finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:4af024e8d2c231fc9aebc8cd3aa67307ac9d26c7
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram
...
compare: finallycoffee:f40fff587f009a08327f1d14f72a5a48126c6e97
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram

62 Commits
4af024e8d2 ... f40fff587f

Author SHA1 Message Date
transcaffeine
f40fff587f
meta: move inventory structure to be more usable 2024-10-02 20:41:14 +02:00
jdreichmann
cfc21854ec
meta: add own inventory, add vault-unlock with GPG 2024-10-02 20:41:11 +02:00
Slavi Pantaleev
c605235aa8
Merge pull request #3563 from spantaleev/renovate/docker.io-metio-matrix-alertmanager-receiver-2024.x 
Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2024.10.2
 2024-10-02 10:18:13 +03:00
renovate[bot]
88f3996cae
Update docker.io/metio/matrix-alertmanager-receiver Docker tag to v2024.10.2 2024-10-02 06:35:45 +00:00
Slavi Pantaleev
44dc9e1c74
Merge pull request #3561 from spantaleev/renovate/matrixdotorg-mjolnir-1.x 
Update matrixdotorg/mjolnir Docker tag to v1.8.0
 2024-10-02 08:04:35 +03:00
Slavi Pantaleev
0b5c5ed258
Merge pull request #3560 from spantaleev/renovate/grafana-11.x 
Update dependency grafana to v11.1.7-0
 2024-10-02 08:03:02 +03:00
renovate[bot]
c6da799a52
Update matrixdotorg/mjolnir Docker tag to v1.8.0 2024-10-02 01:33:07 +00:00
renovate[bot]
4d286ddd7a
Update dependency grafana to v11.1.7-0 2024-10-02 01:33:04 +00:00
Slavi Pantaleev
61c6e09fd8 Upgrade baibot (v1.1.1 -> v1.2.0) 2024-10-02 00:07:51 +03:00
Slavi Pantaleev
4b047b3d63 Fix pickle_key configuration value for mautrix-slack for compatibility with the old bridge 2024-10-01 21:29:21 +03:00
Slavi Pantaleev
bc704a2552 Make it possible to install maubot against Conduit 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3556
 2024-10-01 16:19:53 +03:00
Slavi Pantaleev
8b71ce3dec
Merge pull request #3558 from spantaleev/renovate/ghcr.io-element-hq-synapse-1.x 
Update ghcr.io/element-hq/synapse Docker tag to v1.116.0
 2024-10-01 16:17:24 +03:00
Slavi Pantaleev
f8790319fa
Merge pull request #3557 from spantaleev/renovate/vectorim-element-web-1.x 
Update vectorim/element-web Docker tag to v1.11.79
 2024-10-01 15:29:54 +03:00
renovate[bot]
d40be5aca6
Update ghcr.io/element-hq/synapse Docker tag to v1.116.0 2024-10-01 12:27:23 +00:00
renovate[bot]
148d842386
Update vectorim/element-web Docker tag to v1.11.79 2024-10-01 12:27:19 +00:00
Slavi Pantaleev
d1c8a52e3e
Merge pull request #3553 from krassle/patch-1 
Fix validate_config.yml
 2024-09-28 10:02:38 +03:00
krassle
a2db5c3d70
Fix validate_config.yml 
`devture_postgres_*` -> `postgres_*`
 2024-09-28 08:54:27 +02:00
Slavi Pantaleev
0a32d76b9b Improve Draupnir Usage docs 2024-09-28 08:35:18 +03:00
Slavi Pantaleev
71d4f79273 Expand the Usage section in the Draupnir docs 2024-09-27 21:30:09 +03:00
Slavi Pantaleev
3016630824 Upgrade Postgres (v17.0-0 -> v17.0-1) 2024-09-27 12:05:31 +03:00
Slavi Pantaleev
193946c68a Adjust some comments in group_vars/matrix_servers 2024-09-27 11:01:20 +03:00
Slavi Pantaleev
befa282865 Announce Postgres & Traefik role relocation to MASH organization 2024-09-27 10:21:16 +03:00
Slavi Pantaleev
54b715e7fe Fix endpoint URL in comment 2024-09-27 10:15:49 +03:00
Slavi Pantaleev
f93101f791 Switch traefik/traefik-certs-dumper Ansible role sources and adjust variable names (devture_traefik_ -> traefik_) 2024-09-27 10:14:29 +03:00
Slavi Pantaleev
8445843562 Switch postgres/postgres-backup Ansible role sources and adjust variable names (devture_postgres_ -> postgres_) 2024-09-27 09:37:24 +03:00
Slavi Pantaleev
62d66cc196
Merge pull request #3551 from adam-kress/master 
Upgrade Jitsi (v9646-1 -> v9753-0)
 2024-09-26 18:43:19 +03:00
adam-kress
fd530d7d48
Upgrade Jitsi (v9646-1 -> v9753-0) 2024-09-26 10:26:01 -04:00
Slavi Pantaleev
a0d29924c4
Merge pull request #3548 from aine-etke/add-synapse-admin-support-url 
synapse-admin v0.10.3-etke17: add `Contact support` menu item
 2024-09-25 19:40:27 +03:00
Aine
8efdfaf854
synapse-admin v0.10.3-etke17: add Contact support menu item 2024-09-25 19:15:48 +03:00
Slavi Pantaleev
8a4c71bbbe
Merge pull request #3547 from aine-etke/add-hookshot-outbound-webhooks 
enable hookshot outbound webhooks
 2024-09-25 15:57:40 +03:00
Aine
a541f51944
enable hookshot outbound webhooks 2024-09-25 15:25:31 +03:00
Aine
f657273cc8
add system-managed users to synapse-admin (#3546) 
* WIP: add system-managed users to synapse-admin

* add missing users
 2024-09-24 21:37:03 +03:00
Aine
338e6d91c3
synapse-admin v0.10.3-etke16: Upgrade to react-admin v5, restrict actions on specific users (#3543) 
* synapse-admin v0.10.3-etke15: Upgrade to react-admin v5

* v0.10.3-etke16

* fix linter

* add _auto and _custom vars

* Use 2 spaces before #noqa var-naming

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2024-09-24 16:58:17 +03:00
Slavi Pantaleev
e662eb1e32
Merge pull request #3545 from spantaleev/renovate/vectorim-element-web-1.x 
Update vectorim/element-web Docker tag to v1.11.78
 2024-09-24 16:54:53 +03:00
renovate[bot]
7cbef06c4f
Update vectorim/element-web Docker tag to v1.11.78 2024-09-24 13:18:25 +00:00
Slavi Pantaleev
032809a053 Adjust default openai model id for baibot (gpt-4o -> gpt-4o-2024-08-06) 
`gpt-4o` will point to `gpt-4o-2024-08-06` after 2nd of October 2024
anyway. At that time, we can revert to pointing to `gpt-4o`.

The reason `gpt-4o-2024-08-06` was chosen now instead of `gpt-4o`:

- the `max_response_tokens` configuration was set to 16k, which matches
  `gpt-4o-2024-08-06`, but is too large for `gpt-4o` (max 4k)

- baibot's own configs for dynamically created agents, as well as static
  config examples use `gpt-4o-2024-08-06` and the larger
  `max_response_tokens` value
 2024-09-22 12:20:26 +03:00
Slavi Pantaleev
be96be8b3c Pin baibot to v1.1.1 and add default prompt for all statically-defined agents 
The playbook did not use to define a prompt for statically-defined
agents.

Since prompt variables support landed in v1.1.0
(see 2a5a2d6a4d)
it makes sense to make use of it for a better out-of-the-box experience
(see https://github.com/etkecc/baibot/issues/10).
 2024-09-22 12:04:42 +03:00
Slavi Pantaleev
6ff979e989
Merge pull request #3540 from spantaleev/renovate/etherpad-2.x 
Update dependency etherpad to v2.2.5-0
 2024-09-21 21:46:31 +03:00
renovate[bot]
b670d0f388
Update dependency etherpad to v2.2.5-0 2024-09-21 18:19:52 +00:00
Slavi Pantaleev
2b8d7e30f7 Upgrade Postgres (v16.3-3 -> v16.4-0) 2024-09-20 15:08:04 +03:00
David Mehren
c89c356e53
Add a global config option for Docker network MTU (#3502) 
* Add a global config option for Docker network MTU

* Upgrade systemd_docker_base (v1.2.0-0 -> v1.3.0-0)

The new version includes `devture_systemd_docker_base_container_networks_driver_options`
due to 3cc7d12396

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502

* Switch from passing matrix_playbook_docker_network_mtu to respecting devture_systemd_docker_base_container_networks_driver_options

Related to:
- 3cc7d12396
- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3502

* Update all roles to versions that respect `devture_systemd_docker_base_container_networks_driver_options`

---------

Co-authored-by: Slavi Pantaleev <slavi@devture.com>
 2024-09-18 16:20:27 +03:00
Slavi Pantaleev
4d52880170 Upgrade matrix-alertmanager-receiver (2024.8.28 -> 2024.9.18) 
Supersedes https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3539

Related to https://github.com/metio/matrix-alertmanager-receiver/pull/42
 2024-09-18 14:48:25 +03:00
Slavi Pantaleev
5b2600b074
Merge pull request #3537 from aine-etke/patch-651904 
synapse-admin v0.10.3-etke14: bulk registration works again, add ability to change avatars
 2024-09-18 09:22:32 +03:00
Aine
14a31e3e40
synapse-admin v0.10.3-etke14: bulk registration works again, add ability to change avatars 2024-09-18 09:19:39 +03:00
Slavi Pantaleev
d9285203fa
Merge pull request #3536 from spantaleev/renovate/joseluisq-static-web-server-2.x 
Update joseluisq/static-web-server Docker tag to v2.33.0
 2024-09-18 09:06:13 +03:00
renovate[bot]
34634f144c
Update joseluisq/static-web-server Docker tag to v2.33.0 2024-09-17 23:06:37 +00:00
Slavi Pantaleev
cf5763978b Upgrade synapse-s3-storage-provider (1.3.0 -> 1.5.0) and adapt configuration 
1.3.0 fails to work against the new Synapse (v1.115.0) image.
See: https://github.com/matrix-org/synapse-s3-storage-provider/pull/114

Related to: https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3535
 2024-09-17 21:25:15 +03:00
Slavi Pantaleev
bc0d4759db
Merge pull request #3535 from spantaleev/renovate/ghcr.io-element-hq-synapse-1.x 
Update ghcr.io/element-hq/synapse Docker tag to v1.115.0
 2024-09-17 21:14:25 +03:00
renovate[bot]
605d054549
Update ghcr.io/element-hq/synapse Docker tag to v1.115.0 2024-09-17 15:15:35 +00:00
Slavi Pantaleev
aee7d2ca6c Do not use command_prefix = default for Meta bridges anymore 
Seems like `default` is not a supported value and will not
make the bridge autoconfigure itself with the correct prefix anymore.

A value of `default` would be taken literally.
 2024-09-17 16:16:48 +03:00
Slavi Pantaleev
d3b1060428 Fix Gmessages regression (missing homeserver.address and homeserver.domain configuration) 
f9705b3323 reworked the configuration and missed wiring
these to the existing variables.
 2024-09-17 16:04:39 +03:00
Slavi Pantaleev
de34392edf
Merge pull request #3534 from KloolK/patch-2 
Update maintenance-upgrading-services.md
 2024-09-17 14:32:04 +03:00
Jan
239c7eddf8
Update maintenance-upgrading-services.md 2024-09-17 13:28:40 +02:00
Slavi Pantaleev
67df140ef4 Upgrade Traefik (v3.1.2-1 -> v3.1.3-0) 2024-09-17 10:42:27 +03:00
Slavi Pantaleev
53f3c94bef Enable backfilling for mautrix-gmessages, mautrix-signal and mautrix-slack 
We'be already been going against upstream defaults and have been
enabling backfilling for a few other bridges (Messenger, Instagram, Telegram, Twitter).

Now I'm enabling backfilling by default for the remaining ones, for
consistency.
 2024-09-17 09:39:35 +03:00
Slavi Pantaleev
f9705b3323 Upgrade mautrix-gmessages (v0.4.3 -> v0.5.0) and adapt configuration 
Related to:
- https://github.com/mautrix/gmessages/releases/tag/v0.5.0
- https://mau.fi/blog/2024-09-mautrix-release/

It seems like the new version does not support a `/metrics` endpoint.
We skip keep the Ansible variables, but they're not doing anything.
 2024-09-17 09:39:35 +03:00
Slavi Pantaleev
01e5514c4b Upgrade mautrix-meta (v0.3.2 -> v0.4.0) and adapt configuration 
Related to:
- https://github.com/mautrix/meta/releases/tag/v0.4.0
- https://mau.fi/blog/2024-09-mautrix-release/

It seems like the new version does not support a `/metrics` endpoint.
We skip keep the Ansible variables, but they're not doing anything.
 2024-09-17 09:39:35 +03:00
Slavi Pantaleev
626a851c82 Fix username_template potentially not being taken into account for mautrix-slack 
While working on upgrading the Meta bridges to bridgev2, I've noticed
that {% raw %} and {% endraw %} on lines like that (immediately
preceding `username_template` may cause YAML indentation issues.
 2024-09-17 09:39:35 +03:00
Slavi Pantaleev
52018c652f
Merge pull request #3530 from spantaleev/renovate/dock.mau.dev-mautrix-signal-0.x 
Update dock.mau.dev/mautrix/signal Docker tag to v0.7.1
 2024-09-17 06:36:02 +03:00
Slavi Pantaleev
42cc7b0844
Merge pull request #3531 from spantaleev/renovate/dock.mau.dev-mautrix-slack-0.x 
Update dock.mau.dev/mautrix/slack Docker tag to v0.1.1
 2024-09-17 06:34:19 +03:00
renovate[bot]
ca0abda581
Update dock.mau.dev/mautrix/slack Docker tag to v0.1.1 2024-09-16 13:07:41 +00:00
renovate[bot]
7507383a90
Update dock.mau.dev/mautrix/signal Docker tag to v0.7.1 2024-09-16 13:07:37 +00:00
142 changed files with 2931 additions and 1453 deletions
Show Stats Expand all files Collapse all files

44
CHANGELOG.md
View File

@ -1,3 +1,19 @@
# 2024-09-27
## (BC Break) Postgres & Traefik roles have been relocated and variable names need adjustments
Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration.
You need to do the following replacements:
- `devture_postgres_` -> `postgres_`
- `devture_traefik_` -> `traefik_`
As always, the playbook would let you know about this and point out any variables you may have missed.
# 2024-09-12
## Support for baibot
@ -118,7 +134,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
### HTTP/3 is enabled by default
@ -135,7 +151,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
To **disable HTTP/3**, you can use the following configuration:
```yml
devture_traefik_config_entrypoint_web_secure_http3_enabled: false
traefik_config_entrypoint_web_secure_http3_enabled: false
# Disabling HTTP/3 for the web-secure entrypoint (above),
# automatically disables it for the Matrix Federation entrypoint as well,
@ -457,9 +473,9 @@ Because [Traefik has an extra job now](#traefik-now-has-an-extra-job), you need
### People fronting Traefik with another reverse proxy need to do minor changes
We've already previously mentioned that you need to do some minor [configuration changes related to `devture_traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
We've already previously mentioned that you need to do some minor [configuration changes related to `traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
If you don't do these changes (switching from `devture_traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job).
If you don't do these changes (switching from `traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job).
### Supported reverse proxy types are now fewer
@ -572,17 +588,17 @@ I don't actively use all the ~100 components offered by the playbook (no one doe
If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything.
People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `devture_traefik_additional_entrypoints_auto` in their `vars.yml` configuration.
People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `traefik_additional_entrypoints_auto` in their `vars.yml` configuration.
Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so.
For this reason, we no longer recommend completely redefining `devture_traefik_additional_entrypoints_auto`.
The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `devture_traefik_additional_entrypoints_auto`.
For this reason, we no longer recommend completely redefining `traefik_additional_entrypoints_auto`.
The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `traefik_additional_entrypoints_auto`.
Adapt your configuration as seen below:
```diff
-devture_traefik_additional_entrypoints_auto:
-traefik_additional_entrypoints_auto:
- - name: matrix-federation
- port: 8449
- host_bind_port: '127.0.0.1:8449'
@ -711,7 +727,7 @@ From now on, the [Postgres Ansible role](https://github.com/devture/com.devture.
Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually.
People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `devture_postgres_process_extra_arguments`). There's a new variable (`devture_postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers.
People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `postgres_process_extra_arguments`). There's a new variable (`postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers.
# 2023-08-31
@ -1070,7 +1086,7 @@ Unless we have some regression, **existing `matrix-nginx-proxy` users should be
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
```
You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
@ -1097,7 +1113,7 @@ As mentioned above, Traefik still reverse-proxies to some (most) services by goi
As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like:
- not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well.
- running Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`).
- running Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`).
### How do I help?
@ -1107,7 +1123,7 @@ You can help by:
- **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers).
- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server
- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server
# 2023-02-10
@ -1232,14 +1248,14 @@ See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md
Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup).
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix.
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `postgres_backup` prefix.
# 2022-11-28
## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability.

5
ansible.cfg
View File

@ -1,6 +1,11 @@
[defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False
stdout_callback = yaml
inventory = inventory/hosts
[connection]
pipelining = True

26
docs/configuring-playbook-bot-baibot.md
View File

@ -154,6 +154,11 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: "YO
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Anthropic agent.
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# See `defaults/main.yml` in the baibot role for more configuration options.
```
@ -176,6 +181,11 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key: "YOUR_AP
# Specify the text-generation agent you'd like to use
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: "llama3-70b-8192"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Groq agent.
# matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these speech-to-text defaults:
#
# matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_enabled: true
@ -202,6 +212,11 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: true
matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Mistral agent.
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these defaults:
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
@ -228,8 +243,13 @@ matrix_bot_baibot_config_agents_static_definitions_openai_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the OpenAI agent.
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06
# See `defaults/main.yml` in the baibot role for more configuration options.
```
@ -273,7 +293,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: "YOUR_API_KEY_HERE"
text_generation:
model_id: gpt-3.5-turbo-0125
prompt: You are a brief, but helpful bot.
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
temperature: 1.0
max_response_tokens: 4096
max_context_tokens: 16385
@ -290,7 +310,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: ""
text_generation:
model_id: "llama3.1:8b"
prompt: "You are an assistant based on the Llama3.1:8b model. Be brief in your responses."
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
temperature: 1.0
max_response_tokens: 4096
max_context_tokens: 128000

70
docs/configuring-playbook-bot-draupnir.md
View File

@ -123,7 +123,75 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage
You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
You can refer to the upstream [documentation](https://the-draupnir-project.github.io/draupnir-documentation/) for additional ways to use and configure Draupnir and for a more detailed usage guide.
Below is a **non-exhaustive quick-start guide** for the impatient.
### Making Draupnir join and protect a room
Draupnir can be told to self-join public rooms, but it's better to follow this flow which works well for all kinds of rooms:
1. Invite the bot to the room manually ([inviting Draupnir to rooms](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#inviting-draupnir-to-rooms)). Before joining, the bot *may* ask for confirmation in the Management Room
2. [Give the bot permissions to do its job](#giving-draupnir-permissions-to-do-its-job)
3. Tell it to protect the room (using the [rooms command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#using-the-draupnir-rooms-command)) by sending the following command to the Management Room: `!draupnir rooms add !ROOM_ID:DOMAIN`
To have Draupnir provide useful room protection, you need do to a bit more work (at least the first time around).
You may wish to [Subscribe to a public policy list](#subscribing-to-a-public-policy-list), [Create your own own policy and rules](#creating-your-own-policy-lists-and-rules) and [Enabling built-in protections](#enabling-built-in-protections).
### Giving Draupnir permissions to do its job
For Draupnir to do its job, you need to [give it permissions](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#giving-draupnir-permissions) in rooms it's protecting. This involves **giving it an Administrator power level**.
**We recommend setting this power level as soon as the bot joins your room** (and before you create new rules), so that it can apply rules as soon as they are available. If the bot is under-privileged, it may fail to apply protections and may not retry for a while (or until your restart it).
### Subscribing to a public policy list
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
#### Creating your own policy lists and rules
We also recommend **creating your own policy lists** with the [list create](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-list-create-command-to-create-a-policy-room) command.
You can do so by sending the following command to the Management Room: `!draupnir list create my-bans my-bans-bl`. This will create a policy list having a name (shortcode) of `my-bans` and stored in a public `#my-bans-bl:DOMAIN` room on your server. As soon as you run this command, the bot will invite you to the policy list room.
A policy list does nothing by itself, so the next step is **adding some rules to your policy list**. Policies target a so-called `entity` (one of: `user`, `room` or `server`). These entities are mentioned on the [policy lists](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists) documentation page and in the Matrix Spec [here](https://spec.matrix.org/v1.11/client-server-api/#mban-recommendation).
The simplest and most useful entity to target is `user`. Below are a few examples using the [ban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-ban-command) and targeting users.
To create rules, you run commands in the Management Room (**not** in the policy list room).
- (ban a single user on a given homeserver): `!draupnir ban @someone:example.com my-bans Rude to others`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake`
As a result of running these commands, you may observe:
- Draupnir creating `m.policy.rule.user` state events in the `#my-bans-bl:DOMAIN` room on your server
- applying these rules against all rooms that Draupnir is an Administrator in
You can undo bans with the [unban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-unban-command).
### Enabling built-in protections
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
To **see the configuration options for a given protection**, send a `!draupnir config get PROTECTION_NAME` (e.g. `!draupnir config get JoinWaveShortCircuit`).
To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).
## Extending the configuration
You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.

6
docs/configuring-playbook-bridge-mautrix-gmessages.md
View File

@ -14,14 +14,12 @@ matrix_mautrix_gmessages_enabled: true
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
### Method 1: automatically, by enabling Appservice Double Puppet
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-instagram.md
View File

@ -66,14 +66,12 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-instagram/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
### Method 1: automatically, by enabling Appservice Double Puppet
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-messenger.md
View File

@ -77,14 +77,12 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-messenger/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
### Method 1: automatically, by enabling Appservice Double Puppet
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

2
docs/configuring-playbook-external-postgres.md
View File

@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit
If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
```yaml
devture_postgres_enabled: false
postgres_enabled: false
# Rewire Synapse to use your external Postgres server
matrix_synapse_database_host: "your-postgres-server-hostname"

8
docs/configuring-playbook-jitsi.md
View File

@ -227,20 +227,20 @@ To make Traefik reverse-proxy to these additional JVBs (living on other hosts),
# Traefik proxying for additional JVBs. These can't be configured using Docker
# labels, like the first JVB is, because they run on different hosts, so we add
# the necessary configuration to the file provider.
devture_traefik_provider_configuration_extension_yaml: |
traefik_provider_configuration_extension_yaml: |
http:
routers:
{% for host in groups['jitsi_jvb_servers'] %}
additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router:
entryPoints:
- "{{ devture_traefik_entrypoint_primary }}"
- "{{ traefik_entrypoint_primary }}"
rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)"
service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service
{% if devture_traefik_entrypoint_primary != 'web' %}
{% if traefik_entrypoint_primary != 'web' %}
tls:
certResolver: "{{ devture_traefik_certResolver_primary }}"
certResolver: "{{ traefik_certResolver_primary }}"
{% endif %}

8
docs/configuring-playbook-matrix-media-repo.md
View File

@ -123,7 +123,7 @@ To import the Synapse media store, you're supposed to invoke the `import_synapse
This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse).
Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh
docker exec -it matrix-media-repo \
@ -132,7 +132,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \
-dbPort 5432 \
-dbUsername matrix \
-dbPassword devture_postgres_connection_password
-dbPassword postgres_connection_password
```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.
@ -145,7 +145,7 @@ If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver inst
To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`.
Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh
docker exec -it matrix-media-repo \
@ -154,7 +154,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \
-dbPort 5432 \
-dbUsername matrix \
-dbPassword devture_postgres_connection_password
-dbPassword postgres_connection_password
```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.

18
docs/configuring-playbook-own-webserver.md
View File

@ -21,7 +21,7 @@ To have the playbook install and use Traefik, use configuration like this (as se
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
```
Traefik will manage SSL certificates for all services seamlessly.
@ -38,7 +38,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
# Adjust to point to your Traefik container
matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container
devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
# Uncomment and tweak the variable below if the name of your federation entrypoint is different
# than the default value (matrix-federation).
@ -148,18 +148,18 @@ matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval.
# This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint
# (by toggling `matrix_federation_traefik_entrypoint_tls`).
devture_traefik_config_entrypoint_web_secure_enabled: false
traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
# If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# If you're publishing the port (`traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly).
#

16
docs/configuring-playbook-postgres-backup.md
View File

@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
```yaml
devture_postgres_backup_enabled: true
postgres_backup_enabled: true
```
Refer to the table below for additional configuration variables and their default values.
@ -18,13 +18,13 @@ Refer to the table below for additional configuration variables and their defaul
| Name | Default value | Description |
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`devture_postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` |
|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` |
|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
## Installing

26
docs/configuring-playbook-ssl-certificates.md
View File

@ -12,7 +12,7 @@ For testing purposes, you may wish to use staging certificates provide by Let's
You can do this with the following configuration:
```yaml
devture_traefik_config_certificatesResolvers_acme_use_staging: true
traefik_config_certificatesResolvers_acme_use_staging: true
```
@ -23,7 +23,7 @@ For testing or other purposes, you may wish to install services without SSL term
You can do this with the following configuration:
```yaml
devture_traefik_config_entrypoint_web_secure_enabled: false
traefik_config_entrypoint_web_secure_enabled: false
```
@ -46,16 +46,16 @@ To use your own SSL certificates with Traefik, you need to:
```yaml
# Disable ACME / Let's Encrypt support.
devture_traefik_config_certificatesResolvers_acme_enabled: false
traefik_config_certificatesResolvers_acme_enabled: false
# Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there.
devture_traefik_ssl_dir_enabled: true
traefik_ssl_dir_enabled: true
# Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
providers:
file:
filename: /config/certificates.yml
@ -66,7 +66,7 @@ devture_traefik_configuration_extension_yaml: |
aux_file_definitions:
# Create the privkey.pem file on the server by
# uploading a file from the computer where Ansible is running.
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
- dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
src: /path/on/your/Ansible/computer/to/privkey.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
@ -76,7 +76,7 @@ aux_file_definitions:
# Create the cert.pem file on the server
# uploading a file from the computer where Ansible is running.
- dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
- dest: "{{ traefik_ssl_dir_path }}/cert.pem"
src: /path/on/your/Ansible/computer/to/cert.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
@ -86,7 +86,7 @@ aux_file_definitions:
# Create the custom Traefik configuration.
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
- dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
- dest: "{{ traefik_config_dir_path }}/certificates.yml"
content: |
tls:
certificates:
@ -109,12 +109,12 @@ You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt
This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
```yaml
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
- "1.1.1.1:53"
devture_traefik_environment_variables_additional_variables: |
traefik_environment_variables_additional_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted

2
docs/configuring-playbook-synapse.md
View File

@ -75,7 +75,7 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and
#### Effect of enabling workers on the rest of your server
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `devture_postgres_max_connections` variable.
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable.
A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.

36
docs/configuring-playbook-traefik.md
View File

@ -12,7 +12,7 @@ See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl
## Increase logging verbosity
```yaml
devture_traefik_config_log_level: DEBUG
traefik_config_log_level: DEBUG
```
## Disable access logs
@ -20,7 +20,7 @@ devture_traefik_config_log_level: DEBUG
This will disable access logging.
```yaml
devture_traefik_config_accessLog_enabled: false
traefik_config_accessLog_enabled: false
```
## Enable Traefik Dashboard
@ -28,23 +28,23 @@ devture_traefik_config_accessLog_enabled: false
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`).
```yaml
devture_traefik_dashboard_enabled: true
devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
devture_traefik_dashboard_basicauth_enabled: true
devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
traefik_dashboard_enabled: true
traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
traefik_dashboard_basicauth_enabled: true
traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
```
**WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts.
## Additional configuration
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
```yaml
# This is a contrived example.
# You can enable and secure the Dashboard using dedicated variables. See above.
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
api:
dashboard: true
```
@ -66,8 +66,8 @@ First, we have to adjust the static configuration of Traefik, so that we can add
```yaml
# We enable all config files in the /config/ folder to be loaded.
# `/config` is the path as it appears in the Traefik container.
# On the host, it's actually `/matrix/traefik/config` (as defined in `devture_traefik_config_dir_path`).
devture_traefik_configuration_extension_yaml: |
# On the host, it's actually `/matrix/traefik/config` (as defined in `traefik_config_dir_path`).
traefik_configuration_extension_yaml: |
providers:
file:
directory: /config/
@ -79,7 +79,7 @@ If you are using a self-signed certificate on your webserver, you can tell Traef
```yaml
# We enable all config files in the /config/ folder to be loaded and
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
providers:
file:
directory: /config/
@ -90,11 +90,11 @@ devture_traefik_configuration_extension_yaml: |
```
Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates.
Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates.
```yaml
aux_file_definitions:
- dest: "{{ devture_traefik_config_dir_path }}/provider_my_fancy_website.yml"
- dest: "{{ traefik_config_dir_path }}/provider_my_fancy_website.yml"
content: |
http:
routers:
@ -117,7 +117,7 @@ If you do not want to terminate SSL at the Traefik instance (for example, becaus
```yaml
aux_file_definitions:
- dest: "{{ devture_traefik_config_dir_path }}/providers_my_fancy_website.yml"
- dest: "{{ traefik_config_dir_path }}/providers_my_fancy_website.yml"
content: |
tcp:
routers:
@ -134,9 +134,9 @@ aux_file_definitions:
```
Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP.
With these changes, all TCP traffic will be reverse-proxied to the target system.
With these changes, all TCP traffic will be reverse-proxied to the target system.
**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```.
**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```.
## Traefik behind a `proxy_protocol` reverse-proxy
@ -144,7 +144,7 @@ With these changes, all TCP traffic will be reverse-proxied to the target system
If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file:
```yaml
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
entryPoints:
web-secure:
proxyProtocol:

34
docs/howto-srv-server-delegation.md
View File

@ -58,29 +58,29 @@ We cannot just disable the default resolver as that would disable SSL in quite a
```yaml
# 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
certificatesResolvers:
dns:
acme:
# To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
# 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
devture_traefik_environment_variables: |
traefik_environment_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted
LEGO_DISABLE_CNAME_SUPPORT=true
# 3. Instruct the playbook to use the new ACME configuration
devture_traefik_certResolver_primary: dns
traefik_certResolver_primary: dns
```
## Adjust Coturn's configuration
@ -105,16 +105,16 @@ matrix_coturn_container_additional_volumes: |
(
[
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
```
@ -124,7 +124,7 @@ matrix_coturn_container_additional_volumes: |
```yaml
# Choosing the reverse proxy implementation
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
devture_traefik_config_certificatesResolvers_acme_email: redacted@example.com
traefik_config_certificatesResolvers_acme_email: redacted@example.com
# To serve the federation from any domain, as long as the path matches
matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`)
@ -135,25 +135,25 @@ matrix_synapse_container_labels_additional_labels: |
traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com"
# Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
devture_traefik_configuration_extension_yaml: |
traefik_configuration_extension_yaml: |
certificatesResolvers:
dns:
acme:
# To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
# Instruct thep laybook to use the new ACME configuration
devture_traefik_certResolver_primary: "dns"
traefik_certResolver_primary: "dns"
# Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare)
devture_traefik_environment_variables: |
traefik_environment_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted
@ -168,16 +168,16 @@ matrix_coturn_container_additional_volumes: |
(
[
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
```

8
docs/maintenance-postgres.md
View File

@ -107,12 +107,12 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []`
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration

2
docs/maintenance-upgrading-services.md
View File

@ -9,7 +9,7 @@ To upgrade services:
- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
- either: `just update`
- or: a combination of `git pull` and `just role` (or `make roles`)
- or: a combination of `git pull` and `just roles` (or `make roles`)
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of

4
examples/vars.yml
View File

@ -34,13 +34,13 @@ matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
devture_traefik_config_certificatesResolvers_acme_email: ''
traefik_config_certificatesResolvers_acme_email: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
devture_postgres_connection_password: ''
postgres_connection_password: ''
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.

5
gpg/open_vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

1025
group_vars/matrix_servers
View File

File diff suppressed because it is too large Load Diff

392
inventory/host_vars/matrix.finallycoffee.eu/vars.yml Normal file
View File

@ -0,0 +1,392 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
matrix_playbook_ssl_enabled: true
devture_traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_container_web_host_bind_port: '127.0.10.1:8080'
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.10.2:8448'
matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom:
forwardedHeaders:
insecure: true
matrix_synapse_metrics_proxying_enabled: true
matrix_sliding_sync_enabled: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_playbook_docker_installation_enabled: false
#matrix_client_element_version: v1.8.4
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.77.0"
#matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.11/site-packages"
#matrix_synapse_default_room_version: "10"
matrix_dimension_scheme: https
devture_timesync_installation_enabled: false
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
devture_systemd_service_manager_up_verification_delay_seconds: 180
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
devture_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
# matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 50
sleep_delay: 500
reject_limit: 50
concurrent: 10
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
matrix_synapse_rc_joins:
local:
per_second: 0.5
burst_count: 20
remote:
per_second: 0.05
burst_count: 20
matrix_synapse_rc_joins_per_room:
per_second: 1
burst_count: 10
matrix_synapse_rc_invites:
per_room:
per_second: 0.5
burst_count: 10
per_user:
per_second: 0.006
burst_count: 10
per_issuer:
per_second: 2
burst_count: 20
## Synapse cache tuning
matrix_synapse_caches_global_factor: 1.5
matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 2
matrix_synapse_workers_federation_sender_workers_count: 2
matrix_synapse_workers_pusher_workers_count: 1
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_max: 20
caches:
per_cache_factors:
device_id_exists: 3
get_users_in_room: 4
_get_joined_users_from_context: 4
_get_joined_profile_from_event_id: 3
"*stateGroupMembersCache*": 2
_matches_user_in_member_list: 3
get_users_who_share_room_with_user: 3
is_interested_in_room: 2
get_user_by_id: 1.5
room_push_rule_cache: 1.5
expire_caches: true
cache_entry_ttl: 45m
sync_response_cache_duration: 2m
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_bridge_personal_filtering_spaces: true
matrix_mautrix_whatsapp_bridge_mute_bridging: true
matrix_mautrix_whatsapp_bridge_enable_status_broadcast: false
matrix_mautrix_whatsapp_bridge_allow_user_invite: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"gruenhage.xyz": "full"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
matrix_bridges_encryption_enabled: true
matrix_bridges_encryption_default: true
matrix_appservice_double_puppet_enabled: true
matrix_mautrix_slack_enabled: true
matrix_mautrix_slack_appservice_bot_username: slack
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: false
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
#matrix_mx_pUppet_slack_enabled: true
#matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
#matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
#matrix_mx_puppet_slack_oauth_redirect_path: '/bridge/slack/oauth'
#matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
#matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
#matrix_mx_puppet_slack_container_extra_arguments:
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
# - "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
#matrix_mx_puppet_slack_configuration_extension_yaml: |
# bridge:
# enableGroupSync: true
# metrics:
# enabled: true
# port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
# path: /metrics
# limits:
# maxAutojoinUsers: 500
# roomUserAutojoinDelay: 50
# presence:
# enabled: true
# interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_auth_header_logo_url: "welcome/images/logo.png"
matrix_client_element_branding_welcome_background_url: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcome_background_url }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_auth_header_logo_url }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_room_directory_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
exim_relay_enabled: true
exim_relay_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
exim_relay_relay_use: true
exim_relay_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
exim_relay_relay_host_port: 587
exim_relay_relay_auth: true
exim_relay_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
exim_relay_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

105
inventory/host_vars/matrix.finallycoffee.eu/vault.yml Normal file
View File

@ -0,0 +1,105 @@
$ANSIBLE_VAULT;1.1;AES256
61626165616330663863393762663031623164636666346339343636363035663463636135656533
3338383762633130346536613334626164306464333835380a353264386431326437616234393165
61323266623432353731373634353339393936643130346434346530336563326533386331646533
3030663037666664360a346636343966663733663836633736316630663230613137663166336336
62383131343934353635633261323036613231646439626162306238313132316664653237653533
34376464633335626133376138343139653561613232333133393535393137653964633561313761
62653632663432313936336231613832626362343737383863343562636437646439666638383733
63313538616430393536356534303164633332653538643264353834393465373538643963343039
31366661636263353936363931343938323563626538303133366263363533393564386466666361
38666264643931336563633663663538616431313231336364653631383261326537336162313837
32373730343538653862326636303264353737353139663161393762383138393531363264633531
32383661396537636635666665316630663032333932393131336235663938623932383230343830
31613563656663343830353438396535663864306531333239623738653838633331386465353466
37366363643334623165373562363465636161396437333966303864663033636665623564613565
39643635333636363132633462386536393634303838343835363633626162363236653839376230
34666430363933336335323330386339656339356637653931643565303166303436333562333361
38633838636337316137343564613338346239663933356130396562306164376430363233373632
66303430303034353262343565373139333535636231623062633537653636376136656138623637
34396562376233643234643436323433336436393163363935643033643833386631633762343162
33633136316635326532343430383437366139333830373731636265386234356164393066333663
37663934633437653364356231383934313132343162323436373339393964656336646164333533
37626336616565323237633736653433316238366261303465343466643363303131376665346231
62623133336561313732393837323330643138663830353662366139373366383436323530333732
38623633666537643038636163303164653866343934616236343733386533663936303637326462
63633137626632613736313333643363373963306161353431396261646635383930366166363135
66353962643638616635376137346439383339303236323761366439306638623762343966623035
30323435396533633238313962306366343362393339616131393839653565666666313833313433
66386362353061323465666563616230336565663339646162623634643330646239343934373636
33363061316637613266373831376133303337616639643239393835636138323266613134633633
65356634636562313961643865353334306131333030373566666535373039343337613964306465
32393163666232383266363763336132653765316162663961653933633832626533646537376136
64613133373135616531343837616264656461313963646565656465656165303534343834663734
62313865366634656265613264623234653165633839323030643333643139323531643637393439
61656561303732663834336334643765616234373063306236303538646663316131663933323236
63396263663034613832653361383061336132663032646133323931386562653661346264363439
35636463613635316239363061363836623564303933373964363365626133373039643264666530
30343165366365333339366639353033666634613162363164333433633563613461666532323566
63303836353331326439646139653738633866356463303264623166306262393766346338373537
62373865303264633663666333323135343530323434383835393763363739636135646538336364
33376438636264393635383163353431336463396263333239626566653262373434316532343633
61363061623430636462393135316564636536633963393338383334643134366232396564316635
31373963633164653235643665653863303831663065383433363036633962633462393839363235
36323562323634643639643561636261643136313633656236656566353539343063386162383234
38653461633561353639336531353333393262633065386539353031386332343739656261653238
31326434386130336465613233663563323035666631303137313665336566363134306638663265
62353430353934633965316636643566653235366230323139656539646539626236616138313362
31643437366563383164306331303662356562616366366237613633666534623765323034396534
38326537376265343065313738316433353266633539313134323735383864623663323662633662
65613862623766343736343031636238356161343036363566646635643334373030386434646135
64336263356663376564333935623135396231623165326437393563333361356435346634616665
66376231666633643936323264323565346637343538366138616631383964376632613437323163
30366537326533363939643237376538366230313263623139323662396633343239343066313564
63356533373338653030313038653137666434323737323763623136666530313035356634666633
35643530333632633664643361633964666432336631636561343739646266653634353963323534
35663731616539646332393837633566393734643033623937316661653839663937303666376339
65653036373565323435636637373231316265393231333734356462356635346531366530316262
37643632346164366561353236373633623464643536373361666263303739356335333934313537
31373035633333313065613162346133663736313265376230393135353431343765306539633032
63353338656231376666613138353235613362643334653537353237653139396533363630303033
36363039613232666266333535343466336263663762623865376532326262666332303361356266
65646337323037383564666639363636333135323265633932333264346363326466343234653936
65656535343663356562613064323138656338633064633462313864616665653230626638373939
61623862386364396335323836396664653731633365623936383435383330643038386665653238
62643961626464313666343431303064303338396135643432383730613161336435306262653132
38373432393564333562363761386239343366343465386638643737663561633837303734333835
66366465633164346365356637313534376136303630666432613664363030323336316639393339
61383565316432383633383832363439316366373536336639643961333663303631633464633238
31396331386163386261393565346266636436386465326639326363663930666665306637393263
65363763336561316566363164626466643637343731666530386432343431653634353336376461
33366233366533656334666138346661323463633133303933626163343666623761613961346231
35383232306336386665313264393933646631656333613138353532666133366339656564353865
35353330393131366137663466333363653866323936353734306361633163626537363561346332
65363231623766666638383661323964633034366261633035303861383135383235656465373738
66373762626130356633626436366533626633353836346239666333353262656665636330626561
66613165313137373766623464646330643662393033396266643662653136393233336265353430
38376130663634333133353763383264623133373230323938316638323864643430386633376564
65356264623766666637353866326638613435663830623063343439373030663663623432393863
33343134626465313230646239646537653938613938633736346235323438393237363639373932
61376231386265366132333965333133343737623066383534666633396635356537623432623132
62656431323033633265626265613736383435376132613532333037613834313130626361373533
39653361323366636335343865343737346264636433386332666332376662343634356630316135
30366163333561353338663666363738313732303031333637636266623530623261306335616233
31346436346663643464626134313338346439323838343663613135663834666632653866346431
64376566343963346664366363353636636231386530363961333131383133323163396265313563
35393534343664336237336231313831333739633662306636373338663434613231306538343865
61613063306432623932616534363865333639396232383562396161383539363336303463323731
63313239666538306239663864653839616132363662336331636262353061663136386331306131
66336361396239383638623463663635613364366433343739356331633330633561653038633530
38303832363663656432396636613134613965373639353731366138323435326135626339353263
39313032333966376135653664623666626233613530646534636362646237303465653931666563
65343936623462633162343334643335623834323364646362633232346237306337303430616363
61633930343132303962653432636230343331343332616434323035633963623138653737306566
34353135623134626237653165663738633435656439393234643432353535646439313638653664
39326437393166633937663261336330656266303431383437626163623163303133323139313563
39383664633739373664653131326665306533633162373535396464663637653662336237656161
39633138383166316437313237303733336365343066366462643165643865653039343037633263
61613730393666636530633231396165363033313161663463323861663262383234643236643038
61633138323664613061663538383333323566393262303633623136613166636361306562356163
66363033373262396461316438643238396633353962616362623363303035353765393164616230
35303664616539363639373830623337396239626539613761613839363638326664306465313762
34646634326338306430653065343231366430666534306331336532346535663737633639363834
34623539616339363535633365306230663264626234363637366436353833663136303032623338
32633761333165393231303165393234643363313839373339666433666130313035643836626531
63356638666264333163

24
inventory/hosts Normal file
View File

@ -0,0 +1,24 @@
$ANSIBLE_VAULT;1.1;AES256
37366366376266633033656235333633346134336666323465356666353363323130366365393534
3365373534643965613139656465323663393862336163640a623663366631323035346632353030
37396264356137336535363663323935646464333138653035623562346438643139323439366132
3364356364353738660a616638393635333938373838316631396536386134333831613831343732
39333066363566643864343661646633326134633039316636306332303063366665373638353735
34386339633566663038613538316233306238383734623363623666346261336562663039373264
31313061616432643761633139643039636164613136643264663131666166646531366335346164
34303339393334616434633736383763653035386333363137336431363034653263306261646661
37323563373436333736633836666563646162303232393932346430373039346431356166393930
37616639333038653936633163323139396666303638663039623633633832333737633764643863
61383763613865323061636662663837656339373335643066333964393362303766366533303332
63646335356639366130393530373936636330633132356639626531303839656166346263613733
31333362316537323934306434393630656161353465636434303538643835396361613563663437
34383765626235356530396433643037306233663263623664636163326132316237386231323165
65643235356434626161396136303563633836313961343664653339623862633338313963333237
63663961636661383634343532356234626531373938313164373561386139366338393066623036
36633137623361626161313961386630623635323336353036623165316632353333383162623531
61353138613030343636326166303762656264643834396330313563616439323265333039323566
64356538346662613836356462613536656636373065643734346166353466363266353939393535
66333739623735656463373530646663303535643562363534306438323135353763303363376135
37653566306461396563333135633235626130313231636165383438376237383663373939353637
30366661303131333438376363366131613361326635366264363064633034376230353137663030
346238306532363635623732396366633538

38
requirements.yml
View File

@ -16,22 +16,22 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.2.2-0
version: v2.2.5-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98-r0-1-0
version: v4.98-r0-1-1
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.1.4-0
version: v11.1.7-0
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v9646-0
version: v9753-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
version: v6.3.4-2
version: v6.3.4-3
name: keydb
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.10.0-1
version: v2.10.0-2
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048
@ -42,26 +42,26 @@
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: v16.3-2
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v17.0-1
name: postgres
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 8c3585fb4857dbac026b2974bb6525289240effb
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v16-0
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.54.1-0
version: v2.54.1-1
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.8.2-0
version: v1.8.2-1
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.14.0-5
version: v0.14.0-6
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-redis.git
version: v7.2.5-0
version: v7.2.5-1
name: redis
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.2.0-0
version: v1.3.0-0
name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-4
@ -69,9 +69,9 @@
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.0.0-0
name: timesync
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v3.1.2-1
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.1.3-2
name: traefik
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.3-4
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.8.3-5
name: traefik_certs_dumper

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@ -6,7 +6,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2024.8.28
matrix_alertmanager_receiver_version: 2024.10.2
matrix_alertmanager_receiver_scheme: https

3
roles/custom/matrix-alertmanager-receiver/tasks/install.yml
View File

@ -63,7 +63,7 @@
cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} buildx build
--tag={{ matrix_alertmanager_receiver_container_image }}
--file={{ matrix_alertmanager_receiver_container_src_path }}/contrib/Dockerfile
--file={{ matrix_alertmanager_receiver_container_src_path }}/Dockerfile
{{ matrix_alertmanager_receiver_container_src_path }}
changed_when: true
@ -72,6 +72,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_alertmanager_receiver_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-alertmanager-receiver.service installed
ansible.builtin.template:

1
roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
View File

@ -80,6 +80,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_draupnir_for_all_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-draupnir-for-all.service installed
ansible.builtin.template:

10
roles/custom/matrix-base/defaults/main.yml
View File

@ -216,15 +216,15 @@ matrix_metrics_exposure_http_basic_auth_users: ''
#
# - `playbook-managed-traefik`
# - the playbook will run a managed Traefik instance (matrix-traefik)
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
#
# - `other-traefik-container`
# - this playbook will not install Traefik
# - nevertheless, the playbook expects that you would install Traefik yourself via other means
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
# - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`)
# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`)
#
# - `none`
# - no reverse-proxy will be installed
@ -244,7 +244,7 @@ matrix_playbook_reverse_proxyable_services_additional_network: "{{ matrix_playbo
# Controls if various services think if SSL is enabled or not.
# Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings.
# For that, you'd need to use another variable (`devture_traefik_config_entrypoint_web_secure_enabled`).
# For that, you'd need to use another variable (`traefik_config_entrypoint_web_secure_enabled`).
# This variable merely serves as an indicator if SSL is used or not.
matrix_playbook_ssl_enabled: true
@ -302,7 +302,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition:
#
# Routers enabled on this entrypoint should use Traefik rules which do NOT do Host-matching (Host/HostRegexp),
# because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making
# requests to the endpoint's address (e.g. `http://devture-traefik:8008/`).
# requests to the endpoint's address (e.g. `http://matrix-traefik:8008/`).
# This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API.
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api

17
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: latest
matrix_bot_baibot_version: v1.2.0
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}"
@ -155,6 +155,7 @@ matrix_bot_baibot_config_agents_static_definitions_auto: |-
}}
matrix_bot_baibot_config_agents_static_definitions_custom: []
matrix_bot_baibot_config_agents_static_definitions_prompt: "{% raw %}You are a brief, but helpful bot called {{ baibot_name }} powered by the {{ baibot_model_id }} model. The date/time now is: {{ baibot_now_utc }}.{% endraw %}"
########################################################################################
# #
@ -195,7 +196,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generat
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: null
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_temperature: 1.0
@ -248,7 +249,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_e
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: ""
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: null
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_temperature: 1.0
@ -267,7 +268,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_mo
########################################################################################
# #
# Mistral agent configuration #
# Mistral agent configuration #
# #
########################################################################################
@ -304,7 +305,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: null
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_temperature: 1.0
@ -313,7 +314,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
########################################################################################
# #
# /Mistral agent configuration #
# /Mistral agent configuration #
# #
########################################################################################
@ -355,10 +356,10 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: null
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0

3
roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
dst: "{{ matrix_bot_buscarron_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -97,6 +97,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_buscarron_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-buscarron.service restarted, if necessary
ansible.builtin.service:

1
roles/custom/matrix-bot-chatgpt/tasks/install.yml
View File

@ -61,6 +61,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_chatgpt_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
View File

@ -75,6 +75,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_draupnir_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-draupnir.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-go-neb/tasks/install.yml
View File

@ -48,6 +48,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_go_neb_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-go-neb.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -91,6 +91,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_honoroit_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-honoroit.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
View File

@ -61,6 +61,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_registration_bot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-registration-bot.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -89,6 +89,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_reminder_bot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-reminder-bot.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-maubot/tasks/setup_install.yml
View File

@ -75,6 +75,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_maubot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-maubot.service installed
ansible.builtin.template:

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@ -5,7 +5,7 @@
matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.7.0"
matrix_bot_mjolnir_version: "v1.8.0"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

1
roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
View File

@ -64,6 +64,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_mjolnir_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-mjolnir.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
View File

@ -12,7 +12,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -84,6 +84,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_postmoogle_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-postmoogle.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
dst: "{{ matrix_appservice_discord_database_connString }}"
caller: "{{ role_path | basename }}"
@ -109,6 +109,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-discord.service installed
ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled
ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not devture_postgres_enabled | bool"
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool"
# Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started
ansible.builtin.service:
name: "{{ devture_postgres_identifier }}"
name: "{{ postgres_identifier }}"
state: started
daemon_reload: true
register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@ -193,6 +193,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_irc_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-irc.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View File

@ -102,6 +102,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_kakaotalk_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-kakaotalk-node.service installed
ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled
ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not devture_postgres_enabled | bool"
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool"
# Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started
ansible.builtin.service:
name: "{{ devture_postgres_identifier }}"
name: "{{ postgres_identifier }}"
state: started
daemon_reload: true
register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
View File

@ -87,6 +87,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-slack support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
View File

@ -86,6 +86,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_webhooks_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-webhooks support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View File

@ -88,6 +88,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_beeper_linkedin_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-beeper-linkedin.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -131,6 +131,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_go_skype_bridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-go-skype-bridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
View File

@ -44,6 +44,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_heisenbridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-heisenbridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@ -153,6 +153,7 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
# No need to change these
matrix_hookshot_generic_enabled: true
matrix_hookshot_generic_outbound: true
matrix_hookshot_generic_enableHttpGet: false # noqa var-naming
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook"

1
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View File

@ -112,6 +112,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_hookshot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-hookshot support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
View File

@ -74,6 +74,7 @@ generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
#
enabled: {{ matrix_hookshot_generic_enabled | to_json }}
outbound: {{ matrix_hookshot_generic_outbound | to_json }}
enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}

3
roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_discord_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -98,6 +98,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-discord.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,6 +128,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_facebook_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-facebook.service installed
ansible.builtin.template:

23
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.4.3
matrix_mautrix_gmessages_version: v0.5.0
# See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@ -25,6 +25,12 @@ matrix_mautrix_gmessages_homeserver_address: ""
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
matrix_mautrix_gmessages_backfill_enabled: true
matrix_mautrix_gmessages_backfill_max_initial_messages: 50
matrix_mautrix_gmessages_backfill_max_catchup_messages: 500
matrix_mautrix_gmessages_backfill_unread_hours_threshold: 720
matrix_mautrix_gmessages_backfill_threads_max_initial_messages: 50
matrix_mautrix_gmessages_command_prefix: "!gm"
matrix_mautrix_gmessages_container_network: ""
@ -132,18 +138,23 @@ matrix_mautrix_gmessages_appservice_database_uri: "{{
}[matrix_mautrix_gmessages_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
matrix_mautrix_gmessages_login_shared_secret: ''
matrix_mautrix_gmessages_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
matrix_mautrix_gmessages_double_puppet_secrets: "{{ matrix_mautrix_gmessages_double_puppet_secrets_auto | combine(matrix_mautrix_gmessages_double_puppet_secrets_custom) }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: {}
matrix_mautrix_gmessages_double_puppet_secrets_custom: {}
# Enable End-to-bridge encryption
matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_gmessages_bridge_encryption_require: false
matrix_mautrix_gmessages_bridge_encryption_appservice: false
matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}"
matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}"
matrix_mautrix_gmessages_public_media_signing_key: ''
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
matrix_mautrix_gmessages_bridge_mute_bridging: true
matrix_mautrix_gmessages_bridge_permissions: |
{{

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -147,6 +147,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_gmessages_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
ansible.builtin.service:

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml
View File

@ -22,3 +22,6 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}
- {'old': 'matrix_mautrix_gmessages_bridge_mute_bridging', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_bridge_login_shared_secret_map', 'new': 'matrix_mautrix_gmessages_double_puppet_secrets_custom'}

588
roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
View File

@ -1,20 +1,172 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Displayname template for SMS users.
# {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone
# {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone
# {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone
displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }}
# Settings for how the bridge appears to the phone.
device_meta:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Device type to tell the phone. This also affects the icon, as well as how many sessions are allowed simultaneously.
# One web, two tablets and one PWA should be able to connect at the same time.
# Valid types: WEB, TABLET, PWA
type: TABLET
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `set-active` command to reactivate the bridge.
aggressive_reconnect: false
# Number of chats to sync when connecting to Google Messages.
initial_chat_sync_count: 25
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!gm'
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: []
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_gmessages_homeserver_address }}
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_gmessages_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
domain: {{ matrix_mautrix_gmessages_homeserver_domain | to_json }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -26,33 +178,19 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
# Changing these values requires regeneration of the registration (except when noted otherwise)
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_gmessages_appservice_address }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: gmessages
# Appservice bot details.
@ -64,229 +202,223 @@ appservice:
displayname: Google Messages bridge bot
avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# Whether to receive ephemeral events via appservice transactions.
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
as_token: {{ matrix_mautrix_gmessages_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_gmessages_homeserver_token | to_json }}
# Segment API key to track some events, like provisioning API login and encryption errors.
segment_key: null
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id: null
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_gmessages_appservice_username_template | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: 0.0.0.0:8001
google_messages:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
aggressive_reconnect: false
# Bridge config
bridge:
# Localpart template of MXIDs for SMS users.
# {{ '{{.}}' }} is replaced with an identifier of the recipient.
username_template: "{{ 'gmessages_{{.}}' }}"
# Displayname template for SMS users.
# {{ '{{.FullName}}' }} - Full name provided by the phone
# {{ '{{.FirstName}}' }} - First name provided by the phone
# {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone
displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}"
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
delivery_receipts: false
# Config options that affect the Matrix connector of the bridge.
matrix:
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
portal_message_buffer: 128
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
sync_direct_chat_list: false
# Number of chats to sync when connecting to Google Messages.
initial_chat_sync_count: 25
# Backfill settings
backfill:
# Number of messages to backfill in new chats.
initial_limit: 50
# Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
missed_limit: 100
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_gmessages_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_gmessages_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_max_initial_messages | to_json }}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_gmessages_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_gmessages_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_gmessages_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_gmessages_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_gmessages_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
archive_tag: null
# Same as above, but for pinned chats. The favorite tag is called m.favourite
pinned_tag: null
# Should mute status and tags only be bridged when the portal room is created?
tag_only_on_create: true
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!gm"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Google Messages bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to link their own Google Messages on android.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_gmessages_logging_level }}
writers:
- type: stdout
format: pretty-colored
format: pretty

3
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,6 +128,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_googlechat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-googlechat.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,6 +128,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_hangouts_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-hangouts.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
View File

@ -80,6 +80,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-instagram.service installed
ansible.builtin.template:

38
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.3.2
matrix_mautrix_meta_instagram_version: v0.4.0
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@ -194,10 +194,15 @@ matrix_mautrix_meta_instagram_bridge_displayname_suffix: |-
matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`):
# - "!ig" for instagram
# - "!fb" for facebook
matrix_mautrix_meta_instagram_bridge_command_prefix: default
matrix_mautrix_meta_instagram_bridge_command_prefix: |-
{{
({
'facebook': '!fb',
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_instagram_meta_mode]
}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
@ -214,9 +219,9 @@ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_instagram_bridge_encryption_appservice: false
matrix_mautrix_meta_instagram_bridge_encryption_require: false
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_instagram_double_puppet_secrets: "{{ matrix_mautrix_meta_instagram_double_puppet_secrets_auto | combine(matrix_mautrix_meta_instagram_double_puppet_secrets_custom) }}"
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: {}
matrix_mautrix_meta_instagram_double_puppet_secrets_custom: {}
matrix_mautrix_meta_instagram_bridge_permissions: "{{ matrix_mautrix_meta_instagram_bridge_permissions_default | combine(matrix_mautrix_meta_instagram_bridge_permissions_custom) }}"
@ -231,16 +236,15 @@ matrix_mautrix_meta_instagram_bridge_permissions_custom: {}
# Enable bridge relay bot functionality
matrix_mautrix_meta_instagram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_instagram_bridge_relay_admin_only: true
matrix_mautrix_meta_instagram_bridge_relay_default_relays: []
matrix_mautrix_meta_instagram_bridge_management_room_text_welcome: |-
{{
({
'facebook': "Hello, I'm a Facebook bridge bot.",
'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_instagram_meta_mode]
}}
matrix_mautrix_meta_instagram_backfill_enabled: true
matrix_mautrix_meta_instagram_backfill_max_initial_messages: 50
matrix_mautrix_meta_instagram_backfill_max_catchup_messages: 500
matrix_mautrix_meta_instagram_backfill_unread_hours_threshold: 720
matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages: 50
matrix_mautrix_meta_instagram_public_media_signing_key: ''
# Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -107,6 +107,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-instagram.service installed
ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml
View File

@ -23,3 +23,5 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_instagram_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_management_room_text_welcome', 'new': '<removed>'}

630
roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
View File

@ -1,7 +1,168 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_instagram_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_instagram_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_instagram_homeserver_domain | to_json }}
@ -10,11 +171,15 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -26,33 +191,19 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
# Changing these values requires regeneration of the registration (except when noted otherwise)
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: {{ matrix_mautrix_meta_instagram_appservice_id | to_json }}
# Appservice bot details.
@ -62,268 +213,225 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_instagram_appservice_avatar | to_json }}
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# Whether to receive ephemeral events via appservice transactions.
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_instagram_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_instagram_homeserver_token | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_instagram_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
meta:
# Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_meta_instagram_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Config options that affect the Matrix connector of the bridge.
matrix:
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
sync_direct_chat_list: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
federate_rooms: {{ matrix_mautrix_meta_instagram_bridge_federate_rooms | to_json }}
# Should mute status be bridged? Allowed options: always, on-create, never
mute_bridging: on-create
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_instagram_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_instagram_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_instagram_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_instagram_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_instagram_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map | to_json }}
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
backfill:
# If disabled, old messages will never be bridged.
enabled: true
# By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# the bridge will request more threads on first login, until it reaches the specified number of pages
# or the end of the inbox.
inbox_fetch_pages: 0
# By default, Meta only sends one old message per thread. If this is set to a something else than 0,
# the bridge will delay handling the one automatically received message and request more messages to backfill.
# One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# but that will block bridging messages until the entire backfill is completed.
history_fetch_pages: 0
# Same as above, but for catchup backfills (i.e. when the bridge is restarted).
catchup_fetch_pages: 5
# Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
# If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
unread_hours_threshold: 0
# Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# don't support inserting messages into room history.
queue:
# How many pages of messages to request in one go (without sleeping between requests)?
pages_at_once: 5
# Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_instagram_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_meta_instagram_logging_min_level | to_json }}
writers:
- type: stdout
format: pretty
- type: stdout
format: pretty

38
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.3.2
matrix_mautrix_meta_messenger_version: v0.4.0
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@ -194,10 +194,15 @@ matrix_mautrix_meta_messenger_bridge_displayname_suffix: |-
matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`):
# - "!ig" for instagram
# - "!fb" for facebook
matrix_mautrix_meta_messenger_bridge_command_prefix: default
matrix_mautrix_meta_messenger_bridge_command_prefix: |-
{{
({
'facebook': '!fb',
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_messenger_meta_mode]
}}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
@ -214,9 +219,9 @@ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_messenger_bridge_encryption_appservice: false
matrix_mautrix_meta_messenger_bridge_encryption_require: false
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_messenger_double_puppet_secrets: "{{ matrix_mautrix_meta_messenger_double_puppet_secrets_auto | combine(matrix_mautrix_meta_messenger_double_puppet_secrets_custom) }}"
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: {}
matrix_mautrix_meta_messenger_double_puppet_secrets_custom: {}
matrix_mautrix_meta_messenger_bridge_permissions: "{{ matrix_mautrix_meta_messenger_bridge_permissions_default | combine(matrix_mautrix_meta_messenger_bridge_permissions_custom) }}"
@ -231,16 +236,15 @@ matrix_mautrix_meta_messenger_bridge_permissions_custom: {}
# Enable bridge relay bot functionality
matrix_mautrix_meta_messenger_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_messenger_bridge_relay_admin_only: true
matrix_mautrix_meta_messenger_bridge_relay_default_relays: []
matrix_mautrix_meta_messenger_bridge_management_room_text_welcome: |-
{{
({
'facebook': "Hello, I'm a Facebook bridge bot.",
'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_messenger_meta_mode]
}}
matrix_mautrix_meta_messenger_backfill_enabled: true
matrix_mautrix_meta_messenger_backfill_max_initial_messages: 50
matrix_mautrix_meta_messenger_backfill_max_catchup_messages: 500
matrix_mautrix_meta_messenger_backfill_unread_hours_threshold: 720
matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages: 50
matrix_mautrix_meta_messenger_public_media_signing_key: ''
# Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_messenger_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_messenger_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -107,6 +107,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_messenger_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-messenger.service installed
ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml
View File

@ -23,3 +23,5 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_messenger_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_management_room_text_welcome', 'new': '<removed>'}

630
roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
View File

@ -1,7 +1,168 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_messenger_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_messenger_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_messenger_homeserver_domain | to_json }}
@ -10,11 +171,15 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint: null
status_endpoint:
# Endpoint for reporting per-message status.
message_send_checkpoint_endpoint: null
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -26,33 +191,19 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
# Changing these values requires regeneration of the registration (except when noted otherwise)
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: {{ matrix_mautrix_meta_messenger_appservice_id | to_json }}
# Appservice bot details.
@ -62,268 +213,225 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_messenger_appservice_avatar | to_json }}
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# Whether to receive ephemeral events via appservice transactions.
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_messenger_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_messenger_homeserver_token | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_messenger_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
meta:
# Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_meta_messenger_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Config options that affect the Matrix connector of the bridge.
matrix:
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
sync_direct_chat_list: false
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
federate_rooms: {{ matrix_mautrix_meta_messenger_bridge_federate_rooms | to_json }}
# Should mute status be bridged? Allowed options: always, on-create, never
mute_bridging: on-create
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_messenger_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_messenger_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_messenger_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_messenger_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_messenger_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map | to_json }}
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
backfill:
# If disabled, old messages will never be bridged.
enabled: true
# By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# the bridge will request more threads on first login, until it reaches the specified number of pages
# or the end of the inbox.
inbox_fetch_pages: 0
# By default, Meta only sends one old message per thread. If this is set to a something else than 0,
# the bridge will delay handling the one automatically received message and request more messages to backfill.
# One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# but that will block bridging messages until the entire backfill is completed.
history_fetch_pages: 0
# Same as above, but for catchup backfills (i.e. when the bridge is restarted).
catchup_fetch_pages: 5
# Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
# If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
unread_hours_threshold: 0
# Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# don't support inserting messages into room history.
queue:
# How many pages of messages to request in one go (without sleeping between requests)?
pages_at_once: 5
# Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_messenger_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_meta_messenger_logging_min_level | to_json }}
writers:
- type: stdout
format: pretty
- type: stdout
format: pretty

8
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.7.0
matrix_mautrix_signal_version: v0.7.1
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@ -100,6 +100,12 @@ matrix_mautrix_signal_logging_level: 'warn'
# If false, created portal rooms will never be federated.
matrix_mautrix_signal_federate_rooms: true
matrix_mautrix_signal_backfill_enabled: true
matrix_mautrix_signal_backfill_max_initial_messages: 50
matrix_mautrix_signal_backfill_max_catchup_messages: 500
matrix_mautrix_signal_backfill_unread_hours_threshold: 720
matrix_mautrix_signal_backfill_threads_max_initial_messages: 50
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.

3
roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_signal_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -141,6 +141,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_signal_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-signal.service installed
ansible.builtin.template:

10
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View File

@ -280,18 +280,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: false
enabled: {{ matrix_mautrix_signal_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: 50
max_initial_messages: {{ matrix_mautrix_signal_backfill_max_initial_messages | to_json }}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: 500
max_catchup_messages: {{ matrix_mautrix_signal_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: 720
unread_hours_threshold: {{ matrix_mautrix_signal_backfill_unread_hours_threshold| to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: 50
max_initial_messages: {{ matrix_mautrix_signal_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:

11
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.1.0
matrix_mautrix_slack_version: v0.1.1
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
@ -55,6 +55,12 @@ matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot
matrix_mautrix_slack_backfill_enabled: true
matrix_mautrix_slack_backfill_max_initial_messages: 50
matrix_mautrix_slack_backfill_max_catchup_messages: 500
matrix_mautrix_slack_backfill_unread_hours_threshold: 720
matrix_mautrix_slack_backfill_threads_max_initial_messages: 50
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn'
@ -142,6 +148,9 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml |
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
# This pickle key value is backward-compatible with the old bridge.
# See: https://github.com/mautrix/slack/releases/tag/v0.1.0
matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsapp
matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: ''

3
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -98,6 +98,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template:

16
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
View File

@ -244,9 +244,7 @@ appservice:
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users.
# {% raw %}
# {{.}} is replaced with the internal ID of the user.
# {% endraw %}
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: "{% raw %}slack_{{.}}{% endraw %}"
# Config options that affect the Matrix connector of the bridge.
@ -319,18 +317,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: false
enabled: {{ matrix_mautrix_slack_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: 50
max_initial_messages: {{ matrix_mautrix_slack_backfill_max_initial_messages | to_json }}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: 500
max_catchup_messages: {{ matrix_mautrix_slack_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: 720
unread_hours_threshold: {{ matrix_mautrix_slack_backfill_unread_hours_threshold| to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: 50
max_initial_messages: {{ matrix_mautrix_slack_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
@ -378,7 +376,7 @@ encryption:
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: generate
pickle_key: {{ matrix_mautrix_slack_bridge_encryption_pickle_key | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms

10
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -1,10 +1,5 @@
# File : roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
# Author : Pierre (McFly) Marty <paq.marty@gmail.com>
# Date : 17.01.2024
# Last Modified Date: 17.01.2024
# Last Modified By : Pierre (McFly) Marty <paq.marty@gmail.com>
# -----
---
# mautrix-telegram is a Matrix <-> Telegram bridge
# Project source code URL: https://github.com/mautrix/telegram
@ -204,6 +199,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml | from_yaml | combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
matrix_mautrix_telegram_sender_localpart: "telegrambot"
matrix_mautrix_telegram_registration_yaml: |
id: telegram
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@ -222,6 +219,7 @@ matrix_mautrix_telegram_registration_yaml: |
url: {{ matrix_mautrix_telegram_appservice_address }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml | from_yaml }}"

3
roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -153,6 +153,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_telegram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-telegram.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
View File

@ -82,6 +82,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_twitter_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-twitter.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -141,6 +141,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_whatsapp_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-whatsapp.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml
View File

@ -96,6 +96,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_wsproxy_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-wsproxy.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
View File

@ -50,7 +50,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_discord_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -117,6 +117,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-discord.service installed
ansible.builtin.template:

6
roles/custom/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
View File

@ -70,7 +70,7 @@ namePatterns:
#
# name: username of the user
# discriminator: hashtag of the user (ex. #1234)
user: :name
user: ":name (#:discriminator) (via Discord)"
# A user's guild-specific displayname - if they've set a custom nick in
# a guild
@ -82,7 +82,7 @@ namePatterns:
# displayname: the user's custom group-specific nick
# channel: the name of the channel
# guild: the name of the guild
userOverride: :name
userOverride: ":displayname (:name#:discriminator) (via Discord)"
# Room names for bridged Discord channels
#
@ -90,7 +90,7 @@ namePatterns:
#
# name: name of the channel
# guild: name of the guild
room: :name
room: "#:name (:guild on Discord)"
# Group names for bridged Discord servers
#

3
roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -118,6 +118,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_groupme_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-groupme.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -97,6 +97,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-instagram.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
View File

@ -44,7 +44,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,6 +128,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-slack.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_steam_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -118,6 +118,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_steam_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-steam.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
devture_postgres_db_migration_request:
postgres_db_migration_request:
src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,6 +128,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_twitter_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-twitter.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-sms/tasks/setup_install.yml
View File

@ -51,6 +51,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_sms_bridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-sms-bridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-wechat/tasks/install.yml
View File

@ -113,6 +113,7 @@
community.general.docker_network:
name: "{{ matrix_wechat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-wechat.service installed
ansible.builtin.template:

2
roles/custom/matrix-cactus-comments-client/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
matrix_cactus_comments_client_public_path_file_permissions: "0644"
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_cactus_comments_client_version: 2.32.2
matrix_cactus_comments_client_version: 2.33.0
matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"

1
roles/custom/matrix-cactus-comments-client/tasks/install.yml
View File

@ -76,6 +76,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_cactus_comments_client_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-cactus-comments-client.service installed
ansible.builtin.template:

1
roles/custom/matrix-client-cinny/tasks/setup_install.yml
View File

@ -69,6 +69,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_cinny_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-cinny.service installed
ansible.builtin.template:

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=vectorim/element-web
matrix_client_element_version: v1.11.77
matrix_client_element_version: v1.11.79
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

14
roles/custom/matrix-client-element/tasks/setup_install.yml
View File

@ -90,6 +90,19 @@
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is not none"
- name: Copy Element costum files
copy:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
when: false
#when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element config files removed
ansible.builtin.file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"
@ -103,6 +116,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_element_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-element.service installed
ansible.builtin.template:

2
roles/custom/matrix-client-element/templates/welcome.html.j2
View File

@ -33,7 +33,7 @@ h1::after {
}
.mx_Logo {
height: 54px;
height: 92px;
margin-top: 2px;
}

1
roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
View File

@ -81,6 +81,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_hydrogen_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-hydrogen.service installed
ansible.builtin.template:

1
roles/custom/matrix-client-schildichat/tasks/setup_install.yml
View File

@ -102,6 +102,7 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_schildichat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-schildichat.service installed
ansible.builtin.template:

Some files were not shown because too many files have changed in this diff Show More