finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:d6df8a9136e77c82afbc52c148b08a81452637de
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram
...
compare: finallycoffee:b685f33ad7cd972ffb1c78a229b1c4983afdc0d1
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram

33 Commits
d6df8a9136 ... b685f33ad7

Author SHA1 Message Date
Johanna Dorothea Reichmann
b685f33ad7
fix: broken rhel/fedora tasks disabled 2022-06-18 07:50:07 +02:00
transcaffeine
55f392c53b
feat: add automatic creation of reverse-proxy routing 2022-06-18 07:50:06 +02:00
transcaffeine
d2b0f941c9
meta: move inventory structure to be more usable 2022-06-18 07:50:05 +02:00
jdreichmann
5ca8dc1080
meta: add own inventory, add vault-unlock with GPG 2022-06-18 07:50:04 +02:00
Johanna Dorothea Reichmann
8324789ac6
feat(synapse): allow using multiple federation workers 2022-06-18 07:50:03 +02:00
Slavi Pantaleev
38027e72f6 Fix "object of type 'NoneType' has no len()" error 
Fixup for 5eff67371d - https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1884
 2022-06-17 15:45:29 +03:00
Slavi Pantaleev
7440dd34fb
Merge pull request #1884 from etkecc/master 
add synapse media_retention
 2022-06-17 15:31:55 +03:00
Slavi Pantaleev
5987589436
Use |to_json 2022-06-17 15:30:22 +03:00
Slavi Pantaleev
323f5aa60d Synchronize homeserver.yaml config with the one from Synapse 1.61.0 2022-06-17 15:26:23 +03:00
Aine
5eff67371d
add synapse media_retention 2022-06-17 14:32:17 +03:00
Slavi Pantaleev
2edbabe652
Merge pull request #1883 from etkecc/patch-18 
Update mautrix-whatsapp 0.4.0 -> 0.5.0
 2022-06-16 19:53:17 +03:00
Aine
7b0e5ef995
Update mautrix-whatsapp 0.4.0 -> 0.5.0 2022-06-16 14:55:11 +00:00
Slavi Pantaleev
6a573399ae Upgrade Synapse (v1.60.0 -> v1.61.0) 2022-06-14 17:15:27 +03:00
Slavi Pantaleev
37b584ef58 Upgrade matrix-corporal (2.2.3 -> 2.3.0) 
matrix-corporal 2.3.0 supports Synapse v1.61.0 (which removed
communities/groups support).
 2022-06-14 17:15:27 +03:00
Slavi Pantaleev
56d130b8cb
Merge pull request #1880 from etkecc/patch-17 
Update Element v1.10.14 -> v1.10.15
 2022-06-14 16:46:39 +03:00
Aine
b2f9ede87c
Update Element v1.10.14 -> v1.10.15 2022-06-14 13:45:46 +00:00
Slavi Pantaleev
fe0b60c40b
Merge pull request #1878 from CyberShadow/go-skype-bridge-docs 
Doc fixups for go-skype-bridge
 2022-06-13 09:43:55 +03:00
Vladimir Panteleev
d6a3881092
docs/configuring-playbook-bridge-go-skype-bridge: Fixups 
Fixup for #1877.
 2022-06-13 06:40:15 +00:00
Slavi Pantaleev
e539774d9b
Merge pull request #1877 from CyberShadow/go-skype-bridge 
Add Go Skype Bridge
 2022-06-13 08:06:26 +03:00
Slavi Pantaleev
5e9e8f9e29 Announce go-skype-bridge support 2022-06-13 08:02:31 +03:00
Vladimir Panteleev
a3d19ad318
Add Go Skype Bridge 
Based on mautrix-whatsapp, as that's what the bridge software is based on.
 2022-06-12 21:29:43 +00:00
Slavi Pantaleev
bc4d29bbb0
Merge pull request #1875 from 3hhh/master 
Whatsapp bridge: Logging improvements
 2022-06-11 09:52:17 +03:00
3hhh
cebbe0beec
whatsapp bridge: set the default log level to warning 
Debug logs are inappropriate for production use.
 2022-06-11 08:11:28 +02:00
3hhh
6b94ccbcff
whatsapp bridge: add matrix_mautrix_whatsapp_log_level 
Fixes #1873
 2022-06-11 08:09:57 +02:00
3hhh
39914881a7
whatsapp bridge: disable logging to external files 
The same logs still go to the systemd journal.
 2022-06-11 07:56:22 +02:00
Slavi Pantaleev
99c24ef0e8 Upgrade Hookshot (1.7.2 -> 1.7.3) 2022-06-09 20:52:56 +03:00
Slavi Pantaleev
f3924d15cd
Merge pull request #1872 from seclution/patch-1 
update PIP install-link
 2022-06-09 15:19:29 +03:00
Kai Biebel
8cc39c5eb5
update PIP install-link 2022-06-09 14:09:47 +02:00
Slavi Pantaleev
c05f47666f Announce the ability to run Ansible in a container on the Matrix server 
Continuation of 959a6ac0b1
 2022-06-09 14:47:04 +03:00
Slavi Pantaleev
959a6ac0b1 Upgrade devture/ansible version and documen nsenter usage 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1772
 2022-06-09 14:42:04 +03:00
Slavi Pantaleev
12b28a4749 Upgrade Hookshot (1.7.0 -> 1.7.2) 2022-06-09 14:13:53 +03:00
Slavi Pantaleev
4a72c90a6b Upgrade Element (v1.10.13 -> v1.10.14) 2022-06-07 14:34:02 +03:00
Slavi Pantaleev
d9d392a0b1
Merge pull request #1871 from rubenh-be/update_mautrix_gchat 
Updated mautrix-googlechat to v0.3.3
 2022-06-06 12:37:44 +03:00
44 changed files with 1533 additions and 70 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,7 +1,3 @@
/inventory/*
!/inventory/.gitkeep
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad
.DS_Store
.python-version

18
CHANGELOG.md
View File

@ -1,3 +1,21 @@
# 2022-06-13
## go-skype-bridge bridging support
Thanks to [CyberShadow](https://github.com/CyberShadow), the playbook can now install the [go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) bridge for bridging Matrix to [Skype](https://www.skype.com/).
See our [Setting up Go Skype Bridge](docs/configuring-playbook-bridge-go-skype-bridge.md) documentation to get started.
The playbook has supported [mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) bridging (see [Setting up MX Puppet Skype bridging](docs/configuring-playbook-bridge-mx-puppet-skype.md)) since [2020-04-09](#2020-04-09), but `mx-puppet-skype` is reportedly broken.
# 2022-06-09
## Running Ansible in a container can now happen on the Matrix server itself
If you're tired of being on an old and problematic Ansible version, you can now run [run Ansible in a container on the Matrix server itself](docs/ansible.md#running-ansible-in-a-container-on-the-matrix-server-itself).
# 2022-05-31
## Synapse v1.60 upgrade may cause trouble and require manual intervention

5
ansible.cfg
View File

@ -1,6 +1,11 @@
[defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False
stdout_callback = yaml
inventory = inventory/hosts
[connection]
pipelining = True

53
docs/ansible.md
View File

@ -30,7 +30,7 @@ Depending on your distribution, you may be able to upgrade Ansible in a few diff
- by using an additional repository (PPA, etc.), which provides newer Ansible versions. See instructions for [CentOS](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora), [Debian](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-debian), or [Ubuntu](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-ubuntu) on the Ansible website.
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installing/) (`pip install ansible`).
- by removing the Ansible package (`yum remove ansible` or `apt-get remove ansible`) and installing via [pip](https://pip.pypa.io/en/stable/installation/) (`pip install ansible`).
If using the `pip` method, do note that the `ansible-playbook` binary may not be on the `$PATH` (https://linuxconfig.org/linux-path-environment-variable), but in some more special location like `/usr/local/bin/ansible-playbook`. You may need to invoke it using the full path.
@ -41,9 +41,50 @@ If you find yourself needing to resort to such hacks, please consider reporting
## Using Ansible via Docker
Alternatively, you can run Ansible on your computer from inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
Alternatively, you can run Ansible inside a Docker container (powered by the [devture/ansible](https://hub.docker.com/r/devture/ansible/) Docker image).
Here's a sample command to get you started (run this from the playbook's directory):
This ensures that you're using a very recent Ansible version, which is less likely to be incompatible with the playbook.
There are 2 ways to go about it:
- [Running Ansible in a container on the Matrix server itself](#running-ansible-in-a-container-on-the-matrix-server-itself)
- [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)
### Running Ansible in a container on the Matrix server itself
To run Ansible in a (Docker) container on the Matrix server itself, you need to have a working Docker installation.
Docker is normally installed by the playbook, so this may be a bit of a chicken and egg problem. To solve it:
- you **either** need to install Docker manually first. Follow [the upstream instructions](https://docs.docker.com/engine/install/) for your distribution and consider setting `matrix_docker_installation_enabled: false` in your `vars.yml` file, to prevent the playbook from installing Docker
- **or** you need to run the playbook in another way (e.g. [Running Ansible in a container on another computer (not the Matrix server)](#running-ansible-in-a-container-on-another-computer-not-the-matrix-server)) at least the first time around
Once you have a working Docker installation on the server, **clone the playbook** somewhere on the server and configure it as per usual (`inventory/hosts`, `inventory/host_vars/..`, etc.), as described in [configuring the playbook](configuring-playbook.md).
You would then need to add `ansible_connection=community.docker.nsenter` to the host line in `inventory/hosts`. This tells Ansible to connect to the "remote" machine by switching Linux namespaces with [nsenter](https://man7.org/linux/man-pages/man1/nsenter.1.html), instead of using SSH.
Alternatively, you can leave your `inventory/hosts` as is and specify the connection type in **each** `ansible-playbook` call you do later, like this: `ansible-playbook --connection=community.docker.nsenter ...`
Run this from the playbook's directory:
```bash
docker run -it --rm \
--privileged \
--pid=host \
-w /work \
-v `pwd`:/work \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.13.0-r0
```
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook ...` (or `ansible-playbook --connection=community.docker.nsenter ...`) commands as per normal now.
### Running Ansible in a container on another computer (not the Matrix server)
Run this from the playbook's directory:
```bash
docker run -it --rm \
@ -51,7 +92,7 @@ docker run -it --rm \
-v `pwd`:/work \
-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro \
--entrypoint=/bin/sh \
docker.io/devture/ansible:2.11.6-r1
docker.io/devture/ansible:2.13.0-r0
```
The above command tries to mount an SSH key (`$HOME/.ssh/id_rsa`) into the container (at `/root/.ssh/id_rsa`).
@ -60,9 +101,9 @@ If your SSH key is at a different path (not in `$HOME/.ssh/id_rsa`), adjust that
Once you execute the above command, you'll be dropped into a `/work` directory inside a Docker container.
The `/work` directory contains the playbook's code.
You can execute `ansible-playbook` commands as per normal now.
You can execute `ansible-playbook ...` commands as per normal now.
### If you don't use SSH keys for authentication
#### If you don't use SSH keys for authentication
If you don't use SSH keys for authentication, simply remove that whole line (`-v $HOME/.ssh/id_rsa:/root/.ssh/id_rsa:ro`).
To authenticate at your server using a password, you need to add a package. So, when you are in the shell of the ansible docker container (the previously used `docker run -it ...` command), run:

23
docs/configuring-playbook-bridge-go-skype-bridge.md Normal file
View File

@ -0,0 +1,23 @@
# Setting up Go Skype Bridge (optional)
The playbook can install and configure
[go-skype-bridge](https://github.com/kelaresg/go-skype-bridge) for you.
See the project page to learn what it does and why it might be useful to you.
To enable the [Skype](https://www.skype.com/) bridge just use the following
playbook configuration:
```yaml
matrix_go_skype_bridge_enabled: true
```
## Usage
Once the bot is enabled, you need to start a chat with `Skype bridge bot`
with the handle `@skypebridgebot:YOUR_DOMAIN` (where `YOUR_DOMAIN` is your base
domain, not the `matrix.` domain).
Send `help` to the bot to see the commands available.

2
docs/configuring-playbook-bridge-mx-puppet-skype.md
View File

@ -1,5 +1,7 @@
# Setting up MX Puppet Skype (optional)
**Note**: bridging to [Skype](https://www.skype.com/) can also happen via the [go-skype-bridge](configuring-playbook-bridge-go-skype-bridge.md) bridge supported by the playbook. In fact, bridging via `mx-puppet-skype` has often been reported as broken, so we recommend that you go directly for `go-skype-bridge`, instead of this.
The playbook can install and configure
[mx-puppet-skype](https://github.com/Sorunome/mx-puppet-skype) for you.

4
docs/configuring-playbook.md
View File

@ -120,7 +120,7 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up matrix-hookshot](configuring-playbook-bridge-hookshot.md) - a bridge between Matrix and multiple project management services, such as [GitHub](https://github.com), [GitLab](https://about.gitlab.com) and [JIRA](https://www.atlassian.com/software/jira). (optional)
- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional)
- [Setting up MX Puppet Skype bridging](configuring-playbook-bridge-mx-puppet-skype.md) (optional) - often reported as broken; see **Go Skype Bridge** (below) as an alternative
- [Setting up MX Puppet Slack bridging](configuring-playbook-bridge-mx-puppet-slack.md) (optional)
@ -134,6 +134,8 @@ When you're done with all the configuration you'd like to do, continue with [Ins
- [Setting up MX Puppet Steam bridging](configuring-playbook-bridge-mx-puppet-steam.md) (optional)
- [Setting up Go Skype Bridge bridging](configuring-playbook-bridge-go-skype-bridge.md) (optional)
- [Setting up Email2Matrix](configuring-playbook-email2matrix.md) (optional)
- [Setting up Matrix SMS bridging](configuring-playbook-bridge-matrix-bridge-sms.md) (optional)

5
gpg/open_vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

44
group_vars/matrix_servers
View File

@ -252,6 +252,44 @@ matrix_beeper_linkedin_database_password: "{{ '%s' | format(matrix_homeserver_ge
#
######################################################################
######################################################################
#
# matrix-bridge-go-skype-bridge
#
######################################################################
# We don't enable bridges by default.
matrix_go_skype_bridge_enabled: false
matrix_go_skype_bridge_container_image_self_build: true
matrix_go_skype_bridge_systemd_required_services_list: |
{{
['docker.service']
+
['matrix-' + matrix_homeserver_implementation + '.service']
+
(['matrix-postgres.service'] if matrix_postgres_enabled else [])
+
(['matrix-nginx-proxy.service'] if matrix_nginx_proxy_enabled else [])
}}
matrix_go_skype_bridge_appservice_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.as.token') | to_uuid }}"
matrix_go_skype_bridge_homeserver_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'skype.hs.token') | to_uuid }}"
matrix_go_skype_bridge_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}"
# Postgres is the default, except if not using `matrix_postgres` (internal postgres)
matrix_go_skype_bridge_database_engine: "{{ 'postgres' if matrix_postgres_enabled else 'sqlite' }}"
matrix_go_skype_bridge_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'goskype.db') | to_uuid }}"
######################################################################
#
# /matrix-bridge-go-skype-bridge
#
######################################################################
######################################################################
#
# matrix-bridge-mautrix-facebook
@ -1770,6 +1808,12 @@ matrix_postgres_additional_databases: |
'password': matrix_beeper_linkedin_database_password,
}] if (matrix_beeper_linkedin_enabled and matrix_beeper_linkedin_database_engine == 'postgres' and matrix_beeper_linkedin_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_go_skype_bridge_database_name,
'username': matrix_go_skype_bridge_database_username,
'password': matrix_go_skype_bridge_database_password,
}] if (matrix_go_skype_bridge_enabled and matrix_go_skype_bridge_database_engine == 'postgres' and matrix_go_skype_bridge_database_hostname == 'matrix-postgres') else [])
+
([{
'name': matrix_mautrix_facebook_database_name,
'username': matrix_mautrix_facebook_database_username,

372
inventory/host_vars/matrix.finallycoffee.eu/vars.yml Normal file
View File

@ -0,0 +1,372 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_https_enabled: false
matrix_nginx_proxy_container_http_host_bind_port: "127.0.10.1:8080"
matrix_nginx_proxy_container_federation_host_bind_port: "127.0.10.1:8448"
matrix_nginx_proxy_trust_forwarded_proto: true
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
matrix_nginx_proxy_proxy_synapse_metrics: true
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
matrix_docker_installation_enabled: false
#matrix_client_element_version: v1.8.4
#matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:v1.7.21"
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
#matrix_mautrix_telegram_version: v0.10.0
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
postgres_dump_dir: /vault/temp
#
# General Synapse config
#
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 200
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turn:voip.matrix.finallycoffee.eu?transport=udp"
- "turn:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 25
sleep_delay: 500
reject_limit: 50
concurrent: 5
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
## Synapse cache tuning
matrix_synapse_caches_global_factor: 1.5
matrix_synapse_event_cache_size: "300K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_workers_count: 1
matrix_synapse_workers_media_repository_workers_count: 2
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
# Enable experimental spaces support
matrix_synapse_configuration_extension_yaml: |
database:
args:
cp_max: 20
experimental_features:
spaces_enabled: true
caches:
per_cache_factors:
device_id_exists: 3
get_users_in_room: 4
_get_joined_users_from_context: 4
_get_joined_profile_from_event_id: 3
"*stateGroupMembersCache*": 2
_matches_user_in_member_list: 3
get_users_who_share_room_with_user: 3
is_interested_in_room: 2
get_user_by_id: 1.5
room_push_rule_cache: 1.5
expire_caches: true
cache_entry_ttl: 45m
sync_response_cache_duration: 2m
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"gruenhage.xyz": "full"
"boobies.software": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
permissions:
"@ilosai:fairydust.space": "user"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-skype configuration
#
matrix_mx_puppet_skype_enabled: true
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
matrix_mx_puppet_skype_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_skype_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
metrics:
enabled: true
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
path: /metrics
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge:
enableGroupSync: true
metrics:
enabled: true
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_roomdir_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
matrix_mailer_enabled: true
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml Normal file
View File

@ -0,0 +1,100 @@
$ANSIBLE_VAULT;1.1;AES256
39366364363633336238333130353832663162393038633665396333343732353964333363666539
6562346632343235623835643735386434316666393234360a383634616537393134613631383836
61333835363666623033306166376232303930306433343366373463653234623736643633383734
3330333665383539650a383132353032386230393031626361343764323034386230363066306331
34646236336262623435633566363033613737373064616266336237343233663066396163373034
62303765353066653737366539626461636531636438323932333134363136363134646164646531
63656638666233313437663261396665653736373164323433306435323336633938313164646264
33653661633965363833393031616463633761356234633630643562306366653133366637346166
38636433343736343461613731623538633361363934343764326466313261353633646230353065
37366134303164356433333961346663313963626165323966656536313532376162326565383539
65363333633964323838663461373666353665643236623839646664653661613838353239613137
39353061323131306365656261343630313665356165623064616436653566373663343733316237
34393666383465323463313838393465643830373632373938633763666636346539666233303265
38353337633833373331356663633936326334366337393135653030333531613565643666633038
64393862303765366632393137313432376563353335353231323464633637343334346634306534
35613330373336633031376263306466306437656635396133613335386130346163663438386136
61646437343938663431343736363564376238316666373531616231366132643864346538363866
35396433366137356162313963666134383134306462313336613735386639363936326131383939
66623833643433663039623837623133303336666233623935313438366136353332313165333936
31386632336535383533646639636164313331346630633366383739623261366465656632393062
63373332623738303364623437666531396331646666336230353333366261653438363861656466
39333762633037383336393164616563396564383232636533363864636230616664303330323932
66666234633362346132303932643464366466323535303835363430333737666661373534333934
61393362616438626636383564613335363634626231663234616438343464383461303632363033
39336362396339316661323662393665383031643931626333646335643335353661653939363538
38666561313539613566386132336630643237333432656236356132616230663561343665353938
33366663353834356434366335373265373439363430636533303933656264366338623232613435
35356662383232386137313064313363303861326635333435393737643663336534363234623430
32376432353330613666396337303935376366613564353039396164383361616337656535346166
34396635356266326461613135303639643935363261396363636338636564643838313262326266
31663139343336376233303637373864363835313839326433656235616332333134306139623239
37636639356263646437373362333931613262363363313462666534643765313139386461623731
33376635653133353033333733613464396632636634313063326363313030376632643863336237
61636638353237313764313435626463633964643665313536326235343639663137373436303564
30636232626137376339303238653664346538356430306238633037366332316263623666373062
63646533646131303466653637346463613237323161313265613834383634626237323563653733
38656435303264346663663465333966376631666530333833353233376263336436613065366362
36366263343438393132326661623031316663663231663464383732343064383234616636306530
66613634626362316533303034393063666632343262613431613635663866636433623535363238
30643933613731363236346234336662613633323831633437613435326465383530653765616262
63373538396364316563343365303134373466663639386137663564356532353531343636613135
63316463353264316164306566326462333732316431643939626161346530636638636662303037
34346461313961613063336332333934383363373335616636363661396362613661383762663866
64303834636264376461396266663763336665356561376161333136336638646363313133353161
31643061623833623239373432633537663664636334623534326639616633616361333834366131
30376361656238353332656666316637643133623433333861653265636266376639666135383638
37363337326231656530363536393737383565666266306532626361633633353539363866376534
61303737326632303762626666306134343837376566343035386663613336626332383035383035
37633462373066373062313862323766316362393832666466396637363562353865303366323062
39346332383966313437646138623364656234663066663639663138626163656433363038323166
65613862386665643438323061323763306635666162303366323131363436633335356332393366
63373966383132303434633835333438333337303664346335643066623839343835643364306561
34643336346564363462396330643263653931376664386335313433376332653832323437376135
35383231386133363236653334393433306638303131323064343931623538323130343666653061
36353536383632333964343730346265626433303131346531303133663832363036333261386237
30363361356265356139323761623563396565336137333733656431636531333234323061343862
33623935346663333735613661363234646234356331323636386637343661373363363261646231
33643233343235323230393933616664623166666266333862323631653835666135303233653635
63373061656163353762636531613632366638383366303864343132376162643963366564363563
61336338613935613532636165383463633866633036393533313433643562313737383431353163
37623165373933376236393931363939633963666636303136373065376635623761346537643530
35363464313630376233633863306238616138666464316534363332333937343362343233346431
34643032323934353939666364323239653932363735373061633434653062326336353239633261
38306237336266663038656534393664646138343038323335633064616431386666613739326630
34383963666534313530376331366238343836303036306336343533666332386163643033643138
33336333333338353733383165306139623964303035653439623131633566356136386431613135
63616462386639303230343866346631346532353531373132613433363239646330653666633532
65393766333238383531313132633537633833363335303630376239396565373730646331313633
30383861303739343265623934643635633361623262356433323035393062353630346430646262
63303434353038646361353661616339313937323336303566303536366163623362356332383862
37326333393761633732653264646333653439363039323238383361336233323232613336303464
34393635633131313135313665363161306466643364393734346264633030373234306466653862
32336163666435636162343465386633653863363533616339636531306130383331376563393533
65366136626662343065383164646665613035393636373565346235656439303933343563366339
36643838393033353033396535613331303031646162316361613564323163633434633861356135
62343461616335323565636633383962316531316362396165366533346166336163623232366261
39376230376562626135346333326437373733373266393236383435343562653034313133376236
61666138346562613330633630373837653465393233613261353937336666646231366666393335
35393463333936323664323831396639333462626238613164616435363664643438653763623431
32663237363134353061373563396535653565636431366565386337653863316333343738343432
62303132636338303462313439376535363063333833363632613832303436353834376561333330
66633632383135646263626333643230343630326539663762633934316261633062663732373932
30306438386263626335373838343236643562326135663366353638353163346365396261313133
36333634306133353235316237343738623263333732343063356238333162323931346664346539
66323733643061386334306130633537353630663336313966663538373963313435666564316539
63613030366332363432303036396232306537663765653938353736376135316539613135623632
66356639623635663365323635646635383638346539323438336261393332373935383536333831
61306639343061333639336162366536366438356166396266666132303932333037613632623666
63616662343830303664353931306632323630316162643432653835313962633735626163366332
34373637633066333432383533316363613031393963373963386161663430623533383165653561
38343439633066366663643138326264653539336530393932386236366533663935353664343966
39323161646231353234633961633732613065323039663062313661386565366534623430356632
64343732336238393262363338363734643639353830646163343361653761633134303163616562
35633436393832393137383534613031303963613339333566343065336530623964636662353065
32366630353538383339346465376661323666333234373665613164633866363364613066643034
37616630366232353166366535633936366536626462353831643335306337353564316461653564
66663133373466333431336366346435623436656230376232613665633466333463636263373464
30386434336538303061666566383033616563303564666362346432663130306531613063363537
646635613236636563666161666630653836

22
inventory/hosts Normal file
View File

@ -0,0 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
31336566376336626265653165306635633033376662656164383037383834653239656136333734
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
30393637613164356564393337633361653432333232383664303739363736633435363764343530
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
39396638366262313531653635326361616537396338363533303961623165343931373939306239
31336632643166633662653765333231393461643933306464303165633037343061323636313034
34376631656563646665373566633431366638383863666130323264316337663237343135306236
66323536346164663239343139623430303230333466633437643337343930363530653964626163
38336363633730393136333637383631636266396636646533356262376630646139303636666538
32366437353163663865623234643061313639646162643965393535353938313133326237313265
66646163333535396539646461356334633532313530653834623263386265383765356130333466
30373531306137393935363030313739666536363138363962646565306439393239303030643162
33333166663430393866666439653532623034396130313066383035396535646633366237303264
36356665366461323664373038366364623937386233313039323837666333653764616462333365
31326264633236373937313537633961633164323138356135633765663639323537656263633766
38653836323263386333376131333330326237393666363064326463663961633839393039323835
61306265333232623037356465393133323733363634646364336261326333366239346565366338
61646132333033373866623739343830336164316461646366666237313565626639323537623732
38323830656136323137323530343764666433633432366136643538323832653130376363653135
64376261386635636533353961613335663962306337353866616464613636303735336230623962
3336

1
roles/matrix-base/tasks/server_base/setup_fedora.yml
View File

@ -18,6 +18,7 @@
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
when: false
yum:
name:
- "{{ matrix_ntpd_package }}"

2
roles/matrix-base/tasks/server_base/setup_redhat.yml
View File

@ -28,4 +28,4 @@
- "{{ matrix_docker_package_name }}"
- docker-python
state: latest
when: matrix_docker_installation_enabled|bool
when: matrix_docker_installation_enabled|bool and false

132
roles/matrix-bridge-go-skype-bridge/defaults/main.yml Normal file
View File

@ -0,0 +1,132 @@
---
# Go Skype Bridge is a Matrix <-> Skype bridge
# See: https://github.com/kelaresg/go-skype-bridge
matrix_go_skype_bridge_enabled: true
matrix_go_skype_bridge_container_image_self_build: true
matrix_go_skype_bridge_container_image_self_build_repo: "https://github.com/kelaresg/go-skype-bridge.git"
matrix_go_skype_bridge_container_image_self_build_branch: "{{ 'master' if matrix_go_skype_bridge_version == 'latest' else matrix_go_skype_bridge_version }}"
matrix_go_skype_bridge_version: latest
matrix_go_skype_bridge_docker_image: "{{ matrix_go_skype_bridge_docker_image_name_prefix }}kelaresg/go-skype-bridge:{{ matrix_go_skype_bridge_version }}"
matrix_go_skype_bridge_docker_image_name_prefix: "localhost/"
matrix_go_skype_bridge_docker_image_force_pull: "{{ matrix_go_skype_bridge_docker_image.endswith(':latest') }}"
matrix_go_skype_bridge_base_path: "{{ matrix_base_data_path }}/go-skype-bridge"
matrix_go_skype_bridge_config_path: "{{ matrix_go_skype_bridge_base_path }}/config"
matrix_go_skype_bridge_data_path: "{{ matrix_go_skype_bridge_base_path }}/data"
matrix_go_skype_bridge_docker_src_files_path: "{{ matrix_go_skype_bridge_base_path }}/docker-src"
matrix_go_skype_bridge_homeserver_address: "{{ matrix_homeserver_container_url }}"
matrix_go_skype_bridge_homeserver_domain: "{{ matrix_domain }}"
matrix_go_skype_bridge_appservice_address: 'http://matrix-go-skype-bridge:8080'
# A list of extra arguments to pass to the container
matrix_go_skype_bridge_container_extra_arguments: []
# List of systemd services that matrix-go-skype-bridge.service depends on.
matrix_go_skype_bridge_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-go-skype-bridge.service wants
matrix_go_skype_bridge_systemd_wanted_services_list: []
matrix_go_skype_bridge_appservice_token: ''
matrix_go_skype_bridge_homeserver_token: ''
matrix_go_skype_bridge_appservice_bot_username: skypebridgebot
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
matrix_go_skype_bridge_federate_rooms: true
# Database-related configuration fields.
#
# To use SQLite, stick to these defaults.
#
# To use Postgres:
# - change the engine (`matrix_go_skype_bridge_database_engine: 'postgres'`)
# - adjust your database credentials via the `matrix_go_skype_bridge_database_*` variables
matrix_go_skype_bridge_database_engine: 'sqlite'
matrix_go_skype_bridge_sqlite_database_path_local: "{{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
matrix_go_skype_bridge_sqlite_database_path_in_container: "/data/go-skype-bridge.db"
matrix_go_skype_bridge_database_username: 'matrix_go_skype_bridge'
matrix_go_skype_bridge_database_password: 'some-password'
matrix_go_skype_bridge_database_hostname: 'matrix-postgres'
matrix_go_skype_bridge_database_port: 5432
matrix_go_skype_bridge_database_name: 'matrix_go_skype_bridge'
matrix_go_skype_bridge_database_connection_string: 'postgresql://{{ matrix_go_skype_bridge_database_username }}:{{ matrix_go_skype_bridge_database_password }}@{{ matrix_go_skype_bridge_database_hostname }}:{{ matrix_go_skype_bridge_database_port }}/{{ matrix_go_skype_bridge_database_name }}?sslmode=disable'
matrix_go_skype_bridge_appservice_database_type: "{{
{
'sqlite': 'sqlite3',
'postgres':'postgres',
}[matrix_go_skype_bridge_database_engine]
}}"
matrix_go_skype_bridge_appservice_database_uri: "{{
{
'sqlite': matrix_go_skype_bridge_sqlite_database_path_in_container,
'postgres': matrix_go_skype_bridge_database_connection_string,
}[matrix_go_skype_bridge_database_engine]
}}"
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth).
matrix_go_skype_bridge_login_shared_secret: ''
matrix_go_skype_bridge_bridge_login_shared_secret_map:
"{{ {matrix_go_skype_bridge_homeserver_domain: matrix_go_skype_bridge_login_shared_secret} if matrix_go_skype_bridge_login_shared_secret else {} }}"
# Servers to always allow double puppeting from
matrix_go_skype_bridge_bridge_double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain : matrix_go_skype_bridge_homeserver_address }}"
# Default go-skype-bridge configuration template which covers the generic use case.
# You can customize it by controlling the various variables inside it.
#
# For a more advanced customization, you can extend the default (see `matrix_go_skype_bridge_configuration_extension_yaml`)
# or completely replace this variable with your own template.
matrix_go_skype_bridge_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
matrix_go_skype_bridge_configuration_extension_yaml: |
# Your custom YAML configuration goes here.
# This configuration extends the default starting configuration (`matrix_go_skype_bridge_configuration_yaml`).
#
# You can override individual variables from the default configuration, or introduce new ones.
#
# If you need something more special, you can take full control by
# completely redefining `matrix_go_skype_bridge_configuration_yaml`.
matrix_go_skype_bridge_configuration_extension: "{{ matrix_go_skype_bridge_configuration_extension_yaml|from_yaml if matrix_go_skype_bridge_configuration_extension_yaml|from_yaml is mapping else {} }}"
# Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_go_skype_bridge_configuration_yaml`.
matrix_go_skype_bridge_configuration: "{{ matrix_go_skype_bridge_configuration_yaml|from_yaml|combine(matrix_go_skype_bridge_configuration_extension, recursive=True) }}"
matrix_go_skype_bridge_registration_yaml: |
id: skype
url: {{ matrix_go_skype_bridge_appservice_address }}
as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_go_skype_bridge_appservice_bot_username }}
rate_limited: false
namespaces:
users:
- regex: '^@skype-(.*):{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$'
exclusive: true
- exclusive: true
regex: '^@{{ matrix_go_skype_bridge_appservice_bot_username|regex_escape }}:{{ matrix_go_skype_bridge_homeserver_domain|regex_escape }}$'
de.sorunome.msc2409.push_ephemeral: true
matrix_go_skype_bridge_registration: "{{ matrix_go_skype_bridge_registration_yaml|from_yaml }}"
# Enable End-to-bridge encryption
matrix_go_skype_bridge_bridge_encryption_allow: false
matrix_go_skype_bridge_bridge_encryption_default: "{{ matrix_go_skype_bridge_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_go_skype_bridge_log_level: 'warn'

21
roles/matrix-bridge-go-skype-bridge/tasks/init.yml Normal file
View File

@ -0,0 +1,21 @@
---
- set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-go-skype-bridge.service'] }}"
when: matrix_go_skype_bridge_enabled|bool
# If the matrix-synapse role is not used, these variables may not exist.
- set_fact:
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments|default([])
+
["--mount type=bind,src={{ matrix_go_skype_bridge_config_path }}/registration.yaml,dst=/matrix-go-skype-bridge-registration.yaml,ro"]
}}
matrix_synapse_app_service_config_files: >
{{
matrix_synapse_app_service_config_files|default([])
+
["/matrix-go-skype-bridge-registration.yaml"]
}}
when: matrix_go_skype_bridge_enabled|bool

23
roles/matrix-bridge-go-skype-bridge/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml"
tags:
- always
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool"
tags:
- setup-all
- setup-go-skype-bridge
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
when: "run_setup|bool and matrix_go_skype_bridge_enabled|bool"
tags:
- setup-all
- setup-go-skype-bridge
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
when: "run_setup|bool and not matrix_go_skype_bridge_enabled|bool"
tags:
- setup-all
- setup-go-skype-bridge

147
roles/matrix-bridge-go-skype-bridge/tasks/setup_install.yml Normal file
View File

@ -0,0 +1,147 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed
fail:
msg: >-
The matrix-bridge-go-skype-bridge role needs to execute before the matrix-synapse role.
when: "matrix_synapse_role_executed|default(False)"
- set_fact:
matrix_go_skype_bridge_requires_restart: false
- block:
- name: Check if an SQLite database already exists
stat:
path: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
register: matrix_go_skype_bridge_sqlite_database_path_local_stat_result
- block:
- set_fact:
matrix_postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
caller: "{{ role_path|basename }}"
engine_variable_name: 'matrix_go_skype_bridge_database_engine'
engine_old: 'sqlite'
systemd_services_to_stop: ['matrix-go-skype-bridge.service']
pgloader_options: ['--with "quote identifiers"']
- import_tasks: "{{ role_path }}/../matrix-postgres/tasks/util/migrate_db_to_postgres.yml"
- set_fact:
matrix_go_skype_bridge_requires_restart: true
when: "matrix_go_skype_bridge_sqlite_database_path_local_stat_result.stat.exists|bool"
when: "matrix_go_skype_bridge_database_engine == 'postgres'"
- name: Ensure Go Skype Bridge paths exists
file:
path: "{{ item.path }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {path: "{{ matrix_go_skype_bridge_base_path }}", when: true}
- {path: "{{ matrix_go_skype_bridge_config_path }}", when: true}
- {path: "{{ matrix_go_skype_bridge_data_path }}", when: true}
- {path: "{{ matrix_go_skype_bridge_docker_src_files_path }}", when: "{{ matrix_go_skype_bridge_container_image_self_build }}"}
when: item.when|bool
- name: Ensure Go Skype Bridge image is pulled
docker_image:
name: "{{ matrix_go_skype_bridge_docker_image }}"
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
force_source: "{{ matrix_go_skype_bridge_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_docker_image_force_pull }}"
when: not matrix_go_skype_bridge_container_image_self_build
register: result
retries: "{{ matrix_container_retries_count }}"
delay: "{{ matrix_container_retries_delay }}"
until: result is not failed
- name: Ensure Go Skype Bridge repository is present on self-build
git:
repo: "{{ matrix_go_skype_bridge_container_image_self_build_repo }}"
dest: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
version: "{{ matrix_go_skype_bridge_container_image_self_build_branch }}"
force: "yes"
become: true
become_user: "{{ matrix_user_username }}"
register: matrix_go_skype_bridge_git_pull_results
when: "matrix_go_skype_bridge_container_image_self_build|bool"
- name: Ensure Go Skype Bridge Docker image is built
docker_image:
name: "{{ matrix_go_skype_bridge_docker_image }}"
source: build
force_source: "{{ matrix_go_skype_bridge_git_pull_results.changed if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_go_skype_bridge_git_pull_results.changed }}"
build:
dockerfile: Dockerfile
path: "{{ matrix_go_skype_bridge_docker_src_files_path }}"
pull: true
when: "matrix_go_skype_bridge_container_image_self_build|bool"
- name: Check if an old database file exists
stat:
path: "{{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db"
register: matrix_go_skype_bridge_stat_database
- name: Check if an old matrix state file exists
stat:
path: "{{ matrix_go_skype_bridge_base_path }}/mx-state.json"
register: matrix_go_skype_bridge_stat_mx_state
- name: (Data relocation) Ensure matrix-go-skype-bridge.service is stopped
service:
name: matrix-go-skype-bridge
state: stopped
enabled: false
daemon_reload: true
failed_when: false
when: "matrix_go_skype_bridge_stat_database.stat.exists"
- name: (Data relocation) Move go-skype-bridge database file to ./data directory
command: "mv {{ matrix_go_skype_bridge_base_path }}/go-skype-bridge.db {{ matrix_go_skype_bridge_data_path }}/go-skype-bridge.db"
when: "matrix_go_skype_bridge_stat_database.stat.exists"
- name: (Data relocation) Move go-skype-bridge mx-state file to ./data directory
command: "mv {{ matrix_go_skype_bridge_base_path }}/mx-state.json {{ matrix_go_skype_bridge_data_path }}/mx-state.json"
when: "matrix_go_skype_bridge_stat_mx_state.stat.exists"
- name: Ensure go-skype-bridge config.yaml installed
copy:
content: "{{ matrix_go_skype_bridge_configuration|to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_go_skype_bridge_config_path }}/config.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure go-skype-bridge registration.yaml installed
copy:
content: "{{ matrix_go_skype_bridge_registration|to_nice_yaml(indent=2, width=999999) }}"
dest: "{{ matrix_go_skype_bridge_config_path }}/registration.yaml"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure matrix-go-skype-bridge.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-go-skype-bridge.service.j2"
dest: "{{ matrix_systemd_path }}/matrix-go-skype-bridge.service"
mode: 0644
register: matrix_go_skype_bridge_systemd_service_result
- name: Ensure systemd reloaded after matrix-go-skype-bridge.service installation
service:
daemon_reload: true
when: "matrix_go_skype_bridge_systemd_service_result.changed"
- name: Ensure matrix-go-skype-bridge.service restarted, if necessary
service:
name: "matrix-go-skype-bridge.service"
state: restarted
when: "matrix_go_skype_bridge_requires_restart|bool"

25
roles/matrix-bridge-go-skype-bridge/tasks/setup_uninstall.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Check existence of matrix-go-skype-bridge service
stat:
path: "/etc/systemd/system/matrix-go-skype-bridge.service"
register: matrix_go_skype_bridge_service_stat
- name: Ensure matrix-go-skype-bridge is stopped
service:
name: matrix-go-skype-bridge
state: stopped
enabled: false
daemon_reload: true
when: "matrix_go_skype_bridge_service_stat.stat.exists"
- name: Ensure matrix-go-skype-bridge.service doesn't exist
file:
path: "/etc/systemd/system/matrix-go-skype-bridge.service"
state: absent
when: "matrix_go_skype_bridge_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-go-skype-bridge.service removal
service:
daemon_reload: true
when: "matrix_go_skype_bridge_service_stat.stat.exists"

10
roles/matrix-bridge-go-skype-bridge/tasks/validate_config.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Fail if required settings not defined
fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`).
when: "vars[item] == ''"
with_items:
- "matrix_go_skype_bridge_appservice_token"
- "matrix_go_skype_bridge_homeserver_token"

238
roles/matrix-bridge-go-skype-bridge/templates/config.yaml.j2 Normal file
View File

@ -0,0 +1,238 @@
#jinja2: lstrip_blocks: "True"
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
address: {{ matrix_go_skype_bridge_homeserver_address }}
# The domain of the homeserver (for MXIDs, etc).
domain: {{ matrix_go_skype_bridge_homeserver_domain }}
# If you dont know what this is, no need to modify(for parse "mention user/reply message, etc")
server_name: matrix.to
# Application service host/registration related details.
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_go_skype_bridge_appservice_address }}
# The hostname and port where this appservice should listen.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3" and "postgres" are supported.
type: {{ matrix_go_skype_bridge_appservice_database_type|to_json }}
# The database URI.
# SQLite: File name is enough. https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
uri: {{ matrix_go_skype_bridge_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision/v1
# Shared secret for authentication. If set to "disable", the provisioning API will be disabled.
shared_secret: disable
# The unique ID of this appservice.
id: skype
# Appservice bot details.
bot:
# Username of the appservice bot.
username: skypebridgebot
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: Skype bridge bot
avatar: mxc://matrix.org/kGQUDQyPiwbRXPFkjoBrPyhC
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: "{{ matrix_go_skype_bridge_appservice_token }}"
hs_token: "{{ matrix_go_skype_bridge_homeserver_token }}"
# Bridge config
bridge:
# Localpart template of MXIDs for Skype users.
# {{ '{{.}}' }} is replaced with the phone number of the Skype user.
username_template: {{ 'skype-{{.}}' }}
# Displayname template for Skype users.
# {{ '{{.Notify}}' }} - nickname set by the Skype user
# {{ '{{.Jid}}' }} - phone number (international format)
# The following variables are also available, but will cause problems on multi-user instances:
# {{ '{{.Name}}' }} - display name from contact list
# {{ '{{.Short}}' }} - short display name from contact list
# To use multiple if's, you need to use: {{ '{{else if .Name}}' }}, for example:
# "{{ '{{if .Notify}}' }}{{ '{{.Notify}}' }}{{ '{{else if .Name}}' }}{{ '{{.Name}}' }}{{ '{{else}}' }}{{ '{{.Jid}}' }}{{ '{{end}}' }} (WA)"
displayname_template: "{{ '{{if .DisplayName}}' }}{{ '{{.DisplayName}}' }}{{ '{{else}}' }}{{ '{{.PersonId}}' }}{{ '{{end}}' }} (Skype)"
# Localpart template for per-user room grouping community IDs.
# On startup, the bridge will try to create these communities, add all of the specific user's
# portals to the community, and invite the Matrix user to it.
# (Note that, by default, non-admins might not have your homeserver's permission to create
# communities.)
# {{ '{{.Localpart}}' }} is the MXID localpart and {{ '{{.Server}}' }} is the MXID server part of the user.
community_template: skype-{{ '{{.Localpart}}' }}={{ '{{.Server}}' }}
# Skype connection timeout in seconds.
connection_timeout: 20
# If Skype doesn't respond within connection_timeout, should the bridge try to fetch the message
# to see if it was actually bridged? Use this if you have problems with sends timing out but actually
# succeeding.
fetch_message_on_timeout: false
# Whether or not the bridge should send a read receipt from the bridge bot when a message has been
# sent to Skype. If fetch_message_on_timeout is enabled, a successful post-timeout fetch will
# trigger a read receipt too.
delivery_receipts: false
# Number of times to regenerate QR code when logging in.
# The regenerated QR code is sent as an edit and essentially multiplies the login timeout (20 seconds)
login_qr_regen_count: 2
# Maximum number of times to retry connecting on connection error.
max_connection_attempts: 3
# Number of seconds to wait between connection attempts.
# Negative numbers are exponential backoff: -connection_retry_delay + 1 + 2^attempts
connection_retry_delay: -1
# Whether or not the bridge should send a notice to the user's management room when it retries connecting.
# If false, it will only report when it stops retrying.
report_connection_retry: true
# Maximum number of seconds to wait for chats to be sent at startup.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
chat_list_wait: 30
# Maximum number of seconds to wait to sync portals before force unlocking message processing.
# If this is too low and you have lots of chats, it could cause backfilling to fail.
portal_sync_wait: 600
# Whether or not to send call start/end notices to Matrix.
call_notices:
start: true
end: true
# Number of chats to sync for new users.
# Since some of the obtained conversations are not the conversations that the user needs to see,
# the actual number of conversations displayed on the matrix client will be slightly less than the set value
initial_chat_sync_count: 10
# Number of old messages to fill when creating new portal rooms.
initial_history_fill_count: 20
# Whether or not notifications should be turned off while filling initial history.
# Only applicable when using double puppeting.
initial_history_disable_notifications: false
# Maximum number of chats to sync when recovering from downtime.
# Set to -1 to sync all new chats during downtime.
recovery_chat_sync_limit: -1
# Whether or not to sync history when recovering from downtime.
recovery_history_backfill: true
# Maximum number of seconds since last message in chat to skip
# syncing the chat in any case. This setting will take priority
# over both recovery_chat_sync_limit and initial_chat_sync_count.
# Default is 3 days = 259200 seconds
sync_max_chat_age: 259200
# sync contact, Non-martix-standard parameter, defaults to false
sync_contact: false
# Whether or not to sync with custom puppets to receive EDUs that
# are not normally sent to appservices.
sync_with_custom_puppets: true
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_go_skype_bridge_homeserver_domain }}": {{ matrix_go_skype_bridge_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secret for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# If set, custom puppets will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_go_skype_bridge_bridge_login_shared_secret_map|to_json }}
# Whether or not to invite own Skype user's Matrix puppet into private
# chat portals when backfilling if needed.
# This always uses the default puppet instead of custom puppets due to
# rate limits and timestamp massaging.
invite_own_puppet_for_backfilling: true
# Whether or not to explicitly set the avatar and room name for private
# chat portal rooms. This can be useful if the previous field works fine,
# but causes room avatar/name bugs.
private_chat_portal_meta: true
# Whether or not thumbnails from Skype should be sent.
# They're disabled by default due to very low resolution.
Skype_thumbnail: false
# Allow invite permission for user. User can invite any bots to room with Skype
# users (private chat and groups)
allow_user_invite: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!wa"
# End-to-bridge encryption support options. This requires login_shared_secret to be configured
# in order to get a device for the bridge bot.
#
# Additionally, https://github.com/matrix-org/synapse/pull/5758 is required if using a normal
# application service.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_go_skype_bridge_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
# It is recommended to also set private_chat_portal_meta to true when using this.
default: {{ matrix_go_skype_bridge_bridge_encryption_default|to_json }}
puppet_id:
# when set to true, the matrixid of the contact (puppet) from the bridge to the matrix will be encrypted into another string
allow: false
# 8 characters
key: '12dsf323'
# Use the username_template prefix. (Warning: At present, username_template cannot be too complicated, otherwise this function may cause unknown errors)
username_template_prefix: 'skype-'
# Permissions for using the bridge.
# Permitted values:
# relaybot - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Skype account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions:
"{{ matrix_go_skype_bridge_homeserver_domain }}": user
relaybot:
# Whether or not relaybot support is enabled.
enabled: false
# The management room for the bot. This is where all status notifications are posted and
# in this room, you can use `!wa <command>` instead of `!wa relaybot <command>`. Omitting
# the command prefix completely like in user management rooms is not possible.
management: '!foo:example.com'
# List of users to invite to all created rooms that include the relaybot.
invites: []
# The formats to use when sending messages to Skype via the relaybot.
message_formats:
m.text: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.notice: "<b>{{ '{{ .Sender.Displayname }}' }}</b>:: {{ '{{ .Message }}' }}"
m.emote: "* <b>{{ '{{ .Sender.Displayname }}' }}</b>: {{ '{{ .Message }}' }}"
m.file: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a file"
m.image: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an image"
m.audio: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent an audio file"
m.video: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a video"
m.location: "<b>{{ '{{ .Sender.Displayname }}' }}</b>: sent a location"
# Logging config.
logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
# empy/null = journal logging only
file_name_format:
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
file_mode: 0600
# Timestamp format for log entries in the Go time format.
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: {{ matrix_go_skype_bridge_log_level }}

43
roles/matrix-bridge-go-skype-bridge/templates/systemd/matrix-go-skype-bridge.service.j2 Normal file
View File

@ -0,0 +1,43 @@
#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix Go Skype Bridge bridge
{% for service in matrix_go_skype_bridge_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_go_skype_bridge_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
DefaultDependencies=no
[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
ExecStartPre={{ matrix_host_command_sleep }} 5
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-go-skype-bridge \
--log-driver=none \
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
--cap-drop=ALL \
--network={{ matrix_docker_network }} \
-v {{ matrix_go_skype_bridge_config_path }}:/config:z \
-v {{ matrix_go_skype_bridge_data_path }}:/data:z \
--workdir=/data \
{% for arg in matrix_go_skype_bridge_container_extra_arguments %}
{{ arg }} \
{% endfor %}
{{ matrix_go_skype_bridge_docker_image }} \
/usr/bin/matrix-skype -c /config/config.yaml -r /config/registration.yaml
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-go-skype-bridge 2>/dev/null || true'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-go-skype-bridge 2>/dev/null || true'
Restart=always
RestartSec=30
SyslogIdentifier=matrix-go-skype-bridge
[Install]
WantedBy=multi-user.target

2
roles/matrix-bridge-hookshot/defaults/main.yml
View File

@ -10,7 +10,7 @@ matrix_hookshot_container_image_self_build: false
matrix_hookshot_container_image_self_build_repo: "https://github.com/matrix-org/matrix-hookshot.git"
matrix_hookshot_container_image_self_build_branch: "{{ 'main' if matrix_hookshot_version == 'latest' else matrix_hookshot_version }}"
matrix_hookshot_version: 1.7.0
matrix_hookshot_version: 1.7.3
matrix_hookshot_docker_image: "{{ matrix_hookshot_docker_image_name_prefix }}halfshot/matrix-hookshot:{{ matrix_hookshot_version }}"
matrix_hookshot_docker_image_name_prefix: "{{ 'localhost/' if matrix_hookshot_container_image_self_build else matrix_container_global_registry_prefix }}"

4
roles/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -118,6 +118,8 @@ matrix_mautrix_telegram_configuration_extension: "{{ matrix_mautrix_telegram_con
# You most likely don't need to touch this variable. Instead, see `matrix_mautrix_telegram_configuration_yaml`.
matrix_mautrix_telegram_configuration: "{{ matrix_mautrix_telegram_configuration_yaml|from_yaml|combine(matrix_mautrix_telegram_configuration_extension, recursive=True) }}"
matrix_mautrix_telegram_sender_localpart: "telegrambot"
matrix_mautrix_telegram_registration_yaml: |
id: telegram
as_token: "{{ matrix_mautrix_telegram_appservice_token }}"
@ -131,11 +133,11 @@ matrix_mautrix_telegram_registration_yaml: |
aliases:
- exclusive: true
regex: '^#telegram_.+:{{ matrix_mautrix_telegram_homeserver_domain|regex_escape }}$'
# See https://github.com/mautrix/signal/issues/43
sender_localpart: _bot_{{ matrix_mautrix_telegram_appservice_bot_username }}
url: {{ matrix_mautrix_telegram_appservice_address }}
rate_limited: false
de.sorunome.msc2409.push_ephemeral: true
# sender_localpart: "bridges_{{ matrix_mautrix_telegram_sender_localpart }}"
matrix_mautrix_telegram_registration: "{{ matrix_mautrix_telegram_registration_yaml|from_yaml }}"

6
roles/matrix-bridge-mautrix-whatsapp/defaults/main.yml
View File

@ -8,7 +8,7 @@ matrix_mautrix_whatsapp_container_image_self_build: false
matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautrix/whatsapp.git"
matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_version: v0.4.0
matrix_mautrix_whatsapp_version: v0.5.0
# See: https://mau.dev/mautrix/whatsapp/container_registry
matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
matrix_mautrix_whatsapp_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_whatsapp_container_image_self_build else 'dock.mau.dev/' }}"
@ -128,3 +128,7 @@ matrix_mautrix_whatsapp_registration: "{{ matrix_mautrix_whatsapp_registration_y
matrix_mautrix_whatsapp_bridge_encryption_allow: false
matrix_mautrix_whatsapp_bridge_encryption_default: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
matrix_mautrix_whatsapp_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_whatsapp_bridge_encryption_allow }}"
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_whatsapp_log_level: 'warn'

5
roles/matrix-bridge-mautrix-whatsapp/templates/config.yaml.j2
View File

@ -211,7 +211,8 @@ logging:
# The directory for log files. Will be created if not found.
directory: ./logs
# Available variables: .Date for the file date and .Index for different log files on the same day.
file_name_format: "{{ '{{.Date}}-{{.Index}}.log' }}"
# empy/null = journal logging only
file_name_format:
# Date format for file names in the Go time format: https://golang.org/pkg/time/#pkg-constants
file_date_format: "2006-01-02"
# Log file permissions.
@ -220,4 +221,4 @@ logging:
timestamp_format: "Jan _2, 2006 15:04:05"
# Minimum severity for log messages.
# Options: debug, info, warn, error, fatal
print_level: debug
print_level: {{ matrix_mautrix_whatsapp_log_level }}

8
roles/matrix-bridge-mx-puppet-discord/templates/config.yaml.j2
View File

@ -25,7 +25,7 @@ presence:
# Bridge Discord online/offline status
enabled: true
# How often to send status to the homeserver in milliseconds
interval: 500
interval: 10000
provisioning:
# Regex of Matrix IDs allowed to use the puppet bridge
@ -70,7 +70,7 @@ namePatterns:
#
# name: username of the user
# discriminator: hashtag of the user (ex. #1234)
user: :name
user: ":name (#:discriminator) (via Discord)"
# A user's guild-specific displayname - if they've set a custom nick in
# a guild
@ -82,7 +82,7 @@ namePatterns:
# displayname: the user's custom group-specific nick
# channel: the name of the channel
# guild: the name of the guild
userOverride: :name
userOverride: ":displayname (:name#:discriminator) (via Discord)"
# Room names for bridged Discord channels
#
@ -90,7 +90,7 @@ namePatterns:
#
# name: name of the channel
# guild: name of the guild
room: :name
room: "#:name (:guild on Discord)"
# Group names for bridged Discord servers
#

2
roles/matrix-client-element/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/vecto
# - https://github.com/vector-im/element-web/issues/19544
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
matrix_client_element_version: v1.10.13
matrix_client_element_version: v1.10.15
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_client_element_docker_image_force_pull: "{{ matrix_client_element_docker_image.endswith(':latest') }}"

BIN
roles/matrix-client-element/files/antifa_coffee_cups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 188 KiB

BIN
roles/matrix-client-element/files/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 MiB

BIN
roles/matrix-client-element/files/background_small.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 747 KiB

12
roles/matrix-client-element/tasks/setup_install.yml
View File

@ -82,6 +82,18 @@
- {src: "{{ matrix_client_element_embedded_pages_home_path }}", name: "home.html"}
when: "item.src is not none"
- name: Copy Element costum files
copy:
src: "{{ item.src }}"
dest: "{{ matrix_client_element_data_path }}/{{ item.name }}"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- {src: "{{ role_path }}/files/background.jpg", name: "background.jpg"}
- {src: "{{ role_path }}/files/antifa_coffee_cups.png", name: "logo.png"}
when: "matrix_client_element_enabled|bool and item.src is not none"
- name: Ensure Element config files removed
file:
path: "{{ matrix_client_element_data_path }}/{{ item.name }}"

2
roles/matrix-client-element/templates/welcome.html.j2
View File

@ -33,7 +33,7 @@ h1::after {
}
.mx_Logo {
height: 54px;
height: 92px;
margin-top: 2px;
}

2
roles/matrix-corporal/defaults/main.yml
View File

@ -23,7 +23,7 @@ matrix_corporal_container_extra_arguments: []
# List of systemd services that matrix-corporal.service depends on
matrix_corporal_systemd_required_services_list: ['docker.service']
matrix_corporal_version: 2.2.3
matrix_corporal_version: 2.3.0
matrix_corporal_docker_image: "{{ matrix_corporal_docker_image_name_prefix }}devture/matrix-corporal:{{ matrix_corporal_docker_image_tag }}"
matrix_corporal_docker_image_name_prefix: "{{ 'localhost/' if matrix_corporal_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_corporal_docker_image_tag: "{{ matrix_corporal_version }}" # for backward-compatibility

BIN
roles/matrix-riot-web/files/antifa_coffee_cups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 188 KiB

BIN
roles/matrix-riot-web/files/background.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 MiB

13
roles/matrix-synapse/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/s
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
matrix_synapse_version: v1.60.0
matrix_synapse_version: v1.61.0
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
@ -86,6 +86,14 @@ matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_max_upload_size_mb: 50
# Controls whether local media should be removed under certain conditions, typically for the purpose of saving space.
# should be empty to disable
matrix_synapse_media_retention_local_media_lifetime:
# Controls whether remote media cache (media that is downloaded from other homeservers)
# should be removed under certain conditions, typically for the purpose of saving space.
# should be empty to disable
matrix_synapse_media_retention_remote_media_lifetime:
# The tmpfs at /tmp needs to be large enough to handle multiple concurrent file uploads.
matrix_synapse_tmp_directory_size_mb: "{{ matrix_synapse_max_upload_size_mb * 50 }}"
@ -215,9 +223,6 @@ matrix_synapse_recaptcha_private_key: ''
# Disabling this option will not delete any tokens previously generated.
matrix_synapse_registration_requires_token: false
# Allows non-server-admin users to create groups on this server
matrix_synapse_enable_group_creation: false
# A list of 3PID types which users must supply when registering (possible values: email, msisdn).
matrix_synapse_registrations_require_3pid: []

2
roles/matrix-synapse/tasks/synapse/workers/init.yml
View File

@ -19,7 +19,7 @@
worker:
type: 'federation_sender'
instanceId: "{{ item }}"
port: 0
port: "{{ item }}"
metrics_port: "{{ matrix_synapse_workers_federation_sender_workers_metrics_range_start + item }}"
register: "matrix_synapse_workers_list_results_federation_sender_workers"
loop: "{{ range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list }}"

3
roles/matrix-synapse/tasks/validate_config.yml
View File

@ -31,7 +31,7 @@
when: "vars[item]|int > 1"
with_items:
- "matrix_synapse_workers_pusher_workers_count"
- "matrix_synapse_workers_federation_sender_workers_count"
# - "matrix_synapse_workers_federation_sender_workers_count"
- name: (Deprecation) Catch and report renamed settings
fail:
@ -60,6 +60,7 @@
- {'old': 'matrix_synapse_trusted_third_party_id_servers', 'new': '<deprecated in Synapse v0.99.4 and removed in Synapse v1.19.0>'}
- {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'}
- {'old': 'matrix_synapse_version_arm64', 'new': '<superseded by matrix_synapse_version - see https://github.com/matrix-org/synapse/pull/11810>'}
- {'old': 'matrix_synapse_enable_group_creation', 'new': '<removed in Synapse v1.61.0 - use the new Spaces feature instead>'}
- name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
fail:

31
roles/matrix-synapse/templates/synapse/homeserver.yaml.j2
View File

@ -1048,6 +1048,14 @@ media_store_path: "/matrix-media-store-parent/{{ matrix_synapse_media_store_dire
#
max_upload_size: "{{ matrix_synapse_max_upload_size_mb }}M"
media_retention:
{% if matrix_synapse_media_retention_local_media_lifetime %}
local_media_lifetime: {{ matrix_synapse_media_retention_local_media_lifetime|to_json }}
{% endif %}
{% if matrix_synapse_media_retention_remote_media_lifetime %}
remote_media_lifetime: {{ matrix_synapse_media_retention_remote_media_lifetime|to_json }}
{% endif %}
# Maximum number of pixels that will be thumbnailed
#
#max_image_pixels: 32M
@ -2600,16 +2608,6 @@ spam_checker: {{ matrix_synapse_spam_checker|to_json }}
encryption_enabled_by_default_for_room_type: {{ matrix_synapse_encryption_enabled_by_default_for_room_type|to_json }}
# Uncomment to allow non-server-admin users to create groups on this server
#
enable_group_creation: {{ matrix_synapse_enable_group_creation|to_json }}
# If enabled, non server admins can only create groups with local parts
# starting with this prefix
#
#group_creation_prefix: "unofficial_"
# User Directory configuration
#
@ -2855,7 +2853,9 @@ opentracing:
# Disables sending of outbound federation transactions on the main process.
# Uncomment if using a federation sender worker.
#
#send_federation: false
{% if matrix_synapse_workers_federation_sender_workers_count|int > 0 %}
send_federation: false
{% endif %}
# It is possible to run multiple federation sender workers, in which case the
# work is balanced across them.
@ -2865,8 +2865,13 @@ opentracing:
# started, to ensure that all instances are running with the same config (otherwise
# events may be dropped).
#
#federation_sender_instances:
# - federation_sender1
{% if matrix_synapse_workers_federation_sender_workers_count != 0%}
federation_sender_instances:
{% for i in range(0, matrix_synapse_workers_federation_sender_workers_count|int)|list %}
# -dd federation_sender1
- federation_sender:{{ i | int }}
{% endfor %}
{% endif %}
# When using workers this should be a map from `worker_name` to the
# HTTP replication listener of the worker, if configured.

53
roles/matrix-synapse/vars/workers.yml
View File

@ -29,9 +29,8 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/federation/v1/event_auth/
- ^/_matrix/federation/v1/exchange_third_party_invite/
- ^/_matrix/federation/v1/user/devices/
- ^/_matrix/federation/v1/get_groups_publicised$
- ^/_matrix/key/v2/query
- ^/_matrix/federation/(v1|unstable/org.matrix.msc2946)/hierarchy/
- ^/_matrix/federation/v1/hierarchy/
# Inbound federation transaction request
- ^/_matrix/federation/v1/send/
@ -43,15 +42,14 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$
- ^/_matrix/client/(v1|unstable/org.matrix.msc2946)/rooms/.*/hierarchy$
- ^/_matrix/client/v1/rooms/.*/hierarchy$
- ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$
- ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$
- ^/_matrix/client/(r0|v3|unstable)/account/3pid$
- ^/_matrix/client/(r0|v3|unstable)/account/whoami$
- ^/_matrix/client/(r0|v3|unstable)/devices$
- ^/_matrix/client/versions$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
- ^/_matrix/client/(r0|v3|unstable)/joined_groups$
- ^/_matrix/client/(r0|v3|unstable)/publicised_groups$
- ^/_matrix/client/(r0|v3|unstable)/publicised_groups/
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
- ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$
- ^/_matrix/client/(api/v1|r0|v3|unstable)/search$
@ -75,31 +73,27 @@ matrix_synapse_workers_generic_worker_endpoints:
- ^/_matrix/client/(api/v1|r0|v3|unstable)/join/
- ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/
# These appear to be conditional and should not be enabled by default.
# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them.
# For now, they've been commented out manually.
#
# # Device requests
# - ^/_matrix/client/(r0|v3|unstable)/sendToDevice/
# # Account data requests
# - ^/_matrix/client/(r0|v3|unstable)/.*/tags
# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data
# # Receipts requests
# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
# # Presence requests
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
# These appear to be conditional and should not be enabled by default.
# We need to fix up our workers-doc-to-yaml.awk parsing script to exclude them.
# For now, they've been commented out manually.
# # Account data requests
# - ^/_matrix/client/(r0|v3|unstable)/.*/tags
# - ^/_matrix/client/(r0|v3|unstable)/.*/account_data
#
# # Receipts requests
# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
# - ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
#
# # Presence requests
# - ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
# User directory search requests
- ^/_matrix/client/(r0|v3|unstable)/user_directory/search$
# Additionally, the following REST endpoints can be handled for GET requests:
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
# ^/_matrix/federation/v1/groups/
# ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
# ^/_matrix/client/(r0|v3|unstable)/groups/
# Pagination requests can also be handled, but all requests for a given
# room must be routed to the same instance. Additionally, care must be taken to
@ -301,6 +295,15 @@ matrix_synapse_workers_generic_worker_endpoints:
# This work cannot be load-balanced; please ensure the main process is restarted
# after setting this option in the shared configuration!
# User directory updates allow REST endpoints matching the following regular
# expressions to work:
# FIXME: ADDITIONAL CONDITIONS REQUIRED: to be enabled manually
# ^/_matrix/client/(r0|v3|unstable)/user_directory/search$
# The above endpoints can be routed to any worker, though you may choose to route
# it to the chosen user directory worker.
# This style of configuration supersedes the legacy `synapse.app.user_dir`
# worker application type.

36
setup.yml
View File

@ -7,9 +7,10 @@
- roles/matrix-synapse/vars/workers.yml
roles:
# - matrix-awx
- matrix-base
- matrix-dynamic-dns
- matrix-mailer
# - matrix-dynamic-dns
# - matrix-mailer
- matrix-postgres
- matrix-redis
- matrix-corporal
@ -18,6 +19,7 @@
- matrix-bridge-appservice-webhooks
- matrix-bridge-appservice-irc
- matrix-bridge-beeper-linkedin
- matrix-bridge-go-skype-bridge
- matrix-bridge-mautrix-facebook
- matrix-bridge-mautrix-twitter
- matrix-bridge-mautrix-hangouts
@ -65,3 +67,33 @@
- matrix-prometheus-postgres-exporter
- matrix-backup-borg
- matrix-common-after
tasks:
- name: Ensure web-user is present
user:
name: "{{ web_user }}"
state: present
system: yes
register: web_user_res
tags: [ setup-caddy, setup-all, start ]
- name: Ensure directory for revproxy config is present
file:
path: "{{ revproxy_autoload_dir }}/matrix"
state: directory
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0750
tags: [ setup-caddy, setup-all, start ]
- name: Template reverse proxy configuration
template:
src: Caddyfile.j2
dest: "{{ revproxy_autoload_dir }}/matrix/Caddyfile"
owner: "{{ web_user_res.uid }}"
group: "{{ web_user_res.group }}"
mode: 0640
tags: [ setup-caddy, setup-all, start ]
- name: Restart reverse proxy
docker_container:
name: web
state: started
restart: yes

110
templates/Caddyfile.j2 Normal file
View File

@ -0,0 +1,110 @@
https://{{ matrix_server_fqn_matrix }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000;"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
}
basicauth /metrics/* bcrypt monitoring {
monitoring JDJhJDE0JGdQRlNHVFpSQmRiaWlPem9LdXlkS09HN2E3LklZS05YZmtXTEY1NlFXbkMxd3hBUmwwbVZl
}
route /metrics/synapse {
uri replace /metrics/synapse /_synapse/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/appservice {
uri replace /metrics/synapse/worker/appservice /_synapse-worker-appservice-0/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-0 {
uri replace /metrics/synapse/worker/federation-sender-0 /_synapse-worker-federation_sender-0/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-1 {
uri replace /metrics/synapse/worker/federation-sender-1 /_synapse-worker-federation_sender-1/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/federation-sender-2 {
uri replace /metrics/synapse/worker/federation-sender-2 /_synapse-worker-federation_sender-2/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-0 {
uri replace /metrics/synapse/worker/generic-0 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start)|int}}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/generic-1 {
uri replace /metrics/synapse/worker/generic-1 /_synapse-worker-generic_worker-{{ (matrix_synapse_workers_generic_workers_port_range_start + 1)|int}}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-0 {
uri replace /metrics/synapse/worker/media-0 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start)|int }}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/synapse/worker/media-1 {
uri replace /metrics/synapse/worker/media-1 /_synapse-worker-media_repository-{{ (matrix_synapse_workers_media_repository_workers_port_range_start + 1)|int }}/metrics
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
route /metrics/bridge/* {
uri strip_prefix /metrics/bridge
route /mautrix-telegram {
uri replace /mautrix-telegram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
}
route /mautrix-whatsapp {
uri replace /mautrix-whatsapp /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
}
route /mautrix-signal {
uri replace /mautrix-signal /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-instagram {
uri replace /mx-puppet-instagram /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-discord {
uri replace /mx-puppet-discord /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-skype {
uri replace /mx-puppet-skype /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
}
route /mx-puppet-slack {
uri replace /mx-puppet-slack /metrics
reverse_proxy http://127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
}
}
reverse_proxy /_matrix/federation/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
reverse_proxy /_matrix/key/* http://{{ matrix_nginx_proxy_container_federation_host_bind_port }}
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_server_fqn_dimension }} {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_server_fqn_element }} {
tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
encode zstd gzip
reverse_proxy * http://{{ matrix_nginx_proxy_container_http_host_bind_port }}
}
https://{{ matrix_domain }}/.well-known/matrix/* {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
route {
uri strip_prefix /.well-known/matrix
root * /matrix_static
file_server
}
header {
Content-Type "application/json"
X-Content-Type-Options "nosniff"
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
}
}