finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: finallycoffee:f40fff587f009a08327f1d14f72a5a48126c6e97
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram
..
compare: finallycoffee:4af024e8d2c231fc9aebc8cd3aa67307ac9d26c7
Branches Tags
finallycoffee:master
finallycoffee:transcaffeine/patch-dumb-design-choices
finallycoffee:feat-mx-puppet-instagram

2 Commits
f40fff587f ... 4af024e8d2

Author SHA1 Message Date
transcaffeine
4af024e8d2
meta: move inventory structure to be more usable 2024-09-16 20:45:37 +02:00
jdreichmann
a74d6d3831
meta: add own inventory, add vault-unlock with GPG 2024-09-16 20:41:33 +02:00
127 changed files with 1451 additions and 2257 deletions
Show Stats Expand all files Collapse all files

44
CHANGELOG.md
View File

@ -1,19 +1,3 @@
# 2024-09-27
## (BC Break) Postgres & Traefik roles have been relocated and variable names need adjustments
Various roles have been relocated from the [devture](https://github.com/devture) organization to the [mother-of-all-self-hosting](https://github.com/mother-of-all-self-hosting) organization.
Along with the relocation, the `devture_` prefix was dropped from their variable names, so you need to adjust your `vars.yml` configuration.
You need to do the following replacements:
- `devture_postgres_` -> `postgres_`
- `devture_traefik_` -> `traefik_`
As always, the playbook would let you know about this and point out any variables you may have missed.
# 2024-09-12
## Support for baibot
@ -134,7 +118,7 @@ If you're using the playbook's Traefik instance to reverse-proxy to some other s
If you've tweaked any of this playbook's `_path_prefix` variables and made them use a regular expression, you will now need to make additional adjustments. The playbook makes extensive use of `PathPrefix()` matchers in Traefik rules and `PathPrefix` does not support regular expressions anymore. To work around it, you may now need to override a whole `_traefik_rule` variable and switch it from [`PathPrefix` to `PathRegexp`](https://doc.traefik.io/traefik/routing/routers/#path-pathprefix-and-pathregexp).
If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
If you're not using [matrix-media-repo](./docs/configuring-playbook-matrix-media-repo.md) (the only role we had to tweak to adapt it to Traefik v3), you **may potentially downgrade to Traefik v2** (if necessary) by adding `devture_traefik_verison: v2.11.4` to your configuration. People using `matrix-media-repo` cannot downgrade this way, because `matrix-media-repo` has been adjusted to use `PathRegexp` - a [routing matcher](https://doc.traefik.io/traefik/v2.11/routing/routers/#rule) that Traefik v2 does not understand.
### HTTP/3 is enabled by default
@ -151,7 +135,7 @@ Still, if HTTP/3 cannot function correctly in your setup, it's best to disable a
To **disable HTTP/3**, you can use the following configuration:
```yml
traefik_config_entrypoint_web_secure_http3_enabled: false
devture_traefik_config_entrypoint_web_secure_http3_enabled: false
# Disabling HTTP/3 for the web-secure entrypoint (above),
# automatically disables it for the Matrix Federation entrypoint as well,
@ -473,9 +457,9 @@ Because [Traefik has an extra job now](#traefik-now-has-an-extra-job), you need
### People fronting Traefik with another reverse proxy need to do minor changes
We've already previously mentioned that you need to do some minor [configuration changes related to `traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
We've already previously mentioned that you need to do some minor [configuration changes related to `devture_traefik_additional_entrypoints_auto`](#backward-compatibility-configuration-changes-required-for-people-fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy).
If you don't do these changes (switching from `traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job).
If you don't do these changes (switching from `devture_traefik_additional_entrypoints_auto` to multiple other variables), your Traefik setup will not automatically receive the new `matrix-internal-matrix-client-api` Traefik entrypoint and Traefik would not be able to perform [its new duty of connecting addons with the homeserver](#traefik-now-has-an-extra-job).
### Supported reverse proxy types are now fewer
@ -588,17 +572,17 @@ I don't actively use all the ~100 components offered by the playbook (no one doe
If you're on the default setup (using the Traefik reverse-proxy as installed by the playbook), you don't need to do anything.
People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `traefik_additional_entrypoints_auto` in their `vars.yml` configuration.
People who are [Fronting the integrated Traefik reverse-proxy webserver with another reverse-proxy](./docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy), as per our previous instructions are redefining `devture_traefik_additional_entrypoints_auto` in their `vars.yml` configuration.
Such a full variable redefinion is intrustive, because it prevents the playbook from injecting additional entrypoints into the Traefik webserver. In the future, the playbook may have a need to do so.
For this reason, we no longer recommend completely redefining `traefik_additional_entrypoints_auto`.
The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `traefik_additional_entrypoints_auto`.
For this reason, we no longer recommend completely redefining `devture_traefik_additional_entrypoints_auto`.
The playbook now defines [various `matrix_playbook_public_matrix_federation_api_traefik_entrypoint_*` variables in the `defaults/main.yml` file](https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/custom/matrix-base/defaults/main.yml) of the `matrix-base` role which can be used as a safer alternative to `devture_traefik_additional_entrypoints_auto`.
Adapt your configuration as seen below:
```diff
-traefik_additional_entrypoints_auto:
-devture_traefik_additional_entrypoints_auto:
- - name: matrix-federation
- port: 8449
- host_bind_port: '127.0.0.1:8449'
@ -727,7 +711,7 @@ From now on, the [Postgres Ansible role](https://github.com/devture/com.devture.
Our [Tuning PostgreSQL](docs/maintenance-postgres.md#tuning-postgresql) documentation page has details about how you can turn auto-tuning off or adjust the automatically-determined Postgres configuration parameters manually.
People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `postgres_process_extra_arguments`). There's a new variable (`postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers.
People who [enable load-balancing with Synapse workers](docs/configuring-playbook-synapse.md#load-balancing-with-workers) no longer need to increase the maximum number of Postgres connections manually (previously done via `devture_postgres_process_extra_arguments`). There's a new variable (`devture_postgres_max_connections`) for controlling this number and the playbook automatically raises its value from `200` to `500` for setups which enable workers.
# 2023-08-31
@ -1086,7 +1070,7 @@ Unless we have some regression, **existing `matrix-nginx-proxy` users should be
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
```
You may still need to keep certain old `matrix_nginx_proxy_*` variables (like `matrix_nginx_proxy_base_domain_serving_enabled`), even when using Traefik. For now, we recommend keeping all `matrix_nginx_proxy_*` variables just in case. In the future, reliance on `matrix-nginx-proxy` will be removed.
@ -1113,7 +1097,7 @@ As mentioned above, Traefik still reverse-proxies to some (most) services by goi
As Traefik support becomes complete and proves to be stable for a while, especially as a playbook default, we will **most likely remove `matrix-nginx-proxy` completely**. It will likely be some months before this happens though. Keeping support for both Traefik and nginx in the playbook will be a burden, especially with most of us running Traefik in the future. The Traefik role should do everything nginx does in a better and cleaner way. Users who use their own `nginx` server on the Matrix server will be inconvenienced, as nothing will generate ready-to-include nginx configuration for them. Still, we hope it won't be too hard to migrate their setup to another way of doing things, like:
- not using nginx anymore. A common reason for using nginx until now was that you were running other containers and you need your own nginx to reverse-proxy to all of them. Just switch them to Traefik as well.
- running Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`).
- running Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and using some nginx configuration which reverse-proxies to Traefik (we should introduce examples for this in `examples/nginx`).
### How do I help?
@ -1123,7 +1107,7 @@ You can help by:
- **adding native Traefik support to a role** (requires adding Traefik labels, etc.) - for inspiration, see these roles ([prometheus_node_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter), [prometheus_postgres_exporter](https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter)) and how they're hooked into the playbook via [group_vars/matrix_servers](group_vars/matrix_servers).
- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server
- **adding reverse-proxying examples for nginx users** in `examples/nginx`. People who insist on using their own `nginx` server on the same Matrix host, can run Traefik in local-only mode (`devture_traefik_config_entrypoint_web_secure_enabled: false`) and reverse-proxy to the Traefik server
# 2023-02-10
@ -1248,14 +1232,14 @@ See our [Setting up matrix-bot-chatgpt](docs/configuring-playbook-bot-chatgpt.md
Just like we've [replaced Postgres with an external role](#matrix-postgres-has-been-replaced-by-the-comdevtureansiblerolepostgres-external-role) on 2022-11-28, we're now replacing `matrix-postgres-backup` with an external role - [com.devture.ansible.role.postgres_backup](https://github.com/devture/com.devture.ansible.role.postgres_backup).
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `postgres_backup` prefix.
You'll need to rename your `matrix_postgres_backup`-prefixed variables such that they use a `devture_postgres_backup` prefix.
# 2022-11-28
## matrix-postgres has been replaced by the com.devture.ansible.role.postgres external role
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
**TLDR**: the tasks that install the integrated Postgres server now live in an external role - [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres). You'll need to run `make roles` to install it, and to also rename your `matrix_postgres`-prefixed variables to use a `devture_postgres` prefix (e.g. `matrix_postgres_connection_password` -> `devture_postgres_connection_password`). All your data will still be there! Some scripts have moved (`/usr/local/bin/matrix-postgres-cli` -> `/matrix/postgres/bin/cli`).
The `matrix-postgres` role that has been part of the playbook for a long time has been replaced with the [com.devture.ansible.role.postgres](https://github.com/devture/com.devture.ansible.role.postgres) role. This was done as part of our work to [use external roles for some things](#the-playbook-now-uses-external-roles-for-some-things) for better code re-use and maintainability.

26
docs/configuring-playbook-bot-baibot.md
View File

@ -154,11 +154,6 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: "YO
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Anthropic agent.
# matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# See `defaults/main.yml` in the baibot role for more configuration options.
```
@ -181,11 +176,6 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_api_key: "YOUR_AP
# Specify the text-generation agent you'd like to use
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: "llama3-70b-8192"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Groq agent.
# matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these speech-to-text defaults:
#
# matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_enabled: true
@ -212,11 +202,6 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: true
matrix_bot_baibot_config_agents_static_definitions_mistral_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the Mistral agent.
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# Uncomment and adjust if you're not happy with these defaults:
# matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
@ -243,13 +228,8 @@ matrix_bot_baibot_config_agents_static_definitions_openai_enabled: true
matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: "YOUR_API_KEY_HERE"
# The playbook defines a default prompt for all statically-defined agents.
# You can adjust it in the `matrix_bot_baibot_config_agents_static_definitions_prompt` variable,
# or you can adjust it below only for the OpenAI agent.
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
# If you'd like to use another text-generation agent, uncomment and adjust:
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06
# matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# See `defaults/main.yml` in the baibot role for more configuration options.
```
@ -293,7 +273,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: "YOUR_API_KEY_HERE"
text_generation:
model_id: gpt-3.5-turbo-0125
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
prompt: You are a brief, but helpful bot.
temperature: 1.0
max_response_tokens: 4096
max_context_tokens: 16385
@ -310,7 +290,7 @@ matrix_bot_baibot_config_agents_static_definitions_custom:
api_key: ""
text_generation:
model_id: "llama3.1:8b"
prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
prompt: "You are an assistant based on the Llama3.1:8b model. Be brief in your responses."
temperature: 1.0
max_response_tokens: 4096
max_context_tokens: 128000

70
docs/configuring-playbook-bot-draupnir.md
View File

@ -123,75 +123,7 @@ ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
## Usage
You can refer to the upstream [documentation](https://the-draupnir-project.github.io/draupnir-documentation/) for additional ways to use and configure Draupnir and for a more detailed usage guide.
Below is a **non-exhaustive quick-start guide** for the impatient.
### Making Draupnir join and protect a room
Draupnir can be told to self-join public rooms, but it's better to follow this flow which works well for all kinds of rooms:
1. Invite the bot to the room manually ([inviting Draupnir to rooms](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#inviting-draupnir-to-rooms)). Before joining, the bot *may* ask for confirmation in the Management Room
2. [Give the bot permissions to do its job](#giving-draupnir-permissions-to-do-its-job)
3. Tell it to protect the room (using the [rooms command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#using-the-draupnir-rooms-command)) by sending the following command to the Management Room: `!draupnir rooms add !ROOM_ID:DOMAIN`
To have Draupnir provide useful room protection, you need do to a bit more work (at least the first time around).
You may wish to [Subscribe to a public policy list](#subscribing-to-a-public-policy-list), [Create your own own policy and rules](#creating-your-own-policy-lists-and-rules) and [Enabling built-in protections](#enabling-built-in-protections).
### Giving Draupnir permissions to do its job
For Draupnir to do its job, you need to [give it permissions](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-protected-rooms#giving-draupnir-permissions) in rooms it's protecting. This involves **giving it an Administrator power level**.
**We recommend setting this power level as soon as the bot joins your room** (and before you create new rules), so that it can apply rules as soon as they are available. If the bot is under-privileged, it may fail to apply protections and may not retry for a while (or until your restart it).
### Subscribing to a public policy list
We recommend **subscribing to a public [policy list](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists)** using the [watch command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-watch-command-to-subscribe-to-policy-rooms).
Polcy lists are maintained in Matrix rooms. A popular policy list is maintained in the public `#community-moderation-effort-bl:neko.dev` room.
You can tell Draupnir to subscribe to it by sending the following command to the Management Room: `!draupnir watch #community-moderation-effort-bl:neko.dev`
#### Creating your own policy lists and rules
We also recommend **creating your own policy lists** with the [list create](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-policy-lists#using-draupnirs-list-create-command-to-create-a-policy-room) command.
You can do so by sending the following command to the Management Room: `!draupnir list create my-bans my-bans-bl`. This will create a policy list having a name (shortcode) of `my-bans` and stored in a public `#my-bans-bl:DOMAIN` room on your server. As soon as you run this command, the bot will invite you to the policy list room.
A policy list does nothing by itself, so the next step is **adding some rules to your policy list**. Policies target a so-called `entity` (one of: `user`, `room` or `server`). These entities are mentioned on the [policy lists](https://the-draupnir-project.github.io/draupnir-documentation/concepts/policy-lists) documentation page and in the Matrix Spec [here](https://spec.matrix.org/v1.11/client-server-api/#mban-recommendation).
The simplest and most useful entity to target is `user`. Below are a few examples using the [ban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-ban-command) and targeting users.
To create rules, you run commands in the Management Room (**not** in the policy list room).
- (ban a single user on a given homeserver): `!draupnir ban @someone:example.com my-bans Rude to others`
- (ban all users on a given homeserver by using a [wildcard](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#wildcards)): `!draupnir ban @*:example.org my-bans Spam server - all users are fake`
As a result of running these commands, you may observe:
- Draupnir creating `m.policy.rule.user` state events in the `#my-bans-bl:DOMAIN` room on your server
- applying these rules against all rooms that Draupnir is an Administrator in
You can undo bans with the [unban command](https://the-draupnir-project.github.io/draupnir-documentation/moderator/managing-users#the-unban-command).
### Enabling built-in protections
You can also **turn on various built-in [protections](https://the-draupnir-project.github.io/draupnir-documentation/protections)** like `JoinWaveShortCircuit` ("If X amount of users join in Y time, set the room to invite-only").
To **see which protections are available and which are enabled**, send a `!draupnir protections` command to the Management Room.
To **see the configuration options for a given protection**, send a `!draupnir config get PROTECTION_NAME` (e.g. `!draupnir config get JoinWaveShortCircuit`).
To **set a specific option for a given protection**, send a command like this: `!draupnir config set PROTECTION_NAME.OPTION VALUE` (e.g. `!draupnir config set JoinWaveShortCircuit.timescaleMinutes 30`).
To **enable a given protection**, send a command like this: `!draupnir enable PROTECTION_NAME` (e.g. `!draupnir enable JoinWaveShortCircuit`).
To **disable a given protection**, send a command like this: `!draupnir disable PROTECTION_NAME` (e.g. `!draupnir disable JoinWaveShortCircuit`).
## Extending the configuration
You can refer to the upstream [documentation](https://github.com/the-draupnir-project/Draupnir) for additional ways to use and configure draupnir. Check out their [quickstart guide](https://github.com/the-draupnir-project/Draupnir/blob/main/docs/moderators.md#quick-usage) for some basic commands you can give to the bot.
You can configure additional options by adding the `matrix_bot_draupnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.

6
docs/configuring-playbook-bridge-mautrix-gmessages.md
View File

@ -14,12 +14,14 @@ matrix_mautrix_gmessages_enabled: true
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-instagram.md
View File

@ -66,12 +66,14 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-instagram/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

6
docs/configuring-playbook-bridge-mautrix-meta-messenger.md
View File

@ -77,12 +77,14 @@ You may wish to look at `roles/custom/matrix-bridge-mautrix-meta-messenger/templ
If you'd like to use [Double Puppeting](https://docs.mau.fi/bridges/general/double-puppeting.html) (hint: you most likely do), you have 2 ways of going about it.
### Method 1: automatically, by enabling Appservice Double Puppet
### Method 1: automatically, by enabling Appservice Double Puppet or Shared Secret Auth
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service for this playbook.
The bridge will automatically perform Double Puppeting if you enable the [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) service or the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service for this playbook.
Enabling [Appservice Double Puppet](configuring-playbook-appservice-double-puppet.md) is the recommended way of setting up Double Puppeting, as it's easier to accomplish, works for all your users automatically, and has less of a chance of breaking in the future.
Enabling double puppeting by enabling the [Shared Secret Auth](configuring-playbook-shared-secret-auth.md) service works at the time of writing, but is deprecated and will stop working in the future.
### Method 2: manually, by asking each user to provide a working access token
**Note**: This method for enabling Double Puppeting can be configured only after you've already set up bridging (see [Usage](#usage)).

2
docs/configuring-playbook-external-postgres.md
View File

@ -10,7 +10,7 @@ If you'd like to use an external PostgreSQL server that you manage, you can edit
If you'd like to use an external Postgres server, use a custom `vars.yml` configuration like this:
```yaml
postgres_enabled: false
devture_postgres_enabled: false
# Rewire Synapse to use your external Postgres server
matrix_synapse_database_host: "your-postgres-server-hostname"

8
docs/configuring-playbook-jitsi.md
View File

@ -227,20 +227,20 @@ To make Traefik reverse-proxy to these additional JVBs (living on other hosts),
# Traefik proxying for additional JVBs. These can't be configured using Docker
# labels, like the first JVB is, because they run on different hosts, so we add
# the necessary configuration to the file provider.
traefik_provider_configuration_extension_yaml: |
devture_traefik_provider_configuration_extension_yaml: |
http:
routers:
{% for host in groups['jitsi_jvb_servers'] %}
additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-router:
entryPoints:
- "{{ traefik_entrypoint_primary }}"
- "{{ devture_traefik_entrypoint_primary }}"
rule: "Host(`{{ jitsi_hostname }}`) && PathPrefix(`/colibri-ws/{{ hostvars[host]['jitsi_jvb_server_id'] }}/`)"
service: additional-{{ hostvars[host]['jitsi_jvb_server_id'] }}-service
{% if traefik_entrypoint_primary != 'web' %}
{% if devture_traefik_entrypoint_primary != 'web' %}
tls:
certResolver: "{{ traefik_certResolver_primary }}"
certResolver: "{{ devture_traefik_certResolver_primary }}"
{% endif %}

8
docs/configuring-playbook-matrix-media-repo.md
View File

@ -123,7 +123,7 @@ To import the Synapse media store, you're supposed to invoke the `import_synapse
This guide here is adapted from the [upstream documentation about the import_synapse script](https://github.com/turt2live/matrix-media-repo#importing-media-from-synapse).
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file):
Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh
docker exec -it matrix-media-repo \
@ -132,7 +132,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \
-dbPort 5432 \
-dbUsername matrix \
-dbPassword postgres_connection_password
-dbPassword devture_postgres_connection_password
```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.
@ -145,7 +145,7 @@ If you're using the [Dendrite](configuring-playbook-dendrite.md) homeserver inst
To import the Dendrite media store, you're supposed to invoke the `import_dendrite` tool which is part of the matrix-media-repo container image. Your Dendrite database is called `dendrite_mediaapi` by default, unless you've changed it by modifying `matrix_dendrite_media_api_database`.
Run the following command on the server (after replacing `postgres_connection_password` in it with the value found in your `vars.yml` file):
Run the following command on the server (after replacing `devture_postgres_connection_password` in it with the value found in your `vars.yml` file):
```sh
docker exec -it matrix-media-repo \
@ -154,7 +154,7 @@ docker exec -it matrix-media-repo \
-dbHost matrix-postgres \
-dbPort 5432 \
-dbUsername matrix \
-dbPassword postgres_connection_password
-dbPassword devture_postgres_connection_password
```
Enter `1` for the Machine ID when prompted (you are not doing any horizontal scaling) unless you know what you're doing.

18
docs/configuring-playbook-own-webserver.md
View File

@ -21,7 +21,7 @@ To have the playbook install and use Traefik, use configuration like this (as se
```yaml
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
devture_traefik_config_certificatesResolvers_acme_email: YOUR_EMAIL_ADDRESS
```
Traefik will manage SSL certificates for all services seamlessly.
@ -38,7 +38,7 @@ matrix_playbook_reverse_proxy_type: other-traefik-container
# Adjust to point to your Traefik container
matrix_playbook_reverse_proxy_hostname: name-of-your-traefik-container
traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
devture_traefik_certs_dumper_ssl_dir_path: "/path/to/your/traefiks/acme.json/directory"
# Uncomment and tweak the variable below if the name of your federation entrypoint is different
# than the default value (matrix-federation).
@ -148,18 +148,18 @@ matrix_playbook_ssl_enabled: true
# Disable the web-secure (port 443) endpoint, which also disables SSL certificate retrieval.
# This has the side-effect of also automatically disabling TLS for the matrix-federation entrypoint
# (by toggling `matrix_federation_traefik_entrypoint_tls`).
traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_config_entrypoint_web_secure_enabled: false
# If your reverse-proxy runs on another machine, consider using `0.0.0.0:81`, just `81` or `SOME_IP_ADDRESS_OF_THIS_MACHINE:81`
traefik_container_web_host_bind_port: '127.0.0.1:81'
devture_traefik_container_web_host_bind_port: '127.0.0.1:81'
# We bind to `127.0.0.1` by default (see above), so trusting `X-Forwarded-*` headers from
# a reverse-proxy running on the local machine is safe enough.
# If you're publishing the port (`traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# If you're publishing the port (`devture_traefik_container_web_host_bind_port` above) to a public network interface:
# - remove the `devture_traefik_config_entrypoint_web_forwardedHeaders_insecure` variable definition below
# - uncomment and adjust the `devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs` line below
devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true
# devture_traefik_config_entrypoint_web_forwardedHeaders_trustedIPs: ['IP-ADDRESS-OF-YOUR-REVERSE-PROXY']
# Expose the federation entrypoint on a custom port (other than port 8448, which is normally used publicly).
#

16
docs/configuring-playbook-postgres-backup.md
View File

@ -10,7 +10,7 @@ For a more complete backup solution (one that includes not only Postgres, but al
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
```yaml
postgres_backup_enabled: true
devture_postgres_backup_enabled: true
```
Refer to the table below for additional configuration variables and their default values.
@ -18,13 +18,13 @@ Refer to the table below for additional configuration variables and their defaul
| Name | Default value | Description |
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|`postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `postgres_backup_data_path` |
|`postgres_backup_data_path` | `"{{ postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
|`devture_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|`devture_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|`devture_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|`devture_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|`devture_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|`devture_postgres_backup_base_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Base path for postgres-backup. Also see `devture_postgres_backup_data_path` |
|`devture_postgres_backup_data_path` | `"{{ devture_postgres_backup_base_path }}/data"` | Storage path for postgres-backup database backups |
## Installing

26
docs/configuring-playbook-ssl-certificates.md
View File

@ -12,7 +12,7 @@ For testing purposes, you may wish to use staging certificates provide by Let's
You can do this with the following configuration:
```yaml
traefik_config_certificatesResolvers_acme_use_staging: true
devture_traefik_config_certificatesResolvers_acme_use_staging: true
```
@ -23,7 +23,7 @@ For testing or other purposes, you may wish to install services without SSL term
You can do this with the following configuration:
```yaml
traefik_config_entrypoint_web_secure_enabled: false
devture_traefik_config_entrypoint_web_secure_enabled: false
```
@ -46,16 +46,16 @@ To use your own SSL certificates with Traefik, you need to:
```yaml
# Disable ACME / Let's Encrypt support.
traefik_config_certificatesResolvers_acme_enabled: false
devture_traefik_config_certificatesResolvers_acme_enabled: false
# Disabling ACME support (above) automatically disables the creation of the SSL directory.
# Force-enable it here, because we'll add our certificate files there.
traefik_ssl_dir_enabled: true
devture_traefik_ssl_dir_enabled: true
# Tell Traefik to load our custom configuration file (certificates.yml).
# The file is created below, in `aux_file_definitions`.
# The `/config/..` path is an in-container path, not a path on the host (like `/matrix/traefik/config`). Do not change it!
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
providers:
file:
filename: /config/certificates.yml
@ -66,7 +66,7 @@ traefik_configuration_extension_yaml: |
aux_file_definitions:
# Create the privkey.pem file on the server by
# uploading a file from the computer where Ansible is running.
- dest: "{{ traefik_ssl_dir_path }}/privkey.pem"
- dest: "{{ devture_traefik_ssl_dir_path }}/privkey.pem"
src: /path/on/your/Ansible/computer/to/privkey.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
@ -76,7 +76,7 @@ aux_file_definitions:
# Create the cert.pem file on the server
# uploading a file from the computer where Ansible is running.
- dest: "{{ traefik_ssl_dir_path }}/cert.pem"
- dest: "{{ devture_traefik_ssl_dir_path }}/cert.pem"
src: /path/on/your/Ansible/computer/to/cert.pem
# Alternatively, comment out `src` above and uncomment the lines below to provide the certificate content inline.
# Note the indentation level.
@ -86,7 +86,7 @@ aux_file_definitions:
# Create the custom Traefik configuration.
# The `/ssl/..` paths below are in-container paths, not paths on the host (/`matrix/traefik/ssl/..`). Do not change them!
- dest: "{{ traefik_config_dir_path }}/certificates.yml"
- dest: "{{ devture_traefik_config_dir_path }}/certificates.yml"
content: |
tls:
certificates:
@ -109,12 +109,12 @@ You can configure Traefik to use the [DNS-01 challenge type](https://letsencrypt
This is an example for how to edit the `vars.yml` file if you're using Cloudflare:
```yaml
traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_enabled: true
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_provider: "cloudflare"
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_delayBeforeCheck: 60
devture_traefik_config_certificatesResolvers_acme_dnsChallenge_resolvers:
- "1.1.1.1:53"
traefik_environment_variables_additional_variables: |
devture_traefik_environment_variables_additional_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted

2
docs/configuring-playbook-synapse.md
View File

@ -75,7 +75,7 @@ The only thing you **cannot** do is mix [generic workers](#generic-workers) and
#### Effect of enabling workers on the rest of your server
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `postgres_max_connections` variable.
When Synapse workers are enabled, the integrated [Postgres database is tuned](maintenance-postgres.md#tuning-postgresql), so that the maximum number of Postgres connections are increased from `200` to `500`. If you need to decrease or increase the number of maximum Postgres connections further, use the `devture_postgres_max_connections` variable.
A separate Ansible role (`matrix-synapse-reverse-proxy-companion`) and component handles load-balancing for workers. This role/component is automatically enabled when you enable workers. Make sure to use the `setup-all` tag (not `install-all`!) during the playbook's [installation](./installing.md) process, especially if you're disabling workers, so that components may be installed/uninstalled correctly.

36
docs/configuring-playbook-traefik.md
View File

@ -12,7 +12,7 @@ See the dedicated [Adjusting SSL certificate retrieval](configuring-playbook-ssl
## Increase logging verbosity
```yaml
traefik_config_log_level: DEBUG
devture_traefik_config_log_level: DEBUG
```
## Disable access logs
@ -20,7 +20,7 @@ traefik_config_log_level: DEBUG
This will disable access logging.
```yaml
traefik_config_accessLog_enabled: false
devture_traefik_config_accessLog_enabled: false
```
## Enable Traefik Dashboard
@ -28,23 +28,23 @@ traefik_config_accessLog_enabled: false
This will enable a Traefik [Dashboard](https://doc.traefik.io/traefik/operations/dashboard/) UI at `https://matrix.DOMAIN/dashboard/` (note the trailing `/`).
```yaml
traefik_dashboard_enabled: true
traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
traefik_dashboard_basicauth_enabled: true
traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
devture_traefik_dashboard_enabled: true
devture_traefik_dashboard_hostname: "{{ matrix_server_fqn_matrix }}"
devture_traefik_dashboard_basicauth_enabled: true
devture_traefik_dashboard_basicauth_user: YOUR_USERNAME_HERE
devture_traefik_dashboard_basicauth_password: YOUR_PASSWORD_HERE
```
**WARNING**: Enabling the dashboard on a hostname you use for something else (like `matrix_server_fqn_matrix` in the configuration above) may cause conflicts. Enabling the Traefik Dashboard makes Traefik capture all `/dashboard` and `/api` requests and forward them to itself. If any of the services hosted on the same hostname requires any of these 2 URL prefixes, you will experience problems. So far, we're not aware of any playbook services which occupy these endpoints and are likely to cause conflicts.
## Additional configuration
Use the `traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
Use the `devture_traefik_configuration_extension_yaml` variable provided by the Traefik Ansible role to override or inject additional settings, even when no dedicated variable exists.
```yaml
# This is a contrived example.
# You can enable and secure the Dashboard using dedicated variables. See above.
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
api:
dashboard: true
```
@ -66,8 +66,8 @@ First, we have to adjust the static configuration of Traefik, so that we can add
```yaml
# We enable all config files in the /config/ folder to be loaded.
# `/config` is the path as it appears in the Traefik container.
# On the host, it's actually `/matrix/traefik/config` (as defined in `traefik_config_dir_path`).
traefik_configuration_extension_yaml: |
# On the host, it's actually `/matrix/traefik/config` (as defined in `devture_traefik_config_dir_path`).
devture_traefik_configuration_extension_yaml: |
providers:
file:
directory: /config/
@ -79,7 +79,7 @@ If you are using a self-signed certificate on your webserver, you can tell Traef
```yaml
# We enable all config files in the /config/ folder to be loaded and
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
providers:
file:
directory: /config/
@ -90,11 +90,11 @@ traefik_configuration_extension_yaml: |
```
Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates.
Next, you have to add a new dynamic configuration file for Traefik that contains the actual information of the server using the `aux_file_definitions` variable. In this example, we will terminate SSL at the Traefik instance and connect to the other server via HTTPS. Traefik will now take care of managing the certificates.
```yaml
aux_file_definitions:
- dest: "{{ traefik_config_dir_path }}/provider_my_fancy_website.yml"
- dest: "{{ devture_traefik_config_dir_path }}/provider_my_fancy_website.yml"
content: |
http:
routers:
@ -117,7 +117,7 @@ If you do not want to terminate SSL at the Traefik instance (for example, becaus
```yaml
aux_file_definitions:
- dest: "{{ traefik_config_dir_path }}/providers_my_fancy_website.yml"
- dest: "{{ devture_traefik_config_dir_path }}/providers_my_fancy_website.yml"
content: |
tcp:
routers:
@ -134,9 +134,9 @@ aux_file_definitions:
```
Changing the `url` to one with an `http://` prefix would allow to connect to the server via HTTP.
With these changes, all TCP traffic will be reverse-proxied to the target system.
With these changes, all TCP traffic will be reverse-proxied to the target system.
**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```.
**WARNING**: This configuration might lead to problems or need additional steps when a [certbot](https://certbot.eff.org/) behind Traefik also tries to manage [Let's Encrypt](https://letsencrypt.org/) certificates, as Traefik captures all traffic to ```PathPrefix(`/.well-known/acme-challenge/`)```.
## Traefik behind a `proxy_protocol` reverse-proxy
@ -144,7 +144,7 @@ With these changes, all TCP traffic will be reverse-proxied to the target system
If you run a reverse-proxy which speaks `proxy_protocol`, add the following to your configuration file:
```yaml
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
entryPoints:
web-secure:
proxyProtocol:

34
docs/howto-srv-server-delegation.md
View File

@ -58,29 +58,29 @@ We cannot just disable the default resolver as that would disable SSL in quite a
```yaml
# 1. Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
certificatesResolvers:
dns:
acme:
# To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }}
email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
# 2. Configure the environment variables needed by Rraefik to automate the ACME DNS Challenge (example for Cloudflare)
traefik_environment_variables: |
devture_traefik_environment_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted
LEGO_DISABLE_CNAME_SUPPORT=true
# 3. Instruct the playbook to use the new ACME configuration
traefik_certResolver_primary: dns
devture_traefik_certResolver_primary: dns
```
## Adjust Coturn's configuration
@ -105,16 +105,16 @@ matrix_coturn_container_additional_volumes: |
(
[
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
```
@ -124,7 +124,7 @@ matrix_coturn_container_additional_volumes: |
```yaml
# Choosing the reverse proxy implementation
matrix_playbook_reverse_proxy_type: playbook-managed-traefik
traefik_config_certificatesResolvers_acme_email: redacted@example.com
devture_traefik_config_certificatesResolvers_acme_email: redacted@example.com
# To serve the federation from any domain, as long as the path matches
matrix_synapse_container_labels_public_federation_api_traefik_rule: PathPrefix(`/_matrix/federation`)
@ -135,25 +135,25 @@ matrix_synapse_container_labels_additional_labels: |
traefik.http.routers.matrix-synapse-federation-api.tls.domains.sans="*.example.com"
# Add a new ACME configuration without having to disable the default one, since it would have a wide range of side effects
traefik_configuration_extension_yaml: |
devture_traefik_configuration_extension_yaml: |
certificatesResolvers:
dns:
acme:
# To use a staging endpoint for testing purposes, uncomment the line below.
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ traefik_config_certificatesResolvers_acme_email | to_json }}
email: {{ devture_traefik_config_certificatesResolvers_acme_email | to_json }}
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
storage: {{ traefik_config_certificatesResolvers_acme_storage | to_json }}
storage: {{ devture_traefik_config_certificatesResolvers_acme_storage | to_json }}
# Instruct thep laybook to use the new ACME configuration
traefik_certResolver_primary: "dns"
devture_traefik_certResolver_primary: "dns"
# Configure the environment variables needed by Traefik to automate the ACME DNS Challenge (example for Cloudflare)
traefik_environment_variables: |
devture_traefik_environment_variables: |
CF_API_EMAIL=redacted
CF_ZONE_API_TOKEN=redacted
CF_DNS_API_TOKEN=redacted
@ -168,16 +168,16 @@ matrix_coturn_container_additional_volumes: |
(
[
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/certificate.crt'),
'dst': '/certificate.crt',
'options': 'ro',
},
{
'src': (traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'src': (devture_traefik_certs_dumper_dumped_certificates_dir_path + '/*.' + matrix_domain + '/privatekey.key'),
'dst': '/privatekey.key',
'options': 'ro',
},
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
] if matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] and devture_traefik_certs_dumper_enabled and matrix_coturn_tls_enabled else []
)
}}
```

8
docs/maintenance-postgres.md
View File

@ -107,12 +107,12 @@ Example: `--extra-vars="postgres_dump_name=matrix-postgres-dump.sql"`
PostgreSQL can be [tuned](https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) to make it run faster. This is done by passing extra arguments to the Postgres process.
The [Postgres Ansible role](https://github.com/devture/com.devture.ansible.role.postgres) **already does some tuning by default**, which matches the [tuning logic](https://github.com/le0pard/pgtune/blob/master/src/features/configuration/configurationSlice.js) done by websites like https://pgtune.leopard.in.ua/.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `postgres_postgres_process_extra_arguments_auto` variable.
You can manually influence some of the tuning variables . These parameters (variables) are injected via the `devture_postgres_postgres_process_extra_arguments_auto` variable.
Most users should be fine with the automatically-done tuning. However, you may wish to:
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `postgres_max_connections`, `postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `postgres_postgres_process_extra_arguments_auto` variable
- **adjust the automatically-determined tuning parameters manually**: change the values for the tuning variables defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) (see `devture_postgres_max_connections`, `devture_postgres_data_storage` etc). These variables are ultimately passed to Postgres via a `devture_postgres_postgres_process_extra_arguments_auto` variable
- **turn automatically-performed tuning off**: override it like this: `postgres_postgres_process_extra_arguments_auto: []`
- **turn automatically-performed tuning off**: override it like this: `devture_postgres_postgres_process_extra_arguments_auto: []`
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `postgres_postgres_process_extra_arguments_custom`. See `postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration
- **add additional tuning parameters**: define your additional Postgres configuration parameters in `devture_postgres_postgres_process_extra_arguments_custom`. See `devture_postgres_postgres_process_extra_arguments_auto` defined in the Postgres role's [default configuration file](https://github.com/devture/com.devture.ansible.role.postgres/blob/main/defaults/main.yml) for inspiration

2
docs/maintenance-upgrading-services.md
View File

@ -9,7 +9,7 @@ To upgrade services:
- update your playbook directory and all upstream Ansible roles (defined in the `requirements.yml` file) using:
- either: `just update`
- or: a combination of `git pull` and `just roles` (or `make roles`)
- or: a combination of `git pull` and `just role` (or `make roles`)
- take a look at [the changelog](../CHANGELOG.md) to see if there have been any backward-incompatible changes that you need to take care of

4
examples/vars.yml
View File

@ -34,13 +34,13 @@ matrix_playbook_reverse_proxy_type: playbook-managed-traefik
# you won't be required to define this variable (see `docs/configuring-playbook-ssl-certificates.md`).
#
# Example value: someone@example.com
traefik_config_certificatesResolvers_acme_email: ''
devture_traefik_config_certificatesResolvers_acme_email: ''
# A Postgres password to use for the superuser Postgres user (called `matrix` by default).
#
# The playbook creates additional Postgres users and databases (one for each enabled service)
# using this superuser account.
postgres_connection_password: ''
devture_postgres_connection_password: ''
# By default, we configure Coturn's external IP address using the value specified for `ansible_host` in your `inventory/hosts` file.
# If this value is an external IP address, you can skip this section.

1025
group_vars/matrix_servers
View File

File diff suppressed because it is too large Load Diff

38
requirements.yml
View File

@ -16,22 +16,22 @@
version: 129c8590e106b83e6f4c259649a613c6279e937a
name: docker_sdk_for_python
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-etherpad.git
version: v2.2.5-0
version: v2.2.2-0
name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98-r0-1-1
version: v4.98-r0-1-0
name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.1.7-0
version: v11.1.4-0
name: grafana
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-jitsi.git
version: v9753-0
version: v9646-0
name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-keydb.git
version: v6.3.4-3
version: v6.3.4-2
name: keydb
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.10.0-2
version: v2.10.0-1
name: ntfy
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_help.git
version: 201c939eed363de269a83ba29784fc3244846048
@ -42,26 +42,26 @@
- src: git+https://github.com/devture/com.devture.ansible.role.playbook_state_preserver.git
version: ff2fd42e1c1a9e28e3312bbd725395f9c2fc7f16
name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v17.0-1
- src: git+https://github.com/devture/com.devture.ansible.role.postgres.git
version: v16.3-2
name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v16-0
- src: git+https://github.com/devture/com.devture.ansible.role.postgres_backup.git
version: 8c3585fb4857dbac026b2974bb6525289240effb
name: postgres_backup
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus.git
version: v2.54.1-1
version: v2.54.1-0
name: prometheus
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-node-exporter.git
version: v1.8.2-1
version: v1.8.2-0
name: prometheus_node_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-prometheus-postgres-exporter.git
version: v0.14.0-6
version: v0.14.0-5
name: prometheus_postgres_exporter
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-redis.git
version: v7.2.5-1
version: v7.2.5-0
name: redis
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_docker_base.git
version: v1.3.0-0
version: v1.2.0-0
name: systemd_docker_base
- src: git+https://github.com/devture/com.devture.ansible.role.systemd_service_manager.git
version: v1.0.0-4
@ -69,9 +69,9 @@
- src: git+https://github.com/devture/com.devture.ansible.role.timesync.git
version: v1.0.0-0
name: timesync
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik.git
version: v3.1.3-2
- src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
version: v3.1.2-1
name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.8.3-5
- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
version: v2.8.3-4
name: traefik_certs_dumper

2
roles/custom/matrix-alertmanager-receiver/defaults/main.yml
View File

@ -6,7 +6,7 @@
matrix_alertmanager_receiver_enabled: true
# renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
matrix_alertmanager_receiver_version: 2024.10.2
matrix_alertmanager_receiver_version: 2024.8.28
matrix_alertmanager_receiver_scheme: https

3
roles/custom/matrix-alertmanager-receiver/tasks/install.yml
View File

@ -63,7 +63,7 @@
cmd: |-
{{ devture_systemd_docker_base_host_command_docker }} buildx build
--tag={{ matrix_alertmanager_receiver_container_image }}
--file={{ matrix_alertmanager_receiver_container_src_path }}/Dockerfile
--file={{ matrix_alertmanager_receiver_container_src_path }}/contrib/Dockerfile
{{ matrix_alertmanager_receiver_container_src_path }}
changed_when: true
@ -72,7 +72,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_alertmanager_receiver_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-alertmanager-receiver.service installed
ansible.builtin.template:

1
roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml
View File

@ -80,7 +80,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_draupnir_for_all_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-draupnir-for-all.service installed
ansible.builtin.template:

10
roles/custom/matrix-base/defaults/main.yml
View File

@ -216,15 +216,15 @@ matrix_metrics_exposure_http_basic_auth_users: ''
#
# - `playbook-managed-traefik`
# - the playbook will run a managed Traefik instance (matrix-traefik)
# - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
# - Traefik will do SSL termination, unless you disable it (e.g. `devture_traefik_config_entrypoint_web_secure_enabled: false`)
# - if SSL termination is enabled (as it is by default), you need to populate: `devture_traefik_config_certificatesResolvers_acme_email`
#
# - `other-traefik-container`
# - this playbook will not install Traefik
# - nevertheless, the playbook expects that you would install Traefik yourself via other means
# - you should make sure your Traefik configuration is compatible with what the playbook would have configured (web, web-secure, matrix-federation entrypoints, etc.)
# - you need to set `matrix_playbook_reverse_proxyable_services_additional_network` to the name of your Traefik network
# - Traefik certs dumper will be enabled by default (`traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`traefik_certs_dumper_ssl_dir_path`)
# - Traefik certs dumper will be enabled by default (`devture_traefik_certs_dumper_enabled`). You need to point it to your Traefik's SSL certificates (`devture_traefik_certs_dumper_ssl_dir_path`)
#
# - `none`
# - no reverse-proxy will be installed
@ -244,7 +244,7 @@ matrix_playbook_reverse_proxyable_services_additional_network: "{{ matrix_playbo
# Controls if various services think if SSL is enabled or not.
# Disabling this does not actually disable Treafik's web-secure entrypoint and TLS termination settings.
# For that, you'd need to use another variable (`traefik_config_entrypoint_web_secure_enabled`).
# For that, you'd need to use another variable (`devture_traefik_config_entrypoint_web_secure_enabled`).
# This variable merely serves as an indicator if SSL is used or not.
matrix_playbook_ssl_enabled: true
@ -302,7 +302,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_definition:
#
# Routers enabled on this entrypoint should use Traefik rules which do NOT do Host-matching (Host/HostRegexp),
# because addon services (e.g. bridges, bots) cannot properly pass a `Host` HTTP header when making
# requests to the endpoint's address (e.g. `http://matrix-traefik:8008/`).
# requests to the endpoint's address (e.g. `http://devture-traefik:8008/`).
# This entrypoint only aims to handle a single "virtual host" - one dealing with the homeserver's Client-Server API.
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_enabled: "{{ matrix_playbook_reverse_proxy_type in ['playbook-managed-traefik', 'other-traefik-container'] }}"
matrix_playbook_internal_matrix_client_api_traefik_entrypoint_name: matrix-internal-matrix-client-api

17
roles/custom/matrix-bot-baibot/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
# renovate: datasource=docker depName=ghcr.io/etkecc/baibot
matrix_bot_baibot_version: v1.2.0
matrix_bot_baibot_version: latest
matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}"
matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}"
@ -155,7 +155,6 @@ matrix_bot_baibot_config_agents_static_definitions_auto: |-
}}
matrix_bot_baibot_config_agents_static_definitions_custom: []
matrix_bot_baibot_config_agents_static_definitions_prompt: "{% raw %}You are a brief, but helpful bot called {{ baibot_name }} powered by the {{ baibot_model_id }} model. The date/time now is: {{ baibot_now_utc }}.{% endraw %}"
########################################################################################
# #
@ -196,7 +195,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generat
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_temperature: 1.0
@ -249,7 +248,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_e
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_model_id: ""
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_groq_config_text_generation_temperature: 1.0
@ -268,7 +267,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_config_speech_to_text_mo
########################################################################################
# #
# Mistral agent configuration #
# Mistral agent configuration #
# #
########################################################################################
@ -305,7 +304,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_model_id: mistral-large-latest
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generation_temperature: 1.0
@ -314,7 +313,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_config_text_generatio
########################################################################################
# #
# /Mistral agent configuration #
# /Mistral agent configuration #
# #
########################################################################################
@ -356,10 +355,10 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_api_key: ""
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_enabled: true
# For valid model choices, see: https://platform.openai.com/docs/models
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o-2024-08-06
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id: gpt-4o
# The prompt text to use (can be null or empty to not use a prompt).
# See: https://huggingface.co/docs/transformers/en/tasks/prompting
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt: null
# The temperature parameter controls the randomness of the generated text.
# See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0

3
roles/custom/matrix-bot-buscarron/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_buscarron_sqlite_database_path_local }}"
dst: "{{ matrix_bot_buscarron_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -97,7 +97,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_buscarron_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-buscarron.service restarted, if necessary
ansible.builtin.service:

1
roles/custom/matrix-bot-chatgpt/tasks/install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_chatgpt_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-chatgpt.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-draupnir/tasks/setup_install.yml
View File

@ -75,7 +75,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_draupnir_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-draupnir.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-go-neb/tasks/install.yml
View File

@ -48,7 +48,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_go_neb_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-go-neb.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-honoroit/tasks/setup_install.yml
View File

@ -15,7 +15,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_honoroit_sqlite_database_path_local }}"
dst: "{{ matrix_bot_honoroit_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -91,7 +91,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_honoroit_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-honoroit.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-matrix-registration-bot/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_registration_bot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-registration-bot.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_matrix_reminder_bot_sqlite_database_path_local }}"
dst: "{{ matrix_bot_matrix_reminder_bot_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -89,7 +89,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_matrix_reminder_bot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-matrix-reminder-bot.service installed
ansible.builtin.template:

1
roles/custom/matrix-bot-maubot/tasks/setup_install.yml
View File

@ -75,7 +75,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_maubot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-maubot.service installed
ansible.builtin.template:

2
roles/custom/matrix-bot-mjolnir/defaults/main.yml
View File

@ -5,7 +5,7 @@
matrix_bot_mjolnir_enabled: true
# renovate: datasource=docker depName=matrixdotorg/mjolnir
matrix_bot_mjolnir_version: "v1.8.0"
matrix_bot_mjolnir_version: "v1.7.0"
matrix_bot_mjolnir_container_image_self_build: false
matrix_bot_mjolnir_container_image_self_build_repo: "https://github.com/matrix-org/mjolnir.git"

1
roles/custom/matrix-bot-mjolnir/tasks/setup_install.yml
View File

@ -64,7 +64,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_mjolnir_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-mjolnir.service installed
ansible.builtin.template:

3
roles/custom/matrix-bot-postmoogle/tasks/setup_install.yml
View File

@ -12,7 +12,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_bot_postmoogle_sqlite_database_path_local }}"
dst: "{{ matrix_bot_postmoogle_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -84,7 +84,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_bot_postmoogle_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-bot-postmoogle.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-appservice-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_appservice_discord_sqlite_database_path_local }}"
dst: "{{ matrix_appservice_discord_database_connString }}"
caller: "{{ role_path | basename }}"
@ -109,7 +109,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-discord.service installed
ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-irc/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled
ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool"
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not devture_postgres_enabled | bool"
# Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started
ansible.builtin.service:
name: "{{ postgres_identifier }}"
name: "{{ devture_postgres_identifier }}"
state: started
daemon_reload: true
register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-irc/tasks/setup_install.yml
View File

@ -193,7 +193,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_irc_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-irc.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-kakaotalk/tasks/setup_install.yml
View File

@ -102,7 +102,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_kakaotalk_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-kakaotalk-node.service installed
ansible.builtin.template:

6
roles/custom/matrix-bridge-appservice-slack/tasks/migrate_nedb_to_postgres.yml
View File

@ -2,8 +2,8 @@
- name: Fail if Postgres not enabled
ansible.builtin.fail:
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`postgres_enabled`). Cannot migrate."
when: "not postgres_enabled | bool"
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot migrate."
when: "not devture_postgres_enabled | bool"
# Defaults
@ -16,7 +16,7 @@
- name: Ensure Postgres is started
ansible.builtin.service:
name: "{{ postgres_identifier }}"
name: "{{ devture_postgres_identifier }}"
state: started
daemon_reload: true
register: postgres_service_start_result

1
roles/custom/matrix-bridge-appservice-slack/tasks/setup_install.yml
View File

@ -87,7 +87,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-slack support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
View File

@ -86,7 +86,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_appservice_webhooks_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-appservice-webhooks support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
View File

@ -88,7 +88,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_beeper_linkedin_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-beeper-linkedin.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-go-skype-bridge/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_go_skype_bridge_sqlite_database_path_local }}"
dst: "{{ matrix_go_skype_bridge_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -131,7 +131,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_go_skype_bridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-go-skype-bridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-heisenbridge/tasks/setup_install.yml
View File

@ -44,7 +44,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_heisenbridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-heisenbridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/defaults/main.yml
View File

@ -153,7 +153,6 @@ matrix_hookshot_jira_oauth_redirect_uri: "{{ matrix_hookshot_urlprefix }}{{ matr
# No need to change these
matrix_hookshot_generic_enabled: true
matrix_hookshot_generic_outbound: true
matrix_hookshot_generic_enableHttpGet: false # noqa var-naming
# Default value of matrix_hookshot_generic_endpoint: "/hookshot/webhooks"
matrix_hookshot_generic_endpoint: "{{ matrix_hookshot_webhook_endpoint }}/webhook"

1
roles/custom/matrix-bridge-hookshot/tasks/setup_install.yml
View File

@ -112,7 +112,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_hookshot_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-hookshot support files installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-hookshot/templates/config.yml.j2
View File

@ -74,7 +74,6 @@ generic:
# (Optional) Support for generic webhook events. `allowJsTransformationFunctions` will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
#
enabled: {{ matrix_hookshot_generic_enabled | to_json }}
outbound: {{ matrix_hookshot_generic_outbound | to_json }}
enableHttpGet: {{ matrix_hookshot_generic_enableHttpGet | to_json }}
urlPrefix: {{ matrix_hookshot_generic_urlPrefix | to_json }}
userIdPrefix: {{ matrix_hookshot_generic_userIdPrefix | to_json }}

3
roles/custom/matrix-bridge-mautrix-discord/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_discord_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -98,7 +98,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-discord.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_facebook_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_facebook_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_facebook_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-facebook.service installed
ansible.builtin.template:

23
roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
matrix_mautrix_gmessages_version: v0.5.0
matrix_mautrix_gmessages_version: v0.4.3
# See: https://mau.dev/mautrix/gmessages/container_registry
matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
@ -25,12 +25,6 @@ matrix_mautrix_gmessages_homeserver_address: ""
matrix_mautrix_gmessages_homeserver_domain: "{{ matrix_domain }}"
matrix_mautrix_gmessages_appservice_address: "http://matrix-mautrix-gmessages:8080"
matrix_mautrix_gmessages_backfill_enabled: true
matrix_mautrix_gmessages_backfill_max_initial_messages: 50
matrix_mautrix_gmessages_backfill_max_catchup_messages: 500
matrix_mautrix_gmessages_backfill_unread_hours_threshold: 720
matrix_mautrix_gmessages_backfill_threads_max_initial_messages: 50
matrix_mautrix_gmessages_command_prefix: "!gm"
matrix_mautrix_gmessages_container_network: ""
@ -138,23 +132,18 @@ matrix_mautrix_gmessages_appservice_database_uri: "{{
}[matrix_mautrix_gmessages_database_engine]
}}"
matrix_mautrix_gmessages_double_puppet_secrets: "{{ matrix_mautrix_gmessages_double_puppet_secrets_auto | combine(matrix_mautrix_gmessages_double_puppet_secrets_custom) }}"
matrix_mautrix_gmessages_double_puppet_secrets_auto: {}
matrix_mautrix_gmessages_double_puppet_secrets_custom: {}
# Can be set to enable automatic double-puppeting via Shared Secret Auth (https://github.com/devture/matrix-synapse-shared-secret-auth) or Appservice Double Puppet.
matrix_mautrix_gmessages_login_shared_secret: ''
matrix_mautrix_gmessages_bridge_login_shared_secret_map:
"{{ {matrix_mautrix_gmessages_homeserver_domain: matrix_mautrix_gmessages_login_shared_secret} if matrix_mautrix_gmessages_login_shared_secret else {} }}"
# Enable End-to-bridge encryption
matrix_mautrix_gmessages_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_gmessages_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_gmessages_bridge_encryption_require: false
matrix_mautrix_gmessages_bridge_encryption_appservice: false
matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_gmessages_bridge_encryption_allow }}"
matrix_mautrix_gmessages_network_displayname_template: "{% raw %}{{or .FullName .PhoneNumber}}{% endraw %}"
matrix_mautrix_gmessages_appservice_username_template: "{% raw %}gmessages_{{.}}{% endraw %}"
matrix_mautrix_gmessages_public_media_signing_key: ''
matrix_mautrix_gmessages_bridge_personal_filtering_spaces: true
matrix_mautrix_gmessages_bridge_mute_bridging: true
matrix_mautrix_gmessages_bridge_permissions: |
{{

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_gmessages_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_gmessages_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -147,7 +147,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_gmessages_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-gmessages.service restarted, if necessary
ansible.builtin.service:

3
roles/custom/matrix-bridge-mautrix-gmessages/tasks/validate_config.yml
View File

@ -22,6 +22,3 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_gmessages_log_level', 'new': 'matrix_mautrix_gmessages_logging_level'}
- {'old': 'matrix_mautrix_gmessages_bridge_mute_bridging', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_gmessages_bridge_login_shared_secret_map', 'new': 'matrix_mautrix_gmessages_double_puppet_secrets_custom'}

588
roles/custom/matrix-bridge-mautrix-gmessages/templates/config.yaml.j2
View File

@ -1,172 +1,20 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Displayname template for SMS users.
# {% raw %}{{.FullName}}{% endraw %} - Full name provided by the phone
# {% raw %}{{.FirstName}}{% endraw %} - First name provided by the phone
# {% raw %}{{.PhoneNumber}}{% endraw %} - Formatted phone number provided by the phone
displayname_template: {{ matrix_mautrix_gmessages_network_displayname_template | to_json }}
# Settings for how the bridge appears to the phone.
device_meta:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Device type to tell the phone. This also affects the icon, as well as how many sessions are allowed simultaneously.
# One web, two tablets and one PWA should be able to connect at the same time.
# Valid types: WEB, TABLET, PWA
type: TABLET
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `set-active` command to reactivate the bridge.
aggressive_reconnect: false
# Number of chats to sync when connecting to Google Messages.
initial_chat_sync_count: 25
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: '!gm'
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: false
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: true
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: []
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_gmessages_homeserver_address | to_json }}
address: {{ matrix_mautrix_gmessages_homeserver_address }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_gmessages_homeserver_domain | to_json }}
domain: {{ matrix_mautrix_gmessages_homeserver_domain }}
# What software is the homeserver running?
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's google messages connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
status_endpoint: null
# Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -178,19 +26,33 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise)
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_gmessages_appservice_address }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 8080
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: postgres
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_gmessages_appservice_database_uri|to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: gmessages
# Appservice bot details.
@ -202,223 +64,229 @@ appservice:
displayname: Google Messages bridge bot
avatar: mxc://maunium.net/yGOdcrJcwqARZqdzbfuxfhzb
# Whether to receive ephemeral events via appservice transactions.
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_gmessages_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_gmessages_homeserver_token | to_json }}
as_token: "{{ matrix_mautrix_gmessages_appservice_token }}"
hs_token: "{{ matrix_mautrix_gmessages_homeserver_token }}"
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_gmessages_appservice_username_template | to_json }}
# Segment API key to track some events, like provisioning API login and encryption errors.
segment_key: null
# Optional user_id to use when sending Segment events. If null, defaults to using mxID.
segment_user_id: null
# Config options that affect the Matrix connector of the bridge.
matrix:
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_gmessages_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: 0.0.0.0:8001
google_messages:
# OS name to tell the phone. This is the name that shows up in the paired devices list.
os: mautrix-gmessages
# Browser type to tell the phone. This decides which icon is shown.
# Valid types: OTHER, CHROME, FIREFOX, SAFARI, OPERA, IE, EDGE
browser: OTHER
# Should the bridge aggressively set itself as the active device if the user opens Google Messages in a browser?
# If this is disabled, the user must manually use the `reconnect` command to reactivate the bridge.
aggressive_reconnect: false
# Bridge config
bridge:
# Localpart template of MXIDs for SMS users.
# {{ '{{.}}' }} is replaced with an identifier of the recipient.
username_template: "{{ 'gmessages_{{.}}' }}"
# Displayname template for SMS users.
# {{ '{{.FullName}}' }} - Full name provided by the phone
# {{ '{{.FirstName}}' }} - First name provided by the phone
# {{ '{{.PhoneNumber}}' }} - Formatted phone number provided by the phone
displayname_template: "{{ '{{or .FullName .PhoneNumber}}' }}"
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
personal_filtering_spaces: {{ matrix_mautrix_gmessages_bridge_personal_filtering_spaces | to_json }}
# Should the bridge send a read receipt from the bridge bot when a message has been sent to the phone?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
portal_message_buffer: 128
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic (except with mautrix-asmux)
# and is therefore prone to race conditions.
sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Number of chats to sync when connecting to Google Messages.
initial_chat_sync_count: 25
# Backfill settings
backfill:
# Number of messages to backfill in new chats.
initial_limit: 50
# Number of messages to backfill on startup if the last message ID in the chat sync doesn't match the last bridged message.
missed_limit: 100
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_gmessages_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_gmessages_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_max_initial_messages | to_json }}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_gmessages_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_gmessages_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_gmessages_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_gmessages_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_gmessages_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_gmessages_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# Servers to always allow double puppeting from
double_puppet_server_map:
"{{ matrix_mautrix_gmessages_homeserver_domain }}": {{ matrix_mautrix_gmessages_homeserver_address }}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_gmessages_bridge_login_shared_secret_map|to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# When using double puppeting, should muted chats be muted in Matrix?
mute_bridging: {{ matrix_mautrix_gmessages_bridge_mute_bridging | to_json }}
# When using double puppeting, should archived chats be moved to a specific tag in Matrix?
# This can be set to a tag (e.g. m.lowpriority), or null to disable.
archive_tag: null
# Same as above, but for pinned chats. The favorite tag is called m.favourite
pinned_tag: null
# Should mute status and tags only be bridged when the portal room is created?
tag_only_on_create: true
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_gmessages_federate_rooms|to_json }}
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
# This is currently not supported in most clients.
caption_in_message: false
# The prefix for commands. Only required in non-management rooms.
command_prefix: "!gm"
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: "Hello, I'm a Google Messages bridge bot."
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_gmessages_bridge_encryption_allow|to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_gmessages_bridge_encryption_default|to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: false
# Require encryption, drop any unencrypted messages.
require: false
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_gmessages_bridge_encryption_key_sharing_allow|to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from SMS to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: generate
# Permissions for using the bridge.
# Permitted values:
# user - Access to use the bridge to link their own Google Messages on android.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_gmessages_bridge_permissions|to_json }}
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_gmessages_logging_level }}
writers:
- type: stdout
format: pretty
format: pretty-colored

3
roles/custom/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_googlechat_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_googlechat_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_googlechat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-googlechat.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_hangouts_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_hangouts_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_hangouts_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-hangouts.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
View File

@ -80,7 +80,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-instagram.service installed
ansible.builtin.template:

38
roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_instagram_version: v0.4.0
matrix_mautrix_meta_instagram_version: v0.3.2
matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
@ -194,15 +194,10 @@ matrix_mautrix_meta_instagram_bridge_displayname_suffix: |-
matrix_mautrix_meta_instagram_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_instagram_bridge_displayname_suffix) if matrix_mautrix_meta_instagram_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms.
matrix_mautrix_meta_instagram_bridge_command_prefix: |-
{{
({
'facebook': '!fb',
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_instagram_meta_mode]
}}
# If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_instagram_meta_mode`):
# - "!ig" for instagram
# - "!fb" for facebook
matrix_mautrix_meta_instagram_bridge_command_prefix: default
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
@ -219,9 +214,9 @@ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_instagram_bridge_encryption_appservice: false
matrix_mautrix_meta_instagram_bridge_encryption_require: false
matrix_mautrix_meta_instagram_double_puppet_secrets: "{{ matrix_mautrix_meta_instagram_double_puppet_secrets_auto | combine(matrix_mautrix_meta_instagram_double_puppet_secrets_custom) }}"
matrix_mautrix_meta_instagram_double_puppet_secrets_auto: {}
matrix_mautrix_meta_instagram_double_puppet_secrets_custom: {}
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_instagram_bridge_permissions: "{{ matrix_mautrix_meta_instagram_bridge_permissions_default | combine(matrix_mautrix_meta_instagram_bridge_permissions_custom) }}"
@ -236,15 +231,16 @@ matrix_mautrix_meta_instagram_bridge_permissions_custom: {}
# Enable bridge relay bot functionality
matrix_mautrix_meta_instagram_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_instagram_bridge_relay_admin_only: true
matrix_mautrix_meta_instagram_bridge_relay_default_relays: []
matrix_mautrix_meta_instagram_backfill_enabled: true
matrix_mautrix_meta_instagram_backfill_max_initial_messages: 50
matrix_mautrix_meta_instagram_backfill_max_catchup_messages: 500
matrix_mautrix_meta_instagram_backfill_unread_hours_threshold: 720
matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages: 50
matrix_mautrix_meta_instagram_public_media_signing_key: ''
matrix_mautrix_meta_instagram_bridge_management_room_text_welcome: |-
{{
({
'facebook': "Hello, I'm a Facebook bridge bot.",
'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_instagram_meta_mode]
}}
# Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -107,7 +107,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-instagram.service installed
ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-instagram/tasks/validate_config.yml
View File

@ -23,5 +23,3 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_instagram_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_instagram_bridge_management_room_text_welcome', 'new': '<removed>'}

632
roles/custom/matrix-bridge-mautrix-meta-instagram/templates/config.yaml.j2
View File

@ -1,168 +1,7 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_instagram_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_instagram_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_instagram_homeserver_domain | to_json }}
@ -171,15 +10,11 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
status_endpoint: null
# Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -191,19 +26,33 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise)
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_instagram_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_instagram_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_instagram_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: {{ matrix_mautrix_meta_instagram_appservice_id | to_json }}
# Appservice bot details.
@ -213,225 +62,268 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_instagram_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_instagram_appservice_avatar | to_json }}
# Whether to receive ephemeral events via appservice transactions.
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_instagram_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_instagram_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_meta_instagram_bridge_username_template | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_instagram_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
# Config options that affect the Matrix connector of the bridge.
matrix:
meta:
# Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_instagram_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_instagram_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
username_template: {{ matrix_mautrix_meta_instagram_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_instagram_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_instagram_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_meta_instagram_bridge_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_instagram_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_instagram_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_instagram_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_instagram_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_instagram_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_instagram_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# Should mute status be bridged? Allowed options: always, on-create, never
mute_bridging: on-create
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_meta_instagram_bridge_login_shared_secret_map | to_json }}
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
command_prefix: {{ matrix_mautrix_meta_instagram_bridge_command_prefix | to_json }}
backfill:
# If disabled, old messages will never be bridged.
enabled: true
# By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# the bridge will request more threads on first login, until it reaches the specified number of pages
# or the end of the inbox.
inbox_fetch_pages: 0
# By default, Meta only sends one old message per thread. If this is set to a something else than 0,
# the bridge will delay handling the one automatically received message and request more messages to backfill.
# One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# but that will block bridging messages until the entire backfill is completed.
history_fetch_pages: 0
# Same as above, but for catchup backfills (i.e. when the bridge is restarted).
catchup_fetch_pages: 5
# Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
# If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
unread_hours_threshold: 0
# Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# don't support inserting messages into room history.
queue:
# How many pages of messages to request in one go (without sleeping between requests)?
pages_at_once: 5
# Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_instagram_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_instagram_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_instagram_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_instagram_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_instagram_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_instagram_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_instagram_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_instagram_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_meta_instagram_logging_min_level | to_json }}
writers:
- type: stdout
format: pretty
- type: stdout
format: pretty

38
roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
# renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
matrix_mautrix_meta_messenger_version: v0.4.0
matrix_mautrix_meta_messenger_version: v0.3.2
matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
@ -194,15 +194,10 @@ matrix_mautrix_meta_messenger_bridge_displayname_suffix: |-
matrix_mautrix_meta_messenger_bridge_displayname_template: '{% raw %}{{or .DisplayName .Username "Unknown user"}}{% endraw %}{{ (" " ~ matrix_mautrix_meta_messenger_bridge_displayname_suffix) if matrix_mautrix_meta_messenger_bridge_displayname_suffix else "" }}'
# The prefix for commands. Only required in non-management rooms.
matrix_mautrix_meta_messenger_bridge_command_prefix: |-
{{
({
'facebook': '!fb',
'facebook-tor': '!fb',
'messenger': '!fb',
'instagram': '!ig',
})[matrix_mautrix_meta_messenger_meta_mode]
}}
# If set to "default", will be determined based on meta -> mode (`matrix_mautrix_meta_messenger_meta_mode`):
# - "!ig" for instagram
# - "!fb" for facebook
matrix_mautrix_meta_messenger_bridge_command_prefix: default
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
@ -219,9 +214,9 @@ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing: "{{ matrix_ma
matrix_mautrix_meta_messenger_bridge_encryption_appservice: false
matrix_mautrix_meta_messenger_bridge_encryption_require: false
matrix_mautrix_meta_messenger_double_puppet_secrets: "{{ matrix_mautrix_meta_messenger_double_puppet_secrets_auto | combine(matrix_mautrix_meta_messenger_double_puppet_secrets_custom) }}"
matrix_mautrix_meta_messenger_double_puppet_secrets_auto: {}
matrix_mautrix_meta_messenger_double_puppet_secrets_custom: {}
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map: "{{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto | combine(matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom) }}"
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_auto: {}
matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom: {}
matrix_mautrix_meta_messenger_bridge_permissions: "{{ matrix_mautrix_meta_messenger_bridge_permissions_default | combine(matrix_mautrix_meta_messenger_bridge_permissions_custom) }}"
@ -236,15 +231,16 @@ matrix_mautrix_meta_messenger_bridge_permissions_custom: {}
# Enable bridge relay bot functionality
matrix_mautrix_meta_messenger_bridge_relay_enabled: "{{ matrix_bridges_relay_enabled }}"
matrix_mautrix_meta_messenger_bridge_relay_admin_only: true
matrix_mautrix_meta_messenger_bridge_relay_default_relays: []
matrix_mautrix_meta_messenger_backfill_enabled: true
matrix_mautrix_meta_messenger_backfill_max_initial_messages: 50
matrix_mautrix_meta_messenger_backfill_max_catchup_messages: 500
matrix_mautrix_meta_messenger_backfill_unread_hours_threshold: 720
matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages: 50
matrix_mautrix_meta_messenger_public_media_signing_key: ''
matrix_mautrix_meta_messenger_bridge_management_room_text_welcome: |-
{{
({
'facebook': "Hello, I'm a Facebook bridge bot.",
'facebook-tor': "Hello, I'm a Facebook bridge bot which uses Tor.",
'messenger': "Hello, I'm a Messenger bridge bot.",
'instagram': "Hello, I'm an Instagram bridge bot.",
})[matrix_mautrix_meta_messenger_meta_mode]
}}
# Specifies the default log level.
# This bridge uses zerolog, so valid levels are: panic, fatal, error, warn, info, debug, trace

3
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_meta_messenger_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_meta_messenger_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -107,7 +107,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_meta_messenger_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure mautrix-meta-messenger.service installed
ansible.builtin.template:

2
roles/custom/matrix-bridge-mautrix-meta-messenger/tasks/validate_config.yml
View File

@ -23,5 +23,3 @@
when: "item.old in vars"
with_items:
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret', 'new': '<removed>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_login_shared_secret_map_custom', 'new': '<superseded by matrix_mautrix_meta_messenger_double_puppet_secrets_custom>'}
- {'old': 'matrix_mautrix_meta_messenger_bridge_management_room_text_welcome', 'new': '<removed>'}

632
roles/custom/matrix-bridge-mautrix-meta-messenger/templates/config.yaml.j2
View File

@ -1,168 +1,7 @@
#jinja2: lstrip_blocks: "True"
# Network-specific config options
network:
# Which service is this bridge for? Available options:
# * unset - allow users to pick any service when logging in (except facebook-tor)
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Displayname template for FB/IG users. Available variables:
# .DisplayName - The display name set by the user.
# .Username - The username set by the user.
# .ID - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Minimum interval between full reconnects in seconds, default is 1 hour
min_full_reconnect_interval_seconds: 3600
# Interval to force refresh the connection (full reconnect), default is 20 hours. Set 0 to disable force refreshes.
force_refresh_interval_seconds: 72000
# Disable fetching XMA media (reels, stories, etc) when backfilling.
disable_xma_backfill: true
# Disable fetching XMA media entirely.
disable_xma_always: false
# Config options that affect the central bridge module.
bridge:
# The prefix for commands. Only required in non-management rooms.
command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
# Should the bridge create a space for each login containing the rooms that account is in?
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Whether the bridge should set names and avatars explicitly for DM portals.
# This is only necessary when using clients that don't support MSC4171.
private_chat_portal_meta: false
# Should events be handled asynchronously within portal rooms?
# If true, events may end up being out of order, but slow events won't block other ones.
async_events: false
# Should every user have their own portals rather than sharing them?
# By default, users who are in the same group on the remote network will be
# in the same Matrix room bridged to that group. If this is set to true,
# every user will get their own Matrix room instead.
split_portals: false
# Should the bridge resend `m.bridge` events to all portals on startup?
resend_bridge_info: false
# Should leaving Matrix rooms be bridged as leaving groups on the remote network?
bridge_matrix_leave: false
# Should room tags only be synced when creating the portal? Tags mean things like favorite/pin and archive/low priority.
# Tags currently can't be synced back to the remote network, so a continuous sync means tagging from Matrix will be undone.
tag_only_on_create: true
# Should room mute status only be synced when creating the portal?
# Like tags, mutes can't currently be synced back to the remote network.
mute_only_on_create: true
# What should be done to portal rooms when a user logs out or is logged out?
# Permitted values:
# nothing - Do nothing, let the user stay in the portals
# kick - Remove the user from the portal rooms, but don't delete them
# unbridge - Remove all ghosts in the room and disassociate it from the remote chat
# delete - Remove all ghosts and users from the room (i.e. delete it)
cleanup_on_logout:
# Should cleanup on logout be enabled at all?
enabled: false
# Settings for manual logouts (explicitly initiated by the Matrix user)
manual:
# Action for private portals which will never be shared with other Matrix users.
private: nothing
# Action for portals with a relay user configured.
relayed: nothing
# Action for portals which may be shared, but don't currently have any other Matrix users.
shared_no_users: nothing
# Action for portals which have other logged-in Matrix users.
shared_has_users: nothing
# Settings for credentials being invalidated (initiated by the remote network, possibly through user action).
# Keys have the same meanings as in the manual section.
bad_credentials:
private: nothing
relayed: nothing
shared_no_users: nothing
shared_has_users: nothing
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, the set-relay command can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
# If true, non-admins can only set users listed in default_relays as relays in a room.
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# List of user login IDs which anyone can set as a relay, as long as the relay user is in the room.
default_relays: {{ matrix_mautrix_meta_messenger_bridge_relay_default_relays | to_json }}
# The formats to use when sending messages via the relaybot.
# Available variables:
# .Sender.UserID - The Matrix user ID of the sender.
# .Sender.Displayname - The display name of the sender (if set).
# .Sender.RequiresDisambiguation - Whether the sender's name may be confused with the name of another user in the room.
# .Sender.DisambiguatedName - The disambiguated name of the sender. This will be the displayname if set,
# plus the user ID in parentheses if the displayname is not unique.
# If the displayname is not set, this is just the user ID.
# .Message - The `formatted_body` field of the message.
# .Caption - The `formatted_body` field of the message, if it's a caption. Otherwise an empty string.
# .FileName - The name of the file being sent.
message_formats:
m.text: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b>: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* <b>{{ .Sender.DisambiguatedName }}</b> {{ .Message }}{% endraw %}"
m.file: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.image: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an image{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.audio: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent an audio file{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.video: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a video{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
m.location: "{% raw %}<b>{{ .Sender.DisambiguatedName }}</b> sent a location{{ if .Caption }}: {{ .Caption }}{{ end }}{% endraw %}"
# For networks that support per-message displaynames (i.e. Slack and Discord), the template for those names.
# This has all the Sender variables available under message_formats (but without the .Sender prefix).
# Note that you need to manually remove the displayname from message_formats above.
displayname_format: "{% raw %}{{ .DisambiguatedName }}{% endraw %}"
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# commands - Access to use commands in the bridge, but not login.
# user - Access to use the bridge with puppeting.
# admin - Full access, user level with some additional administration tools.
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Config for the bridge's database.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections.
max_open_conns: 5
max_idle_conns: 1
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# Homeserver details.
homeserver:
# The address that this appservice can use to connect to the homeserver.
# Local addresses without HTTPS are generally recommended when the bridge is running on the same machine,
# but https also works if they run on different machines.
address: {{ matrix_mautrix_meta_messenger_homeserver_address | to_json }}
# The domain of the homeserver (also known as server_name, used for MXIDs, etc).
domain: {{ matrix_mautrix_meta_messenger_homeserver_domain | to_json }}
@ -171,15 +10,11 @@ homeserver:
# Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
software: standard
# The URL to push real-time bridge status to.
# If set, the bridge will make POST requests to this URL whenever a user's remote network connection state changes.
# If set, the bridge will make POST requests to this URL whenever a user's meta connection state changes.
# The bridge will use the appservice as_token to authorize requests.
status_endpoint:
status_endpoint: null
# Endpoint for reporting per-message status.
# If set, the bridge will make POST requests to this URL when processing a message from Matrix.
# It will make one request when receiving the message (step BRIDGE), one after decrypting if applicable
# (step DECRYPTED) and one after sending to the remote network (step REMOTE). Errors will also be reported.
# The bridge will use the appservice as_token to authorize requests.
message_send_checkpoint_endpoint:
message_send_checkpoint_endpoint: null
# Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
async_media: false
@ -191,19 +26,33 @@ homeserver:
ping_interval_seconds: 0
# Application service host/registration related details.
# Changing these values requires regeneration of the registration (except when noted otherwise)
# Changing these values requires regeneration of the registration.
appservice:
# The address that the homeserver can use to connect to this appservice.
address: {{ matrix_mautrix_meta_messenger_appservice_address | to_json }}
# A public address that external services can use to reach this appservice.
# This value doesn't affect the registration file.
public_address: https://bridge.example.com
# The hostname and port where this appservice should listen.
# For Docker, you generally have to change the hostname to 0.0.0.0.
hostname: 0.0.0.0
port: 29319
# Database config.
database:
# The database type. "sqlite3-fk-wal" and "postgres" are supported.
type: {{ matrix_mautrix_meta_messenger_appservice_database_type | to_json }}
# The database URI.
# SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
# https://github.com/mattn/go-sqlite3#connection-string
# Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
# To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
uri: {{ matrix_mautrix_meta_messenger_appservice_database_uri | to_json }}
# Maximum number of connections. Mostly relevant for Postgres.
max_open_conns: 20
max_idle_conns: 2
# Maximum connection idle time and lifetime before they're closed. Disabled if null.
# Parsed with https://pkg.go.dev/time#ParseDuration
max_conn_idle_time: null
max_conn_lifetime: null
# The unique ID of this appservice.
id: {{ matrix_mautrix_meta_messenger_appservice_id | to_json }}
# Appservice bot details.
@ -213,225 +62,268 @@ appservice:
# Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
# to leave display name/avatar as-is.
displayname: {{ matrix_mautrix_meta_messenger_appservice_displayname | to_json }}
# You can use mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv for an Instagram avatar,
# or mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak for Facebook Messenger
avatar: {{ matrix_mautrix_meta_messenger_appservice_avatar | to_json }}
# Whether to receive ephemeral events via appservice transactions.
# Whether or not to receive ephemeral events via appservice transactions.
# Requires MSC2409 support (i.e. Synapse 1.22+).
ephemeral_events: true
# Should incoming events be handled asynchronously?
# This may be necessary for large public instances with lots of messages going through.
# However, messages will not be guaranteed to be bridged in the same order they were sent in.
# This value doesn't affect the registration file.
async_transactions: false
# Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
as_token: {{ matrix_mautrix_meta_messenger_appservice_token | to_json }}
hs_token: {{ matrix_mautrix_meta_messenger_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
username_template: {{ matrix_mautrix_meta_messenger_bridge_username_template | to_json }}
# Prometheus config.
metrics:
# Enable prometheus metrics?
enabled: {{ matrix_mautrix_meta_messenger_metrics_enabled | to_json }}
# IP and port where the metrics listener should be. The path is always /metrics
listen: "0.0.0.0.0:8000"
# Config options that affect the Matrix connector of the bridge.
matrix:
meta:
# Which service is this bridge for? Available options:
# * facebook - connect to FB Messenger via facebook.com
# * facebook-tor - connect to FB Messenger via facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion
# (note: does not currently proxy media downloads)
# * messenger - connect to FB Messenger via messenger.com (can be used with the facebook side deactivated)
# * instagram - connect to Instagram DMs via instagram.com
#
# Remember to change the appservice id, bot profile info, bridge username_template and management_room_text too.
mode: {{ matrix_mautrix_meta_messenger_meta_mode | to_json }}
# When in Instagram mode, should the bridge connect to WhatsApp servers for encrypted chats?
# In FB/Messenger mode encryption is always enabled, this option only affects Instagram mode.
ig_e2ee: {{ matrix_mautrix_meta_messenger_meta_ig_e2ee | to_json }}
# Static proxy address (HTTP or SOCKS5) for connecting to Meta.
proxy:
# HTTP endpoint to request new proxy address from, for dynamically assigned proxies.
# The endpoint must return a JSON body with a string field called proxy_url.
get_proxy_from:
# Bridge config
bridge:
# Localpart template of MXIDs for FB/IG users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the FB/IG user.
username_template: {{ matrix_mautrix_meta_messenger_bridge_username_template | to_json }}
# Displayname template for FB/IG users. This is also used as the room name in DMs if private_chat_portal_meta is enabled.
# {% raw %}{{.DisplayName}}{% endraw %} - The display name set by the user.
# {% raw %}{{.Username}}{% endraw %} - The username set by the user.
# {% raw %}{{.ID}}{% endraw %} - The internal user ID of the user.
displayname_template: {{ matrix_mautrix_meta_messenger_bridge_displayname_template | to_json }}
# Whether to explicitly set the avatar and room name for private chat portal rooms.
# If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
# If set to `always`, all DM rooms will have explicit names and avatars set.
# If set to `never`, DM rooms will never have names and avatars set.
private_chat_portal_meta: default
portal_message_buffer: 128
# Should the bridge create a space for each logged-in user and add bridged rooms to it?
# Users who logged in before turning this on should run `!meta sync-space` to create and fill the space for the first time.
personal_filtering_spaces: {{ matrix_mautrix_meta_messenger_bridge_personal_filtering_spaces | to_json }}
# Should Matrix m.notice-type messages be bridged?
bridge_notices: true
# Should the bridge send a read receipt from the bridge bot when a message has been sent to FB/IG?
delivery_receipts: false
# Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
message_status_events: false
# Whether the bridge should send a read receipt after successfully bridging a message.
delivery_receipts: false
# Whether the bridge should send error notices via m.notice events when a message fails to bridge.
message_error_notices: true
# Whether the bridge should update the m.direct account data event when double puppeting is enabled.
# Should the bridge never send alerts to the bridge management room?
# These are mostly things like the user being logged out.
disable_bridge_alerts: false
# Should the bridge update the m.direct account data event when double puppeting is enabled.
# Note that updating the m.direct event is not atomic and is therefore prone to race conditions.
sync_direct_chat_list: false
# Whether created rooms should have federation enabled. If false, created portal rooms
# will never be federated. Changing this option requires recreating rooms.
# Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
# This field will automatically be changed back to false after it, except if the config file is not writable.
resend_bridge_info: false
# Send captions in the same message as images. This will send data compatible with both MSC2530.
# This is currently not supported in most clients.
caption_in_message: false
# Whether or not created rooms should have federation enabled.
# If false, created portal rooms will never be federated.
federate_rooms: {{ matrix_mautrix_meta_messenger_bridge_federate_rooms | to_json }}
# The threshold as bytes after which the bridge should roundtrip uploads via the disk
# rather than keeping the whole file in memory.
upload_file_threshold: 5242880
# Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
analytics:
# API key to send with tracking requests. Tracking is disabled if this is null.
token: null
# Address to send tracking requests to.
url: https://api.segment.io/v1/track
# Optional user ID for tracking events. If null, defaults to using Matrix user ID.
user_id: null
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate" or null, a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Whether to allow provisioning API requests to be authed using Matrix access tokens.
# This follows the same rules as double puppeting to determine which server to contact to check the token,
# which means that by default, it only works for users on the same server as the bridge.
allow_matrix_auth: true
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Some networks require publicly accessible media download links (e.g. for user avatars when using Discord webhooks).
# These settings control whether the bridge will provide such public media access.
public_media:
# Should public media be enabled at all?
# The public_address field under the appservice section MUST be set when enabling public media.
enabled: false
# A key for signing public media URLs.
# If set to "generate", a random key will be generated.
signing_key: {{ matrix_mautrix_meta_messenger_public_media_signing_key | to_json }}
# Number of seconds that public media URLs are valid for.
# If set to 0, URLs will never expire.
expiry: 0
# Length of hash to use for public media URLs. Must be between 0 and 32.
hash_length: 32
# Settings for converting remote media to custom mxc:// URIs instead of reuploading.
# More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html
direct_media:
# Should custom mxc:// URIs be used instead of reuploading media?
enabled: false
# The server name to use for the custom mxc:// URIs.
# This server name will effectively be a real Matrix server, it just won't implement anything other than media.
# You must either set up .well-known delegation from this domain to the bridge, or proxy the domain directly to the bridge.
server_name: media.example.com
# Optionally a custom .well-known response. This defaults to `server_name:443`
well_known_response:
# Optionally specify a custom prefix for the media ID part of the MXC URI.
media_id_prefix:
# If the remote network supports media downloads over HTTP, then the bridge will use MSC3860/MSC3916
# media download redirects if the requester supports it. Optionally, you can force redirects
# and not allow proxying at all by setting this to false.
# This option does nothing if the remote network does not support media downloads over HTTP.
allow_proxy: true
# Matrix server signing key to make the federation tester pass, same format as synapse's .signing.key file.
# This key is also used to sign the mxc:// URIs to ensure only the bridge can generate them.
server_key: ""
# Settings for backfilling messages.
# Note that the exact way settings are applied depends on the network connector.
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_meta_messenger_backfill_enabled | to_json }}
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_max_initial_messages | to_json}}
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_meta_messenger_backfill_max_catchup_messages | to_json }}
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_meta_messenger_backfill_unread_hours_threshold | to_json }}
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_meta_messenger_backfill_threads_max_initial_messages | to_json }}
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
# Should the backfill queue be enabled?
enabled: false
# Number of messages to backfill in one batch.
batch_size: 100
# Delay between batches in seconds.
batch_delay: 20
# Maximum number of batches to backfill per portal.
# If set to -1, all available messages will be backfilled.
max_batches: -1
# Optional network-specific overrides for max batches.
# Interpretation of this field depends on the network connector.
max_batches_override: {}
# Settings for enabling double puppeting
double_puppet:
# Servers to always allow double puppeting from.
# This is only for other servers and should NOT contain the server the bridge is on.
servers: {}
# Whether to allow client API URL discovery for other servers. When using this option,
# users on other servers can use double puppeting even if their server URLs aren't
# explicitly added to the servers map above.
allow_discovery: false
# Shared secrets for automatic double puppeting.
# See https://docs.mau.fi/bridges/general/double-puppeting.html for instructions.
secrets: {{ matrix_mautrix_meta_messenger_double_puppet_secrets | to_json }}
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Whether to enable encryption at all. If false, the bridge will not function in encrypted rooms.
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Whether to force-enable encryption in all bridged rooms.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to require all messages to be encrypted and drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
# This option is not yet compatible with standard Matrix servers like Synapse and should not be used.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: mautrix.bridge.e2ee
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
# Should mute status be bridged? Allowed options: always, on-create, never
mute_bridging: on-create
# Servers to always allow double puppeting from
double_puppet_server_map: {}
# Allow using double puppeting from any server with a valid client .well-known file.
double_puppet_allow_discovery: false
# Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from the remote network to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to configure the m.room.encryption event content.
# See https://spec.matrix.org/v1.10/client-server-api/#mroomencryption for more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# If set, double puppeting will be enabled automatically for local users
# instead of users having to find an access token and run `login-matrix`
# manually.
login_shared_secret_map: {{ matrix_mautrix_meta_messenger_bridge_login_shared_secret_map | to_json }}
# The prefix for commands. Only required in non-management rooms.
# If set to "default", will be determined based on meta -> mode, "!ig" for instagram and "!fb" for facebook
command_prefix: {{ matrix_mautrix_meta_messenger_bridge_command_prefix | to_json }}
backfill:
# If disabled, old messages will never be bridged.
enabled: true
# By default, Meta sends info about approximately 20 recent threads. If this is set to something else than 0,
# the bridge will request more threads on first login, until it reaches the specified number of pages
# or the end of the inbox.
inbox_fetch_pages: 0
# By default, Meta only sends one old message per thread. If this is set to a something else than 0,
# the bridge will delay handling the one automatically received message and request more messages to backfill.
# One page usually contains 20 messages. This can technically be set to -1 to fetch all messages,
# but that will block bridging messages until the entire backfill is completed.
history_fetch_pages: 0
# Same as above, but for catchup backfills (i.e. when the bridge is restarted).
catchup_fetch_pages: 5
# Maximum age of chats to leave as unread when backfilling. 0 means all chats can be left as unread.
# If non-zero, chats that are older than this will be marked as read, even if they're still unread on Meta.
unread_hours_threshold: 0
# Backfill queue settings. Only relevant for Beeper, because standard Matrix servers
# don't support inserting messages into room history.
queue:
# How many pages of messages to request in one go (without sleeping between requests)?
pages_at_once: 5
# Maximum number of pages to fetch. -1 to fetch all pages until the start of the chat.
max_pages: -1
# How long to sleep after fetching a bunch of pages ("bunch" defined by pages_at_once).
sleep_between_tasks: 20s
# Disable fetching XMA media (reels, stories, etc) when backfilling.
dont_fetch_xma: true
# Messages sent upon joining a management room.
# Markdown is supported. The defaults are listed below.
management_room_text:
# Sent when joining a room.
welcome: {{ matrix_mautrix_meta_messenger_bridge_management_room_text_welcome | to_json }}
# Sent when joining a management room and the user is already logged in.
welcome_connected: "Use `help` for help."
# Sent when joining a management room and the user is not logged in.
welcome_unconnected: "Use `help` for help or `login` to log in."
# Optional extra text sent when joining a management room.
additional_help: ""
# End-to-bridge encryption support options.
#
# See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
encryption:
# Allow encryption, work in group chat rooms with e2ee enabled
allow: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow | to_json }}
# Default to encryption, force-enable encryption in all portals the bridge creates
# This will cause the bridge bot to be in private chats for the encryption to work properly.
default: {{ matrix_mautrix_meta_messenger_bridge_encryption_default | to_json }}
# Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
appservice: {{ matrix_mautrix_meta_messenger_bridge_encryption_appservice | to_json }}
# Require encryption, drop any unencrypted messages.
require: {{ matrix_mautrix_meta_messenger_bridge_encryption_require | to_json }}
# Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
# You must use a client that supports requesting keys from other users to use this feature.
allow_key_sharing: {{ matrix_mautrix_meta_messenger_bridge_encryption_allow_key_sharing | to_json }}
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms
# that the user has uploaded the key to key backup.
delete_outbound_on_ack: false
# Don't store outbound sessions in the inbound table.
dont_store_outbound: false
# Ratchet megolm sessions forward after decrypting messages.
ratchet_on_decrypt: false
# Delete fully used keys (index >= max_messages) after decrypting messages.
delete_fully_used_on_decrypt: false
# Delete previous megolm sessions from same device when receiving a new one.
delete_prev_on_new_session: false
# Delete megolm sessions received from a device when the device is deleted.
delete_on_device_delete: false
# Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
periodically_delete_expired: false
# Delete inbound megolm sessions that don't have the received_at field used for
# automatic ratcheting and expired session deletion. This is meant as a migration
# to delete old keys prior to the bridge update.
delete_outdated_inbound: false
# What level of device verification should be required from users?
#
# Valid levels:
# unverified - Send keys to all device in the room.
# cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
# cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
# cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
# Note that creating user signatures from the bridge bot is not currently possible.
# verified - Require manual per-device verification
# (currently only possible by modifying the `trust` column in the `crypto_device` database table).
verification_levels:
# Minimum level for which the bridge should send keys to when bridging messages from FB/IG to Matrix.
receive: unverified
# Minimum level that the bridge should accept for incoming Matrix messages.
send: unverified
# Minimum level that the bridge should require for accepting key requests.
share: cross-signed-tofu
# Options for Megolm room key rotation. These options allow you to
# configure the m.room.encryption event content. See:
# https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
# more information about that event.
rotation:
# Enable custom Megolm room key rotation settings. Note that these
# settings will only apply to rooms created after this option is
# set.
enable_custom: false
# The maximum number of milliseconds a session should be used
# before changing it. The Matrix spec recommends 604800000 (a week)
# as the default.
milliseconds: 604800000
# The maximum number of messages that should be sent with a given a
# session before changing it. The Matrix spec recommends 100 as the
# default.
messages: 100
# Disable rotating keys when a user's devices change?
# You should not enable this option unless you understand all the implications.
disable_device_change_key_rotation: false
# Settings for provisioning API
provisioning:
# Prefix for the provisioning API paths.
prefix: /_matrix/provision
# Shared secret for authentication. If set to "generate", a random secret will be generated,
# or if set to "disable", the provisioning API will be disabled.
shared_secret: disable
# Enable debug API at /debug with provisioning authentication.
debug_endpoints: false
# Permissions for using the bridge.
# Permitted values:
# relay - Talk through the relaybot (if enabled), no access otherwise
# user - Access to use the bridge to chat with a Meta account.
# admin - User level and some additional administration tools
# Permitted keys:
# * - All Matrix users
# domain - All users on that homeserver
# mxid - Specific user
permissions: {{ matrix_mautrix_meta_messenger_bridge_permissions | to_json }}
# Settings for relay mode
relay:
# Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
# authenticated user into a relaybot for that chat.
enabled: {{ matrix_mautrix_meta_messenger_bridge_relay_enabled | to_json }}
# Should only admins be allowed to set themselves as relay users?
admin_only: {{ matrix_mautrix_meta_messenger_bridge_relay_admin_only | to_json }}
# The formats to use when sending messages to Meta via the relaybot.
message_formats:
m.text: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.notice: "{% raw %}{{ .Sender.Displayname }}: {{ .Message }}{% endraw %}"
m.emote: "{% raw %}* {{ .Sender.Displayname }} {{ .Message }}{% endraw %}"
m.file: "{% raw %}{{ .Sender.Displayname }} sent a file{% endraw %}"
m.image: "{% raw %}{{ .Sender.Displayname }} sent an image{% endraw %}"
m.audio: "{% raw %}{{ .Sender.Displayname }} sent an audio file{% endraw %}"
m.video: "{% raw %}{{ .Sender.Displayname }} sent a video{% endraw %}"
m.location: "{% raw %}{{ .Sender.Displayname }} sent a location{% endraw %}"
# Logging config. See https://github.com/tulir/zeroconfig for details.
logging:
min_level: {{ matrix_mautrix_meta_messenger_logging_min_level | to_json }}
writers:
- type: stdout
format: pretty
- type: stdout
format: pretty

8
roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
matrix_mautrix_signal_version: v0.7.1
matrix_mautrix_signal_version: v0.7.0
# See: https://mau.dev/mautrix/signal/container_registry
matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
@ -100,12 +100,6 @@ matrix_mautrix_signal_logging_level: 'warn'
# If false, created portal rooms will never be federated.
matrix_mautrix_signal_federate_rooms: true
matrix_mautrix_signal_backfill_enabled: true
matrix_mautrix_signal_backfill_max_initial_messages: 50
matrix_mautrix_signal_backfill_max_catchup_messages: 500
matrix_mautrix_signal_backfill_unread_hours_threshold: 720
matrix_mautrix_signal_backfill_threads_max_initial_messages: 50
# Whether or not metrics endpoint should be enabled.
# Enabling them is usually enough for a local (in-container) Prometheus to consume them.
# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`.

3
roles/custom/matrix-bridge-mautrix-signal/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_signal_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_signal_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -141,7 +141,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_signal_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-signal.service installed
ansible.builtin.template:

10
roles/custom/matrix-bridge-mautrix-signal/templates/config.yaml.j2
View File

@ -280,18 +280,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_signal_backfill_enabled | to_json }}
enabled: false
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_signal_backfill_max_initial_messages | to_json }}
max_initial_messages: 50
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_signal_backfill_max_catchup_messages | to_json }}
max_catchup_messages: 500
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_signal_backfill_unread_hours_threshold| to_json }}
unread_hours_threshold: 720
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_signal_backfill_threads_max_initial_messages | to_json }}
max_initial_messages: 50
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:

11
roles/custom/matrix-bridge-mautrix-slack/defaults/main.yml
View File

@ -9,7 +9,7 @@ matrix_mautrix_slack_container_image_self_build_repo: "https://mau.dev/mautrix/s
matrix_mautrix_slack_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_slack_version == 'latest' else matrix_mautrix_slack_version }}"
# renovate: datasource=docker depName=dock.mau.dev/mautrix/slack
matrix_mautrix_slack_version: v0.1.1
matrix_mautrix_slack_version: v0.1.0
# See: https://mau.dev/mautrix/slack/container_registry
matrix_mautrix_slack_docker_image: "{{ matrix_mautrix_slack_docker_image_name_prefix }}mautrix/slack:{{ matrix_mautrix_slack_version }}"
matrix_mautrix_slack_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_slack_container_image_self_build else 'dock.mau.dev/' }}"
@ -55,12 +55,6 @@ matrix_mautrix_slack_homeserver_token: ''
matrix_mautrix_slack_appservice_bot_username: slackbot
matrix_mautrix_slack_backfill_enabled: true
matrix_mautrix_slack_backfill_max_initial_messages: 50
matrix_mautrix_slack_backfill_max_catchup_messages: 500
matrix_mautrix_slack_backfill_unread_hours_threshold: 720
matrix_mautrix_slack_backfill_threads_max_initial_messages: 50
# Minimum severity of journal log messages.
# Options: debug, info, warn, error, fatal
matrix_mautrix_slack_logging_level: 'warn'
@ -148,9 +142,6 @@ matrix_mautrix_slack_registration: "{{ matrix_mautrix_slack_registration_yaml |
matrix_mautrix_slack_bridge_encryption_allow: "{{ matrix_bridges_encryption_enabled }}"
matrix_mautrix_slack_bridge_encryption_default: "{{ matrix_bridges_encryption_default }}"
matrix_mautrix_slack_bridge_encryption_key_sharing_allow: "{{ matrix_mautrix_slack_bridge_encryption_allow }}"
# This pickle key value is backward-compatible with the old bridge.
# See: https://github.com/mautrix/slack/releases/tag/v0.1.0
matrix_mautrix_slack_bridge_encryption_pickle_key: maunium.net/go/mautrix-whatsapp
matrix_mautrix_slack_provisioning_shared_secret: ''
matrix_mautrix_slack_public_media_signing_key: ''

3
roles/custom/matrix-bridge-mautrix-slack/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -98,7 +98,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-slack.service installed
ansible.builtin.template:

16
roles/custom/matrix-bridge-mautrix-slack/templates/config.yaml.j2
View File

@ -244,7 +244,9 @@ appservice:
hs_token: {{ matrix_mautrix_slack_homeserver_token | to_json }}
# Localpart template of MXIDs for remote users.
# {% raw %}{{.}}{% endraw %} is replaced with the internal ID of the user.
# {% raw %}
# {{.}} is replaced with the internal ID of the user.
# {% endraw %}
username_template: "{% raw %}slack_{{.}}{% endraw %}"
# Config options that affect the Matrix connector of the bridge.
@ -317,18 +319,18 @@ direct_media:
# See https://docs.mau.fi/bridges/general/backfill.html for more details.
backfill:
# Whether to do backfilling at all.
enabled: {{ matrix_mautrix_slack_backfill_enabled | to_json }}
enabled: false
# Maximum number of messages to backfill in empty rooms.
max_initial_messages: {{ matrix_mautrix_slack_backfill_max_initial_messages | to_json }}
max_initial_messages: 50
# Maximum number of missed messages to backfill after bridge restarts.
max_catchup_messages: {{ matrix_mautrix_slack_backfill_max_catchup_messages | to_json }}
max_catchup_messages: 500
# If a backfilled chat is older than this number of hours,
# mark it as read even if it's unread on the remote network.
unread_hours_threshold: {{ matrix_mautrix_slack_backfill_unread_hours_threshold| to_json }}
unread_hours_threshold: 720
# Settings for backfilling threads within other backfills.
threads:
# Maximum number of messages to backfill in a new thread.
max_initial_messages: {{ matrix_mautrix_slack_backfill_threads_max_initial_messages | to_json }}
max_initial_messages: 50
# Settings for the backwards backfill queue. This only applies when connecting to
# Beeper as standard Matrix servers don't support inserting messages into history.
queue:
@ -376,7 +378,7 @@ encryption:
allow_key_sharing: {{ matrix_mautrix_slack_bridge_encryption_key_sharing_allow | to_json }}
# Pickle key for encrypting encryption keys in the bridge database.
# If set to generate, a random key will be generated.
pickle_key: {{ matrix_mautrix_slack_bridge_encryption_pickle_key | to_json }}
pickle_key: generate
# Options for deleting megolm sessions from the bridge.
delete_keys:
# Beeper-specific: delete outbound sessions when hungryserv confirms

7
roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
View File

@ -1,5 +1,10 @@
# File : roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
# Author : Pierre (McFly) Marty <paq.marty@gmail.com>
# Date : 17.01.2024
# Last Modified Date: 17.01.2024
# Last Modified By : Pierre (McFly) Marty <paq.marty@gmail.com>
# -----
---
# mautrix-telegram is a Matrix <-> Telegram bridge
# Project source code URL: https://github.com/mautrix/telegram

3
roles/custom/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_telegram_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_telegram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -153,7 +153,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_telegram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-telegram.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
View File

@ -82,7 +82,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_twitter_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-twitter.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mautrix_whatsapp_sqlite_database_path_local }}"
dst: "{{ matrix_mautrix_whatsapp_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -141,7 +141,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_whatsapp_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-whatsapp.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-mautrix-wsproxy/tasks/setup_install.yml
View File

@ -96,7 +96,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mautrix_wsproxy_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mautrix-wsproxy.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
View File

@ -50,7 +50,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_discord_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_discord_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -117,7 +117,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_discord_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-discord.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_groupme_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_groupme_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -118,7 +118,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_groupme_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-groupme.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
View File

@ -16,7 +16,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_instagram_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_instagram_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -97,7 +97,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_instagram_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-instagram.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
View File

@ -44,7 +44,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_slack_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_slack_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_slack_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-slack.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_steam_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_steam_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -118,7 +118,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_steam_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-steam.service installed
ansible.builtin.template:

3
roles/custom/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
View File

@ -51,7 +51,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_mx_puppet_twitter_sqlite_database_path_local }}"
dst: "{{ matrix_mx_puppet_twitter_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -128,7 +128,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_mx_puppet_twitter_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-mx-puppet-twitter.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-sms/tasks/setup_install.yml
View File

@ -51,7 +51,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_sms_bridge_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-sms-bridge.service installed
ansible.builtin.template:

1
roles/custom/matrix-bridge-wechat/tasks/install.yml
View File

@ -113,7 +113,6 @@
community.general.docker_network:
name: "{{ matrix_wechat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-wechat.service installed
ansible.builtin.template:

2
roles/custom/matrix-cactus-comments-client/defaults/main.yml
View File

@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
matrix_cactus_comments_client_public_path_file_permissions: "0644"
# renovate: datasource=docker depName=joseluisq/static-web-server
matrix_cactus_comments_client_version: 2.33.0
matrix_cactus_comments_client_version: 2.32.2
matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"

1
roles/custom/matrix-cactus-comments-client/tasks/install.yml
View File

@ -76,7 +76,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_cactus_comments_client_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-cactus-comments-client.service installed
ansible.builtin.template:

1
roles/custom/matrix-client-cinny/tasks/setup_install.yml
View File

@ -69,7 +69,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_cinny_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-cinny.service installed
ansible.builtin.template:

2
roles/custom/matrix-client-element/defaults/main.yml
View File

@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
# renovate: datasource=docker depName=vectorim/element-web
matrix_client_element_version: v1.11.79
matrix_client_element_version: v1.11.77
matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"

1
roles/custom/matrix-client-element/tasks/setup_install.yml
View File

@ -116,7 +116,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_element_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-element.service installed
ansible.builtin.template:

1
roles/custom/matrix-client-hydrogen/tasks/setup_install.yml
View File

@ -81,7 +81,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_hydrogen_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-hydrogen.service installed
ansible.builtin.template:

1
roles/custom/matrix-client-schildichat/tasks/setup_install.yml
View File

@ -102,7 +102,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_client_schildichat_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-client-schildichat.service installed
ansible.builtin.template:

1
roles/custom/matrix-conduit/tasks/setup_install.yml
View File

@ -39,7 +39,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_conduit_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure Conduit container image is pulled
community.docker.docker_image:

1
roles/custom/matrix-corporal/tasks/setup_install.yml
View File

@ -71,7 +71,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_corporal_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-corporal.service installed
ansible.builtin.template:

1
roles/custom/matrix-coturn/tasks/setup_install.yml
View File

@ -99,7 +99,6 @@
community.docker.docker_network:
name: "{{ matrix_coturn_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-coturn.service installed
ansible.builtin.template:

1
roles/custom/matrix-dendrite/tasks/setup_install.yml
View File

@ -112,7 +112,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dendrite_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure Dendrite support files installed
ansible.builtin.template:

2
roles/custom/matrix-dendrite/templates/systemd/matrix-dendrite.service.j2
View File

@ -16,7 +16,7 @@ Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-dendrite 2>/dev/null || true'
ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-dendrite 2>/dev/null || true'
{% if (postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %}
{% if (devture_postgres_identifier + '.service') in matrix_dendrite_systemd_required_services_list %}
# Dendrite is too quick to start in relation to its Postgres dependency.
# Delay Dendrite startup to avoid failing with: "failed to connect to accounts db" ("pq: the database system is starting up").
ExecStartPre={{ matrix_host_command_sleep }} 5

3
roles/custom/matrix-dimension/tasks/setup_install.yml
View File

@ -55,7 +55,7 @@
name: galaxy/com.devture.ansible.role.postgres
tasks_from: migrate_db_to_postgres
vars:
postgres_db_migration_request:
devture_postgres_db_migration_request:
src: "{{ matrix_dimension_sqlite_database_path_local }}"
dst: "{{ matrix_dimension_database_connection_string }}"
caller: "{{ role_path | basename }}"
@ -133,7 +133,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dimension_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-dimension.service installed
ansible.builtin.template:

1
roles/custom/matrix-dynamic-dns/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_dynamic_dns_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-dynamic-dns.service installed
ansible.builtin.template:

1
roles/custom/matrix-email2matrix/tasks/setup_install.yml
View File

@ -61,7 +61,6 @@
enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
name: "{{ matrix_email2matrix_container_network }}"
driver: bridge
driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
- name: Ensure matrix-email2matrix.service installed
ansible.builtin.template:

Some files were not shown because too many files have changed in this diff Show More