin/ansible-playbook .....`
The lowest version of `ansible-core` available on PyPI right now is
2.11.0. That version has trouble with `ansible==4.0.0` though.
The errors we were hitting seemed to be resolved by others online by
using `ansible==4.10.0` instead, which has a minimum `ansible-core`
requirement of `2.11.7`, so that's what we went with.
Older versions of Ansible may work, but.. I'm having trouble
installing them and don't want to spend too much time on digging through
ancient versions and testing them out. People should just learn to run
up-to-date software.
* added dendrite captcha options
* added hcaptcha doc
* proper url
* Apply suggestions from code review
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update main.yml
* renamed captcha vars to new naming scheme
* change vars to new format
* Rename back some incorrect renamed variables
These variables are either not just part of the `client_api` subsection,
or are not even part of that section at all. They shouldn't have been
renamed in baaef2ed616e2645550d9
* Fix up naming inconsistencies
Some of these variables had been renamed in one place,
but not in other places, so it couldn't have worked that way.
* Add validation/deprecation for renamed Dendrite variables
Related to 4097898f885cf4c73, baaef2ed616e2645550, 68f4418092fa8ad
and a0b4a0ae6b2f1f18
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
These `init.yml` (now `inject_into_nginx_proxy.yml`) tasks do not need
to `always` run. They only need to run for `setup-all` and
`setup-nginx-proxy`. Unless we're dealing with these 2 tags, we can
spare ourselves a lot of work.
This patch also moves the `when` statement from `init.yml` into
`main.yml` in an effort to further optimize things by potentially
avoiding the extra file include.
* Add task to configure a standalone JVB on a different server
* add missing file
* set nginx config
* update prosody file and expose port 5222
* change variable name to server id
* formatting change
* use server id of jvb-1 for the main server
* adding documentation
* adding more jvbs
* rename variable
* revert file
* fix yaml error
* minor doc fixes
* renaming tags and introducing a common tag
* remove duplicates
* add mapping for jvb to hostname/ip
* missed a jvb_server
* Update roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* PR review comments and additional documentation
* iterate on dict items
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update docs/configuring-playbook-jitsi.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* adding documentation around the xmpp setting
* add common after
* reduce the number of services during init of the additional jvb
* remove rogue i
* revert change to jitsi init as it's needed
* only run the jvb service on the additional jvb host
* updating docs
* reset default and add documentation about the websocket port
* fix issue rather merge with master
* add missing role introduced in master
* this role is required too
* Adding new jitsi jvb playbook, moving setup.yml to matrix.yml and creating soft link
* updating documentation
* revert accidental change to file
* add symlink back to roles to aid running of the jitsi playbook
* Remove extra space
* Delete useless playbooks/roles symlink
* Remove blank lines
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
We no longer ask users to create Matrix user accounts for these bots:
- Postmoogle
- Honoroit
- Reminder Bot
Other bots and services (matrix-registration-bot, maubot, mjolnir,
Dimension, etc.) require an Access Token to run (not a password),
so this new role doesn't help for them.
It does help for the above bots though, and for defining your own
"initial user accounts" in the `matrix_user_creator_users_additional`
variable.
* Make registration proxy independent of other roles, document
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Fix yml issues
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Remove undefined variable (as service HAS to be exposed
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Add registration endpint
Defines the registration endpoint that should be intercepted/forwarded to the proxy
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Add image name
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Add two important informations:
- The `mbc` commands must be ran in the docker container
- Not using this method prevent from using encrypted rooms with the bot
As stream writer workers are also powered by the `generic_worker`
Synapse app, this necessitated that we provide means for distinguishing
between them and regular `generic_workers`.
I've also taken the time to optimize nginx configuration generation
(more Jinja2 macro usage, less duplication).
Worker names have also changed.
Workers are now named sequentially like this:
- `matrix-synapse-worker-0-generic`
- `matrix-synapse-worker-1-stream-writer-typing`
- `matrix-synapse-worker-2-pusher`
instead of `matrix-synapse-worker_generic_worker-18111` (indexed with a
port number).
People who modify `matrix_synapse_workers_enabled_list` directly will
need to adjust their configuration.
* Add construct for cactus comments role
* Adjust config files
* Add docker self build to defaults
* Adjust tasks
* Fix smaller syntax errors
* Fix env argument
* Add tmp path to allow container writing there
Background why I did this: https://docs.gunicorn.org/en/stable/settings.html#worker-tmp-dir
* Change port back to 5000 as not configurable in container
* Try to add appservice config file for synapse to use
* Inject appservice file
* Correct copied variable name
* Comment out unused app service file injection
would need mounting the appservice file to the synapse container i guess
* Move role before synapse to be able to inject during runtime
* Remove unused parts
* Change default user id to mirror official docs
* Add docs
* Update roles/matrix-cactus-comments/tasks/setup_install.yml
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Update roles/matrix-cactus-comments/templates/cactus_appservice.yaml.j2
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Generate secrets if necessary, adjust docs
* Rename cactusbot userid
* Shorten salt strings
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Use tmpfs instead of persistent mount
* Remove proxy option as it is nonsense
* Add download and serving of cc-client files
* Add documentation on client
* Clarify docs a bit
* Add nginx proxy to required services
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Use container address
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Correct comment of user id
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Use releases or local distributed client
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Move homeserver url to defaults
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Correct truth value
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Add documentation of variables
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Tabs vs. spaces
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Make nginx root configurable
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Complete ake nginx root configurable
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Fix file permission
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
* Fix lint errors
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Signed-off-by: Julian-Samuel Gebühr <julian-samuel@gebuehr.net>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Fix bug that prevented user with external nginx from launch
The backslash was missing and prevented users from starting the bot
* Add necessary config for ext nginx to docs
* Add automatic config for ext nginx, adjust docs
* Remove unneeded and possibly puzzeling documentation
* Add example configuration for Caddy v2
Add a basic example how to get synapse-admin running behind Caddy v2 proxy.
* Improve working, fix typos
* Fix typos
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* run the playbook on multiple hosts with different credentials with this script
* fix: add yaml missing document start "---"
* fix: *now really* allow this script to be run from any directory
* add about-note to examples/host.yml
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* improve ansible-all-hosts.sh related docs/configuring-playbook.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* fix typos :)
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Adds support for: https://src.miscworks.net/fair/matrix-appservice-kakaotalk
This is pretty similar to
https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1977
which just appeared, but has mostly been done independently.
I've taken some inspiration and did some fixups based on that PR.
Thanks to https://github.com/hnarjis for taking the time to contribute!
Notable differences between this branch compared to that PR:
- better naming and documentation around the "configuration" variables
- no unnecessary (5 sec.) intentional delay when starting `matrix-appservice-kakaotalk-node.service`
- stores configuration in `config/`, not in `data/`
- passes configuration as read-only and starts the bridge with (`--no-update`) to ensure no changes are made to it
- starts containers more securely - with `matrix:matrix` user:group (not `root`) and
reduced capabilities (`--cap-drop=ALL`)
- uses `tcp` for communication between the "node" and the appservice (simpler than sharing unix sockets)
- `registration.yaml` which is closer to the one generated by `matrix-appservice-kakaotalk` (no `de.sorunome.msc2409.push_ephemeral` stuff, etc.)
- `registration.yaml` which is more customizable (customizable bot username and prefix for puppets - see `matrix_appservice_kakaotalk_appservice_bot_username` and `matrix_appservice_kakaotalk_user_prefix`)
- less fragile and more extensible bridge permissions configuration via `matrix_appservice_kakaotalk_bridge_permissions`. Doing `{% if matrix_admin %}` in the bridge configuration sometimes causes syntax problems (I hit some myself) and is not ideal. Other bridges should be redone as well.
- configurable command prefix for the bridge, instead of hardcoding `!kt` (see `matrix_appservice_kakaotalk_command_prefix`)
- logging that is more consistent with the rest of the playbook (console / journald only, no logging to files), as well as configurable log level (via `matrix_appservice_kakaotalk_logging_level`)
- somewhat more detailed documentation (`docs/configuring-playbook-bridge-appservice-kakaotalk.md`)
- removed some dead code (data relocation tasks from `tasks/setup_install.yml`, as well as likely unnecessary SQLite -> Postgres migration)
* Make interface hidden behind proxy by default
* Remove expose option and replace with http_bind_port
Reasoning: This is a similar binary trigger but allows to bin not on all interfaces
* Clarify maubot admin purpose
* Remove unnecessary edif
* Extend docs to prevent common misconceptions
* Make http_bind_port singular, do not allow multiple values
* Make optional again
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1931
This does 2 things:
- it fixes the syntax for `matrix_id`. Starting strings with `@` is
invalid YAML, so such strings need to be wrapped in single or double
quotes
- it makes use of the `matrix_domain` variable instead of hardcoding the
domain name. This should be more and mistake-proof (typos or people
mistaking their domain - matrix. vs base domain)
* Creating generic mautrix bridge doc
Not a huge fan of how it turned out at all, not sure how to make it better.
* Rename configuring-playbook-bridge-mautrix-Generic.md to configuring-playbook-bridges.md
* accepting suggested edits after rename mess
* Adding log level configuration
* Update docs/configuring-playbook-bridges.md
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
* Rename configuring-playbook-bridges.md to configuring-playbook-mautrix-bridges.md
Co-authored-by: ThellraAK <ThellraAK@pop-os.localdomain>
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
Adding the defaults in addition to template, switching YOUR_DOMAIN to {{ matrix_domain }}, and giving example of the two combined, as the playbook gives a warning about things being defined twice, so only using the last one in the vars.yml
Copy/Pasting from docs/configuring-playbook-bridge-mautrix-facebook.md but with the relevant variable names changed to add turning on encryption and a puppet admin.
* Add matrix-registration-bot
This adds an install and uninstall task plus helpers. The bot is disabled by default.
This commit does not include documentation, yet. In short, the bot can be enabled by adding
matrix_bot_matrix_registration_bot_enabled: true
matrix_bot_matrix_registration_bot_matrix_user_password: "verysecret"
matrix_bot_matrix_registration_bot_matrix_admin_token: "supersecret"
to the host_vars
* Change bot username to bot.matrix-registration-bot following convention
* Address smaller remarks, fix local docker build
* Switch to an env file
* Add environment variables extension for additional config
* Add documentation for the matrix-registration-bot
* Add screenshot on how to obtain admin access token
* Use bot as admin to only have one access token (bot and admin api)
* Use cleaner setting of matrix_synapse_registration_requires_token
* Use config file for cleaner more secure usage
* Delete unneeded env
* Rename vars to make usage clear
* Fix typos/wording and add notice about logging out
* Convert configuration to use |to_json
* Reorder role includes
Nothing should be after `matrix-common-after`.
`matrix-bot-matrix-registration-bot` can probably be anywhere, but it makes sense to put it next to the other `matrix-bot-*` roles.
* Minor group_vars/matrix_servers touchups
Co-authored-by: Slavi Pantaleev <slavi@devture.com>
"Community" support
- has been removed from mautrix/facebook in v0.3.3:
31cac6fb5e
- has been removed from mautrix/signal in v0.2.2:
1f27a608a6
- will be removed in the next mautrix/instagram release:
e2ae1ca503
- will be removed in the next mautrix/twitter release:
3893075265
This is a proposed add to the documentation to inform users how to change the federation port using the ansible playbook for eventual use with third party services such as CDNs.
The OAuth credentials method seems to be the only viable way to
configure the mx-puppet-bridge now. Legacy tokens can no longer be
created, and the other methods (xoxs and xoxc tokens) come with warnings
about them being against Slack's terms of service.
Enables optional access to Etherpad's web-UI. This is useful for
managing Etherpad plugins.
Among other things, plugins makes it easy to manage/delete pads if you
install the adminpads2 plugin.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1282
It's mostly due to Docker CE dropping its repositories (and support) for
Debian 9.
If one installs Docker manually (likely a package named `docker.io`), it
will likely still work.
In any case, Debian 9 is old and end-of-life now, so advertising support
for it is not productive.
The attached code for the "Serving the Federation API with your certificates and matrix-nginx-proxy" section suggests using the matrix.<your-domain> certificate for the federation API as opposed to the necessary <your-domain> certificate for the federation to work. This can cause some confusion to readers.