Compare commits

..

3 Commits

70 changed files with 171 additions and 1099 deletions

View File

@ -1,22 +0,0 @@
name: Ansible Lint
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Lint Ansible Playbook
uses: ansible/ansible-lint-action@c37fb7b4bda2c8cb18f4942716bae9f11b0dc9bc
with:
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
targets: "./"
override-deps: |
ansible-lint==5.3.1
args: "-x metadata, formatting"

View File

@ -1,19 +1,3 @@
# 2021-12-22
## Twitter bridging support via mautrix-twitter
Thanks to [Matthew Cengia](https://github.com/mattcen) and [Shreyas Ajjarapu](https://github.com/shreyasajj), besides [mx-puppet-twitter](docs/configuring-playbook-bridge-mx-puppet-twitter.md), bridging to [Twitter](https://twitter.com/) can now also happen with [mautrix-twitter](docs/configuring-playbook-bridge-mautrix-twitter.md).
# 2021-12-14
## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability
Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable.
One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md).
# 2021-11-11
## Dropped support for Postgres v9.6

View File

@ -51,8 +51,6 @@ Using this playbook, you can get the following services configured on your serve
- (optional) the [mautrix-facebook](https://github.com/mautrix/facebook) bridge for bridging your Matrix server to [Facebook](https://facebook.com/)
- (optional) the [mautrix-twitter](https://github.com/mautrix/twitter) bridge for bridging your Matrix server to [Twitter](https://twitter.com/)
- (optional) the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge for bridging your Matrix server to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts)
- (optional) the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge for bridging your Matrix server to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat)

View File

@ -51,7 +51,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.11.6-r1
docker.io/devture/ansible:2.10.7-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).

View File

@ -1,37 +0,0 @@
# Setting up Mautrix Twitter (optional)
**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mx-puppet-twitter](configuring-playbook-bridge-mx-puppet-twitter.md) bridge supported by the playbook.
The playbook can install and configure [mautrix-twitter](https://github.com/tulir/mautrix-twitter) for you.
See the project's [documentation](https://github.com/tulir/mautrix-twitter/wiki#usage) to learn what it does and why it might be useful to you.
```yaml
matrix_mautrix_twitter_enabled: true
```
## Set up Double Puppeting
If you'd like to use [Double Puppeting](https://github.com/tulir/mautrix-twitter/wiki/Authentication#double-puppeting) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) for this playbook.
This is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
### Method 2: manually, by asking each user to provide a working access token
This method is currently not available for the Mautrix-Twitter bridge, but is on the [roadmap](https://github.com/tulir/mautrix-twitter/blob/master/ROADMAP.md) under Misc/Manual login with `login-matrix`
## Usage
1. You then need to start a chat with `@twitterbot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
2. Send login-cookie to start the login. The bot should respond with instructions on how to proceed.
You can learn more here about authentication from the bridge's [official documentation on Authentication](https://docs.mau.fi/bridges/python/twitter/authentication.html).
If you run into trouble, check the [Troubleshooting](#troubleshooting) section below.
After successfully enabling bridging, you may wish to [set up Double Puppeting](#set-up-double-puppeting), if you haven't already done so.

View File

@ -1,7 +1,5 @@
# Setting up MX Puppet Twitter (optional)
**Note**: bridging to [Twitter](https://twitter.com/) can also happen via the [mautrix-twitter](configuring-playbook-bridge-mautrix-twitter.md) bridge supported by the playbook.
The playbook can install and configure
[mx-puppet-twitter](https://github.com/Sorunome/mx-puppet-twitter) for you.

View File

@ -41,23 +41,13 @@ If you're fine with such an open Jitsi instance, please skip to [Apply changes](
If you would like to control who is allowed to open meetings on your new Jitsi instance, then please follow this step to enable Jitsi's authentication and guests mode. With authentication enabled, all meeting rooms have to be opened by a registered user, after which guests are free to join. If a registered host is not yet present, guests are put on hold in individual waiting rooms.
Add these lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
Add these two lines to your `inventory/host_vars/matrix.DOMAIN/vars.yml` configuration:
```yaml
matrix_jitsi_enable_auth: true
matrix_jitsi_enable_guests: true
matrix_jitsi_prosody_auth_internal_accounts:
- username: "jitsi-moderator"
password: "secret-password"
- username: "another-user"
password: "another-password"
```
**Caution:** Accounts added here and subsquently removed will not be automatically removed from the Prosody server until user account cleaning is integrated into the playbook.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
### (Optional) LDAP authentication
The default authentication mode of Jitsi is `internal`, however LDAP is also supported. An example LDAP configuration could be:
@ -132,6 +122,19 @@ You may want to **limit the maximum video resolution**, to save up resources on
Then re-run the playbook: `ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start`
## Required if configuring Jitsi with internal authentication: register new users
Until this gets integrated into the playbook, we need to register new users / meeting hosts for Jitsi manually.
Please SSH into your matrix host machine and execute the following command targeting the `matrix-jitsi-prosody` container:
```bash
docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register <USERNAME> meet.jitsi <PASSWORD>
```
Run this command for each user you would like to create, replacing `<USERNAME>` and `<PASSWORD>` accordingly. After you've finished, please exit the host.
**If you get an error** like this: "Error: Account creation/modification not supported.", it's likely that you had previously installed Jitsi without auth/guest support. In such a case, you should look into [Rebuilding your Jitsi installation](#rebuilding-your-jitsi-installation).
## Usage

View File

@ -102,8 +102,6 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up Mautrix Instagram bridging](configuring-playbook-bridge-mautrix-instagram.md) (optional)
- [Setting up Mautrix Twitter bridging](configuring-playbook-bridge-mautrix-twitter.md) (optional)
- [Setting up Mautrix Signal bridging](configuring-playbook-bridge-mautrix-signal.md) (optional)
- [Setting up Appservice IRC bridging](configuring-playbook-bridge-appservice-irc.md) (optional)

View File

@ -46,8 +46,6 @@ These services are not part of our default installation, but can be enabled by [
- [mautrix/facebook](https://mau.dev/mautrix/facebook/container_registry) - the [mautrix-facebook](https://github.com/mautrix/facebook) bridge to [Facebook](https://facebook.com/) (optional)
- [tulir/mautrix-twitter](https://mau.dev/mautrix/twitter/container_registry) - the [mautrix-twitter](https://github.com/tulir/mautrix-twitter) bridge to [Twitter](https://twitter.com/) (optional)
- [mautrix/hangouts](https://mau.dev/mautrix/hangouts/container_registry) - the [mautrix-hangouts](https://github.com/mautrix/hangouts) bridge to [Google Hangouts](https://en.wikipedia.org/wiki/Google_Hangouts) (optional)
- [mautrix/googlechat](https://mau.dev/mautrix/googlechat/container_registry) - the [mautrix-googlechat](https://github.com/mautrix/googlechat) bridge to [Google Chat](https://en.wikipedia.org/wiki/Google_Chat) (optional)

View File

@ -18,13 +18,11 @@ List of roles where self-building the Docker image is currently possible:
- `matrix-registration`
- `matrix-coturn`
- `matrix-corporal`
- `matrix-dimension`
- `matrix-ma1sd`
- `matrix-mailer`
- `matrix-bridge-appservice-irc`
- `matrix-bridge-appservice-slack`
- `matrix-bridge-appservice-webhooks`
- `matrix-bridge-beeper-linkedin`
- `matrix-bridge-mautrix-facebook`
- `matrix-bridge-mautrix-hangouts`
- `matrix-bridge-mautrix-googlechat`

View File

@ -27,10 +27,6 @@ matrix.DOMAIN.tld {
not path /matrix/static-files/*
}
@wellknown {
path /.well-known/matrix/*
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
@ -73,15 +69,6 @@ matrix.DOMAIN.tld {
}
}
handle @wellknown {
encode zstd gzip
root * /matrix/static-files
header Cache-Control max-age=14400
header Content-Type application/json
header Access-Control-Allow-Origin *
file_server
}
handle {
encode zstd gzip
@ -115,17 +102,17 @@ element.DOMAIN.tld {
# tls your@email.com
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
}
handle {
encode zstd gzip

View File

@ -113,7 +113,7 @@ matrix_appservice_webhooks_container_http_host_bind_port: "{{ '' if matrix_nginx
matrix_appservice_webhooks_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.as.token') | to_uuid }}"
matrix_appservice_webhooks_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_webhooks_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_appservice_webhooks_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.hs.token') | to_uuid }}"
matrix_appservice_webhooks_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'webhook.id.token') | to_uuid }}"
@ -152,7 +152,7 @@ matrix_appservice_slack_container_http_host_bind_port: "{{ '' if matrix_nginx_pr
matrix_appservice_slack_appservice_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.as.token') | to_uuid }}"
matrix_appservice_slack_homeserver_url: "{{ matrix_homeserver_container_url }}"
matrix_appservice_slack_homeserver_url: "http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}"
matrix_appservice_slack_homeserver_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.hs.token') | to_uuid }}"
matrix_appservice_slack_id_token: "{{ '%s' | format(matrix_synapse_macaroon_secret_key) | password_hash('sha512', 'slack.id.token') | to_uuid }}"
@ -229,8 +229,6 @@ matrix_appservice_irc_database_password: "{{ '%s' | format(matrix_synapse_macaro
# We don't enable bridges by default.
matrix_beeper_linkedin_enabled: false
matrix_beeper_linkedin_container_image_self_build: "{{ matrix_architecture not in ['amd64'] }}"
matrix_beeper_linkedin_systemd_required_services_list: |
{{
['docker.service']
@ -513,45 +511,6 @@ matrix_mautrix_telegram_database_password: "{{ '%s' | format(matrix_synapse_maca
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-twitter
#
######################################################################
# We don't enable bridges by default.
matrix_mautrix_twitter_enabled: false
matrix_mautrix_twitter_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm64'] }}"
matrix_mautrix_twitter_systemd_required_services_list: |
{{
['docker.service']
+
(['matrix-synapse.service'] if matrix_synapse_enabled else [])
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_mautrix_twitter_appservice_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.as.token') | to_uuid }}"
matrix_mautrix_twitter_homeserver_token: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'twt.hs.token') | to_uuid }}"
matrix_mautrix_twitter_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# We'd like to force-set people with external Postgres to SQLite, so the bridge role can complain
# and point them to a migration path.
matrix_mautrix_twitter_database_engine: "{{ 'postgres' if matrix_postgres_enabled else '' }}"
matrix_mautrix_twitter_database_password: "{{ matrix_synapse_macaroon_secret_key | password_hash('sha512', 'mau.twt.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-mautrix-twitter
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-whatsapp
@ -1086,8 +1045,6 @@ matrix_coturn_container_additional_volumes: |
matrix_dimension_enabled: false
matrix_dimension_container_image_self_build: "{{ matrix_architecture != 'amd64' }}"
# Normally, matrix-nginx-proxy is enabled and nginx can reach Dimension over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Dimension HTTP port to the local host.
@ -1552,12 +1509,6 @@ matrix_postgres_additional_databases: |
'password': matrix_mautrix_telegram_database_password,
}] if (matrix_mautrix_telegram_enabled and matrix_mautrix_telegram_database_engine == 'postgres' and matrix_mautrix_telegram_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_twitter_database_name,
'username': matrix_mautrix_twitter_database_username,
'password': matrix_mautrix_twitter_database_password,
}] if (matrix_mautrix_twitter_enabled and matrix_mautrix_twitter_database_engine == 'postgres' and matrix_mautrix_twitter_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_whatsapp_database_name,
'username': matrix_mautrix_whatsapp_database_username,

View File

@ -1,6 +1 @@
matrix_awx_enabled: true
# Defaults for 'Customise Website + Access Export' template
awx_sftp_auth_method: 'Disabled'
awx_sftp_password: ''
awx_sftp_public_key: ''

View File

@ -29,9 +29,9 @@
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip
- name: Collect access token for @admin-janitor user
- name: Collect access token for @_janitor user
shell: |
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
curl -X POST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token
no_log: True

View File

@ -21,9 +21,9 @@
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: awx_synapse_container_ip
- name: Collect access token for @admin-janitor user
- name: Collect access token for @_janitor user
shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
curl -XPOST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token
no_log: True

View File

@ -50,14 +50,12 @@
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_stat
async: 600
ignore_errors: yes
no_log: True
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_stat
async: 600
ignore_errors: yes
no_log: True

View File

@ -12,9 +12,9 @@
- curl
state: present
- name: Collect access token of @admin-dimension user
- name: Collect access token of @_dimension user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "_dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX

View File

@ -3,13 +3,14 @@
matrix_bot_mjolnir_enabled: true
matrix_bot_mjolnir_version: "v1.2.1"
matrix_bot_mjolnir_version: "v1.1.20"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"
matrix_bot_mjolnir_docker_image: "{{ matrix_bot_mjolnir_docker_image_name_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
matrix_bot_mjolnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_mjolnir_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"

View File

@ -48,7 +48,7 @@ matrix_appservice_discord_bridge_enableSelfServiceBridging: false
#
# To use Postgres:
# - change the engine (`matrix_appservice_discord_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_appservice_discord_database_*` variables
# - adjust your database credentials via the `matrix_appservice_discord_postgres_*` variables
matrix_appservice_discord_database_engine: 'sqlite'
matrix_appservice_discord_sqlite_database_path_local: "{{ matrix_appservice_discord_data_path }}/discord.db"

View File

@ -22,6 +22,8 @@ matrix_appservice_webhooks_docker_src_files_path: "{{ matrix_appservice_webhooks
matrix_appservice_webhooks_public_endpoint: /appservice-webhooks
matrix_appservice_webhooks_inbound_uri_prefix: "{{ matrix_homeserver_url }}{{ matrix_appservice_webhooks_public_endpoint }}"
# Once you make a control room in Matrix, you can get its ID by typing any message and checking its source
matrix_appservice_webhooks_control_room_id: ''
matrix_appservice_webhooks_bot_name: 'webhookbot'
matrix_appservice_webhooks_user_prefix: '_webhook'

View File

@ -4,21 +4,13 @@
matrix_beeper_linkedin_enabled: true
matrix_beeper_linkedin_version: v0.5.1
# See: https://gitlab.com/beeper/linkedin/container_registry
matrix_beeper_linkedin_docker_image: "{{ matrix_beeper_linkedin_docker_image_name_prefix }}beeper/linkedin:{{ matrix_beeper_linkedin_docker_image_tag }}"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image_tag.startswith('latest') }}"
matrix_beeper_linkedin_docker_image_name_prefix: "{{ 'localhost/' if matrix_beeper_linkedin_container_image_self_build else 'registry.gitlab.com/' }}"
matrix_beeper_linkedin_docker_image_tag: "{{ 'latest' if matrix_beeper_linkedin_version == 'master' else matrix_beeper_linkedin_version }}-{{ matrix_architecture }}"
matrix_beeper_linkedin_container_image_self_build: false
matrix_beeper_linkedin_container_image_self_build_repo: "https://gitlab.com/beeper/linkedin"
matrix_beeper_linkedin_container_image_self_build_branch: "{{ matrix_beeper_linkedin_version }}"
matrix_beeper_linkedin_docker_image: "registry.gitlab.com/beeper/linkedin:{{ matrix_beeper_linkedin_version }}-amd64"
matrix_beeper_linkedin_docker_image_force_pull: "{{ matrix_beeper_linkedin_docker_image.endswith(':latest-amd64') }}"
matrix_beeper_linkedin_base_path: "{{ matrix_base_data_path }}/beeper-linkedin"
matrix_beeper_linkedin_config_path: "{{ matrix_beeper_linkedin_base_path }}/config"
matrix_beeper_linkedin_data_path: "{{ matrix_beeper_linkedin_base_path }}/data"
matrix_beeper_linkedin_docker_src_files_path: "{{ matrix_beeper_linkedin_base_path }}/docker-src"
matrix_beeper_linkedin_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_beeper_linkedin_homeserver_domain: "{{ matrix_domain }}"

View File

@ -7,20 +7,6 @@
msg: >-
The matrix-bridge-beeper-linkedin role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- name: Ensure Beeper LinkedIn paths exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_beeper_linkedin_base_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_config_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_data_path }}", when: true }
- { path: "{{ matrix_beeper_linkedin_docker_src_files_path }}", when: "{{ matrix_beeper_linkedin_container_image_self_build }}" }
when: "item.when|bool"
- name: Ensure Beeper LinkedIn image is pulled
docker_image:
@ -28,42 +14,18 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_beeper_linkedin_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_docker_image_force_pull }}"
when: "not matrix_beeper_linkedin_container_image_self_build|bool"
- block:
- name: Ensure Beeper LinkedIn repository is present on self-build
git:
repo: "{{ matrix_beeper_linkedin_container_image_self_build_repo }}"
dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
force: "yes"
register: matrix_beeper_linkedin_git_pull_results
# Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated.
# See: https://gitlab.com/beeper/linkedin/-/blob/94442db17ccb9769b377cdb8e4bf1cb3955781d7/.gitlab-ci.yml#L30-40
- name: Ensure docker-requirements.txt is generated before building Beeper LinkedIn Docker Image
command: |
{{ matrix_host_command_docker }} run \
--rm \
--entrypoint=/bin/sh \
--mount type=bind,src={{ matrix_beeper_linkedin_docker_src_files_path }},dst=/work \
-w /work \
docker.io/python:3.9.6-buster \
-c "pip install poetry && poetry export --without-hashes -E e2be -E images -E metrics | sed 's/==.*//g' > docker-requirements.txt"
- name: Ensure Beeper LinkedIn Docker image is built
docker_image:
name: "{{ matrix_beeper_linkedin_docker_image }}"
source: build
force_source: "{{ matrix_beeper_linkedin_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_beeper_linkedin_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
pull: yes
args:
TARGETARCH: "{{ matrix_architecture }}"
when: "matrix_beeper_linkedin_container_image_self_build|bool"
- name: Ensure Beeper LinkedIn paths exists
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_beeper_linkedin_base_path }}"
- "{{ matrix_beeper_linkedin_config_path }}"
- "{{ matrix_beeper_linkedin_data_path }}"
- name: Ensure beeper-linkedin config.yaml installed
copy:

View File

@ -3,7 +3,7 @@
matrix_heisenbridge_enabled: true
matrix_heisenbridge_version: 1.8.0
matrix_heisenbridge_version: 1.7.1
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"

View File

@ -42,7 +42,7 @@ matrix_mautrix_facebook_homeserver_token: ''
# - plan your migration to Postgres, as this bridge does not support SQLite anymore (and neither will the playbook in the future).
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_facebook_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_facebook_postgres_*` variables
matrix_mautrix_facebook_database_engine: 'postgres'
matrix_mautrix_facebook_sqlite_database_path_local: "{{ matrix_mautrix_facebook_data_path }}/mautrix-facebook.db"

View File

@ -47,7 +47,7 @@ matrix_mautrix_googlechat_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_googlechat_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_googlechat_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_googlechat_postgres_*` variables
matrix_mautrix_googlechat_database_engine: 'sqlite'
matrix_mautrix_googlechat_sqlite_database_path_local: "{{ matrix_mautrix_googlechat_data_path }}/mautrix-googlechat.db"

View File

@ -47,7 +47,7 @@ matrix_mautrix_hangouts_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_hangouts_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_hangouts_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_hangouts_postgres_*` variables
matrix_mautrix_hangouts_database_engine: 'sqlite'
matrix_mautrix_hangouts_sqlite_database_path_local: "{{ matrix_mautrix_hangouts_data_path }}/mautrix-hangouts.db"

View File

@ -37,7 +37,7 @@ matrix_mautrix_instagram_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_instagram_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_instagram_postgres_*` variables
matrix_mautrix_instagram_database_engine: 'postgres'
matrix_mautrix_instagram_database_username: 'matrix_mautrix_instagram'

View File

@ -43,7 +43,7 @@ appservice:
bot_username: {{ matrix_mautrix_instagram_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Instagram bridge bot
bot_displayname: instagram bridge bot
bot_avatar: mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv
# Community ID for bridged users (changes registration file) and rooms.

View File

@ -17,7 +17,7 @@ matrix_mautrix_signal_daemon_container_self_build: false
matrix_mautrix_signal_daemon_docker_repo: "https://mau.dev/maunium/signald.git"
matrix_mautrix_signal_daemon_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-signald/docker-src"
matrix_mautrix_signal_daemon_docker_image: "docker.io/signald/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image: "dock.mau.dev/maunium/signald:{{ matrix_mautrix_signal_daemon_version }}"
matrix_mautrix_signal_daemon_docker_image_force_pull: "{{ matrix_mautrix_signal_daemon_docker_image.endswith(':latest') }}"
matrix_mautrix_signal_base_path: "{{ matrix_base_data_path }}/mautrix-signal"

View File

@ -63,7 +63,7 @@ matrix_mautrix_telegram_homeserver_token: ''
#
# To use Postgres:
# - change the engine (`matrix_mautrix_telegram_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_telegram_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_telegram_postgres_*` variables
matrix_mautrix_telegram_database_engine: 'sqlite'
matrix_mautrix_telegram_sqlite_database_path_local: "{{ matrix_mautrix_telegram_data_path }}/mautrix-telegram.db"

View File

@ -1,103 +0,0 @@
# mautrix-twitter is a Matrix <-> Twitter bridge
# See: https://github.com/tulir/mautrix-twitter
matrix_mautrix_twitter_enabled: true
matrix_mautrix_twitter_container_image_self_build: false
matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/tulir/mautrix-twitter.git"
matrix_mautrix_twitter_version: latest
# See: https://mau.dev/tulir/mautrix-twitter/container_registry
matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
matrix_mautrix_twitter_docker_image_force_pull: "{{ matrix_mautrix_twitter_docker_image.endswith(':latest') }}"
matrix_mautrix_twitter_base_path: "{{ matrix_base_data_path }}/mautrix-twitter"
matrix_mautrix_twitter_config_path: "{{ matrix_mautrix_twitter_base_path }}/config"
matrix_mautrix_twitter_data_path: "{{ matrix_mautrix_twitter_base_path }}/data"
matrix_mautrix_twitter_docker_src_files_path: "{{ matrix_mautrix_twitter_base_path }}/docker-src"
matrix_mautrix_twitter_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_mautrix_twitter_homeserver_domain: '{{ matrix_domain }}'
matrix_mautrix_twitter_appservice_address: 'http://matrix-mautrix-twitter:29327'
# A list of extra arguments to pass to the container
matrix_mautrix_twitter_container_extra_arguments: []
# List of systemd services that matrix-mautrix-twitter.service depends on.
matrix_mautrix_twitter_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-mautrix-twitter.service wants
matrix_mautrix_twitter_systemd_wanted_services_list: []
matrix_mautrix_twitter_appservice_token: ''
matrix_mautrix_twitter_homeserver_token: ''
# Database-related configuration fields.
#
# To use Postgres:
# - adjust your database credentials via the `matrix_mautrix_twitter_postgres_*` variables
matrix_mautrix_twitter_database_engine: 'postgres'
matrix_mautrix_twitter_database_username: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_password: 'some-password'
matrix_mautrix_twitter_database_hostname: 'matrix-postgres'
matrix_mautrix_twitter_database_port: 5432
matrix_mautrix_twitter_database_name: 'matrix_mautrix_twitter'
matrix_mautrix_twitter_database_connection_string: 'postgres://{{ matrix_mautrix_twitter_database_username }}:{{ matrix_mautrix_twitter_database_password }}@{{ matrix_mautrix_twitter_database_hostname }}:{{ matrix_mautrix_twitter_database_port }}/{{ matrix_mautrix_twitter_database_name }}'
matrix_mautrix_twitter_appservice_database: "{{
{
'postgres': matrix_mautrix_twitter_database_connection_string,
}[matrix_mautrix_twitter_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_mautrix_twitter_login_shared_secret: ''
matrix_mautrix_twitter_bridge_login_shared_secret_map: "{{ {matrix_mautrix_twitter_homeserver_domain: matrix_mautrix_twitter_login_shared_secret} if matrix_mautrix_twitter_login_shared_secret else {} }}"
matrix_mautrix_twitter_appservice_bot_username: twitterbot
# Default configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_mautrix_twitter_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_mautrix_twitter_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_mautrix_twitter_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_mautrix_twitter_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_mautrix_twitter_configuration_yaml`.
matrix_mautrix_twitter_configuration_extension: "{{ matrix_mautrix_twitter_configuration_extension_yaml|from_yaml if matrix_mautrix_twitter_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_twitter_configuration_yaml`.
matrix_mautrix_twitter_configuration: "{{ matrix_mautrix_twitter_configuration_yaml|from_yaml|combine(matrix_mautrix_twitter_configuration_extension, recursive=True) }}"
matrix_mautrix_twitter_registration_yaml: |
id: twitter
as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
namespaces:
users:
- exclusive: true
regex: '^@twitter_.+:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
- exclusive: true
regex: '^@{{ matrix_mautrix_twitter_appservice_bot_username|regex_escape }}:{{ matrix_mautrix_twitter_homeserver_domain|regex_escape }}$'
url: {{ matrix_mautrix_twitter_appservice_address }}
# See https://github.com/tulir/mautrix-signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_twitter_appservice_bot_username }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
matrix_mautrix_twitter_registration: "{{ matrix_mautrix_twitter_registration_yaml|from_yaml }}"

View File

@ -1,23 +0,0 @@
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-twitter.service'] }}"
when: matrix_mautrix_twitter_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{ matrix_synapse_container_extra_arguments|default([]) }}
+
["--mount type=bind,src={{ matrix_mautrix_twitter_config_path }}/registration.yaml,dst=/matrix-mautrix-twitter-registration.yaml,ro"]
matrix_synapse_app_service_config_files: >
{{ matrix_synapse_app_service_config_files|default([]) }}
+
{{ ["/matrix-mautrix-twitter-registration.yaml"] }}
when: matrix_mautrix_twitter_enabled|bool
# ansible lower than 2.8, does not support docker_image build parameters
# for self buildig it is explicitly needed, so we rather fail here
- name: Fail if running on Ansible lower than 2.8 and trying self building
fail:
msg: "To self build Mautrix Twitter image, you should usa ansible 2.8 or higher. E.g. pip contains such packages."
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_mautrix_twitter_container_image_self_build"

View File

@ -1,21 +0,0 @@
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_mautrix_twitter_enabled|bool"
tags:
- setup-all
- setup-mautrix-twitter

View File

@ -1,88 +0,0 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-mautrix-twitter role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_mautrix_twitter_requires_restart: false
- name: Ensure Mautrix Twitter image is pulled
docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_mautrix_twitter_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_mautrix_twitter_docker_image_force_pull }}"
when: matrix_mautrix_twitter_enabled|bool and not matrix_mautrix_twitter_container_image_self_build
- name: Ensure Mautrix Twitter paths exist
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- { path: "{{ matrix_mautrix_twitter_base_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_config_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_data_path }}", when: true }
- { path: "{{ matrix_mautrix_twitter_docker_src_files_path }}", when: "{{ matrix_mautrix_twitter_container_image_self_build }}" }
when: item.when|bool
- name: Ensure Mautrix Twitter repository is present on self-build
git:
repo: "{{ matrix_mautrix_twitter_container_image_self_build_repo }}"
dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
# version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
force: "yes"
register: matrix_mautrix_twitter_git_pull_results
when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build"
- name: Ensure Mautrix Twitter Docker image is built
docker_image:
name: "{{ matrix_mautrix_twitter_docker_image }}"
source: build
force_source: "{{ matrix_mautrix_twitter_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
pull: yes
when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build|bool"
- name: Ensure mautrix-twitter config.yaml installed
copy:
content: "{{ matrix_mautrix_twitter_configuration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_twitter_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure mautrix-twitter registration.yaml installed
copy:
content: "{{ matrix_mautrix_twitter_registration|to_nice_yaml }}"
dest: "{{ matrix_mautrix_twitter_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-mautrix-twitter.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-mautrix-twitter.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
mode: 0644
register: matrix_mautrix_twitter_systemd_service_result
- name: Ensure systemd reloaded after matrix-mautrix-twitter.service installation
service:
daemon_reload: yes
when: "matrix_mautrix_twitter_systemd_service_result.changed"
- name: Ensure matrix-mautrix-twitter.service restarted, if necessary
service:
name: "matrix-mautrix-twitter.service"
state: restarted
when: "matrix_mautrix_twitter_requires_restart|bool"

View File

@ -1,24 +0,0 @@
---
- name: Check existence of matrix-mautrix-twitter service
stat:
path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
register: matrix_mautrix_twitter_service_stat
- name: Ensure matrix-mautrix-twitter is stopped
service:
name: matrix-mautrix-twitter
state: stopped
daemon_reload: yes
when: "matrix_mautrix_twitter_service_stat.stat.exists"
- name: Ensure matrix-mautrix-twitter.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-mautrix-twitter.service"
state: absent
when: "matrix_mautrix_twitter_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-mautrix-twitter.service removal
service:
daemon_reload: yes
when: "matrix_mautrix_twitter_service_stat.stat.exists"

View File

@ -1,18 +0,0 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_twitter_appservice_token"
- "matrix_mautrix_twitter_homeserver_token"
- name: Fail if database is not defined
fail:
msg: >-
You need to define a need to set `matrix_mautrix_twitter_database_engine: postgres` and redefine the other `matrix_mautrix_twitter_database_*` variables
when: "vars[item] == ''"
with_items:
- "matrix_mautrix_twitter_database_engine"

View File

@ -1,209 +0,0 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_mautrix_twitter_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_mautrix_twitter_homeserver_domain }}
# Whether or not to verify the SSL certificate of the homeserver.
# Only applies if address starts with https://
verify_ssl: true
asmux: false
# Application service host/registration related details
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_twitter_appservice_address }}
# When using https:// the TLS certificate and key files for the address.
tls_cert: false
tls_key: false
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 29327
# The maximum body size of appservice API requests (from the homeserver) in mebibytes
# Usually 1 is enough, but on high-traffic bridges you might need to increase this to avoid 413s
max_body_size: 1
# The full URI to the database. Only Postgres is currently supported.
database: {{ matrix_mautrix_twitter_appservice_database|to_json }}
# Additional arguments for asyncpg.create_pool()
# https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.pool.create_pool
database_opts:
min_size: 5
max_size: 10
# Provisioning API part of the web server for automated portal creation and fetching information.
# Used by things like mautrix-manager (https://github.com/tulir/mautrix-manager).
provisioning:
# Whether or not the provisioning API should be enabled.
enabled: true
# The prefix to use in the provisioning API endpoints.
prefix: /_matrix/provision/v1
# The shared secret to authorize users of the API.
# Set to "generate" to generate and save a new token.
shared_secret: generate
# The unique ID of this appservice.
id: twitter
# Username of the appservice bot.
bot_username: {{ matrix_mautrix_twitter_appservice_bot_username|to_json }}
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
bot_displayname: Twitter bridge bot
bot_avatar: mxc://maunium.net/HVHcnusJkQcpVcsVGZRELLCn
# Community ID for bridged users (changes registration file) and rooms.
# Must be created manually.
#
# Example: "+twitter:example.com". Set to false to disable.
community_id: false
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
# You should disable bridge -> sync_with_custom_puppets when this is enabled.
ephemeral_events: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_mautrix_twitter_appservice_token }}"
hs_token: "{{ matrix_mautrix_twitter_homeserver_token }}"
# Prometheus telemetry config. Requires prometheus-client to be installed.
metrics:
enabled: false
listen_port: 8000
# Bridge config
bridge:
# Localpart template of MXIDs for Twitter users.
# {userid} is replaced with the user ID of the Twitter user.
username_template: "twitter_{userid}"
# Displayname template for Twitter users.
# {displayname} is replaced with the display name of the Twitter user.
# {username} is replaced with the username of the Twitter user.
displayname_template: "{displayname} (Twitter)"
# Maximum length of displayname
displayname_max_length: 100
# Number of conversations to sync (and create portals for) on login.
# Set 0 to disable automatic syncing.
initial_conversation_sync: 10
# Whether or not to use /sync to get read receipts and typing notifications
# when double puppeting is enabled
sync_with_custom_puppets: true
# Whether or not to update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Servers to allow double puppeting from, even if double_puppet_allow_discovery is false.
double_puppet_server_map: {}
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
# If using this for other servers than the bridge's server,
# you must also set the URL in the double_puppet_server_map.
login_shared_secret_map: {{ matrix_mautrix_twitter_bridge_login_shared_secret_map|to_json }}
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: true
# Settings for backfilling messages from Twitter.
#
# Missed message backfilling is currently based on receiving them from the Twitter polling API,
# rather than manually asking for messages in each conversation. Due to this, there's no way to
# set a limit for missed message backfilling.
backfill:
# Whether or not the Twitter users of logged in Matrix users should be
# invited to private chats when backfilling history from Twitter. This is
# usually needed to prevent rate limits and to allow timestamp massaging.
invite_own_puppet: true
# Maximum number of messages to backfill initially.
# Set to 0 to disable backfilling when creating portal.
initial_limit: 0
# If using double puppeting, should notifications be disabled
# while the initial backfill is in progress?
disable_notifications: true
# End-to-bridge encryption support options. You must install the e2be optional dependency for
# this to work. See https://github.com/tulir/mautrix-telegram/wiki/Endtobridge-encryption
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: false
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: false
# Options for automatic key sharing.
key_sharing:
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow: false
# Require the requesting device to have a valid cross-signing signature?
# This doesn't require that the bridge has verified the device, only that the user has verified it.
# Not yet implemented.
require_cross_signing: false
# Require devices to be verified by the bridge?
# Verification by the bridge is not yet implemented.
require_verification: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This will be implicitly enabled if encryption.default is true.
private_chat_portal_meta: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has
# been sent to Twitter.
delivery_receipts: false
# Whether or not delivery errors should be reported as messages in the Matrix room.
delivery_error_reports: false
# Whether or not non-fatal polling errors should send notices to the notice room.
temporary_disconnect_notices: true
# Number of seconds to sleep more than the previous error when a polling error occurs.
# Growth is capped at 15 minutes.
error_sleep: 5
# Maximum number of polling errors before giving up. Set to -1 to retry forever.
max_poll_errors: 12
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it,
# except if the config file is not writable.
resend_bridge_info: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!tw"
# Permissions for using the bridge.
# Permitted values:
# user - Use the bridge with puppeting.
# admin - Use and administrate the bridge.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
'{{ matrix_mautrix_twitter_homeserver_domain }}': user
# Python logging configuration.
#
# See section 16.7.2 of the Python documentation for more info:
# https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema
logging:
version: 1
formatters:
colored:
(): mautrix_twitter.util.ColorFormatter
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
normal:
format: "[%(asctime)s] [%(levelname)s@%(name)s] %(message)s"
handlers:
console:
class: logging.StreamHandler
formatter: colored
loggers:
mau:
level: DEBUG
aiohttp:
level: INFO
root:
level: DEBUG
handlers: [console]

View File

@ -1,42 +0,0 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Mautrix Twitter bridge
{% for service in matrix_mautrix_twitter_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mautrix_twitter_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-mautrix-twitter \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_mautrix_twitter_config_path }}:/config:z \
-v {{ matrix_mautrix_twitter_data_path }}:/data:z \
{% for arg in matrix_mautrix_twitter_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_mautrix_twitter_docker_image }} \
python3 -m mautrix_twitter -c /config/config.yaml --no-update
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-mautrix-twitter 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-mautrix-twitter 2>/dev/null'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-mautrix-twitter
[Install]
WantedBy=multi-user.target

View File

@ -42,7 +42,7 @@ matrix_mautrix_whatsapp_appservice_bot_username: whatsappbot
#
# To use Postgres:
# - change the engine (`matrix_mautrix_whatsapp_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_mautrix_whatsapp_database_*` variables
# - adjust your database credentials via the `matrix_mautrix_whatsapp_postgres_*` variables
matrix_mautrix_whatsapp_database_engine: 'sqlite'
matrix_mautrix_whatsapp_sqlite_database_path_local: "{{ matrix_mautrix_whatsapp_data_path }}/mautrix-whatsapp.db"

View File

@ -27,8 +27,6 @@ matrix_mx_puppet_discord_homeserver_address: "{{ matrix_homeserver_container_url
matrix_mx_puppet_discord_homeserver_domain: '{{ matrix_domain }}'
matrix_mx_puppet_discord_appservice_address: 'http://matrix-mx-puppet-discord:{{ matrix_mx_puppet_discord_appservice_port }}'
matrix_mx_puppet_discord_bridge_mediaUrl: "https:/{{ matrix_server_fqn_matrix }}"
# "@user:server.com" to allow specific user
# "@.*:yourserver.com" to allow users on a specific homeserver
# "@.*" to allow anyone

View File

@ -9,17 +9,17 @@ bridge:
domain: {{ matrix_mx_puppet_discord_homeserver_domain }}
# Reachable URL of the Matrix homeserver
homeserverUrl: {{ matrix_mx_puppet_discord_homeserver_address }}
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
mediaUrl: {{ matrix_mx_puppet_discord_bridge_mediaUrl }}
{% if matrix_mx_puppet_discord_login_shared_secret != '' %}
loginSharedSecretMap:
{{ matrix_domain }}: {{ matrix_mx_puppet_discord_login_shared_secret }}
{% endif %}
# Display name of the bridge bot
displayname: Discord Puppet Bridge
# Optionally specify a different media URL used for the media store
#
# This is where Discord will download user profile pictures and media
# from
#mediaUrl: https://external-url.org
presence:
# Bridge Discord online/offline status

View File

@ -7,7 +7,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.9.8
matrix_client_element_version: v1.9.5
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

View File

@ -1,11 +1,11 @@
---
- name: Create user account @admin-janitor
- name: Create user account @_janitor
command: |
/usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
/usr/local/bin/matrix-synapse-register-user _janitor {{ awx_janitor_user_password | quote }} 1
register: cmd
when: not awx_janitor_user_created|bool
no_log: false
no_log: True
- name: Update AWX janitor user created variable
delegate_to: 127.0.0.1
@ -18,12 +18,12 @@
'awx_janitor_user_created': 'true'
when: not awx_janitor_user_created|bool
- name: Create user account @admin-dimension
- name: Create user account @_dimension
command: |
/usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
/usr/local/bin/matrix-synapse-register-user _dimension {{ awx_dimension_user_password | quote }} 0
register: cmd
when: not awx_dimension_user_created|bool
no_log: false
no_log: True
- name: Update AWX dimension user created variable
delegate_to: 127.0.0.1
@ -36,12 +36,12 @@
'awx_dimension_user_created': 'true'
when: not awx_dimension_user_created|bool
- name: Create user account @admin-mjolnir
- name: Create user account @_mjolnir
command: |
/usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
/usr/local/bin/matrix-synapse-register-user _mjolnir {{ awx_mjolnir_user_password | quote }} 0
register: cmd
when: not awx_mjolnir_user_created|bool
no_log: false
no_log: True
- name: Update AWX dimension user created variable
delegate_to: 127.0.0.1

View File

@ -5,7 +5,7 @@ matrix_coturn_container_image_self_build_repo: "https://github.com/coturn/coturn
matrix_coturn_container_image_self_build_repo_version: "docker/{{ matrix_coturn_version }}"
matrix_coturn_container_image_self_build_repo_dockerfile_path: "docker/coturn/alpine/Dockerfile"
matrix_coturn_version: 4.5.2-r8
matrix_coturn_version: 4.5.2-r4
matrix_coturn_docker_image: "{{ matrix_coturn_docker_image_name_prefix }}coturn/coturn:{{ matrix_coturn_version }}-alpine"
matrix_coturn_docker_image_name_prefix: "{{ 'localhost/' if matrix_coturn_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_coturn_docker_image_force_pull: "{{ matrix_coturn_docker_image.endswith(':latest') }}"

View File

@ -10,16 +10,10 @@ matrix_dimension_admins: []
# Whether to allow Dimension widgets serve websites with invalid or self signed SSL certificates
matrix_dimension_widgets_allow_self_signed_ssl_certificates: false
matrix_dimension_container_image_self_build: false
matrix_dimension_container_image_self_build_repo: "https://github.com/turt2live/matrix-dimension.git"
matrix_dimension_container_image_self_build_branch: master
matrix_dimension_base_path: "{{ matrix_base_data_path }}/dimension"
matrix_dimension_docker_src_files_path: "{{ matrix_base_data_path }}/docker-src/dimension"
matrix_dimension_version: latest
matrix_dimension_docker_image: "{{ matrix_dimension_docker_image_name_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}"
matrix_dimension_docker_image_name_prefix: "{{ 'localhost/' if matrix_dimension_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_dimension_docker_image: "{{ matrix_container_global_registry_prefix }}turt2live/matrix-dimension:{{ matrix_dimension_version }}"
matrix_dimension_docker_image_force_pull: "{{ matrix_dimension_docker_image.endswith(':latest') }}"
# List of systemd services that matrix-dimension.service depends on.
@ -54,7 +48,7 @@ matrix_dimension_homeserver_federationUrl: ""
#
# To use Postgres:
# - change the engine (`matrix_dimension_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_dimension_database_*` variables
# - adjust your database credentials via the `matrix_dimension_postgres_*` variables
matrix_dimension_database_engine: 'sqlite'
matrix_dimension_sqlite_database_path_local: "{{ matrix_dimension_base_path }}/dimension.db"

View File

@ -90,29 +90,6 @@
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_dimension_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_docker_image_force_pull }}"
when: "not matrix_dimension_container_image_self_build|bool"
register: matrix_dimension_pull_results
- name: Ensure dimension repository is present on self-build
git:
repo: "{{ matrix_dimension_container_image_self_build_repo }}"
dest: "{{ matrix_dimension_docker_src_files_path }}"
version: "{{ matrix_dimension_container_image_self_build_branch }}"
force: "yes"
when: "matrix_dimension_container_image_self_build|bool"
register: matrix_dimension_git_pull_results
- name: Ensure Dimension Docker image is built
docker_image:
name: "{{ matrix_dimension_docker_image }}"
source: build
force_source: "{{ matrix_dimension_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_dimension_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_dimension_docker_src_files_path }}"
pull: yes
when: "matrix_dimension_container_image_self_build|bool"
- name: Ensure matrix-dimension.service installed
template:

View File

@ -3,7 +3,7 @@
matrix_grafana_enabled: false
matrix_grafana_version: 8.3.3
matrix_grafana_version: 8.3.0
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"

View File

@ -8,25 +8,11 @@ matrix_jitsi_enable_recording: false
matrix_jitsi_enable_transcriptions: false
matrix_jitsi_enable_p2p: true
matrix_jitsi_enable_av_moderation: true
matrix_jitsi_enable_breakout_rooms: true
# Authentication type, must be one of internal, jwt or ldap.
# Currently only internal and ldap mechanisms are supported by this playbook.
# Authentication type, must be one of internal, jwt or ldap. Currently only
# internal and ldap are supported by this playbook.
matrix_jitsi_auth_type: internal
# A list of Jitsi (Prosody) accounts to create using the internal authentication mechanism.
#
# Accounts added here and subsquently removed will not be automatically removed
# from the Prosody server until user account cleaning is integrated into the playbook.
#
# Example:
# matrix_jitsi_prosody_auth_internal_accounts:
# - username: "jitsi-moderator"
# password: "secret-password"
# - username: "another-user"
# password: "another-password"
matrix_jitsi_prosody_auth_internal_accounts: []
# Configuration options for LDAP authentication. For details see upstream:
# https://github.com/jitsi/docker-jitsi-meet#authentication-using-ldap.
# Defaults are taken from:
@ -68,7 +54,7 @@ matrix_jitsi_jibri_recorder_password: ''
matrix_jitsi_enable_lobby: false
matrix_jitsi_version: stable-6726-1
matrix_jitsi_version: stable-6173
matrix_jitsi_container_image_tag: "{{ matrix_jitsi_version }}" # for backward-compatibility
matrix_jitsi_web_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/web:{{ matrix_jitsi_container_image_tag }}"
@ -77,7 +63,6 @@ matrix_jitsi_web_docker_image_force_pull: "{{ matrix_jitsi_web_docker_image.ends
matrix_jitsi_web_base_path: "{{ matrix_base_data_path }}/jitsi/web"
matrix_jitsi_web_config_path: "{{ matrix_jitsi_web_base_path }}/config"
matrix_jitsi_web_transcripts_path: "{{ matrix_jitsi_web_base_path }}/transcripts"
matrix_jitsi_web_crontabs_path: "{{ matrix_jitsi_web_base_path }}/crontabs"
matrix_jitsi_web_public_url: "https://{{ matrix_server_fqn_jitsi }}"
@ -220,6 +205,7 @@ matrix_jitsi_jicofo_component_secret: ''
matrix_jitsi_jicofo_auth_user: focus
matrix_jitsi_jicofo_auth_password: ''
matrix_jitsi_jvb_docker_image: "{{ matrix_container_global_registry_prefix }}jitsi/jvb:{{ matrix_jitsi_container_image_tag }}"
matrix_jitsi_jvb_docker_image_force_pull: "{{ matrix_jitsi_jvb_docker_image.endswith(':latest') }}"

View File

@ -4,7 +4,7 @@
# Tasks related to setting up jitsi-prosody
#
- name: Ensure Matrix jitsi-prosody environment exists
- name: Ensure Matrix jitsi-prosody path exists
file:
path: "{{ item.path }}"
state: directory
@ -25,14 +25,14 @@
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_jitsi_prosody_docker_image_force_pull }}"
when: matrix_jitsi_enabled|bool
- name: Ensure jitsi-prosody environment variables file is created
- name: Ensure jitsi-prosody environment variables file created
template:
src: "{{ role_path }}/templates/prosody/env.j2"
dest: "{{ matrix_jitsi_prosody_base_path }}/env"
mode: 0640
when: matrix_jitsi_enabled|bool
- name: Ensure matrix-jitsi-prosody.service file is installed
- name: Ensure matrix-jitsi-prosody.service installed
template:
src: "{{ role_path }}/templates/prosody/matrix-jitsi-prosody.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
@ -40,24 +40,16 @@
register: matrix_jitsi_prosody_systemd_service_result
when: matrix_jitsi_enabled|bool
- name: Ensure systemd service is reloaded after matrix-jitsi-prosody.service installation
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service installation
service:
daemon_reload: yes
when: "matrix_jitsi_enabled and matrix_jitsi_prosody_systemd_service_result.changed"
- name: Ensure authentication is properly configured
include_tasks:
file: "{{ role_path }}/tasks/util/setup_jitsi_auth.yml"
when:
- matrix_jitsi_enabled|bool
- matrix_jitsi_enable_auth|bool
#
# Tasks related to getting rid of jitsi-prosody (if it was previously enabled)
#
- name: Ensure matrix-jitsi-prosody.service file exists
- name: Check existence of matrix-jitsi-prosody service
stat:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
register: matrix_jitsi_prosody_service_stat
@ -72,13 +64,13 @@
register: stopping_result
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure matrix-jitsi-prosody.service file doesn't exist
- name: Ensure matrix-jitsi-prosody.service doesn't exist
file:
path: "{{ matrix_systemd_path }}/matrix-jitsi-prosody.service"
state: absent
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"
- name: Ensure systemd is reloaded after matrix-jitsi-prosody.service removal
- name: Ensure systemd reloaded after matrix-jitsi-prosody.service removal
service:
daemon_reload: yes
when: "not matrix_jitsi_enabled|bool and matrix_jitsi_prosody_service_stat.stat.exists"

View File

@ -15,7 +15,6 @@
- { path: "{{ matrix_jitsi_web_base_path }}", when: true }
- { path: "{{ matrix_jitsi_web_config_path }}", when: true }
- { path: "{{ matrix_jitsi_web_transcripts_path }}", when: true }
- { path: "{{ matrix_jitsi_web_crontabs_path }}", when: true }
when: matrix_jitsi_enabled|bool and item.when
- name: Ensure jitsi-web Docker image is pulled

View File

@ -1,43 +0,0 @@
---
#
# Start Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is running
systemd:
state: started
name: matrix-jitsi-prosody
register: matrix_jitsi_prosody_start_result
#
# Tasks related to configuring Jitsi internal authentication
#
- name: Ensure Jitsi internal authentication users are configured
shell: "docker exec matrix-jitsi-prosody prosodyctl --config /config/prosody.cfg.lua register {{ item.username | quote }} meet.jitsi {{ item.password | quote }}"
with_items: "{{ matrix_jitsi_prosody_auth_internal_accounts }}"
when:
- matrix_jitsi_auth_type == "internal"
- matrix_jitsi_prosody_auth_internal_accounts|length > 0
#
# Tasks related to configuring other Jitsi authentication mechanisms
#
#
# Tasks related to cleaning after Jitsi authentication configuration
#
#
# Stop Necessary Services
#
- name: Ensure matrix-jitsi-prosody container is stopped if necessary
systemd:
state: stopped
name: matrix-jitsi-prosody
when: matrix_jitsi_prosody_start_result.changed|bool

View File

@ -3,14 +3,14 @@
- name: Fail if required Jitsi settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) to properly configure Jitsi.
You need to define a required configuration setting (`{{ item }}`) for using Jitsi.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
If you had previously setup Jitsi successfully and are only now facing this error,
it means that your installation is most likely using default passwords previously defined by the playbook.
These defaults are insecure. Jitsi should be rebuilt with secure values.
If you had setup Jitsi successfully before and it's just now that you're observing this failure,
it means that your installation may be using some default passwords that the playbook used to define until now.
This is not secure and we urge you to rebuild your Jitsi setup.
Refer to the "Rebuilding your Jitsi installation" section in our setup instructions (docs/configuring-playbook-jitsi.md).
when: "vars[item] == ''"
with_items:
@ -19,20 +19,6 @@
- "matrix_jitsi_jicofo_auth_password"
- "matrix_jitsi_jvb_auth_password"
- name: Fail if a Jitsi internal authentication account is not defined
fail:
msg: >-
At least one Jitsi user needs to be defined in `matrix_jitsi_prosody_auth_internal_accounts` when using internal authentication.
If you're setting up Jitsi for the first time, you may have missed a step.
Refer to our setup instructions (docs/configuring-playbook-jitsi.md).
when:
- matrix_jitsi_enable_auth|bool
- matrix_jitsi_auth_type == 'internal'
- matrix_jitsi_prosody_auth_internal_accounts|length == 0
- name: (Deprecation) Catch and report renamed settings
fail:
msg: >-

View File

@ -9,7 +9,6 @@ ENABLE_CODEC_H264
ENABLE_OCTO
ENABLE_RECORDING
ENABLE_SCTP
ENABLE_AUTO_LOGIN
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_ENABLE_BRIDGE_HEALTH_CHECKS
@ -27,9 +26,6 @@ JIGASI_SIP_URI
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
MAX_BRIDGE_PARTICIPANTS
OCTO_BRIDGE_SELECTION_STRATEGY
SENTRY_DSN="${JICOFO_SENTRY_DSN:-0}"
SENTRY_ENVIRONMENT
SENTRY_RELEASE
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}

View File

@ -1,10 +1,4 @@
{% raw %}
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers= java.util.logging.ConsoleHandler
{{ end }}
{% endraw %}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
@ -16,7 +10,6 @@ net.sf.level=SEVERE
net.java.sip.communicator.plugin.reconnectplugin.level=FINE
org.ice4j.level=SEVERE
org.jitsi.impl.neomedia.level=SEVERE
io.sentry.jul.SentryHandler.level=WARNING
# Do not worry about missing strings
net.java.sip.communicator.service.resources.AbstractResourcesService.level=SEVERE

View File

@ -1,6 +1,9 @@
DOCKER_HOST_ADDRESS
ENABLE_COLIBRI_WEBSOCKET
ENABLE_OCTO
DOCKER_HOST_ADDRESS
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JVB_BREWERY_MUC={{ matrix_jitsi_jvb_brewery_muc }}
@ -11,21 +14,14 @@ JVB_TCP_MAPPED_PORT={{ matrix_jitsi_jvb_rtp_tcp_port }}
{% if matrix_jitsi_jvb_stun_servers|length > 0 %}
JVB_STUN_SERVERS={{ matrix_jitsi_jvb_stun_servers|join(',') }}
{% endif %}
JVB_ENABLE_APIS
JVB_WS_DOMAIN
JVB_WS_SERVER_ID
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
JVB_OCTO_BIND_ADDRESS
JVB_OCTO_PUBLIC_ADDRESS
JVB_OCTO_BIND_PORT
JVB_OCTO_REGION
JVB_WS_DOMAIN
JVB_WS_SERVER_ID
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
SENTRY_DSN="${JVB_SENTRY_DSN:-0}"
SENTRY_ENVIRONMENT
SENTRY_RELEASE
COLIBRI_REST_ENABLED
SHUTDOWN_REST_ENABLED
TZ={{ matrix_jitsi_timezone }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
{{ matrix_jitsi_jvb_environment_variables_extension }}

View File

@ -1,10 +1,4 @@
{% raw %}
{{ if .Env.SENTRY_DSN | default "0" | toBool }}
handlers=java.util.logging.ConsoleHandler,io.sentry.jul.SentryHandler
{{ else }}
handlers= java.util.logging.ConsoleHandler
{{ end }}
{% endraw %}
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter
@ -14,7 +8,6 @@ net.java.sip.communicator.util.ScLogFormatter.programname=JVB
.level=INFO
org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE
io.sentry.jul.SentryHandler.level=WARNING
# All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge.
org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING

View File

@ -1,53 +1,24 @@
AUTH_TYPE={{ matrix_jitsi_auth_type }}
DISABLE_POLLS
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_LOBBY={{ 1 if matrix_jitsi_enable_lobby else 0 }}
ENABLE_AV_MODERATION={{1 if matrix_jitsi_enable_av_moderation else 0}}
ENABLE_XMPP_WEBSOCKET
GLOBAL_CONFIG
GLOBAL_MODULES
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JICOFO_COMPONENT_SECRET
JIGASI_XMPP_USER=
JIGASI_XMPP_PASSWORD=
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JWT_APP_ID
JWT_APP_SECRET
JWT_ACCEPTED_ISSUERS
JWT_ACCEPTED_AUDIENCES
JWT_ASAP_KEYSERVER
JWT_ALLOW_EMPTY
JWT_AUTH_TYPE
JWT_TOKEN_AUTH_MODULE
LOG_LEVEL
LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
GLOBAL_CONFIG
LDAP_URL={{ matrix_jitsi_ldap_url }}
LDAP_BASE={{ matrix_jitsi_ldap_base }}
LDAP_BINDDN={{ matrix_jitsi_ldap_binddn }}
LDAP_BINDPW={{ matrix_jitsi_ldap_bindpw }}
LDAP_FILTER={{ matrix_jitsi_ldap_filter }}
LDAP_AUTH_METHOD={{ matrix_jitsi_ldap_auth_method }}
LDAP_VERSION={{ matrix_jitsi_ldap_version }}
LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
LDAP_TLS_CIPHERS={{ matrix_jitsi_ldap_tls_ciphers }}
LDAP_TLS_CHECK_PEER={{ 1 if matrix_jitsi_ldap_tls_check_peer else 0 }}
LDAP_TLS_CACERT_FILE={{ matrix_jitsi_ldap_tls_cacert_file }}
LDAP_TLS_CACERT_DIR={{ matrix_jitsi_ldap_tls_cacert_dir }}
LDAP_START_TLS={{ 1 if matrix_jitsi_ldap_start_tls else 0 }}
LDAP_URL={{ matrix_jitsi_ldap_url }}
LDAP_USE_TLS={{ 1 if matrix_jitsi_ldap_use_tls else 0 }}
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
TURN_HOST={{ matrix_jitsi_turn_host }}
TURNS_HOST={{ matrix_jitsi_turns_host }}
TURN_PORT={{ matrix_jitsi_turn_port }}
TURNS_PORT={{ matrix_jitsi_turns_port }}
TZ={{ matrix_jitsi_timezone }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
@ -58,3 +29,29 @@ XMPP_MUC_MODULES=
XMPP_INTERNAL_MUC_MODULES=
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
XMPP_CROSS_DOMAIN=true
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
JICOFO_AUTH_PASSWORD={{ matrix_jitsi_jicofo_auth_password }}
JVB_AUTH_USER={{ matrix_jitsi_jvb_auth_user }}
JVB_AUTH_PASSWORD={{ matrix_jitsi_jvb_auth_password }}
JIGASI_XMPP_USER=
JIGASI_XMPP_PASSWORD=
JIBRI_XMPP_USER={{ matrix_jitsi_jibri_xmpp_user }}
JIBRI_XMPP_PASSWORD={{ matrix_jitsi_jibri_xmpp_password }}
JIBRI_RECORDER_USER={{ matrix_jitsi_jibri_recorder_user }}
JIBRI_RECORDER_PASSWORD={{ matrix_jitsi_jibri_recorder_password }}
JWT_APP_ID
JWT_APP_SECRET
JWT_ACCEPTED_ISSUERS
JWT_ACCEPTED_AUDIENCES
JWT_ASAP_KEYSERVER
JWT_ALLOW_EMPTY
JWT_AUTH_TYPE
JWT_TOKEN_AUTH_MODULE
LOG_LEVEL
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TURN_CREDENTIALS={{ matrix_jitsi_turn_credentials }}
TURN_HOST={{ matrix_jitsi_turn_host }}
TURNS_HOST={{ matrix_jitsi_turns_host }}
TURN_PORT={{ matrix_jitsi_turn_port }}
TURNS_PORT={{ matrix_jitsi_turns_port }}
TZ={{ matrix_jitsi_timezone }}

View File

@ -1,3 +1,16 @@
ENABLE_COLIBRI_WEBSOCKET
ENABLE_FLOC=0
ENABLE_LETSENCRYPT=0
ENABLE_HTTP_REDIRECT=0
ENABLE_HSTS=0
ENABLE_XMPP_WEBSOCKET
DISABLE_HTTPS=0
DISABLE_DEEP_LINKING
LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
LETSENCRYPT_USE_STAGING=0
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
TZ={{ matrix_jitsi_timezone }}
AMPLITUDE_ID
ANALYTICS_SCRIPT_URLS
ANALYTICS_WHITELISTED_EVENTS
@ -13,37 +26,23 @@ DEPLOYMENTINFO_ENVIRONMENT_TYPE
DEPLOYMENTINFO_REGION
DEPLOYMENTINFO_SHARD
DEPLOYMENTINFO_USERREGION
DESKTOP_SHARING_FRAMERATE_MIN
DESKTOP_SHARING_FRAMERATE_MAX
DIALIN_NUMBERS_URL
DIALOUT_AUTH_URL
DIALOUT_CODES_URL
DISABLE_AUDIO_LEVELS
DISABLE_DEEP_LINKING
DISABLE_HTTPS=0
DISABLE_POLLS
DISABLE_REACTIONS
DROPBOX_APPKEY
DROPBOX_REDIRECT_URI
DYNAMIC_BRANDING_URL
ENABLE_AUDIO_PROCESSING
ENABLE_AUTH={{ 1 if matrix_jitsi_enable_auth else 0 }}
ENABLE_BREAKOUT_ROOMS={{1 if matrix_jitsi_enable_breakout_rooms else 0}}
ENABLE_CALENDAR
ENABLE_COLIBRI_WEBSOCKET
ENABLE_FILE_RECORDING_SERVICE
ENABLE_FILE_RECORDING_SERVICE_SHARING
ENABLE_FLOC=0
ENABLE_GUESTS={{ 1 if matrix_jitsi_enable_guests else 0 }}
ENABLE_HSTS=0
ENABLE_HTTP_REDIRECT=0
ENABLE_IPV6
ENABLE_LETSENCRYPT=0
ENABLE_LIPSYNC
ENABLE_NO_AUDIO_DETECTION
ENABLE_NOISY_MIC_DETECTION
ENABLE_PREJOIN_PAGE
ENABLE_P2P={{ 1 if matrix_jitsi_enable_p2p else 0 }}
ENABLE_PREJOIN_PAGE
ENABLE_WELCOME_PAGE
ENABLE_CLOSE_PAGE
ENABLE_RECORDING={{ 1 if matrix_jitsi_enable_recording else 0 }}
@ -56,16 +55,12 @@ ENABLE_SUBDOMAINS
ENABLE_TALK_WHILE_MUTED
ENABLE_TCC
ENABLE_TRANSCRIPTIONS={{ 1 if matrix_jitsi_enable_transcriptions else 0 }}
ENABLE_XMPP_WEBSOCKET
ETHERPAD_PUBLIC_URL
ETHERPAD_URL_BASE={{ (matrix_jitsi_etherpad_base + '/') if matrix_jitsi_etherpad_enabled else ''}}
GOOGLE_ANALYTICS_ID
GOOGLE_API_APP_CLIENT_ID
INVITE_SERVICE_URL
JICOFO_AUTH_USER={{ matrix_jitsi_jicofo_auth_user }}
LETSENCRYPT_DOMAIN={{ matrix_server_fqn_jitsi }}
LETSENCRYPT_EMAIL={{ matrix_ssl_lets_encrypt_support_email }}
LETSENCRYPT_USE_STAGING=0
MATOMO_ENDPOINT
MATOMO_SITE_ID
MICROSOFT_API_APP_CLIENT_ID
@ -73,38 +68,29 @@ NGINX_RESOLVER
NGINX_WORKER_PROCESSES
NGINX_WORKER_CONNECTIONS
PEOPLE_SEARCH_URL
PUBLIC_URL={{ matrix_jitsi_web_public_url }}
RESOLUTION={{ matrix_jitsi_web_config_resolution_height_ideal_and_max }}
RESOLUTION_MIN={{ matrix_jitsi_web_config_resolution_height_min }}
RESOLUTION_WIDTH={{ matrix_jitsi_web_config_resolution_width_ideal_and_max }}
RESOLUTION_WIDTH_MIN={{ matrix_jitsi_web_config_resolution_width_min }}
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_AUDIO_ONLY
START_BITRATE
START_SILENT
START_AUDIO_MUTED={{ matrix_jitsi_web_config_start_audio_muted_after_nth_participant }}
START_WITH_AUDIO_MUTED
START_SILENT
DISABLE_AUDIO_LEVELS
ENABLE_NOISY_MIC_DETECTION
START_BITRATE
DESKTOP_SHARING_FRAMERATE_MIN
DESKTOP_SHARING_FRAMERATE_MAX
START_VIDEO_MUTED={{ matrix_jitsi_web_config_start_video_muted_after_nth_participant }}
START_WITH_VIDEO_MUTED
TESTING_CAP_SCREENSHARE_BITRATE
TESTING_OCTO_PROBABILITY
TOKEN_AUTH_URL
TZ={{ matrix_jitsi_timezone }}
VIDEOQUALITY_BITRATE_H264_LOW
VIDEOQUALITY_BITRATE_H264_STANDARD
VIDEOQUALITY_BITRATE_H264_HIGH
VIDEOQUALITY_BITRATE_VP8_LOW
VIDEOQUALITY_BITRATE_VP8_STANDARD
VIDEOQUALITY_BITRATE_VP8_HIGH
VIDEOQUALITY_BITRATE_VP9_LOW
VIDEOQUALITY_BITRATE_VP9_STANDARD
VIDEOQUALITY_BITRATE_VP9_HIGH
VIDEOQUALITY_ENFORCE_PREFERRED_CODEC
VIDEOQUALITY_PREFERRED_CODEC
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_BOSH_URL_BASE={{ matrix_jitsi_xmpp_bosh_url_base }}
XMPP_DOMAIN={{ matrix_jitsi_xmpp_domain }}
XMPP_GUEST_DOMAIN={{ matrix_jitsi_xmpp_guest_domain }}
XMPP_MUC_DOMAIN={{ matrix_jitsi_xmpp_muc_domain }}
XMPP_RECORDER_DOMAIN={{ matrix_jitsi_recorder_domain }}
TOKEN_AUTH_URL
{{ matrix_jitsi_web_environment_variables_extension }}

View File

@ -23,7 +23,6 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-jitsi-web \
{% endif %}
--mount type=bind,src={{ matrix_jitsi_web_config_path }},dst=/config \
--mount type=bind,src={{ matrix_jitsi_web_transcripts_path }},dst=/usr/share/jitsi-meet/transcripts \
--mount type=bind,src={{ matrix_jitsi_web_crontabs_path }},dst=/var/spool/cron/crontabs \
{% for arg in matrix_jitsi_web_container_extra_arguments %}
{{ arg }} \
{% endfor %}

View File

@ -48,7 +48,7 @@ matrix_ma1sd_matrixorg_forwarding_enabled: false
#
# To use Postgres:
# - change the engine (`matrix_ma1sd_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_ma1sd_database_*` variables
# - adjust your database credentials via the `matrix_ma1sd_postgres_*` variables
matrix_ma1sd_database_engine: 'sqlite'
matrix_ma1sd_sqlite_database_path_local: "{{ matrix_ma1sd_data_path }}/ma1sd.db"

View File

@ -442,14 +442,7 @@ matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains
matrix_ssl_additional_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt.
# If you'd like to use another ACME Certificate Authority server (not Let's Encrypt), use `matrix_ssl_lets_encrypt_server`
matrix_ssl_lets_encrypt_staging: false
# Controls from which Certificate Authority server to retrieve the SSL certificates (passed as a `--server` flag to Certbot).
# By default, we use the Let's Encrypt production environment (use `matrix_ssl_lets_encrypt_staging` for using the staging environment).
# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
matrix_ssl_lets_encrypt_server: ''
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402

View File

@ -42,7 +42,6 @@
--non-interactive
--work-dir=/tmp
--http-01-port 8080
{% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
{% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
--standalone
--preferred-challenges http
@ -71,7 +70,6 @@
--non-interactive
--work-dir=/tmp
--http-01-port 8080
{% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
{% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
--standalone
--preferred-challenges http

View File

@ -33,7 +33,7 @@ matrix_postgres_backup_docker_image_v11: "{{ matrix_container_global_registry_pr
matrix_postgres_backup_docker_image_v12: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_v13: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_v14: "{{ matrix_container_global_registry_prefix }}prodrigestivill/postgres-backup-local:14{{ matrix_postgres_backup_docker_image_suffix }}"
matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v14 }}"
matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}"
# This variable is assigned at runtime. Overriding its value has no effect.
matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}'

View File

@ -38,7 +38,7 @@ matrix_registration_container_http_host_bind_port: ''
#
# To use Postgres:
# - change the engine (`matrix_registration_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_registration_database_*` variables
# - adjust your database credentials via the `matrix_registration_postgres_*` variables
matrix_registration_database_engine: 'sqlite'
matrix_registration_sqlite_database_path_local: "{{ matrix_registration_data_path }}/db.sqlite3"

View File

@ -8,7 +8,7 @@ matrix_synapse_admin_container_self_build_repo: "https://github.com/Awesome-Tech
matrix_synapse_admin_docker_src_files_path: "{{ matrix_base_data_path }}/synapse-admin/docker-src"
matrix_synapse_admin_version: 0.8.4
matrix_synapse_admin_version: 0.8.1
matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"

View File

@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
# amd64 gets released first.
# arm32 relies on self-building, so the same version can be built immediately.
# arm64 users need to wait for a prebuilt image to become available.
matrix_synapse_version: v1.49.2
matrix_synapse_version_arm64: v1.49.2
matrix_synapse_version: v1.48.0
matrix_synapse_version_arm64: v1.48.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -321,9 +321,6 @@ matrix_synapse_push_include_content: true
# URLs shared by users.
matrix_synapse_url_preview_enabled: true
# A list of values for the Accept-Language HTTP header used when downloading webpages during URL preview generation
matrix_url_preview_accept_language: ['en-US', 'en']
# Enable exposure of metrics to Prometheus
# See https://github.com/matrix-org/synapse/blob/master/docs/metrics-howto.md
matrix_synapse_metrics_enabled: false

View File

@ -8,7 +8,6 @@
name: "{{ item.key }}"
state: stopped
with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}"
when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461
- name: Find worker configs to be cleaned
find:

View File

@ -1149,7 +1149,8 @@ max_spider_size: 10M
# - fr;q=0.8
# - *;q=0.7
#
url_preview_accept_language: {{ matrix_url_preview_accept_language|to_json }}
url_preview_accept_language:
# - en
## Captcha ##
@ -1226,46 +1227,6 @@ enable_registration: {{ matrix_synapse_enable_registration|to_json }}
#
#session_lifetime: 24h
# Time that an access token remains valid for, if the session is
# using refresh tokens.
# For more information about refresh tokens, please see the manual.
# Note that this only applies to clients which advertise support for
# refresh tokens.
#
# Note also that this is calculated at login time and refresh time:
# changes are not applied to existing sessions until they are refreshed.
#
# By default, this is 5 minutes.
#
#refreshable_access_token_lifetime: 5m
# Time that a refresh token remains valid for (provided that it is not
# exchanged for another one first).
# This option can be used to automatically log-out inactive sessions.
# Please see the manual for more information.
#
# Note also that this is calculated at login time and refresh time:
# changes are not applied to existing sessions until they are refreshed.
#
# By default, this is infinite.
#
#refresh_token_lifetime: 24h
# Time that an access token remains valid for, if the session is NOT
# using refresh tokens.
# Please note that not all clients support refresh tokens, so setting
# this to a short value may be inconvenient for some users who will
# then be logged out frequently.
#
# Note also that this is calculated at login time: changes are not applied
# retrospectively to existing sessions for users that have already logged in.
#
# By default, this is infinite.
#
#nonrefreshable_access_token_lifetime: 24h
# The user must provide all of the below types of 3PID when registering.
# The user must provide all of the below types of 3PID when registering.
#
#registrations_require_3pid:
@ -2383,10 +2344,8 @@ email:
# Username/password for authentication to the SMTP server. By default, no
# authentication is attempted.
{% if matrix_synapse_email_smtp_user %}
smtp_user: {{ matrix_synapse_email_smtp_user|string|to_json }}
smtp_pass: {{ matrix_synapse_email_smtp_pass|string|to_json }}
{% endif %}
# Uncomment the following to require TLS transport security for SMTP.
# By default, Synapse will connect over plain text, and will then switch to

View File

@ -5,10 +5,10 @@ matrix_synapse_workers_generic_worker_endpoints:
# expressions:
# Sync requests
- ^/_matrix/client/(v2_alpha|r0|v3)/sync$
- ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$
- ^/_matrix/client/(api/v1|r0|v3)/initialSync$
- ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$
- ^/_matrix/client/(v2_alpha|r0)/sync$
- ^/_matrix/client/(api/v1|v2_alpha|r0)/events$
- ^/_matrix/client/(api/v1|r0)/initialSync$
- ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$
# Federation requests
- ^/_matrix/federation/v1/event/
@ -33,7 +33,7 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/federation/v1/get_groups_publicised$
- ^/_matrix/key/v2/query
- ^/_matrix/federation/unstable/org.matrix.msc2946/spaces/
- ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/
- ^/_matrix/federation/unstable/org.matrix.msc2946/hierarchy/
# Inbound federation transaction request
- ^/_matrix/federation/v1/send/
@ -46,7 +46,7 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$
- ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$
- ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$
- ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$
- ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$
@ -63,7 +63,7 @@ matrix_synapse_workers_generic_worker_endpoints:
# Registration/login requests
- ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
- ^/_matrix/client/(r0|v3|unstable)/register$
- ^/_matrix/client/(r0|unstable)/register$
- ^/_matrix/client/unstable/org.matrix.msc3231/register/org.matrix.msc3231.login.registration_token/validity$
# Event sending requests

View File

@ -20,7 +20,6 @@
- matrix-bridge-appservice-irc
- matrix-bridge-beeper-linkedin
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-twitter
- matrix-bridge-mautrix-hangouts
- matrix-bridge-mautrix-googlechat
- matrix-bridge-mautrix-instagram